AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 1
AT&T IP Flexible Reach Service and
AT&T IP Toll-Free on AT&T VPN Service
Customer Edge Router (CER)
Customer Configuration Guide for
AT&T IP Flexible Reach Service and
AT&T IP Toll-Free on AT&T VPN Service
As the Underlying Transport Service
Cisco ISR G2 Platforms
December 8, 2015
Version 2.6
© 2015 AT&T Intellectual Property. All rights reserved.
AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual
Property and/or AT&T affiliated companies.
All other marks contained herein are the property of their respective owners.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 2
Table of Contents
1 INTRODUCTION ......................................................................................................................................... 4
1.1 OVERVIEW .............................................................................................................................................. 4
1.2 NETWORK TOPOLOGY ............................................................................................................................. 5
1.2.1 CER combined with TDM Gateway................................................................................................... 6
1.2.2 AT&T Certified IP-PBX’s ................................................................................................................. 7
1.3 NETWORK DESIGN .................................................................................................................................. 9
1.3.1 Supported Router Platforms and Access Types ................................................................................. 9
1.3.2 IOS....................................................................................................................................................11
1.4 SPECIAL CONSIDERATIONS ....................................................................................................................12
2 NETWORK PERFORMANCE DESIGN ..................................................................................................13
2.1 BANDWIDTH ALLOCATION .....................................................................................................................13
2.1.1 Simultaneous Voice Calls .................................................................................................................13
2.1.2 Per Call Bandwidth ..........................................................................................................................13
2.1.3 Bandwidth Reduction Techniques ....................................................................................................16
2.2 PUTTING IT TOGETHER ..........................................................................................................................17
2.3 SPECIAL ENGINEERING GUIDELINES FOR ETHERNET ACCESS ................................................................18
3 TRAFFIC CLASSIFICATION AND QUEUING TECHNIQUES ..........................................................19
3.1 CLASSIFICATION ....................................................................................................................................20
3.2 QUEUING OPTIONS .................................................................................................................................20
4 CUSTOMER EDGE ROUTER (CER) CONFIGURATIONS SPECIFIC TO COS AND WAN
INTERFACE. .........................................................................................................................................................22
4.1 CLASSIFICATION ....................................................................................................................................22
4.2 LLQ/CBWFQ SET UP AND PACKET MARKING ......................................................................................24
4.2.1 Standard Frame Relay interface with MLPPP encapsulation (T1 port speeds: 768Kbit/s and less)
24
4.2.2 Standard Frame Relay interface (T1 port speeds 1024 to 1536Kbit/s; and T3 speeds) ...................26
4.2.3 PPP access (T1 port speeds 1024 to 1536Kbit/s; and T3 speeds) ....................................................28
4.2.4 ADSL/ SHDSL ..................................................................................................................................29
4.2.5 DSL Modem ......................................................................................................................................30
4.2.6 NXT1 MLPPP Access .......................................................................................................................32
4.2.7 T3/E3 Frame Relay Encapsulation...................................................................................................33
4.2.8 Ethernet Access ................................................................................................................................34
4.2.9 COS6 Example .................................................................................................................................35
4.3 INTERFACE CONFIGURATION .................................................................................................................36
4.3.1 Standard Frame Relay interface with MLPPP encapsulation (T1 port speeds: 768Kbit/s and less)
37
4.3.2 Standard Frame Relay Interface (T1 speeds: 1024 to 1536Kbit/s; and T3 speeds) .........................38
4.3.3 PPP access (T1 speeds: 1024 to 1536Kbit/s; and T3 speeds) ..........................................................40
4.3.4 DSL ...................................................................................................................................................41
4.3.5 NXT1 MLPPP Access (2 – 8 T1s) .....................................................................................................48
4.3.6 T3 Frame Relay Encapsulation ........................................................................................................51
4.3.7 Ethernet Access ................................................................................................................................52
4.4 FRAME RELAY TRAFFIC SHAPING FOR FRAME RELAY INTERFACES ONLY .............................................55
5 CUSTOMER EDGE ROUTER CONFIGURATIONS SPECIFIC TO A TDM GATEWAY ...............55
5.1 TDM GATEWAY COMBINED IN CER ......................................................................................................55
APPENDIX A: SAMPLE ISR G2 ROUTER CONFIGURATIONS .................................................................57
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 3
A.1 FRAME RELAY INTERFACE WITH MLPPP ENCAPSULATION & FRAGMENTATION (768KBIT/S AND LESS)
.............................................................................................................................................................................57
A.2 N X T1 MLPPP ACCESS (4 T1S) ..............................................................................................................60
A.3 T1 PPP ACCESS ..........................................................................................................................................65
A.4 T3 PPP ACCESS .............................................................................................................................................71
A.5 ETHERNET ACCESS ........................................................................................................................................74
APPENDIX B: INBOUND ALTERNATE ROUTING .......................................................................................78
APPENDIX C: BRANCH OFFICE EXTENSION (BOE) ................................................................................78
C.1 INTRODUCTION TO BOE .............................................................................................................................78
C.2 IMPLEMENTATION CHECKLIST ...................................................................................................................81
C.3 EMERGENCY SERVICES ...............................................................................................................................82
C.4 TROUBLESHOOTING .....................................................................................................................................82
APPENDIX D: ACRONYMNS .............................................................................................................................84
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 4
1 Introduction
This Customer Configuration Guide (“CCG”) provides recommended guidelines for configuring
the Customer-managed Customer Edge Router (CER) for use with AT&T IP Flexible Reach
Service and/or AT&T IP Toll-Free, on AT&T VPN Service (“AT&T VPN”) as the Underlying
Transport Service. CERs can be utilized for either one of those services or for both services
simultaneously. Please ensure your system set-up is consistent with the recommended
specifications provided in this document. AT&T reserves the right to modify or update its
guidelines at any time without notice so please check the following link to be sure you have
the latest version of this document (http://www.corp.att.com/bvoip/avpn/implementation/ (login:
att, password: attvoip)). You may also wish to consult with your AT&T technical sales
representative.
1.1 Overview
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free over AT&T VPN as the underlying
transport, are AT&T Business Voice over IP (BVoIP) services. AT&T IP Flexible Reach
Service and/or AT&T IP Toll-Free on AT&T VPN support network based Class of Service
(CoS) which will work in conjunction with edge router configurations to provide the Quality of
Service (QoS) that voice traffic requires. Four classes or six classes are available, including a
Real Time class that will strictly prioritize voice packets over other data packets. Prioritizing
voice packets helps to assure low latency for voice to meet delay budget constraints.
This document should be used solely as a general configuration guideline. The Customer is
solely responsible for determining the appropriate configuration of their specific environment;
AT&T provides resources to assist with that configuration, please contact your AT&T technical
support for assistance if needed.
Configuration examples in this guide are provided for informational purposes only. The
example configurations may be mapped to a variety of vendor implementations, check with
your AT&T technical support manager if you have any questions.
Note: The configuration examples provided in this document are based upon Cisco IOS
features, however, the features are NOT described in their entirety; and may vary across
hardware platforms and versions of IOS. Please refer to the appropriate Cisco documentation
relative to your IOS features.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 5
1.2 Network Topology
This section describes the generic AT&T supported topologies:.
Please refer to the following documents for details on configuring vendor
specific AT&T supported topologies and related configuration information for IP-
PBX’s:
o “Customer Edge Router Customer Configuration Guide for AT&T Certified IP-
PBX Solutions”. (http://www.corp.att.com/bvoip/avpn/implementation/ (login:
att, password: attvoip)).
o “Customer Edge Router Customer Configuration Guide for Integrated
CER/CUBE with AT&T Certified IP-PBX Solutions”.
(http://www.corp.att.com/bvoip/avpn/implementation/ (login: att, password:
attvoip)).
Please refer to the following document for details on configuring a TDM
Gateway: “TDM PBX Customer Configuration Guide”
(http://www.corp.att.com/bvoip/avpn/implementation/ (login: att, password: attvoip).
Use the appropriate guide for your router platform.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 6
1.2.1 CER combined with TDM Gateway
Following is a sample diagram of a network topology for a site with a CER combined
with a TDM gateway . The AT&T VPN CSU-Probe is an AT&T managed device. All
other equipment is managed by the Customer.
The AT&T VPN CSU-Probe is optional.
AT&T IP Flexible Reach Service or AT&T IP Toll-Free on AT&T VPN site
with VPN CSU-Probe, CER with combined TDM Gateway Router
(CPE site design – physical view)
TDM PBX
phone#2
AT&T VPN CSU-Probe -
optional
(managed by AT&T)
TDM PBX
phone#1
WAN
connection
CER with
combined TDM
Gateway
Traditional
PBX
T1 cable
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 7
1.2.2 AT&T Certified IP-PBX’s
Following is a sample diagram of a network topology for a site with an AT&T Certified
IP-PBX. In this design, the Customer Edge Router (CER) and Session Border
Controller (SBC) are two separate devices. The AT&T VPN CSU-Probe is an AT&T
managed devices. All other equipment is managed by the Customer.
The AT&T VPN CSU-Probe is optional.
AT&T IP Flexible Reach Service or AT&T IP Toll-Free on AT&T VPN site
with AT&T VPN CSU-Probe, Generic IP-PBX and optional SBC
(CPE site design – physical view)
VPN CSU-Probe
optional
(managed by AT&T)
IP phone#1
WAN
Connection
RJ-45 Ethernet
Straight Thru
RJ-45 Ethernet
Straight Thru
Layer2
Switch
Cisco CER
RJ-45 Ethernet
Straight Thru
RJ-45 Ethernet
Straight Thru
IP phone#2
IP-PBX
RJ-45 Ethernet
Straight Thru
Session Border Controller
(required in most scenarios)
RJ-45 Ethernet
Straight Thru
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 8
Following is a sample diagram of a network topology for a site with an AT&T
Certified IP-PBX. In this design, the Customer Edge Router (CER) and Cisco
Unified Border Element (CUBE) Session Border Controller (SBC) are integrated
into a single device. The AT&T VPN CSU-Probe is an AT&T managed devices.
All other equipment is managed by the Customer. NOTE: This solution is only
supported for specific scenarios. Please refer to the “Customer Edge Router
Customer Configuration Guide for Integrated CER/CUBE with AT&T Certified IP-
PBX Solutions”. (http://www.corp.att.com/bvoip/avpn/implementation/ (login: att,
password: attvoip)).
The AT&T VPN CSU-Probe is optional.
AT&T IP Flexible Reach Service or AT&T IP Toll-Free on AT&T VPN site
with AT&T VPN CSU-Probe, Generic IP-PBX and optional SBC
(CPE site design – physical view)
IP Phone#1
WAN
Connection
RJ-45 Ethernet
Straight Thru
RJ-45 Ethernet
Straight Thru
Layer 2
Switch
Integrated
CER/CUBE
RJ-45 Ethernet
Straight Thru
RJ-45 Ethernet
Straight Thru
IP Phone#2
IP PBX
RJ-45 Ethernet
Straight Thru
AT&T VPN CSU-Probe
optional
(managed by AT&T)
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 9
1.3 Network Design
The following section provides information about supported router hardware, access types and
IOS.
1.3.1 Supported Router Platforms and Access Types
The following are the access types that are supported and will be covered in this document.
Access Type
Speed (bit/s)
Fragmentation
CRTP
DSL
100K, 1500K
no
no
Standard T1/E1 Frame Relay with
MLPPP encapsulation
56K to 768K
yes
optional
Standard T1/E1 Frame Relay
1024K to 2M
no
no
T1/E1 PPP access
1024K to 2M
no
no
NXT1/E1 MLPPP access
N = 2 to 8 T1/E1
no
no
Standard T3/E3 Frame Relay
5M to 45M
no
no
T3/E3 PPP Access
5M to 45M
no
no
T3/E3 Frame Relay Encapsulation
5M to 45M
no
no
Ethernet Access types:
Access Type
Speed (bit/s)
Fragmentation
10 Base-T
Access Link, VPN port and
VLAN speeds (in Mbits): .5, 1,
1.5, 2, 3, 4, 5, 6, 7, 8, 9, 10
no
100 Base-T or FX
Access Link, VPN port and
VLAN speeds (in Mbits): .5, 1,
1.5, 2, 3, 4, 5, 6, 7, 8, 9, 10, 20,
30, 40, 50, 60, 70, 80, 90, 100
no
The following list shows which access types are supported on each platform:
1921
o Ethernet VLAN / Subrate
o Frac T1/E1 – T1/E1
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 10
o DSL
2911 :
o Ethernet VLAN / Subrate
o Frac T1/E1 – n*T1 (up to 8 T1 MLPPP)
o DSL
2921:
o Ethernet VLAN / Subrate
o Frac T1/E1 – n*T1 (up to 8 T1 MLPPP)
o DSL
2951
o Ethernet VLAN / Subrate
o Frac T1/E1 – n*T1 (up to 8 T1 MLPPP)
3925:
o Ethernet VLAN / Subrate
o Frac T1/E1 – n*T1 (up to 8 T1 MLPPP)
o Subrate T3/E3
3945:
o Ethernet VLAN / Subrate
o Frac T1/E1 – n*T1 (up to 8 T1 MLPPP)
o Subrate T3/E3, T3/E3
3945E
o Ethernet VLAN / Subrate
o Frac T1/E1 – n*T1 (up to 6 T1 MLPPP)
o Subrate T3/E3, T3/E3
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 11
1.3.2 IOS
Configurations in this guide were tested with Cisco IOS 15.2(1)T2ES and 15.3(3)M1ES.
The IOS files can be obtained from:
https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=ATT-Managed-Services
Note: CCO access is required to download these files.
IOS file names for the routers are as follows:
1900 routers:
c1900-universalk9-mz.SSA-eng-sp-152-1.T2ES
c1900-universalk9-mz.SSA-eng-sp-153-3.M1.bin
2900 routers:
c2900-universalk9-mz.SSA-eng-sp-152-1.T2ES
c2900-universalk9-mz.SSA-eng-sp-153-3.M1.bin
2951 router (only supported with 15.3(3)M1ES):
c2951-universalk9-mz.SSA-eng-sp-153-3.M1.bin
3925/45 routers:
c3900-universalk9-mz.SSA-eng-sp-152-1.T2ES
c3900-universalk9-mz.SSA-eng-sp-153-3.M1.bin
3945E router:
c3900e-universalk9-mz.SSA-eng-sp-152-1.T2ES
c3900e-universalk9-mz.SSA-eng-sp-153-3.M1.bin
CER only will require IP Base Technology Package License.
CER with combined TDM Gateway require UC (Unified Communications) Technology Package
License.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 12
1.4 Special Considerations
The following TCP/IP ports must not be blocked by firewall or access lists:
o AT&T IP Border Element signaling and media addresses.
o SIP signaling traffic (UDP port 5060).
o RTP/RTCP traffic (UDP port range 16384-32767).
The configuration information in this CCG assumes a single primary CER. Any
alternate routing configurations or remote branch connectivity to other sites, within the
same or other AT&T VPN, requires proper configuration of the signaling and media
paths. Routing configurations in all customer routers need to be set up to assure that
the routing in the primary CER is not affected.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 13
2 Network Performance Design
Before implementing AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free over AT&T
VPN as an underlying transport service, it is critical to understand the voice requirements at
each location and to plan accordingly. Improper design can ultimately lead to poor voice
performance.
The two primary network attributes that must be determined are:
• The allocated bandwidth for voice at each site.
• The delay components and requirements for acceptable voice quality.
2.1 Bandwidth Allocation
Primary factors in determining the bandwidth design for AT&T IP Flexible Reach Service
and/or AT&T IP Toll-Free over AT&T VPN as an underlying transport service are:
1. The number of simultaneous voice calls.
2. The per call bandwidth (Codec type + overhead).
3. Whether or not bandwidth reduction techniques are required.
Based on the above, the Class of Service (CoS) package can be selected including the
calculation of the Committed Information Rate (CIR) and Real Time percentages.
2.1.1 Simultaneous Voice Calls
One of the most important aspects in designing a network with AT&T IP Flexible Reach
Service and/or AT&T IP Toll-Free over AT&T VPN as an underlying transport service is
allocating enough bandwidth for voice calls. The required bandwidth is determined by
calculating the number of concurrent voice calls that must be supported at each location, and
multiplying this by the bandwidth required per call. Concurrent call requirements may be
simply based on the number of users at a site, or if the busy hour traffic load is known, the
number of concurrent calls can be determined using the Erlang B formula. A web-based
Erlang calculator, as well as more complex design tools, may be found at
http://www.erlang.com/. Systems can be configured to accommodate up to the number of
concurrent calls contracted for under their AT&T IP Flexible Reach Service and/or AT&T IP
Toll-Free contract. If the number of concurrent calls under contract is not sufficient, please
contact AT&T to increase the number of concurrent calls under contract.
2.1.2 Per Call Bandwidth
Once the number of concurrent calls has been determined, the per-call bandwidth
requirements need to be established. Bandwidth requirements are based on the codec as well
as the Layer 2 protocol used to access the network. The most popular codec in use today is
G.729; it is the default in Cisco voice equipment and can provide good quality, low bandwidth
voice. The following table provides the bandwidth per call over various access types
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 14
While the G.729 codec is very popular today, it has limitations that should be investigated
while designing the network. Certain call flows (like conference calls, voice mail applications)
may require that a G.711 codec be used. Be aware that G.711 requires much higher
bandwidth although it does support better call quality. If G.711 needs to be supported on the
network, these higher bandwidth requirements should be taken into account in the design
phase.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 15
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free requires RTCP (Real Time Control
Protocol) in order to collect Call Detail Records (CDRs). Use the bandwidth per call numbers
listed with RTCP for COS1 calculations.
Access Type
Codec
ptime (ms)
Bandwidth per call (Kbit/s)
Without RTCP
With RTCP
DSL
G729 A
20
25.0
25.4
G729 A
30
19.4
20.0
G711
20
80.5
81.0
G711
30
75.0
75.5
Ethernet
G729 A
20
29.8
30.3
G729 A
30
22.6
23.2
G711
20
85.4
86.0
G711
30
78.3
78.8
Ethernet with VLAN
G729 A
20
31.4
31.9
G729 A
30
23.7
24.2
G711
20
87.1
87.6
G711
30
79.3
79.9
Frame Relay
G729 A
20
25.7
25.9
G729 A
30
19.9
20.4
G711
20
81.4
81.9
G711
30
75.5
76.0
NX T1/E1 MLPPP
G729 A
20
25.0
25.5
G729 A
30
19.4
19.9
G711
20
80.5
81.1
G711
30
75.0
75.5
PPP or FR
Encapsulation
G729 A
20
25.8
26.3
G729 A
30
19.8
20.5
G711
20
81.4
81.9
G711
30
75.6
76.1
Note: T.38 is the recommended protocol for fax as it has reduced bandwidth compared to
G.711 fax. Configured properly to a baud rate of 14400 (this speed required for certain Public
Switched Telephone Network (PSTN) calls), the T.38 fax call will use approximately 25Kbit/s
over Frame Relay.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 16
2.1.3 Bandwidth Reduction Techniques
There are several techniques for lowering the per call bandwidth requirements.
VAD or Voice Activity Detection (also known as silence suppression) may be turned on to take
advantage of the fact that voice calls are “half duplex”— that is only one speaker in one
direction is active at a time. Studies have shown that while theoretically VAD could reduce
bandwidth consumption by 50%, a more conservative figure to use in design is 30%. Many
users find that VAD can cause call impairment known as clipping — where the first word or
words are cut off when a speaker starts and, therefore, they do not use VAD even though it
might help with the bandwidth consumption. A “best practice”, conservative design approach
would be to size the network without VAD, test calls with VAD once the network is in place
and adjust the bandwidth accordingly assuming VAD works effectively.
Most VoIP codecs can be modified from the default parameters to provide more efficient
utilization of bandwidth for carrying voice traffic. One popular technique is to increase the
number of voice samples in each IP packet. VoIP packets tend to be quite small, with a large
percentage of the usable bandwidth consumed by protocol overhead (Layer 2, IP, UDP, RTP).
Typically, G.729 encodes two 10mS voice samples in each IP packet. Each voice sample is
only 10 bytes. The codec can often be modified to pack 3 or even more voice samples in each
IP packet, substantially reducing the overhead: payload ratio. The downside of this approach
is that it increases the encoding/decoding delay proportionately and more stringent overall
design relative to latency and jitter.
Another technique for reducing per call bandwidth consumption is using Compressed Real
Time-Transport Protocol or cRTP, which will compress the packet header information. CRTP
is negotiated and is used between the Customer Edge Router (CER) and AT&T Provider
Edge Router (PER) on frame relay access at 768Kbit/s and below. With cRTP, the 40 bytes of
IP, UDP, and RTP headers can be compressed to 2 or 4 bytes (depending on whether CRCs
are included). This represents a dramatic bandwidth savings, however, there is a trade-off as
compression algorithms can significantly add to the router processor load.
IMPORTANT: Cisco based cRTP recognizes RTP protocol based upon an assumed UDP port
range of 16384-32767 (even port numbers only, odd port numbers are used for RTCP which
is not compressed). If using non-Cisco VoIP equipment, be sure to configure it to use RTP
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 17
port ranges that will be recognized. If RTP is sent outside of this range, the RTP protocol will
remain uncompressed, greatly reducing the effectiveness of cRTP.
The routers at each end of a cRTP link participate in the compression/decompression
process. The routers at each side of a flow, the compressor and decompressor, share a
consistent state and use a CID (Context Identifier) in the compressed header to identify the
flow. CRTP runs between the CER and PER only.
2.2 Putting It Together
Once concurrent calls and bandwidth consumption per call have been determined, the
network requirements should be chosen. AT&T recommends using the Real Time (RT) Class
of Service for voice signaling and media traffic. CoS packages are sold based on
percentages of the CIR purchased. Two CoS packages support RT CoS—Multimedia High
and Multimedia Low. If the percentage of RT traffic is 50% or lower than the CoS Package is
Multi-Media Standard and if the percentage of RT is above 50% the CoS Package is Multi-
Media High.
For details on configuring CERs for the basic AVPN transport service, independent of IP
Flexible Reach Service and/or AT&T IP Toll-Free, reference:
AT&T VPN Service Customer Router Configuration Guide
This Guide is available on AT&T BusinessDirect under Insight and News, Tech Specs or from
your Sale team.
The bandwidth allocated to the RT class is very important because any traffic presented to RT
over the allocation will be strictly policed and dropped in order to prevent queuing and
additional delay. For instance, a link is designed for 10 calls and an 11
th
call comes in. The
11
th
call will not be denied but will cause packet drops across all calls. Those packet drops
can cause voice quality degradation of the existing calls. To avoid this problem, RT sizing is
critical.
Note: CoS6 not supported on links with link fragmentation (LFI).
Note: Sizing of data requirements, possibly including video, is beyond the scope of this document but is
covered in: AT&T Network Services COS Customer Router Configuration Guide
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 18
2.3 Special Engineering Guidelines for Ethernet Access
Three basic types of Ethernet access will be supported: Full Port, single VLAN tag,
and stacked dual VLAN tag (Q in Q) ports.
Ethernet actually has the most protocol overhead of any supported transport including
ATM. A 30 Byte payload needs 2 ATM cell @ 53 Bytes each for a total of 106 Bytes.
Ethernet Line Rate requires 112 bytes for each 30 Byte payload. The Line Rate
includes the inter-frame gap, preamble, start of frame delimiter, & CRC for each frame
which adds to the total. So the protocol difference is about 1.6% more for Ethernet, at
approximately 73% protocol overhead of all transported bytes.
Due to the factors stated above, CoS1 bandwidth for Ethernet should not be more
than 70% to compensate for unaccounted overhead. Shape rates should be
configured for 99% of the access speed (see Ethernet Shaping Table in this section).
For additional details on configuring Ethernet for access to the AVPN service,
reference: AT&T VPN Ethernet Access Customer Router Guide. This document is
available on AT&T BusinessDirect under Insight and News, Tech Specs or from your
Sale team.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 19
Ethernet Shaping Table:
Port / Subrate /
VLAN Access
Port / subrate /
VLAN Speed
Shaped to 99% of Ethernet
VLAN speed (*rounded
DOWN to nearest 64K)
512K Ethernet
512K
448K
1M Ethernet
1000K
960K
1.5M Ethernet
1500K
1472K
2M Ethernet
2000K
1920K
3M Ethernet
3000K
2944K
4M Ethernet
4000K
3904K
5M Ethernet
5000K
4928K
6M Ethernet
6000K
5888K
7M Ethernet
7000K
6912K
8M Ethernet
8000K
7872K
9M Ethernet
9000K
8896K
10M Ethernet
10000K
9856K
20M Ethernet
20000K
19776K
30M Ethernet
30000K
29696K
40M Ethernet
40000K
39552K
50M Ethernet
50000K
49472K
60M Ethernet
60000K
59392K
70M Ethernet
70000K
69248K
80M Ethernet
80000K
79168K
90M Ethernet
90000K
89088K
100M Ethernet
100000K
98944K
3 Traffic Classification and Queuing Techniques
Class of Service features operate in concert with customer router behaviors to provide end-to-
end congestion management of application traffic flows. The Customer Edge Router (CER)
has several roles in the process. First, it must recognize and categorize the different
application types that are to receive differentiated service. Based on this recognition, queuing,
fragmentation and interleaving techniques are used as appropriate to provide preferential
treatment of priority traffic during congestion. In addition to the treatment within the CER, the
network needs to recognize and provide differentiated treatment of customer application
traffic. To accommodate this, the CER needs to mark the various application types with
appropriate Differentiated Services (DiffServ) codepoints. This allows the network to recognize
the different traffic types to provide the desired preferential treatment.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 20
After determining bandwidth requirements and the techniques required to meet the delay
budgets, CoS techniques should be applied in the CER to compliment the functionality in the
network PER. CoS techniques will help minimize delay, jitter (variation in delay) and drops of
voice packets. These techniques include classifying and marking packets by traffic type, using
queuing techniques, and traffic shaping.
3.1 Classification
The first step in traffic classification is to identify different traffic flows and mark them with the
appropriate Differentiated Service Code Point (DSCP) bit. The following table defines the
settings expected by the AT&T VPN network.
Class of Service
IP
Precedence
DSCP
DSCP
Decimal
DSCP
Binary (In
Contract)
Real Time
5
EF
46
101 110
Bursty High
3
AF31
26
011 010
Bursty Low
2
AF21
18
010 010
Best Effort
0
BE
0
000 000
Additional Classes for CoS6:
Class of Service
IP
Precedence
DSCP
DSCP
Decimal
DSCP
Binary (In
Contract)
Video (CoS2V)
4
AF41
34
100 010
Scavenger (CoS5)
1
AF11
10
001 010
3.2 Queuing Options
Queuing techniques and implementations have evolved over the past several years
and include options that can strictly prioritize voice traffic over data traffic without
starving out the data traffic. Strict priority queuing is a mechanism that will always
immediately serve any packets in the priority queue before serving any other queue,
ensuring the best possible delay characteristics. AT&T VPN uses Low Latency
Queuing with Class Based Weighted Fair Queuing (LLQ/CBWFQ) and recommends
that customers use the same techniques in their CERs. LLQ/CBWFQ is configured
via a policy map where different classes of traffic are assigned a percentage or
specific amount of bandwidth. The LLQ is established with the priority command and
given a specific bandwidth in kilobits per second. The LLQ is sized based on the
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 21
bandwidth allocation recommendations in section 2.1. Other queues are serviced
based on the amount of bandwidth allocated to them.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 22
4 Customer Edge Router (CER) Configurations specific to
CoS and WAN interface.
The router configurations in this section are partial configurations for AT&T IP Flexible Reach
Service and/or AT&T IP Toll-Free over AT&T VPN as the underlying transport service. The
specific configurations tested were for ISR G2 routers running 15.2.1.T2ES. Sample
configurations, relative to specific environments, have been provided for reference in
Appendix A.
Class of Service (CoS) specific considerations:
o CoS1 should not be more than 70% for DSL or Ethernet access.
o CoS6 is not supported on links with LFI.
o COS1 should not be more than 70% for MLPPP access on a 1900 or 2900 router
and not more than 80% on a 3900 router.
4.1 Classification
Following are the access group list configurations. Data and video classes would be
defined by the customer. RTP, SIP, SCCP and BGP access-lists should be
configured as they are shown. CoS4 (default class) does not need to be defined.
Access Lists for CoS4:
ip access-list extended RTP
permit udp any range 16384 32767 any range 16384 32767
ip access-list extended SIP
permit udp any eq 5060 any
permit udp any any eq 5060
permit tcp any eq 5060 any
permit tcp any any eq 5060
ip access-list extended SCCP **Only needed for Cisco UCM solutions**
permit tcp any range 2000 2003 any
permit tcp any any range 2000 2003
ip access-list extended BGP
permit tcp any eq bgp any
permit tcp any any eq bgp
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 23
ip access-list extended COS2-Traffic
permit udp any any eq 2082 <sample only – COS2 customer defined>
permit udp any eq 2082 any <sample only – COS 2 customer defined>
ip access-list extended COS3-Traffic
permit udp any any eq 2083 <sample only – COS3 customer defined>
permit udp any eq 2083 any <sample only – COS3 customer defined>
Note: Even if no CoS2 traffic is ordered, a minimum percentage of CoS2 must be configured
on the CER if BGP routing is used, because BGP traffic falls into CoS2.
Additional Access-Lists for CoS6:
ip access-list extended COS2V-Traffic
permit tcp any any range 3230 3231 <sample only – COS2V customer defined>
permit udp any any range 3230 3235 < sample only – COS2V customer defined>
ip access-list extended COS5-Traffic
permit udp any any eq 110 <sample only – COS5 customer defined>
permit udp any eq 110 any <sample only – COS5 customer defined>
In order to classify the traffic that will be put into different queues, the class-map statement is
used to match access-groups. In this example, the voice traffic is matched from access group
lists “RTP”(which includes Real Time Control Protocol (RTCP) traffic), “SIP” and “SCCP”
(required for sites with Cisco IP phones) and put into a class called CoS1 for real time traffic.
Note that the names used in the class-map are the same names used in the policy map in
section 4.2—this is critical to ensure that the right policy will be applied to the right class.
Note: These classifications are the same for all access types.
Class maps for CoS4:
class-map match-any COS1
match access-group name RTP
match access-group name SIP
match access-group name SCCP
class-map match-any BGP
match access-group name BGP
class-map match-any COS2
match access-group name COS2-Traffic
match access-group name BGP
class-map match-any COS3
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 24
match access-group name COS3-Traffic
Additional Class-maps for CoS6:
class-map match-any COS2V
match access-group name COS2V-Traffic
class-map match-any COS5
match access-group name COS5-Traffic
4.2 LLQ/CBWFQ Set up and Packet Marking
The Low Latency Queue is established through a priority statement. The class “CoS1” is put in
the low latency queue. The packets are then marked with IP dscp of ‘ef’ to match the
network’s expectation for real time service. The remaining bandwidth is distributed among the
other classes—CoS2( bursty high traffic) and CoS3 (bursty low traffic) and marked with the
appropriate IP Differentiated Services Code Point (DSCP) marking. Finally, the default class is
set for Best Effort traffic. Note that IP Cisco Express Forwarding (CEF) must be enabled on
the CER for the service policy to work. If RTP header compression is required, it will be
applied the policy-map for RT (Real Time) service. This means that ONLY the RTP packets in
that class will be compressed, saving CPU resources.
Following are examples of how the policy-maps might be set up:
4.2.1 Standard Frame Relay interface with MLPPP encapsulation (T1 port
speeds: 768Kbit/s and less)
Fragmentation only
For MLPPP encapsulation, the policy-map, “SHAPE_FR” is applied to the virtual template
interface.
Note: Burst interval for CoS1 should always be set to 1 second. Burst of 1 second is equal to
the COS1 Bandwidth (BW) / 8.
ip cef
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
!
policy-map COS
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 25
class COS1
priority
queue-limit 2048 packets
police <COS1 BW > <Burst size> conform-action set-dscp-transmit ef exceed-action drop
class COS2
bandwidth remaining percent <COS2 %>
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent <COS3 %>
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent <COS4 %>
set ip dscp default
queue-limit 64 packets
!
policy-map SHAPE_FR **This policy map applied to Virtual-Template interface**
class class-default
shape average <Port Speed * .90> <(Port Speed * .90)/100> 0
service-policy COS
Fragmentation and CRTP
For MLPPP encapsulation, the policy-map, “COS” is applied to the virtual template interface.
The command to enable cRTP is “compress header ip rtp” and is applied to COS1.
Note: Burst interval for COS1 should always be set to 1 second. Burst of 1 second is equal to
the COS1 Bandwidth (BW) / 8.
ip cef
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
Note: Cisco recommends
the BC value be divisible
by 128 (rounded up).
Note – Voice only
customers (no
data) should not
set the BE equal to
0. It should be left
blank.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 26
!
policy-map COS
class COS1
priority
queue-limit 2048 packets
police <COS1 BW > <Burst size> conform-action set-dscp-transmit ef exceed-action drop
compress header ip rtp
class COS2
bandwidth remaining percent <COS2 %>
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent <COS3 %>
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent <COS4 %>
set ip dscp default
queue-limit 64 packets
!
policy-map SHAPE_FR **This policy map applied to Virtual-Template interface**
class class-default
shape average <Port Speed * .90> <(Port Speed * .90)/100> 0
service-policy COS
4.2.2 Standard Frame Relay interface (T1 port speeds 1024 to 1536Kbit/s;
and T3 speeds)
Standard Frame Relay access requires a shaping policy map be applied to the Frame Relay
sub-interface. The policy map for the Quality of Service (QoS) is applied to the shaping policy
Note: Cisco recommends
the BC value be divisible
by 128 (rounded up).
Note – Voice only
customers (no
data) should not
set the BE equal to
0. It should be left
blank.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 27
map. The shape rate of the shaping policy map should be set to according to the port speed
(see rules below).
Note: Burst interval for COS1 should always be set to 1 second. Burst of 1 second is equal to
the COS1 Bandwidth (BW) / 8.
ip cef
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
!
policy-map COS
class COS1
priority
queue-limit 2048 packets
police <COS1 BW > <Burst size> conform-action set-dscp-transmit ef exceed-action drop
class COS2
bandwidth remaining percent <COS2 %>
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent <COS3 %>
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent <COS4 %>
set ip dscp default
queue-limit 64 packets
For port speed greater than 2Mbit/s:
policy-map SHAPE_FR **This policy map applied to Frame Relay sub- interface**
class class-default
shape average <Port Speed * .95> <(Port Speed * .95)/250> 0
Note – Voice only
customers (no
data) should not
set the BE equal to
0. It should be left
blank.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 28
service-policy COS
For port speed 2Mbit/s or less:
policy-map SHAPE_FR **This policy map applied to Frame Relay sub- interface**
class class-default
shape average <Port Speed * .90> <(Port Speed * .90)/100> 0
service-policy COS
4.2.3 PPP access (T1 port speeds 1024 to 1536Kbit/s; and T3 speeds)
PPP access requires a shaping policy map be applied to the Serial Interface. The policy map
for the Quality of Service (QoS) is applied to the shaping policy map. The shape rate of the
shaping policy map should be set to 95% of the port speed.
Note: Burst interval for COS1 should always be set to 1 second. Burst of 1 second is equal to
the COS1 Bandwidth (BW) / 8.
ip cef
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
!
policy-map COS
class COS1
priority
queue-limit 2048 packets
police <COS1 BW > <Burst size> conform-action set-dscp-transmit ef exceed-action drop
class COS2
bandwidth remaining percent <COS2 %>
set ip dscp af31
queue-limit 64 packets
Note: Cisco recommends the BC value
be divisible by 128 (rounded up).
Note: Cisco recommends
the BC value be divisible
by 128 (rounded up).
Note – Voice only
customers (no
data) should not
set the BE equal to
0. It should be left
blank.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 29
service-policy MARK-BGP
class COS3
bandwidth remaining percent <COS3 %>
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent <COS4 %>
set ip dscp default
queue-limit 64 packets
For Port Speed Greater than 2Mbit/s:
policy-map SHAPE_PPP **This policy map applied to serial interface**
class class-default
shape average <Port Speed * .95> <(Port Speed * .95)/250> 0
service-policy COS
For Port Speed 2Mbit/s or less:
policy-map SHAPE_PPP **This policy map applied to serial interface**
class class-default
shape average <Port Speed * .95> <(Port Speed * .95)/100> 0
service-policy COS
Subrates are treated differently than full port configurations with regards to shaping. For
subrate speeds, shaping is merely the subrate speed instead of 95% of it.
4.2.4 ADSL/ SHDSL
COS1 greater than 70% not recommended for DSL access.
The COS policy-map should be applied to the ATM subinterface under the pvc
statement.
Note: Cisco recommends the BC value
be divisible by 128 (rounded up).
Note – Voice only
customers (no data)
should not set the BE
equal to 0. It should be
left blank.
Note: Cisco recommends
the BC value be divisible by
128 (rounded up).
Note – Voice only
customers (no
data) should not
set the BE equal to
0. It should be left
blank.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 30
Note: Burst interval for COS1 should always be set to 1 second. Burst of 1 second is
equal to the COS1 Bandwidth (BW) / 8.
ip cef
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
!
policy-map COS
class COS1
priority
queue-limit 2048 packets
police <COS1 BW > <Burst size> conform-action set-dscp-transmit ef exceed-action drop
class COS2
bandwidth remaining percent <COS2 %>
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent <COS3 %>
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent <COS4 %>
set ip dscp default
queue-limit 64 packets
4.2.5 DSL Modem
When using a DSL modem, the CER will normally contain a T1 Frame Relay interface. The
T1 Frame Relay is then plugged into the DSL modem.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 31
When using a DSL modem, the Frame Relay interface must be shaped to 60% of T1
speed. In addition, COS1 cannot be greater than 533Kbit/s (equivalent to 24 calls using
G729 codec with 30 byte payload).
For this configuration, use Frame Relay bandwidth per call numbers.
The policy-map, “DSL-SHAPE” is applied to the Frame Relay subinterface.
Note: Burst interval for COS1 should always be set to 1 second. Burst of 1 second is equal to
the COS1 Bandwidth (BW) / 8.
ip cef
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
!
policy-map COS
class COS1
priority
queue-limit 2048 packets
police <COS1 BW > <Burst size> conform-action set-dscp-transmit ef exceed-action drop
class COS2
bandwidth remaining percent <COS2 %>
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent <COS3 %>
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent <COS4 %>
set ip dscp default
queue-limit 64 packets
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 32
!
policy-map DSL-SHAPE
class class-default
shape average <Port Speed * .60> <(Port Speed * .60)/100>
service-policy COS
4.2.6 NXT1 MLPPP Access
With NXT1 MLPPP Access, the policy-map “COS_MLPPP” is applied to the multilink interface.
Note: Burst interval for COS1 should always be set to 1 second. Burst of 1 second is equal to
the COS1 Bandwidth (BW) / 8.
ip cef
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
!
policy-map COS_MLPPP
class COS1
priority
queue-limit 2048 packets
police <COS1 BW > <Burst size> conform-action set-dscp-transmit ef exceed-action drop
class COS2
bandwidth remaining percent <COS2 %>
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent <COS3 %>
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent <COS4 %>
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 33
set ip dscp default
queue-limit 64 packets
4.2.7 T3/E3 Frame Relay Encapsulation
Multiple VPN connections over a single private line access are typically provided using Frame
Relay encapsulation on the access link to provide L2 differentiation of the connections. Frame
Encapsulation refers to a dedicated access (“ip port”) rather than frame relay service access.
With Frame Relay encapsulation, a policy-map will be applied to each sub- interface (or one
policy-map to each subinterface if there are multiple subinterfaces).
Note: Burst interval for COS1 should always be set to 1 second. Burst of 1 second is equal to
the COS1 Bandwidth (BW) / 8.
ip cef
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
!
policy-map COS
class COS1
priority
queue-limit 2048 packets
police <COS1 BW > <Burst size> conform-action set-dscp-transmit ef exceed-action drop
class COS2
bandwidth remaining percent <COS2 %>
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent <COS3 %>
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent <COS4 %>
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 34
set ip dscp default
queue-limit 64 packets
policy-map SHAPE_FR_ENCAP **This policy map applied to serial sub-interface**
class class-default
shape average <Port Speed * .95> <(Port Speed * .95)/250> 0
service-policy COS
4.2.8 Ethernet Access
Ethernet access requires a shaping policy map be applied to the Ethernet interface. The
policy map for the COS is applied to the shaping policy map. The shape rate of the shaping
policy map should be set to a percentage of the port speed. See section 2.3 Special
Engineering Guidelines for Ethernet Access for the guidelines.
Note: Burst interval for COS1 should always be set to 1 second. Burst of 1 second is equal to
the COS1 Bandwidth (BW) / 8.
For Ethernet access, the shaping rate typically is 99% of port or VLAN speed. Refer to the
Ethernet Shaping Table in section 2.3.
For Ethernet access with VLANs, a separate policy-map should be applied to each
subinterface.
ip cef
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
!
policy-map COS
class COS1
priority
Note: Cisco recommends the BC value
be divisible by 128 (rounded up).
Note – Voice only
customers (no
data) should not
set the BE equal
to 0. It should be
left blank.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 35
queue-limit 2048 packets
police <COS1 BW > <Burst size> conform-action set-dscp-transmit ef exceed-action drop
class COS2
bandwidth remaining percent <COS2 %> account user-defined 28
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent <COS3 %> account user-defined 28
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent <COS4 %> account user-defined 28
set ip dscp default
queue-limit 64 packets
!
policy-map Ether-Shape **This policy-map applied to Ethernet interface**
class class-default
shape average <Shaping Rate– see section 2.3> <Shaping Rate/250> 0 account user-
defined 28
service-policy COS
4.2.9 COS6 Example
Following is an example of how to configure a service policy for a COS6 configuration by
adding on the COS2V and COS5 classes.
Note: Burst interval for COS1 should always be set to 1 second. Burst of 1 second is equal to
the COS1 Bandwidth (BW) / 8.
ip cef
!
policy-map MARK-BGP
Note: Cisco recommends this
value be divisible by 128
(rounded up).
Note – Voice only
customers (no data)
should not set the BE
equal to 0. It should be
left blank.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 36
class BGP
set ip dscp cs6
!
policy-map COS
class COS1
priority
queue-limit 2048 packets
police <COS1 BW > <Burst size> conform-action set-dscp-transmit ef exceed-action drop
class COS2V
bandwidth remaining percent <COS2V%>
set ip dscp af41
queue-limit 64 packets
class COS2
bandwidth remaining percent <COS2%>
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent <COS3%>
set ip dscp af21
queue-limit 64 packets
class COS5
bandwidth remaining percent <COS5%>
set ip dscp af11
queue-limit 64 packets
class class-default
bandwidth remaining percent <COS4%>
set ip dscp default
queue-limit 64 packets
4.3 Interface Configuration
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 37
This section gives examples of how to configure the various interface types.
Special Considerations:
T3/E3 ATM access is not currently supported on ISR G2 routers. Further testing must
be completed on the NM-1A-T3/E3 cards due to a change in the QOS mechanism of
this new hardware.
IMA (Inverse Multiplexing over ATM) interfaces are not supported on ISR G2 platforms
4.3.1 Standard Frame Relay interface with MLPPP encapsulation (T1 port
speeds: 768Kbit/s and less)
On low speed ports, MLPPP is required to support fragmentation (CRTP is optional). MLPPP
is turned on via a virtual template that is applied to the subinterface.
On the main frame-relay interface:
Set encapsulation to “frame-relay IETF”.
Configure “frame-relay lmi-type” for cisco
Configure “hold-queue 32768 out”.
On the subinterface:
Configure “frame-relay interface-dlci <#> ppp virtual-template #”
On the Virtual Template Interface
Configure the bandwidth to 90% of the CIR
Configure the IP address of the interface which should be the CER side of the /30
subnet assigned for the CER/PER link.
Configure “ppp multilink”
Configure “ppp multilink interleave”
Configure “ppp multilink fragment delay” with the appropriate number (see fragment
delay guidelines in this section)
Configure the output service policy (SHAPE_FR in this example)
Example of T1 speed (768Kbit/s and less) on ISR G2:
interface Serial0/2/0
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type cisco
hold-queue 32768 out
interface Serial0/2/0.1 point-to-point
frame-relay interface-dlci 99 ppp Virtual-Template1
interface Virtual-Template1
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 38
bandwidth <(CIR * .90)/1000>
ip address <ip address> <mask>
load-interval 30
ppp multilink
ppp multilink interleave
ppp multilink fragment delay X <see chart on fragment delay guidelines in this
section>
service-policy output SHAPE_FR
The actual size of fragmented packets is a function of the ‘bandwidth’ statement and the
‘fragment delay’ within the virtual template. The core of the network uses ATM cell transport.
When using small packets, such as in a fragmentation and interleaving configuration, it is
important to make efficient utilization of the underlying ATM cells. To facilitate this, the
following settings should be used for the MLPPP bandwidth and fragment delay.
Fragment Delay Guidelines
Port peed in
Kbps
Fragment
delay in msec
64
10
128
11
192
11
256
10
320
10
384
10
448
10
512
10
576
10
640
10
704
10
768
10
4.3.2 Standard Frame Relay Interface (T1 speeds: 1024 to 1536Kbit/s; and
T3 speeds)
On the main frame-relay interface:
The bandwidth should be set to slightly less than the CIR of the interface, which is
typically port speed.
Set encapsulation to “frame-relay”.
Configure “frame-relay lmi-type” for cisco
Configure “hold-queue 32768 out”.
On the subinterface:
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 39
Configure the IP address of the interface which should be the CER side of the /30
subnet assigned for the CER/PER link.
Configure the Frame-Relay DLCI number.
Apply the shaping service policy (SHAPE_FR in this example).
Example of T1 FR interface on ISR G2:
interface Serial0/2/0
bandwidth <(CIR * .90)/1000>
no ip address
encapsulation frame-relay
frame-relay lmi-type cisco
load-interval 30
hold-queue 32768 out
!
interface Serial0/2/0.1 point-to-point
ip address <ip address> <mask>
frame-relay interface-dlci <dlci number> IETF
service-policy output SHAPE_FR
Example of T3 FR interface on ISR G2:
For T3/E3 Frame Relay configuration on an ISR G2, the NM1T3/E3 “card type” must
be configured for the appropriate type. The DSU bandwidth should be configured for
the proper speed.
card type <t3/e3> <slot#>
!
interface Serial2/0
bandwidth <(CIR * .95)/1000>
no ip address
encapsulation frame-relay
framing c-bit
load-interval 30
dsu bandwidth <interface BW in Kbps>
frame-relay lmi-type cisco
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 40
hold-queue 32768 out
!
interface Serial2/0.1 point-to-point
ip address <ip address> <mask>
frame-relay interface-dlci <dlci number> IETF
service-policy output SHAPE_FR
4.3.3 PPP access (T1 speeds: 1024 to 1536Kbit/s; and T3 speeds)
On the main interface:
Configure the bandwidth to slightly less than the CIR of the interface, which is typically
port speed
Configure the IP address of the interface which should be the CER side of the /30
subnet assigned for the CER/PER link.
Set encapsulation to “ppp”.
Configure “hold-queue 32768 out” under the main interface.
Apply the CoS policy “SHAPE_PPP”.
Example of T1 PPP Access on ISR-G2 with external DSU ( HWIC-1T or 2T):
interface Serial0/1/0
bandwidth <port speed * 95%>
ip address <ip address> <mask>
encapsulation ppp
service-policy output SHAPE_PPP
hold-queue 32768 out
Example of T1 PPP Access on ISR-G2 with internal DSU (HWIC-1DSU-T1):
interface Serial0/1/0
bandwidth <port speed * 95%>
ip address <ip address> <subnet mask>
encapsulation ppp
service-module t1 framing esf
service-module t1 linecode b8zs
service-module t1 timeslots 1-24 speed 64
service-policy output SHAPE_PPP
hold-queue 32768 out
# of T1 timeslots. This example uses full T1
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 41
Example of T3 PPP access on ISR-G2 with internal DSU NM1T3/E3 card:
For T3 PPP access configuration on an ISR-G2, the NM1T3/E3 “card type” must be
set to T3. Then the T3 controller must be configured for c-bit framing. On the serial
interface, the DSU bandwidth should be configured for the proper speed. Scrambling
should be enabled.
card type <t3/e3> <slot#>
controller t3 1/0
framing c-bit
interface Serial1/0
bandwidth <port speed * 95%>
ip address <ip address> <mask>
encapsulation ppp
crc 32
load-interval 30
dsu bandwidth <interface BW in Kbps>
scramble
service-policy output SHAPE_PPP
hold-queue 32768 out
4.3.4 DSL
Three flavors of DSL will be supported on AT&T VPN as an underlying transport
service: ADSL, SHDSL and DSL modem.
Each provider in each country has their own offerings with respect to DSL type and
speeds. For ADSL, the current maximum speeds are 8M/832K
DOWNSTREAM/UPSTREAM respectively. For SHDSL, the maximum speed is
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 42
2304K/2304K in two wire mode and 4608K/4608K in four-wire mode. Actual orderable
speeds will vary from provider to provider and also will be limited by systems support.
4.3.4.1 ADSL
There are 2 different cards that are supported with ADSL: 1) HWIC-1ADSL, and 2)
HWIC-1ADSLI.
HWIC-1ADSL:
On the main interface:
The mtu MUST be set to 1500 .
“DSL operating-mode” should be set to auto.
On the subinterface:
The mtu MUST be set to 1500
Configure the IP address of the interface which should be the CER side of the /30
subnet assigned for the CER/PER link.
Configure the PVC with a VPI/VCI.
Create “vbr-rt” statement for shaping under ATM PVC.
The tx-ring-limit must be set to 3 for shaped rates less than or equal to 2048
kbps, otherwise set to 10.
Configure “vc-hold-queue” to 2048.
“Oam-pvc manage” should be set to 0.
Configure encapsulation type (typically aal5snap)
Apply output service policy, “COS” in this example
Sample HWIC-1ADSL or HWIC-1ADSLI configuration:
interface ATM0/1/0
mtu 1500
no ip address
load-interval 30
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/1/0.35 point-to-point
mtu 1500
ip address <ip address> <subnet>
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 43
no snmp trap link-status
pvc <vpi/vci>
vbr-rt <PCR in Kbps> <SCR in Kbps>
tx-ring-limit <3 or 10 depending on scr>
vc-hold-queue 2048
oam-pvc manage 0
encapsulation aal5snap
service-policy output COS
In order to verify the speed being received from the network, use the command “show
dsl interface”. The lower US (upstream) rate (as opposed to the DS (downstream)
rate )should be used as the PCR. In this example, the US rate is 380 Kbit/s (which
should be used to configure PCR). The link speed is shown in bold below:
Router#show dsl int
ATM0/3/0
Alcatel 20190 chipset information
ATU-R (DS) ATU-C (US)
Modem Status: Showtime (DMTDSL_SHOWTIME)
DSL Mode: ITU G.992.5 (ADSL2+) Annex A
ITU STD NUM: 0x03 0x2
Chip Vendor ID: 'STMI' 'BDCM'
Chip Vendor Specific: 0x0000 0x6206
Chip Vendor Country: 0x0F 0xB5
Modem Vendor ID: 'CSCO' ' '
Modem Vendor Specific: 0x0000 0x0000
Modem Vendor Country: 0xB5 0x00
Serial Number Near: FOC10162LHZCISCO73993205
Serial Number Far: Chip ID: C196 (0)
DFE BOM: DFE3.0 Annex A (1)
Capacity Used: 11% 100%
Noise Margin: 48.0 dB 31.0 dB
Output Power: 11.0 dBm 7.0 dBm
Attenuation: 2.0 dB 0.0 dB
Defect Status: None None
Last Fail Code: None
Watchdog Counter: 0xAC
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction: 0x00
Interrupts: 28967 (0 spurious)
PHY Access Err: 0
Activations: 6
LED Status: OFF
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 44
LED On Time: 0
LED Off Time: 0
Init FW: init_AMR-3.0.014_no_bist.bin
Operation FW: AMR-3.0.014.bin
FW Source: embedded
FW Version: 3.0.14
DS Channel1 DS Channel0 US Channel1 US Channel0
Speed (kbps): 0 2200 0 380
Cells: 0 110 0 136496
Reed-Solomon EC: 0 0 0 0
CRC Errors: 0 0 0 0
Header Errors: 0 0 0 0
Total BER: 0E-0 0E-0
Leakage Average BER: 0E-0 0E-0
Interleave Delay: 0 12 0 24
ATU-R (DS) ATU-C (US)
Bitswap: enabled enabled
Bitswap success: 0 0
Bitswap failure: 0 0
LOM Monitoring : Disabled
4.3.4.2 SHDSL
The only card supported for SHDSL is the HWIC-2SHDSL (2-wire or 4-wire)
HWIC-2SHDSL:
When utilizing the HWIC-2SHDSL hardware in 2-wire mode, certain DSL specific
parameters must be set properly in order for the interface to operate. First the
controller must be configured.
Once the controller is configured, an ATM interface is automatically created.
On the main interface:
Configure the mtu for 1500
On the subinterface:
Configure the mtu for 1500.
Configure the IP address of the interface which should be the CER side of the
/30 subnet assigned for the CER/PER link.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 45
Configure the PVC with a VPI/VCI.
Create “vbr-rt” statement for shaping under ATM PVC.
The tx-ring-limit must be set to 3 for shaped rates less than or equal to 2048
kbps, otherwise set to 10.
Configure “vc-hold-queue” to 2048.
“Oam-pvc manage” should be set to 0.
Configure encapsulation type (typically aal5snap)
Apply output service policy, “COS” in this example
Sample configuration of HWIC-2SHDSL 2-Wire:
controller SHDSL 0/1/0
dsl-group 0 pairs 0
shdsl annex <A, B or A-B>
shdsl rate <PCR or SCR in Kbps>
interface ATM0/1/0
mtu 1500
no ip address
load-interval 30
no atm ilmi-keepalive
!
interface ATM0/1/0.35 point-to-point
mtu 1500
ip address <ip address> <subnet mask>
no snmp trap link-status
pvc <vpi/vci>
vbr-rt <PCR in Kbps> <SCR in Kbps>
tx-ring-limit <3 or 10 depending on shape rate>
vc-hold-queue 2048
oam-pvc manage 0
oam retry 3 5 1
oam ais-rdi 10 3
encapsulation aal5snap
service-policy output COS
When utilizing the HWIC-2SHDSL hardware in 4-wire mode, certain DSL specific
parameters must be set properly in order for the interface to operate. First the
controller must be configured. Once the controller is configured, an ATM interface is
automatically created.
Sample configuration of HWIC-2SHDSL 4-Wire:
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 46
controller SHDSL 0/1/0
dsl-group 0 pairs 0, 1
shdsl 4-wire mode enhanced
shdsl annex <A, B or A-B>
shdsl rate <port speed>
!
interface ATM0/1/0
mtu 1500
no ip address
load-interval 30
no atm ilmi-keepalive
!
interface ATM0/1/0.35 point-to-point
mtu 1500
ip address <ip address> <subnet>
no snmp trap link-status
pvc <vpi/vci >
vbr-rt <PCR in Kbps> <SCR in Kbps>
tx-ring-limit <3 or 10 depending on shape rate>
vc-hold-queue 2048
oam-pvc manage 0
encapsulation aal5snap
service-policy output COS
In order to verify the speed being received from the network, use the command “show
controller shdsl”. This rate should be used to configure the PCR. The link rate is
shown in bold below:
Router#show controller shdsl
Controller SHDSL 0/1/0 is UP
Hardware is HWIC-2SHDSL, rev 1 on slot 0, hwic slot 1
Capabilities: 2/4 wire, Annex A, B, F & G, CPE termination
cdb=0x47910BB0, plugin=0x477C77E0, ds=0x478F5798 base=0xB0200000
FPGA Version is REL.3.4.0, NIOSII FW:Ver 3.2, status Running
SDFE-2 HW:Rev 1.3, status UP FW:Ver 1.1-1.5.8__002 , status Running
NIOSII Firmware image: System
SDFE2 Firmware image: System
Number of pairs 2, number of groups configured 1
Ignored CLI cmds(0), Event buffer: in use(0), failed(0)
Group (0) info:
Type: 2-wire g.shdsl, status: UP
Interface: ATM0/1/0, hwidb: 0x47910D18, UTOPIA phy 0
Configured/active num links: 1/1, bit map: 0x1/0x1
Line termination: CPE, line mode: 2-wire, Annex-A-B, PMMS disabled
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 47
Line coding: 16-TCPAM, configured/actual rate: AUTO/384 kbps
SHDSL wire-pair (0) is in DSL UP state
Termination: CPE, line mode: 2-wire, Annex-A-B
Line coding: 16-TCPAM, configured/actual rate: AUTO/384 kbps
CONNECT state: MAIN_DATA_MODE, cond: GHS_TRANSFER, reason:
ERR_NONE
Power back off: 6dB, FE power back off: 6dB
LoopAttn: 1dB, SnrMargin: 8dB, Status noDefect
Current 15 minute statistics (Time Elapsed 119 seconds):
ES: 0, SES: 0, CRC: 0, LOSWS: 0, UAS: 0
Previous 15 minute statistics:
ES: 0, SES: 0, CRC: 0, LOSWS: 0, UAS: 0
Current 24 hr statistics:
ES: 0, SES: 0, CRC: 0, LOSWS: 24, UAS: 6
Previous 24 hr statistics:
ES: 0, SES: 0, CRC: 0, LOSWS: 0, UAS: 0
ATM-TC Tx: data cells: 1067512, Idle/Unassigned: 110
ATM-TC Rx: data cells: 261, uncorr HEC: 6, corr HEC: 0
ATM-TC Rx: OCD: 0, LCD start: 0, LCD end: 0
Group (1) is Not configured.
4.3.4.3 DSL Modem
When using a DSL modem, the CER will contain a Frame Relay interface. The Frame
Relay is then plugged into the DSL modem. When using a DSL modem, the Frame
Relay interface must be shaped to 60% of T1 speed. In addition, COS1 cannot be
greater than 533Kbit/s (equivalent to 24 calls using G729 codec with 30 byte payload),
For this configuration, use Frame Relay bandwidth per call numbers.
On the main frame-relay interface:
The bandwidth should be set to slightly less than the CIR of the interface, which is
typically port speed.
Set encapsulation to “frame-relay”.
Configure “hold-queue 32768 out”.
On the subinterface:
Configure the IP address of the interface which should be the CER side of the /30
subnet assigned for the CER/PER link.
Configure the Frame-Relay DLCI number.
Apply the shaping service policy (DSL-SHAPE in this example).
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 48
interface Serial0/1/0
description - SDSL (DSL Modem) Link
bandwidth <(CIR * .90)/1000>
no ip address
encapsulation frame-relay IETF
load-interval 30
hold-queue 32768 out
!
interface Serial0/1/0.1 point-to-point
ip address <ip address> <subnet>
snmp trap link-status
frame-relay interface-dlci <DCLI> IETF
service-policy output DSL-SHAPE
4.3.5 NXT1 MLPPP Access (2 – 8 T1s)
For N X T1 MLPPP access, each individual T1 interface will need to be configured as part of a
multilink group.
Define the VWIC2-(1 or 2) MFT-T1/E1 as T1 or E1 cards with the command “card
type <t1 or e1> <slot #>”.
Configure each controller with the following:
o framing esf
o linecode b8zs
o channel-group 0 timeslots 1-24
Once the controller cards are configured, serial interfaces which match the controller
numbers will appear. Each of these serial interfaces must be configured to be part of a
multilink group/interface with the following commands:
o no ip address
o encapsulation ppp
o load-interval 30
o ppp chap hostname <CER IP address>
o ppp multilink
o ppp multilink group 1
The multilink interface should be configured with:
o Configure the IP address of the interface which should be the CER side of the
/30 subnet assigned for the CER/PER link.
o PPP CHAP must be used with the IP address of the CER.
o Configure “ppp multilink”
o Configure “ppp multilink 1”
o Configure “ppp multilink fragment disable”
o Apply the output service policy (COS_MLPPP in this example)
o Configure the “hold-queue” to 32768
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 49
Example of 4 X T1 MLPPP on ISR G2:
card type t1 0 0
card type t1 0 1
!
!
controller T1 0/0/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/1/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
interface Multilink1
ip address <ip address> <mask>
load-interval 30
ppp chap hostname <CER IP address>
ppp multilink
ppp multilink group 1
ppp multilink fragment disable
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 50
service-policy output COS_MLPPP
hold-queue 32768 out
!
interface Serial0/0/0:0
no ip address
encapsulation ppp
load-interval 30
ppp chap hostname <CER IP address>
ppp multilink
ppp multilink group 1
!
interface Serial0/0/1:0
no ip address
encapsulation ppp
load-interval 30
ppp chap hostname <CER IP address>
ppp multilink
ppp multilink group 1
!
interface Serial0/1/0:0
no ip address
encapsulation ppp
load-interval 30
ppp chap hostname <CER IP address>
ppp multilink
ppp multilink group 1
interface Serial0/1/1:0
no ip address
encapsulation ppp
load-interval 30
ppp chap hostname <CER IP address>
ppp multilink
ppp multilink group 1
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 51
4.3.6 T3 Frame Relay Encapsulation
Configure the NM1T3/E3 “card type” for the appropriate type and slot number:
o “card type <t3/e3> <slot#> “
A T3/E3 controller interface will be created. Set the framing to “c-bit”.
On the main Serial interface:
o Configure the bandwidth to slightly less than the CIR of the interface,
which is typically port speed
o Set encapsulation to “frame-relay”.
o Set the DSU bandwidth for the proper speed.
o Set the frame-relay lmi-type (typically set to “cisco”)
o Configure “hold-queue 32768 out”.
Each subinterface will be configured with:
o IP address which should be the CER side of the /30 subnet assigned for
the CER/PER link.
o The Frame-Relay DLCI number.
o Outbound service policy
Example of T3 Frame Relay encapsulation on ISR G2 with internal DSU (NM-1T3/E3):
card type <t3/e3> <slot#>
!
controller T3 2/0
framing c-bit
!
interface Serial2/0
bandwidth <Access speed * 95%>
no ip address
encapsulation frame-relay
load-interval 30
dsu bandwidth <interface BW in Kbps>
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 52
serial restart-delay 0
frame-relay lmi-type cisco
hold-queue 32768 out
!
interface Serial2/0.1 point-to-point
ip address <ip address> <mask>
frame-relay interface-dlci <DLCI> IETF
service-policy output COS1
!
interface Serial2/0.2 point-to-point
ip address <ip address> <mask>
frame-relay interface-dlci <DLCI> IETF
service-policy output COS2
4.3.7 Ethernet Access
For Ethernet access configuration, the interface bandwidth statement must be
configured to the access or VLAN speed. The IP address is configured which should be
the CER side of the /30 subnet assigned for the CER/PER link. The shaping policy, “Ether-
Shape” is applied to the serial interface.
On the main interface:
Configure IP address which should be the CER side of the /30 subnet assigned for the
CER/PER link.
Set duplex to full
Set interface speed appropriate to the speed ordered
Configure the service policy name (Ether-Shape in the following example)
Configure “hold-queue 32768 out”
Full port Ethernet:
Following is a sample port configuration for full port Ethernet:
interface GigabitEthernet0/0
ip address <ip address> <mask>
load-interval 30
duplex full (do not use auto – force full duplex operation)
speed 1000 (10 or 100 are also selectable)
service-policy output Ether-Shape
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 53
hold-queue 32768 out
Single Stack VLAN Tag:
Following is an example of a single stack VLAN tag configuration. A VLAN
subinterface is configured using the AT&T supplied VLAN ID tag in the encapsulation
command.
Follow commands shown previously in this section for the main Ethernet interface,
except do not configure the IP address. IP addresses will be configured on each
subinterface.
For each subinterface:
Configure “encapsulation dot1Q” with the appropriate VLAN tag number.
Configure IP address for the subinterface which should be the CER side of the
/30 subnet assigned for the CER/PER link
Configure the service policy name (Ether-Shape in the following example)
interface GigabitEthernet0/1
no ip address
load-interval 30
duplex full (do not use auto – force full duplex operation)
speed 100 (10 or 1000 are also selectable)
hold-queue 32768 out
!
interface GigabitEthernet0/1.201
encapsulation dot1Q <VLAN tag>
ip address <ip address> <mask>
ip virtual-reassembly
service-policy output Ether-Shape
Dual Stack VLAN Tag:
Following is an example of a dual stack VLAN tag configuration. A VLAN subinterface
is configured using the AT&T supplied VLAN ID tag in the inner tag encapsulation
command. The subinterface should also be numbered with the inner VLAN ID tag.
The outer tag as supplied by the ESP is added to the encapsulation command.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 54
Follow commands shown previously in this section for the main Ethernet interface,
except do not configure the IP address. IP addresses will be configured on each
subinterface.
For each subinterface:
Configure “encapsulation dot1Q <inner VLAN tag number> second-dot1Q
<outer VLAN tag number>
Configure IP address for the subinterface which should be the CER side of the
/30 subnet assigned for the CER/PER link
Configure the service policy name (Ether-Shape in the following example)
interface GigabitEthernet0/0
no ip address
load-interval 30
duplex full (do not use auto – force full duplex operation)
speed 1000 (10 or 100 are also selectable)
hold-queue 32768 out
interface GigabitEthernet0/0.2004 (recommend to set the subinterface numbering to the
VLAN tag ID)
encapsulation dot1Q <inner VLAN tag> second-dot1q <outer VLAN tag>
ip address <ip address> <mask>
service-policy output Ether-Shape
Subrates are treated differently than full port configurations with regards to shaping. For
subrate speeds, shaping is merely the subrate speed instead of 95% of it.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 55
4.4 Frame Relay Traffic Shaping for Frame Relay Interfaces only
Frame Relay traffic shaping is no longer supported on ISR G2 routers.
5 Customer Edge Router configurations specific to a TDM
Gateway
There is configuration required on the CER for TDM Gateway solutions. The
information below will assist in configuring the CER to insure interoperability with your
TDM Gateway environment.
Please refer to the following document for details on configuring a TDM Gateway:
“TDM PBX Customer Configuration Guide”
(http://www.corp.att.com/bvoip/avpn/implementation/ (login: att, password: attvoip).
Use the appropriate guide for your router platform.
5.1 TDM Gateway combined in CER
The following will assist in configuring the correct routing on the CER with a combined
TDM Gateway.
A loopback interface on the CER/TDM Gateway must be configured as the IP
Flexible Reach Service and/or AT&T IP Toll-Free Signaling and Media address. For
TDM Gateway, signaling and media use the same IP address. That loopback
address must be advertised by the CER via a BGP network statement:
router bgp <your AS number>
no synchronization
bgp log-neighbor-changes
network <TDM loopback IP Address> mask 255.255.255.255
neighbor <PER IP address> remote-as <remote AS>
neighbor <PER IP address> allowas-in
no auto-summary
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 56
TDM gateway example diagram:
AT&T IP Flexible Reach Service or AT&T IP Toll-Free on AT&T VPN site
with VPN CSU-Probe, CER with combined TDM Gateway Router
(CPE site design – physical view)
TDM PBX
phone#2
AT&T VPN CSU-Probe -
optional
(managed by AT&T)
TDM PBX
phone#1
WAN
connection
CER with
combined TDM
Gateway
Traditional
PBX
T1 cable
T1 PPP WAN IP Address:
192.22.44.1
TDM Loopback IP
Address: 135.16.170.155
CER configuration example: static route and BGP statements:
router bgp 6500
no synchronization
bgp log-neighbor-changes
network 135.16.170.155 mask 255.255.255.255
neighbor 192.22.44.2 remote-as 34000
neighbor 192.22.44.2 allowas-in
no auto-summary
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 57
Appendix A: Sample ISR G2 Router Configurations
In these configurations, commands required for proper voice configuration are bolded.
A.1 Frame Relay interface with MLPPP encapsulation & fragmentation (768Kbit/s and
less)
Current configuration : 13623 bytes
!
! Last configuration change at 10:51:53 EDST Wed Apr 13 2011 by cisco
! NVRAM config last updated at 11:45:01 EDST Mon Apr 11 2011 by cisco
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 3925B-Dallas
!
boot-start-marker
boot system flash:c3900-universalk9-mz.SPA.152-1.T2ES
boot-end-marker
!
!
logging buffered 2000000
no logging console
enable password 7 1511021F0725
!
no aaa new-model
clock timezone EST -5 0
clock summer-time EDST recurring
clock calendar-valid
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
ip domain name hawaii
multilink bundle-name authenticated
!
!
!
username admin password 7 05080F1C2243
username vinny privilege 15 secret 5 $1$R6YO$Fwu2KYGdeFGsbgGJviSGt1
username cisco password 7 030752180500
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 58
!
redundancy
!
!
!
class-map match-any BGP
match access-group name BGP
class-map match-any COS3
match access-group name COS3-Traffic
class-map match-any COS2
match access-group name COS2-Traffic
match access-group name BGP
class-map match-any COS1
match access-group name RTP
match access-group name SIP
match access-group name SCCP
!
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
policy-map COS
class COS1
priority
queue-limit 2048 packets
police 616000 77000 conform-action set-dscp-transmit ef exceed-action
drop
compress header ip rtp
class COS2
bandwidth remaining percent 40
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent 30
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent 30
set ip dscp default
queue-limit 64 packets
policy-map SHAPE_FR
class class-default
shape average 690000 6900 0
service-policy COS
!
!
interface GigabitEthernet0/0
description Faces SBC
ip address 172.22.16.1 255.255.255.0
duplex full
speed 100
no keepalive
!
interface GigabitEthernet0/1
no ip address
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 59
load-interval 30
duplex full
speed auto
!
!
interface GigabitEthernet0/2
no ip address
!
interface Serial0/0/0
no ip address
encapsulation frame-relay IETF
load-interval 30
frame-relay lmi-type cisco
hold-queue 32768 out
!
interface Serial0/0/0.1 point-to-point
bandwidth 690
snmp trap link-status
frame-relay interface-dlci 237 ppp Virtual-Template1
!
!
interface Virtual-Template1
bandwidth 690
ip address 192.166.201.1 255.255.255.252
load-interval 30
ppp multilink
ppp multilink interleave
ppp multilink fragment delay 10
service-policy output SHAPE_FR
!
router bgp 65000
bgp router-id 196.96.1.9
bgp log-neighbor-changes
network 135.16.170.2 mask 255.255.255.255
network 32.252.97.40 mask 255.255.255.252
neighbor 192.166.201.2 remote-as 13979
neighbor 192.166.201.2 allowas-in
no auto-summary
!
!
ip route 135.16.170.2 255.255.255.255 172.22.16.2
*** Static Route to SBC IP Flexible Reach Signaling IP address***
!
ip access-list extended BGP
permit tcp any eq bgp any
permit tcp any any eq bgp
ip access-list extended COS2-Traffic
permit udp any any eq 2082
permit udp any eq 2082 any
ip access-list extended COS3-Traffic
permit udp any any eq 2083
permit udp any eq 2083 any
ip access-list extended COS4-Traffic
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 60
permit ip any any
ip access-list extended RTP
permit udp any range 16384 32767 any range 16384 32767
ip access-list extended SCCP
permit tcp any range 2000 2003 any
permit tcp any any range 2000 2003
ip access-list extended SIP
permit udp any eq 5060 any
permit udp any any eq 5060
permit tcp any eq 5060 any
permit tcp any any eq 5060
!
!
map-class frame-relay shape768
frame-relay cir 691000
frame-relay bc 6910
frame-relay be 0
frame-relay mincir 691000
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 600 0
login local
line aux 0
line vty 0 4
exec-timeout 300 0
privilege level 15
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
exception data-corruption buffer truncate
scheduler allocate 20000 1000
end
A.2 N X T1 MLPPP Access (4 T1s)
3925C-Miami#show run
Building configuration...
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 61
Current configuration : 13444 bytes
!
! Last configuration change at 14:49:06 EDST Thu Apr 7 2011 by cisco
! NVRAM config last updated at 14:49:08 EDST Thu Apr 7 2011 by cisco
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 3925C-Miami
!
boot-start-marker
boot system flash:c3900-universalk9-mz.SPA.152-1.T2ES
boot-end-marker
!
!
card type t1 0 2
card type t1 0 3
logging buffered 51200 warnings
enable password 7 060506324F41
!
no aaa new-model
clock timezone EST -5 0
clock summer-time EDST recurring
clock calendar-valid
no network-clock-participate wic 2
no network-clock-participate wic 3
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
!
!
username admin password 7 070C285F4D06
username vinny privilege 15 secret 5 $1$EL3i$PAYezSnlq1qvDcSe4MbVt1
username cisco password 7 01100F175804
!
redundancy
!
!
controller T1 0/2/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/2/1
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 62
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/3/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/3/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
!
class-map match-any BGP
match access-group name BGP
class-map match-any COS3
match access-group name COS3-Traffic
class-map match-any COS2
match access-group name COS2-Traffic
match access-group name BGP
class-map match-any COS1
match access-group name RTP
match access-group name SIP
match access-group name SCCP
!
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
policy-map COS
class COS1
priority
queue-limit 2048 packets
police 27000000 3375000 conform-action set-dscp-transmit ef exceed-
action drop
class COS2
bandwidth remaining percent 40
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent 30
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent 30
set ip dscp default
queue-limit 64 packets
!
!
interface Multilink1
ip address 192.168.200.1 255.255.255.252
load-interval 30
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 63
ppp chap hostname 192.168.200.2
ppp multilink
ppp multilink group 1
ppp multilink fragment disable
service-policy output COS_MLPPP
hold-queue 32768 out
!
interface GigabitEthernet0/0
description Faces SBC
ip address 172.22.16.1 255.255.255.0
duplex full
speed 100
no keepalive
!
interface GigabitEthernet0/1
no ip address
load-interval 30
duplex full
speed 100
!
!
interface GigabitEthernet0/2
no ip address
!
interface Serial0/2/0:0
no ip address
encapsulation ppp
load-interval 30
ppp chap hostname 192.168.200.2
ppp multilink
ppp multilink group 1
!
interface Serial0/2/1:0
no ip address
encapsulation ppp
load-interval 30
ppp chap hostname 192.168.200.2
ppp multilink
ppp multilink group 1
!
interface Serial0/3/0:0
no ip address
encapsulation ppp
load-interval 30
ppp chap hostname 192.168.200.2
ppp multilink
ppp multilink group 1
!
interface Serial0/3/1:0
no ip address
encapsulation ppp
load-interval 30
ppp chap hostname 192.168.200.2
ppp multilink
ppp multilink group 1
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 64
!
!
router bgp 65000
bgp router-id 192.168.200.2
bgp log-neighbor-changes
network 135.16.170.2 mask 255.255.255.255
network 32.252.97.40 mask 255.255.255.252
neighbor 192.168.200.2 remote-as 13979
neighbor 192.168.200.2 allowas-in
no auto-summary
!
ip route 135.16.170.2 255.255.255.255 172.22.16.2
*** Static Route to SBC – IP Flexible Reach Signaling IP address***
!
!
ip access-list extended BGP
permit tcp any eq bgp any
permit tcp any any eq bgp
ip access-list extended COS2-Traffic
permit udp any any eq 2082
permit udp any eq 2082 any
permit tcp any any eq www
permit tcp any eq www any
ip access-list extended COS3-Traffic
permit udp any any eq 2083
permit udp any eq 2083 any
permit tcp any any eq smtp
permit tcp any eq smtp any
ip access-list extended COS4-Traffic
permit ip any any
ip access-list extended RTP
permit udp any range 16384 32767 any range 16384 32767
ip access-list extended SCCP
permit tcp any range 2000 2003 any
permit tcp any any range 2000 2003
ip access-list extended SIP
permit udp any eq 5060 any
permit udp any any eq 5060
permit tcp any eq 5060 any
permit tcp any any eq 5060
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 600 0
login local
line aux 0
line vty 0 4
exec-timeout 300 0
privilege level 15
login local
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 65
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
A.3 T1 PPP Access
2921A-Tokyo#sh run
Building configuration...
Current configuration : 13755 bytes
!
! Last configuration change at 09:23:46 EDST Wed May 11 2011 by cisco
! NVRAM config last updated at 14:40:06 EDST Thu Apr 28 2011 by vinny
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2921A-Tokyo
!
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.152-1.T2ES
!
!
logging buffered 51200 warnings
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 66
enable password 7 05080F1C2243
!
memory-size iomem 15
clock timezone EST -5 0
clock summer-time EDST recurring
clock calendar-valid
!
no ipv6 cef
ip source-route
ip cef
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
username admin password 7 05080F1C2243
username vinny privilege 15 secret 5 $1$TtBY$qS0vL0o7LN7WRKlBvP6BY0
username cisco password 7 070C285F4D06
!
redundancy
!
!
!
!
!
!
policy-map MARK-BGP
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 67
class BGP
set ip dscp cs6
policy-map COS
class COS1
priority
queue-limit 2048 packets
police 768000 96000 conform-action set-dscp-transmit ef exceed-action
drop
class COS2
bandwidth remaining percent 40
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent 30
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent 30
set ip dscp default
queue-limit 64 packets
policy-map 100M-SHAPE
class class-default
shape average 1456000 14560
service-policy COS
!
!
interface GigabitEthernet0/0
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 68
description Faces SBC
ip address 172.22.16.1 255.255.255.0
duplex full
speed 100
no keepalive
!
!
interface GigabitEthernet0/1
no ip address
load-interval 30
duplex full
speed auto
media-type rj45
no keepalive
!
!
interface GigabitEthernet0/2
no ip address
!
!
interface Serial0/2/0
bandwidth 1456
ip address 192.168.100.1 255.255.255.252
encapsulation ppp
load-interval 30
hold-queue 32768 out
!
!
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 69
router bgp 65000
bgp router-id 192.168.0.40
bgp log-neighbor-changes
network 135.16.170.2 mask 255.255.255.255
network 32.252.97.40 mask 255.255.255.252
neighbor 192.168.100.2 remote-as 13979
neighbor 192.168.100.2 allowas-in
no auto-summary
!
!
ip route 135.16.170.2 255.255.255.255 172.22.16.2
*** Static Route to SBC***
!
!
ip access-list extended BGP
permit tcp any eq bgp any
permit tcp any any eq bgp
ip access-list extended COS2-Traffic
permit udp any any eq 2082
permit udp any eq 2082 any
permit tcp any any eq www
permit tcp any eq www any
ip access-list extended COS3-Traffic
permit udp any any eq 2083
permit udp any eq 2083 any
permit tcp any any eq smtp
permit tcp any eq smtp any
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 70
ip access-list extended COS4-Traffic
permit ip any any
ip access-list extended RTP
permit udp any range 16384 32767 any range 16384 32767
ip access-list extended SCCP
permit tcp any range 2000 2003 any
permit tcp any any range 2000 2003
ip access-list extended SIP
permit udp any eq 5060 any
permit udp any any eq 5060
permit tcp any eq 5060 any
permit tcp any any eq 5060
!
!
!
!
!
!
line con 0
exec-timeout 600 0
line aux 0
exec-timeout 600 0
line vty 0 4
exec-timeout 600 0
privilege level 15
transport input telnet
line vty 5 15
access-class 23 in
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 71
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
end
A.4 T3 PPP Access
Current configuration : 11726 bytes
!
! Last configuration change at 12:10:22 EDST Tue Mar 29 2011 by vinny
! NVRAM config last updated at 12:10:23 EDST Tue Mar 29 2011 by vinny
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 3945C-San-Francisco
!
boot-start-marker
boot system flash:c3900-universalk9-mz.SPA.152-1.T2ES
boot-end-marker
!
!
card type t3 2
logging buffered 51200 warnings
enable password 7 110A1016141D
!
no aaa new-model
clock timezone EST -5 0
clock summer-time EDST recurring
clock calendar-valid
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
!
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 72
!
username admin password 7 1511021F0725
username cisco password 7 045802150C2E
username vinny privilege 15 secret 5 $1$D1PK$TL4O4nKY6THRZnpGUfuK50
!
redundancy
!
!
controller T3 2/0
!
!
class-map match-any BGP
match access-group name BGP
class-map match-any COS3
match access-group name COS3-Traffic
class-map match-any COS2
match access-group name COS2-Traffic
match access-group name BGP
class-map match-any COS1
match access-group name RTP
match access-group name SIP
match access-group name SCCP
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
policy-map COS
class COS1
priority
queue-limit 2048 packets
police 39808000 4976000 conform-action set-dscp-transmit ef exceed-
action drop
class COS2
bandwidth remaining percent 40
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent 30
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent 30
set ip dscp default
queue-limit 64 packets
policy-map T3-SHAPE
class class-default
shape average 41992000 168064
service-policy COS
!
!
!
!
!
interface GigabitEthernet0/0
description Faces SBC
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 73
ip address 172.22.16.1 255.255.255.0
duplex full
speed 100
no keepalive
!
interface GigabitEthernet0/1
no ip address
load-interval 30
duplex full
speed auto
hold-queue 768 in
!
interface GigabitEthernet0/2
no ip address
!
interface Serial2/0
bandwidth 41992
description - T3 PPP
ip address 192.168.200.9 255.255.255.252
encapsulation ppp
load-interval 30
dsu bandwidth 44210
scramble
serial restart-delay 0
service-policy output T3-SHAPE
hold-queue 32768 out
!
router bgp 65000
bgp log-neighbor-changes
network 135.16.170.2 mask 255.255.255.255
network 32.252.97.40 mask 255.255.255.252
neighbor 192.168.200.10 remote-as 13979
neighbor 192.168.200.10 allowas-in
no auto-summary
!
ip route 135.16.170.2 255.255.255.255 172.22.16.2
*** Static Route to SBC***
!
!
!
ip access-list extended BGP
permit tcp any eq bgp any
permit tcp any any eq bgp
ip access-list extended COS2-Traffic
permit udp any any eq 2082
permit udp any eq 2082 any
permit tcp any any eq www
permit tcp any eq www any
ip access-list extended COS3-Traffic
permit udp any any eq 2083
permit udp any eq 2083 any
permit tcp any any eq smtp
permit tcp any eq smtp any
ip access-list extended COS4-Traffic
permit ip any any
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 74
ip access-list extended RTP
permit udp any range 16384 32767 any range 16384 32767
ip access-list extended SCCP
permit tcp any range 2000 2003 any
permit tcp any any range 2000 2003
ip access-list extended SIP
permit udp any eq 5060 any
permit udp any any eq 5060
permit tcp any eq 5060 any
permit tcp any any eq 5060
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 600 0
login local
line aux 0
line vty 0 4
exec-timeout 400 0
privilege level 15
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
end
A.5 Ethernet Access
Current configuration : 11879 bytes
!
! No configuration change since last restart
! NVRAM config last updated at 15:25:53 EDST Mon Apr 4 2011
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 3945C-San-Francisco
!
boot-start-marker
boot system flash:c3900-universalk9-mz.152-1.T2ES
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 75
boot-end-marker
!
!
logging buffered 51200 warnings
enable password 7 110A1016141D
!
no aaa new-model
clock timezone EST -5 0
clock summer-time EDST recurring
clock calendar-valid
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid C3900-SPE150/K9 sn FOC14176S38
hw-module pvdm 0/0
!
!
!
username admin password 7 1511021F0725
username cisco password 7 045802150C2E
username vinny privilege 15 secret 5 $1$D1PK$TL4O4nKY6THRZnpGUfuK50
!
redundancy
!
!
!
class-map match-any BGP
match access-group name BGP
class-map match-any COS3
match access-group name COS3-Traffic
class-map match-any COS2
match access-group name COS2-Traffic
match access-group name BGP
class-map match-any COS1
match access-group name RTP
match access-group name SIP
match access-group name SCCP
!
!
policy-map MARK-BGP
class BGP
set ip dscp cs6
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 76
policy-map COS
class COS1
priority
queue-limit 2048 packets
police 70016000 8752000 conform-action set-dscp-transmit ef exceed-
action drop
class COS2
bandwidth remaining percent 40 account user-defined 28
set ip dscp af31
queue-limit 64 packets
service-policy MARK-BGP
class COS3
bandwidth remaining percent 30 account user-defined 28
set ip dscp af21
queue-limit 64 packets
class class-default
bandwidth remaining percent 30 account user-defined 28
set ip dscp default
queue-limit 64 packets
policy-map 100M-SHAPE
class class-default
shape average 9894400 300032 account user-defined 28
service-policy COS
!
!
!
interface GigabitEthernet0/0
bandwidth 75000
description - WAN Link
no ip address
load-interval 30
duplex full
speed 1000
hold-queue 32768 out
!
interface GigabitEthernet0/0.203
description - Link to mse 5 PE router - Gig10/0.2013
encapsulation dot1Q 203
ip address 195.18.31.105 255.255.255.252
service-policy output 100M-SHAPE
!
interface GigabitEthernet0/1
description Faces SBC
ip address 172.22.16.1 255.255.255.0
duplex full
speed 100
no keepalive
!
!
interface GigabitEthernet0/2
no ip address
!
!
router bgp 65000
bgp log-neighbor-changes
network 135.16.170.2 mask 255.255.255.255
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 77
network 32.252.97.40 mask 255.255.255.252
neighbor 195.18.31.106 remote-as 13979
neighbor 195.18.31.106 allowas-in
no auto-summary
!
ip route 135.16.170.2 255.255.255.255 172.22.16.2
*** Static Route to SBC – IP Flexible Reach Signaling IP address***
!
!
ip access-list extended BGP
permit tcp any eq bgp any
permit tcp any any eq bgp
ip access-list extended COS2-Traffic
permit udp any any eq 2082
permit udp any eq 2082 any
permit tcp any any eq www
permit tcp any eq www any
ip access-list extended COS3-Traffic
permit udp any any eq 2083
permit udp any eq 2083 any
permit tcp any any eq smtp
permit tcp any eq smtp any
ip access-list extended COS4-Traffic
permit ip any any
ip access-list extended RTP
permit udp any range 16384 32767 any range 16384 32767
ip access-list extended SCCP
permit tcp any range 2000 2003 any
permit tcp any any range 2000 2003
ip access-list extended SIP
permit udp any eq 5060 any
permit udp any any eq 5060
permit tcp any eq 5060 any
permit tcp any any eq 5060
!
!
line con 0
exec-timeout 600 0
login local
line aux 0
line vty 0 4
exec-timeout 400 0
privilege level 15
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
end
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 78
Appendix B: Inbound Alternate Routing
The Inbound Alternate Routing [IAR] feature enhances AT&T IP Flexible Reach
service by providing customers the capability to have an alternate way to complete
calls for the purpose of adding a backup path.
With the IAR feature, we define a primary site as a site that is an AT&T IP Flexible
Reach location with an active dial plan and is defined with the appropriate calling
plan. We define a secondary site (alternate route site) where calls will be routed to in
the case where the primary site is unavailable. The secondary site would mirror the
dial plan of the primary site.
IAR will be triggered based on the following conditions -
1. No response from the primary site, triggering a time-out (SIP error 408)
2. Error conditions that result in call failure
3. Concurrent call limit has been reached (IPBE signals a SIP error 503).
4. Network Busy (also a SIP 503).
5. Busy out of the trunks at TDM/IP PBX signaling a SIP error 503.
Appendix C: Branch Office Extension (BOE)
C.1 Introduction to BOE
The configuration information in this CCG assumes a single primary CER. Any
use by customers of alternate routing configurations or remote branch
connectivity to other sites within the same or other AT&T VPN as an underlying
transport service requires proper configuration of the signaling and media
paths of the primary CER per this CCG so the AT&T IP Flexible Reach Service
works properly. The routing configurations in other customer routers needs to
be set up to assure that the routing in their primary CER is not affected.
Contact your AT&T technical sales team for further advice in these cases.
While AT&T BVoIP service offers multiple calling plans, the Branch Office IP PBX Extensions capability
is supported with two calling plans: Local and Long Distance (plan B) and Local and Long Distance
Package (plan C).
The Branch Office IP PBX Extensions option provides the capability to deliver telephone numbers for
all the Branch Office sites supported by customer’s single centralized IP PBX. This configuration uses
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 79
the IP PBX to support IP phones in a "plug-and-play" manner and does not require any additional
premises-based hardware. The customer is able to use the AT&T VPN transport network or their
existing data network to distribute calls to their branch office sites and normal local calling capability can
be assigned. Only Branch Office sites with fixed locations are supported by the option.
AT&T collects the address data on the Branch Office site so the appropriate directory listing, taxing,
regulatory fees, E911 and telephone number (TN) assignments can be associated with the Branch
Office site. Branch office sites must be within the footprint of AT&T’s BVoIP local service area for AT&T
BVoIP with Calling Plans B or C. The customer must provide correct information to AT&T regarding the
address and telephone numbers of its Branch Offices and customer’s IP PBX must transmit the
necessary address information to permit AT&T to route Branch Office E911 calls to the proper PSAP.
Customers choose the calling capacity they require in units of Concurrent Calls which are similar to
simultaneous calls and can be engineered using standard voice traffic tools (including Class of Service
considerations or by using the customer’s existing voice channel capacity).
The components required for the service include:
as an underlying
transport service.
as an underlying
transport service or 2) private customer data network.
Outbound voice and fax calling is supported between:
-enabled locations (On-net)
-net)
Inbound service from the PSTN is supported with Calling Plans B or C.
Note that the management and maintenance of the Branch Office site and router is the responsibility of
the customer. AT&T support for data transmission for AT&T Flexible Reach ends at the customer's IP
PBX.
Branch Office site
The branch office site is defined as a site on the customer data network with IP phones. If the IP
phones at the Branch Office site need access to AT&T IP Flexible Reach Service, then the Branch
Office will be defined as having as having Branch Office IP PBX Extensions service. A Branch Office
site with Internet access is not supported unless end-end IP VPN tunneling is used. A branch office site
may be connected via either 1) AT&T VPN as an underlying transport service or 2) private customer
data network.
Note: The branch office must have an IP route to the hub site in order for signaling and media to be
exchanged.
Hub site
The hub site is the client’s centralized IP PBX Flexible Reach site. The hub site will have a customer
managed CER connected to the AT&T VPN as an underlying transport service. The customer may
reach the remote branch office sites via this CER (over the AT&T VPN as an underlying transport
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 80
service) or they can deploy a second customer managed router that provides their own connectivity to
the customer’s data network.
Important Note: The number of concurrent calls at the Hub site must be engineered for all voice
traffic originating and terminating at the Hub and Branch Office sites. Concurrent calls are the
number of VoIP calls expected to occur at the same time at the Hub site. Be aware if BOE calls
are hairpinned through the existing hub site router over the AT&T VPN as an underlying
transport service, then the bandwidth required at the hub site for the BOE calls must be doubled
(as the RTP for a BOE call traverses the WAN at the hub site twice). Also it is important to take
growth at the BOE sites in mind when determining bandwidth requirements.
If the number of concurrent calls needs to be increased, a separate order must be places and
completed prior to initiating the Branch Office order.
See section 2.1.2 for Bandwidth Per Call Requirements.
Note: The hub office must have an IP route to the branch office site in order for signaling and media to
be exchanged.
Copyright © 2006 AT&T. All rights Reserved.
Call Flow
• 1) Phone dials VoIP customer at
201-555 2000
• 2) LEC passes call to LNS
• 3) VoIP network establishes path
to hub site
• 4) Customer Edge Router sends
call to IP PBX
• 5) IP PBX signals connection to
handset at branch office site via
AT&T VPN (call rerouted out
AT&T VPN connection)
• 6) Phone rings and call is
established
CCE
CCE
CCE
CCE
CCE
CCE
CCE
IP BE
IP BE
IP BE
Customer
Edge Router/
IP Flexible
Reach Site
VoIP IP Local Site
Hub Site – New Brunswcik
732-555-7000 8000
201-555-6000 8000
908-555-2000 7000
AT&T BVoIP
Network
Client
Router
Remote Branch Site
Union
732-555-2000 7000
(4 )
(6)
(3)
(2)
(5)
Client
Router
IP Phones
AT&T VPN
PRI
IP BE
LEC
PSTN
LNS
ALI
PSAP
911
Tandem
IP BE
IP BE
IP BE
NGBE
AT&T IP Flexible Reach Branch Office Extension (BOE) using AT&T VPN network
to connect to BOE site:
(1)
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 81
C.2 Implementation Checklist
1) If porting in telephone numbers from another carrier, please ensure that site(s) will be ready on the
date of the scheduled service activation:
a. Failure to ensure that the site is ready on the activation date will result in an out-of-service condition
for the ported telephone numbers.
b. If a delay in activation is required for any reason, contact AT&T at least five business days prior
to the service activation.
2) The Customer Administrator should verify that the Branch Office site can communicate to the hub
site by placing test telephone and fax calls.
a. Ensure that the Branch Office is able to make a call to the hub site. (Note: If this does not work, the
customer needs to contact their local or third-party data and voice network administrator)
b. Ensure that the hub site is able to make a call to the Branch Office. (Note: If this does not work, the
customer needs to contact their local or third-party data and voice network administrator.)
c. Ensure that the hub site is able to make a Long Distance call.
Copyright © 2006 AT&T. All rights Reserved.
Call Flow
• 1) Phone dials VoIP customer at
201-555 2000
• 2) LEC passes call to LNS
• 3) VoIP network establishes path
to hub site
• 4) Customer Edge Router sends
call to IP PBX
• 5) IP PBX establishes connection
to handset via client data
network
• 6) Phone rings and call is
established
CCE
CCE
CCE
CCE
CCE
CCE
CCE
IP BE
IP BE
IP BE
Customer
Edge Router/
IP Flexible
Reach Site
VoIP IP Local Site
Hub Site – New Brunswcik
732-555-7000 8000
201-555-6000 8000
908-555-2000 7000
AT&T BVoIP
Network
Client
Router
Remote Branch Site
Union
732-555-2000 7000
Remote Branch Site
Hoboken
201-555-6000
8000
IP Phones
(4 )
(6)
(3)
(2)
(5)
Client
Router
Client
Router
IP Phones
AT&T VPN
PRI
IP BE
LEC
PSTN
LNS
ALI
PSAP
911
Tandem
Client Data
Network
IP BE
IP BE
IP BE
NGBE
AT&T IP Flexible Reach Branch Office Extension (BOE) using Client Data Network
to connect to BOE site:
(1)
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 82
3) Make sure the proper bandwidth is in place for the amount of concurrent calls required.
4) The customer is responsible for testing all the Branch Office locations after the service activation is
done. Customer Administrator is responsible for performing self testing that will include placing test
telephone and fax calls to on-net VoIP sites and to off-net numbers.
Special Note for site with Avaya Communications Manager if IP phones are PATed at the CER: The
private IP address space of the additional BOE IP phones must be added to the access list referenced
to in the PAT statement to ensure the phones are translated to a public IP address.
C.3 Emergency Services
AT&T Flexible Reach service plans B and C, including AT&T BVoIP Branch Office IP PBX Extensions,
are limited to locations where AT&T can provide 911/E911 service. The 911 service provided is based
on the site registered location information provided to AT&T by the customer. The customer must
provide AT&T with the correct business name and address information for each AT&T BVoIP location
including all Branch Offices. The customer must also ensure that AT&T BVoIP telephone numbers are
assigned to the appropriate service location (identified during service ordering) and not assigned or
used from another service location.
The customer premises equipment should be configured to use the telephone number of the phone
device making the 911 call as the calling party number. This ensures both, AT&T will route the call to
the appropriate public emergency service agency and that the correct address information will be
displayed to emergency service agent handling the call. In addition, should the call be terminated
inadvertently the agent will have a call back number to re-establish communication with the person
seeking emergency services.
Should the customer choose to configure premises equipment to send a single telephone number as
the calling party number on all 911 calls originating from a particular site, the customer must ensure the
calling party number used is an AT&T BVoIP telephone number assigned to the site and the telephone
is manned to handle potential call back from the emergency service agent.
C.4 Troubleshooting
If the customer is not able to make calls, then perform the following steps:
o If the above step is not successful, the customer needs to contact their local or third-
party data and voice network administrator.
o If the above step is not successful, the customer needs to contact their local or third-
party data and voice network administrator.
make a Long Distance call.
o If the above step is not successful, the customer needs to contact AT&T Professional
Services by contacting your sales representative.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 83
o If the above step is not successful, then ping and trace from the Branch Office to the
router at the Hub site. Check to see where the trace stops and contact the local
Administrator to check ACL on corresponding routers and/or firewalls.
r will be able to make off-net calls from the Branch
Office. The number of simultaneous calls from Branch Office and hub site are subject to the
purchased Concurrent Call limit.
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 84
Appendix D: Acronymns
Acronym
Translation
ADSL
Asymmetric Digital Subscriber Line
AIM
Advanced Integration Module A
AS
Autonomous System
ATM
Asynchronous Transfer Mode
AT&T VPN
AT&T Virtual Private Network
BC
Committed Burst
BE
Excess Burst or Best Effort
BGP
Border Gateway Protocol
BH
Bursty High
BL
Bursty Low
BOE
Branch Office Extension
BVoIP
Business Voice over Internet Protocol
CAS
Channel Associated Signaling
CBWFQ
Class Based Weighted Fair Queuing
CCG
Customer Configuration Guide
CCS
Common Channel Signaling
CDR
Committed Data Rate
CEF
Cisco Express Forwarding
CER
Customer Edge Router
CHAP
Challenge Handshake Authentication Protocol
CIR
Committed Information Rate
CLI
Command Line Interface
CM
Communications Manager
COS
Class of Service
CPE
Customer Premise Equipment
CPU
Central Processing Unit
CRC
Cyclic Redundancy Check
CRTP
Compress Real Time Protocol
CSU/DSU
Channel Service Unit / Data Service Unit
CUBE
Cisco Unified Border Element
CUCM
Cisco Unified Communications Manager
DID
Direct Inward Dial
DS
Down Stream
DSCP
Differentiated Service Code Point
DSL
Digital Subscriber Line
DSP
Digital Signal Processors
DTMF
Dual Tone Multi Frequency
E&M
Ear & Mouth
EF
Expedient Forwarding
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 85
Acronym
Translation
ePVC
Enhanced Permanent Virtual Circuit
FR
Frame Relay
FXO
Foreign Exchange Office
FXS
Foreign Exchange Station
GSM FR
Global System for Mobile communications Full Rate
HDV
High Density Voice
HWIC
High-speed WAN Interface Card
IAR
Inbound Alternate Routing
IETF
Internet Engineering Task Force
IMA
Inverse Multiplexing over ATM
IOS
Internetwork Operation System
IP
Internet Protocol
IPBE
Internet Protocol Border Element
IPSEC
Internet Protocol Security
ISR
Integrated Services Router
ITU-T
International Telecommunication Union -
Telecommunications
GW
Gateway
LAN
Local Area Network
LFI
Link Fragmentation and Interleaving
LLQ
Low Latency Queuing
LD
Long Distance
MLPPP
Multi-Link Point-to-Point Protocol
MM
Multi Media
MOW
Most Of World
MTU
Maximum Transmission Unit
NAT
Network Address Translation
NET
Network Equipment Technologies
NM
Network Module
NPE
Network Processing Engine
OAM
Operation Administration & Maintenance
OCS
Office Communication Server
PA
Port Adapter
PAT
Port Address Translation
PBX
Private Branch Exchange
PC
Personal Computer
PCR
Peak Cell Rate
PER
Provider Edge Router
POS
Packet over SONET
POTS
Plain Old Telephone Service
PPP
Point-to-Point Protocol
PQ
Priority Queue
PRI
Primary Rate Interface
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 86
Acronym
Translation
PSAP
Public Safety Answering Point
PSTN
Public Switched Telephone Network
PVC
Permanent Virtual Circuit
PVDM
Packet Voice DSP Module
QOS
Quality of Service
QSIG
Q Signaling
RC
Receive
RFC
Request for Comment
RT
Real Time
RTCP
Real Time Control Protocol
RTP
Real Time Protocol
SBC
Session Border Controller
SCCP
Skinny Call Control Protocol
SCR
Sustainable Cell Rate
SHDSL
Single-Pair High-Speed Digital Subscriber Line
SIP
Session Initiation Protocol
SM
Session Manager
SPE
Synchronous Payload Envelope
TAC
Technical Assistance Center
TC
Time Interval
TDM
Time Division Multiplexing
TN
Telephone Number
TX
Transmit
UDP
User Datagram Protocol
US
Up Stream or United States
VAD
Voice Activity Detection
VCI
Virtual Circuit Identifier
VLAN
Virtual Local Area Network
VNI
Voice Network Infrastructure
VoIP
Voice over Internet Protocol
VPI
Virtual Path Identifier
VPN
Virtual Private Network
VT
Virtual Template
WAN
Wide Area Network
WFQ
Weighted Fair Queuing
WIC
WAN Interface Card
AT&T IP Flexible Reach Service and/or AT&T IP Toll-Free on AT&T VPN
Customer Edge Router Customer Configuration Guide (December 8, 2015, Version 2.6)
Page 87
This Customer Configuration Guide ("CCG") is offered as a convenience to AT&T's
customers. The specifications and information regarding the product in this CCG are
subject to change without notice. All statements, information, and recommendations
in this CCG are believed to be accurate but are presented without warranty of any
kind, express or implied, and are provided “AS IS”. Users must take full responsibility
for the application of the specifications and information in this CCG.
In no event shall AT&T or its suppliers be liable for any indirect, special,
consequential, or incidental damages, including, without limitation, lost profits or loss
or damage arising out of the use or inability to use this CCG, even if AT&T or its
suppliers have been advised of the possibility of such damage.
