Table of Contents

Overview

MPLS-Based VPN

Functions and Features

Service Discovery
VPN Service
Service Configuration

Initial Setup
Adding Resources
Defining a VPN
Establishing a VPN Service

Creating a Provider

Creating a Provider

Creating and Uploading a VPN Network Object

Creating a VPN Network Object

Service Discovery

VPI Service Discovery

Provider Administrative Domain

Configuring a Provider Admin Domain

Regions

Configuring a Region

Address Pools

Configuring an Address Pool

Class of Service

Configuring CoS Parameters

Adding Resources
Defining a VPN

Subscribers
Creating a Subscriber
Modifying a Subscriber's E-Mail Address
Creating a Site Definition
Service Contract
Creating a Service Contract
Modifying or Deleting a Service Contract
VPN
Creating a VPN
CE Routing Community (CERC)
Creating a CERC

Establishing VPN Services

Creating Ports On a PE Router
Creating Logical Ports on a PE Router
Adding a CE Router
CE Router Management Types
Creating Ports On a CE Router
Creating Logical Ports On a CE Router
Add a New Member to a VPN
Adding a New Member to a VPN

Add Connectivity for a New Member to a VPN

Add Connectivity for a New Member to a VPN

L3 Connectivity: SRVC

Configuring L3 Connectivity

CERC Membership

Configuring a CERC Membership
Adding CERC Membership from a Different VPN to an Existing SRVC
Routes
Adding a Route

Redistributed Protocol

Configuring Redistributed Protocol

Configuring L2

Creating L2 Connectivity

Using the IP-VPN Graph Viewer

Overview
Concepts
Navigating the Graph Viewer

Interaction Modes

Using Select Mode
Using Pan Mode
Using Zoom Box Mode
Using Label Edit Mode

Operational Modes
Graph Viewer Features
Using a Graph Viewer
Groups

Constructing a VPN Root Group

Constructing a VPN Root Group for Small VPNs
Importing Objects Into the Root Group
Modifying a Group
Deleting a Group
Drilling Down On an Object
Viewing the Parent or Root Groups
Selecting an Operation Mode
Selecting All Objects Within a View
Zooming Within a View
Moving a View

VPN Connectivity Views

Creating a CERC Map View
Creating a VPN Member CE-PE Map View
Creating a Member Connectivity Map View

Provisioning IP-VPN Services

This chapter provides information about the provisioning of end-to-end IP-VPN services. The IP-VPN Service Application works directly with Cisco VPN Solutions Center to create virtual private networks over the existing public infrastructure.

Overview

The IP-VPN service application provides the ability to activate MPLS-based IP VPN services. This includes activating both the layer two and layer three aspects of IP VPNs. This service application works with CPC Equipment Modules to access and deliver configuration changes to the managed equipment.

MPLS-Based VPN

In this application, a provider with an MPLS backbone creates VPNs for its customers using MPLS technology and BGP routing. BGP is used to distribute routes over the backbone and MPLS is the label switching protocol used for forwarding packets over the backbone based on RFC 2547 of the IETF (Internet Engineering Task Force).

In this model, Customer Edge (CE) and Provider Edge (PE) routers have a routing adjacency and the PE routers attached learn site addresses through one of several routing protocols, such as Static, RIP, or BGP. This VPN-specific information is stored in the PE router for distribution to the other PE routers. The amount of information stored at the PE router is proportional only to the number of VPNs a PE is attached to. BGP is used in the backbone to distribute reachability information between PE routers.

Functions and Features

The IP VPN service application is a single user application that assumes the role of a CPC client. The IP VPN service application uses CPC's Cisco WAN Manager, Cisco VPN Solutions Center, and Cisco 6260 DSLAM Equipment Modules to configure layer two and layer three information in order to activate integrated layer two and layer three VPN services. It co-ordinates the Equipment Modules to be seen as a single integrated product from the user's perspective and provides layer three provisioning of CE-PE connections via a layer two network/node managed by the Cisco WAN Manager or Cisco 6260 DSLAM Equipment Module.

Service Discovery

Upon initial upload, the IP VPN service application will reverse engineer any existing IP VPNs by using a service discovery function. All such uploads and downloads happen within the context of a CPC transaction that ensures network consistency.

VPN Service

A Service Provider network has an outer edge, which is consists of provider edge (PE) routers. These routers connect to the outer edges of multiple customer networks consisting of customer edge (CE) routers. The provider network forms a core to which customer networks are connected as spokes. The VPN Service provisions the interface between the PE and the CE so that subscriber networks within the same VPNs have IP connectivity across the provider network without visibility into CEs or other VPNs. Figure 18-1 illustrates the layout of a typical VPN Service.

The PE and CE routers may be connected via WAN or LAN interfaces and/or subinterfaces that will be activated as required. Layer two connection identifiers, IP addresses, route destination and route target values may be specified manually or auto-generated by the VPN Solutions Center Equipment Module where appropriate.

Service Configuration

To create an IP VPN as a service offered to a subscriber by a provider, the following steps must be followed. Some steps are arbitrary depending on your network configuration. Steps marked with an asterisk (*) are not compulsory, as these steps may be fulfilled through a network upload.

Initial Setup

Before provisioning can occur, initial steps must be completed in order to upload information from VPN Solutions Center. Intermediary BPX networks and DSLAMs must be uploaded and existing provisioned services must be discovered on these devices. The following steps must be completed in order.

Step 2   Create a VPN Network Object

Step 3   Upload from VPN Solutions Center using the VPN Solutions Center Equipment Module

Step 4   Perform Service Discovery:

a. If necessary, create and upload the BPX network using the Cisco WAN Manager Equipment Module.

b. If necessary, create the Cisco 6260 network using the Cisco 6260 DSLAM Equipment Module.

c. Create existing links in CPC between the PE, BPX, DSLAM, and CE if necessary.

d. Run the NC Discovery utility to discover existing network connections.

e. Run the VPI Service Discovery Utility to discover existing services.

Step 5   Configure the Provider Admin Domain (PAD)*

Step 6   Configure a Region*

Step 7   Configure Address Pools*

Step 8   Create a CoS*

Adding Resources

If your network contains new hardware that is not reflected within the CPC database, the following steps must be performed to reflect the new hardware installed in your network.

Step 2   If you are adding a new BPX WAN switch to your configuration, perform an upload from Cisco WAN Manager and add links from the PE to the BPX using CPC.

Step 3   If you are adding a new Cisco 6260 DSLAM to your configuration, you must create a node object and necessary fabric elements (physical ports, logical ports) that mirror the actual hardware. These objects are created within CPC.

Defining a VPN

Provisioning a VPN service involves defining a subscriber and configuring a VPN for that subscriber. The following steps must be completed in order.

a. Create a site definition. A site definition must be created before adding an initial CE router.

Step 2   Define a Service Contract between the Provider and the Subscriber.

Step 3   Create a VPN

Step 4   Create a CE Routing Community (CERC)

Establishing a VPN Service

To establish a VPN Service, complete the following steps in order.

Step 2   Create a CE router object within CPC

Step 3   Create physical ports and logical ports (interfaces) for the CE router

Step 4   Create links from the CE to the DSLAM, BPX, or direct to the PE router

Step 5   Create a VPN Member object for the CE router

Step 6   Define Member Connectivity

b. Configure L3 (IP) parameters (SRVC)

c. Create a CERC membership

d. Add Routes to a route configuration (if necessary)

e. Create Redistributed Protocols (if necessary)

f. Configure L2 (ATM or FR) parameters including DSL profile if required

Note   All IP-VPN Service objects must have unique names. To ensure that all names are unique, the SRso.ServiceObjectUnique flag must be turned on in $CCP_CONFIG/syavconfig.site file before you begin provisioning IP-VPN Services.

Creating a Provider

The Provider component represents a retailer that sells its VPN services to customers. To activate Provider information you must specify information about a Provider. This information is stored in CPC's database.

Figure 18-2 shows the Provider Object Viewer.

Provider attribute values are outlined in Table 18-1 below.

Table 18-1: Attribute for Providers

Attribute	Description	Acceptable Values	Default Values
Name	Specify a name for the Provider.	text string (up to 64 characters)
Contact information	Specify the contact information for the Provider.	text string (up to 64 characters)

Creating a Provider

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Click the Provider folder to highlight it.

Step 5   Select Object Viewer from the View menu.

Step 6   Click to highlight an empty cell in the Provider Object Viewer. Enter the required attribute values including a Name and Contact Information. Acceptable values for the required attributes are listed in Table 18-1 above.

Step 7   Save the Provider by clicking the save button on the toolbar.

Step 8   Apply the Transaction by clicking the apply button on the toolbar.

Creating and Uploading a VPN Network Object

You must first create a VPN Network Object within the IP-VPN Service Application and upload information about that network using the VPN Solutions Center Equipment Module. A network object is compulsory in order to perform an upload of the network. Once a network object is created, it will appear under the VPN Solutions Center Equipment Module folder in the Tree Viewer. Upload procedures must be performed by the Equipment Module. Details about uploading are outlined in the chapter titled, "Configuring the Cisco VPN Solutions Center Equipment Module"

Figure 18-3 shows the VPN Network Object Viewer.

VPN network object attribute values are outlined in the Table 18-2 below. Attributes marked with an asterisk "*" are read-only.

Table 18-2: Attributes for a VPN Network Object

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Name	Specify a name for the CoS profile.	text string (up to 32 characters)
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Profile	The profile is set to default.	Default*	Default*
Network
Class	This is the CPC class name for the network object.	CVnt	CVnt
Provider Name	This is the Provider that this network belongs to	text string (up to 64 characters)	Derived
Transit Cost	This is the network transit cost	50	50
Server
Server Host Name	This is the host name of the VPN Solutions Center Server	text string (up to 64 characters)
IFR Host Name	This is the name of a host running an interface repository that stores the target object's IDL definition	text string (up to 64 characters)

Creating a VPN Network Object

To create a VPN Network Object, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Provider folder and then double-click the specific Provider that contains the region that you are configuring.

Step 5   Click the VPN Network folder and then click the Object Viewer button on the toolbar.

Step 6   Enter the required attribute values listed in Table 18-2 above

Step 7   Save the network object by clicking the save button on the toolbar.

Step 8   Apply the Transaction by clicking the apply button on the toolbar.

Service Discovery

Once you have created a network object and uploaded the network using the VPN Solutions Center EM, you must create CPC service objects using existing provisioned services on the network equipment. Upload from VPN Solutions Center will not create these service objects. Depending on the configuration of your network, you must use one or two of CPC's Service Discovery utilities to discover services.

If your PE-CE connection includes a BPX or a 6260 DSLAM, you must upload the network according to the Equipment Module. After the network is uploaded, you must create links between the BPX and the DSLAM. After creating these links, you must run the NC Discovery utility to establish network connections across the network. These network connections will allow the VPI Service Discovery Utility to discover existing Layer 2 connections within multiple networks.

For more information on creating networks, uploading networks and creating links, refer to the following chapters:

• "Configuring the Cisco WAN Manager Equipment Module".

• "Configuring the Cisco 6260 DSLAM Equipment Module"

For more information on running the NC Discovery utility, refer to the chapter titled "General Functions and Features".

VPI Service Discovery

The VPI Service Discovery utility creates service objects and associate these objects with their corresponding service elements by discovering and using existing Layer 3 and Layer 2 connections. These objects include Service Contracts, Members, and Member Connectivity.

To perform a VPI Service Discovery, perform the following steps:

Step 2   Ensure that you have created a VPN Network object as outlined in the section "Creating a VPN Network Object" in this chapter.

Step 3   Ensure that you have uploaded the network from VPN Solutions Center into the CPC database.

Step 4   Ensure the following steps have been completed:

a. Links are created for Layer 2 connections

b. NC Discovery utility has been run for Layer 2 connections

Step 5   From a command line on the CPC Client host, execute the following command:

$CCP_REL/mng/utility/vpiservicediscovery
 

where:

$CCP_REL is the CPC Client home directory.

Provider Administrative Domain

The Provider Admin Domain (PAD) is the area of administrative control for the Provider of the IP-VPN service. The PAD is a set of PE routers in one BGP Autonomous System (AS). Each PAD is represented by a BGP AS number. Each Provider Admin Domain may contain one or more Region.

The PAD is uploaded from VPN Solutions Center into the CPC database if a populated network already exists. The procedures that follow are required only if you are deploying a new network. In the latter case, these values need to be created within CPC.

Figure 18-4 shows the Provider Admin Domain Object Viewer.

Provider Admin Domain attribute values are outlined in Table 18-3 below. Attributes marked with an asterisk "*" are read-only

Table 18-3: Attributes for Provider Admin Domain

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Name	Specify a name for the Provider Admin Domain.	text string (up to 32 characters)
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer	text string (up to 16 characters)
Profile	The profile is set to Default	Default	Default
Contained By
Containing Network	The containing network.		*
Provider Name	Specify a name for the Provider.		Autogenerated*
Information
Contact Information	Specify contact information for the Provider	text string (up to 64 characters)
Autonomous System Number	Specify the AS number. This is a unique autonomous system number given to the domain.	integer (range 0-2147483647)
Routes Seeds
Route Distinguished Seed	The route distinguisher seed is used to create distinct routes to a common IP address prefix.	integer (range 0-2147483647)	100
Router Target Seed	The route target seed is used by the PE to determine if the route is allowed.	integer (range 0-2147483647)	100

Configuring a Provider Admin Domain

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Provider folder and double-click the specific Provider.

Step 5   Double-click the VPN Network folder and double-click the specific network.

Step 6   Click the Admin Domain folder and click the Object Viewer button on the toolbar.

Step 7   Save the required attribute values listed in Table 18-3 above.

Step 8   Save the Admin Domain by clicking the save button on the toolbar.

Step 9   Apply the Transaction by clicking the apply button on the toolbar.

Regions

A Region is defined as a set of PEs within the administrative domain of a provider. There can be multiple regions within an administrative domain. Each region belongs to exactly one provider administration domain and can contain many PE routers. A provider can partition its backbone network geographically into multiple regions. Information about regions is uploaded from VPN Solutions Center into the CPC database if a populated network already exists. The procedures that follow are required only if you need to create regions. In the latter case, these values need to be populated within CPC to create regions which will be downloaded to VPN Solutions Center.

Figure 18-5 shows the Region Object Viewer.

Region attribute values are outlined in the Table 18-4 below. Attributes marked with an asterisk "*" are read-only.

Table 18-4: Attributes for a Region

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Name	Specify a name for the Region.	text string (up to 32 characters)
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Profile	This is set to Default.	text string (up to 16 characters)
Contained By
VPN Network	Specify the containing network.		Autogenerated*
Admin Domain	Specify the administrative domain that this region belongs to.		Autogenerated*

Configuring a Region

To configure a region within an Administrative Domain, perform the following steps:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Provider folder and then double-click the specific Provider that contains the region that you are configuring.

Step 5   Double-click the VPN Network folder and double-click the specific VPN network.

Step 6   Double-click the Admin Domain folder and then double-click the specific Admin Domain.

Step 7   Click the Region folder and click the Object Viewer button on the toolbar

Step 8   Enter the required attribute values listed in Table 18-4 above

Step 9   Save the region by clicking the save button on the toolbar.

Step 10   Apply the Transaction by clicking the apply button on the toolbar.

Address Pools

Address Pools can be uploaded from VPN Solutions Center for the purpose of PE and CE router interface addressing. You can also create Address Pools within CPC and download them to VPN Solutions Center. Address Pools are defined for each region within the PAD.

Address Pool attribute values are outlined in the Table 18-5 below. Attributes marked with an asterisk "*" are read-only.

Table 18-5: Attributes for an Address Pool

Attribute	Description	Acceptable Values	Default Values
Common Attributes
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Profile	This is set to Default.	text string (up to 16 characters)
Address Pool Member
Address/Mask	Specify an address space to use as an address pool. The format used is xxx.xxx.xxx.xxx/xx (address and mask).
Type	Specify whether you are creating multiple point to point /30 address pools per Region for numbered interface addresses or multiple loopback /32 address pools per Region for unnumbered interface addresses.	30, 32	30
Contained By
Region	This is the Region that the address pool is assigned to.		Derived*

Configuring an Address Pool

To configure an Address Pool within a Region, perform the following steps:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Provider folder and then double-click a specific Provider.

Step 5   Double-click the VPN Network folder and double-click the specific VPN network.

Step 6   Double-click the Admin Domain folder and then double-click the specific Admin Domain.

Step 7   Double-click the Region folder and then double-click the specific Region that you want to configure an Address Pool for.

Step 8   Click the Address Pool folder and click the Object Viewer button on the toolbar

Step 9   Enter the required attribute values listed in the table above

Step 10   Save the address pool by clicking the save button on the toolbar.

Step 11   Apply the Transaction by clicking the apply button on the toolbar.

Class of Service

CoS (Class of Service) is a parameter that allows a network to provide different levels of service based on the class of service specified for each packet of data that is routed. CoS provides different levels of service such as Gold, Silver, or Best-Effort service classes. CoS provides congestion avoidance and congestion management of IP packets routed through the network.

Each administrative domain can have a differentiated CoS definition that includes traffic shaping parameters. CoS information is uploaded from the VPN Solutions Center EM into the CPC database if a populated network already exists. The procedures that follow are required only if you are working with a virgin network. In the latter case, these values need to be entered into a CoS object within CPC and downloaded to VPN Solutions Center.

Figure 18-6 shows the CoS Object Viewer.

CoS attribute values are outlined in Table 18-6 below. Attributes marked with an asterisk "*" are read-only.
Table 18-6: Attributes for a CoS

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Name	Specify a name for the CoS profile.	text string (up to 32 characters)
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Profile	This is set to Default.	text string (up to 16 characters)	Default*
CoS Parameters
Default	The CoS default.	False, True	False
Contract Multiplier	The contracted data flow-rate is multiplied by this contract multiplier to determine the excessive rate limit. The rate limit is the limit beyond which data packets are to be dropped due to excessive volume of traffic.	text string (up to 15 characters)
Traffic Shaping	You can specify whether to apply traffic shaping as defined by the CoS parameters, follow a predefined traffic contract, or enable no traffic shaping.	None, CoSApplyShaping, CoSShapeOutOfContractOnly	None
Traffic Policing	You can specify whether to apply traffic policing according to CoS parameters, drop excess traffic according to CoS parameters, or enable no traffic policing.	None, CoSApplyPolicing CoSDropExcessTraffic	None
Apply Adaptive On FR		False, True	False
Congestion Management
Use GTS	Use Generic Traffic Shaping. GTS shapes traffic by reducing the outbound traffic flow to reduce congestion. GTS reduces bandwidth peaks by buffering excess traffic.	False, True	False
Use WRED	Use Weighted Random Early Detection. WRED is a traffic queueing algorithm that provides congestion avoidance by monitoring traffic load at network points and discards packets if congestion increases.	False, True	False
UseFairQueueing	Use FairQueueing. FairQueueing is a flow-based queueing algorithm that schedules interactive traffic to the front of the queue to reduce response time while sharing the rest of the bandwidth among lower priority traffic.	False, True	False
Use CAR	Use Committed Access Rate. CAR is a traffic policing tool for establishing a QoS policy at the edge of a network. CAR allows you to create a traffic contract.	False, True	False
Contained By
Containing AdminDomain	The name of the AdminDomain that contains the CoS.	text string (up to 32 characters)	firstClassSP

Configuring CoS Parameters

To configure CoS parameters for a specific administrative domain, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Provider folder and then double-click the specific Provider that contains the region that you are configuring.

Step 5   Double-click the VPN Network folder and then double-click the specific VPN network.

Step 6   Double-click the Admin Domain folder and then double-click the specific admin domain.

Step 7   Click the CoS folder and click the Object Viewer button on the toolbar.

Step 8   Enter the required attribute values listed in Table 18-6 above

Step 9   Save the CoS profile by clicking the save button on the toolbar.

Step 10   Apply the Transaction by clicking the apply button on the toolbar.

Adding Resources

Any new hardware resources that have been added to your network topology must be reflected in the CPC database. Resources can include additional PE routers, BPX switches, and 6260 DSLAMs.

When a PE router is added, it must be configured in VPN Solutions Center first. Once this is done, the necessary fabric elements such as physical ports and logical ports need to be created in CPC. The goal is to have an accurate model of the router in the CPC database. Physical ports and logical ports for a PE router must be created at the same time as the containing SRVC will be created. For more information about creating ports for a PE router, refer to the section "Creating Physical Ports on a PE Router" in this chapter.

Note   If PE physical and logical ports are created ahead of time, and an upload is performed before an SRVC is created that uses these ports, the ports will be deleted from the CPC database. CPC will only upload PE interfaces (which CPC models as physical ports) if there are existing SRVCs built upon them, because interfaces are provisioned just-in-time (JIT) by VPN Solutions Center.

Assuming the planned configuration of your CE-PE connection includes only a CE and a PE router, you must upload the PE router and create the necessary physical ports, and logical ports within CPC using the IP-VPN Service Application. VPN Solutions Center uses a CORBA interface to transport information about a specific router interface into CPC only if the router interface is used by an SRVC.

If the planned configuration of your CE-PE connection includes a Cisco BPX WAN switch, you will have to upload the switch into the CPC database using the Cisco WAN Equipment Module. After upload is completed, you must add links between the PE router and the BPX WAN switch. For information on uploading and adding links from a BPX switch, refer to the chapter titled, "Configuring the Cisco WAN Manager Equipment Module".

If the planned configuration of your CE-PE connection includes a Cisco 6260 DSLAM for multiplexing, you must first create a node object for the DSLAM using the Cisco 6260 Equipment Module, as well as the required profiles, physical ports and logical ports. After this is completed, you must add links between the BPX WAN switch and the 6260. For information on creating node objects, physical ports, logical ports, and links on the 6260, refer to the chapter titled"Configuring the Cisco 6260 DSLAM Equipment Module".

Defining a VPN

Subscribers

The Subscriber component represents a particular customer or subscriber. To activate subscriber information you must specify information about a Subscriber. This information is stored in CPC's database.

Figure 18-7 shows the Subscriber Object Viewer.

Subscriber attribute values are outlined in Table 18-7 below.

Table 18-7: Attributes for Subscriber

Subscriber	Description	Acceptable Values	Default Values
Name	Specify a name for the Subscriber	text string (up to 64 characters)
Contact Information	Specify the subscriber's contact information	text string (up to 64 characters)
Email Address	Specify the subscriber's e-mail address.	text string (up to 32 characters)
VPNNetwork	Specify the name of the Provider's VPN Network.	text string (up to 32 characters)
Profile	Specify a Subscriber's Profile	Default	Default

Creating a Subscriber

Step 2   Double-click the Service Application folder.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Click the Subscriber folder to highlight it.

Step 5   Select Object Viewer from the View menu.

Step 6   Enter the required attribute values including the Name, Contact Info, E-mail Address, and VPN Network. Acceptable values for the required attributes are listed in Table 18-7 above.

Step 7   Save the Subscriber by clicking the save button on the toolbar.

Step 8   Apply the Transaction by clicking the apply button on the toolbar.

Modifying a Subscriber's E-Mail Address

The only modification that can be made to a subscriber is a change of e-mail address. To change the e-mail address of a subscriber, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Subscriber folder to highlight it.

Step 5   Click the specific subscriber that you want to modify.

Step 6   Click the Object Viewer button on the toolbar.

Step 7   To modify the e-mail address, make the required modifications to the e-mail field and click the save button on the toolbar to save the service.

Step 8   Apply the Transaction by clicking the apply button on the toolbar.

Creating a Site Definition

Once a customer has been defined, an associated site must be defined for the customer. A customer site is a collection of one or more CE devices.

To create a site definition for a customer, perform the following procedure:

Step 2   Double-click the Service Application folder and double-click the IP VPN Service Application folder.

Step 3   Double-click the Subscriber folder and double-click the specific customer.

Step 4   Click the Site folder and click the Object Viewer button on the toolbar.

Step 5   Enter the required attribute values listed in Table 18-8.

Step 6   Save the Site object by clicking the save button on the toolbar.

Step 7   Apply the Transaction by clicking the apply button on the toolbar.

Site attribute values are outlined in Table 18-8 below. Attributes marked with an asterisk "*" are read-only.

Table 18-8: Attributes for a Cisco VPN Site

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Name	Specify a name for the site.	text string (up to 32 characters)
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.
Parameters
Location Information	Specify the location information for this site.	text string (up to 255 characters)
Email Address	Specify the e-mail address for this site.	text string (up to 64 characters)
Contained By
VPN Network	This is the network that will contain this site.	text string (up to 32 characters)	Derived*
Customer	This is the customer who contains this site.	text string (up to 32 characters)	Derived*

Service Contract

This object represents a service contract as offered by a provider to one or more subscribers for a VPN service.Figure 18-9 shows the Service Contract Object Viewer.

Service Contract attribute values are outlined in Table 18-9 below. Attributes marked with an asterisk "*" are read-only.

Table 18-9: Attributes for a Service Contract

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Name	Specify a name for the service contract.	text string (up to 32 characters)
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Profile	The profile is set to default.	Default*	Default*
Vpn
VPN Name	This is the name of the VPN that you will create after the Service Contract is created. This will enable you to create a VPN. The name you specify here must match the name of the VPN Name field in the VPN Object Viewer.	text string (up to 64 characters)
Scheduling
Schedule	This specifies the schedule for the service contract	Permanent, Daily, Weekly, Monthly	Permanent
Start Time	This specifies the start time for the service contract	This must be entered in the format date/time (yyyy/mm/ddhh:mm:ss).
End Time	This specifies the end time for the service contract.	This must be entered in the format date/time (yyyy/mm/ddhh:mm:ss).
Relationships
Provider Name	This is the Provider name. You can find/choose a provider by double clicking the Provider folder and selecting from the list.	text string (up to 64 characters)
Subscriber Name	This is the subscriber name.	text string (up to 64 characters)	Derived*

Creating a Service Contract

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Click the Service Contract folder to highlight it.

Step 5   Select Object Viewer from the View menu.

Step 6   Enter the required attribute value listed in Table 18-9 above.

Step 7   Save the Service contract by clicking the save button on the toolbar.

Step 8   Apply the Transaction by clicking the apply button on the toolbar.

Modifying or Deleting a Service Contract

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Click the Service Contract folder and double-click the Service Contract you wish to modify or delete.

Step 5   Select Object Viewer from the View menu.

Step 6   Modify or delete the Service Contract as follows:

a. To modify the Service Contract, make the required modifications to the attribute values and click the save button on the toolbar to save the service.

b. To delete the Service Contract, click the delete button on the toolbar.

Step 7   Apply the Transaction by clicking the apply button on the toolbar.

VPN

This represents IP interconnectivity over the backbone network between two or more sites. It uses a default provider domain (Autonomous System) for Router Distinguisher (RD) and Router Target (RT) automatic allocation purposes.

Figure 18-10 shows the VPN Object Viewer.

VPN attribute values are outlined in Table 18-10 below. Attributes marked with an asterisk "*" are read-only.

Table 18-10: Attributes for a Cisco VPN

Attribute	Description	Acceptable Values	Default Values
Common Attributes
VPN Name	Specify a name for the VPN.	text string (up to 32 characters)
MD	Specify the management domain	text string (up to 16 characters)
VPN	Specify the customer	text string (up to 16 characters)
Profile	The profile is set to default.		Default*
Contained By
Admin Domain	Specify the Administrative Domain for the VPN. You can find/choose from a list of Admin Domains by double-clicking the Admin Domain folder and selecting from the list.	text string (up to 32 characters)
Service Contract	Specify the Service contract for the VPN	text string (up to 44 characters)	Derived*

Creating a VPN

To create a VPN, you must first create a Service Contract to specify a VPN. Once a Service Contract is created, you can double-click the Service Contract that you have created in the Tree Viewer go get a VPN folder.

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Click the Service Contract folder and double-click the specific service contract that contains the VPN.

Step 5   Click the VPN folder to highlight it and click the Object Viewer button on the toolbar.

Step 6   Enter the required attribute values listed in Table 18-10.

Step 7   Save the VPN by clicking the save button on the toolbar.

Step 8   Apply the Transaction by clicking the apply button on the toolbar.

CE Routing Community (CERC)

A VPN can be organized into CE routing communities (CERCs). A CERC describes how the CE devices in a VPN communicate with each other. CERCs are a method of describing a logical connectivity between members (sites) or a VPN.

To build complex topologies of the service, it is necessary to divide the connectivity between CEs into communities. The layout of these communities can vary according to how complex a topology need to be. Four types of CERCs can be created: full mesh, hub and spoke, complex, and multi VPN.

Full mesh CERCs involve multiple CEs that connect to each other.

Hub and spoke CERCs involve a CE designated as a hub, and the resulted CEs connected to it are designated as spokes.

Complex CERCs involve an interconnectivity between a full mesh and a hub and spoke CERC. The hub of a hub and spoke configuration could be part of a full mesh configuration. Complex CERCs involve CEs that have membership in more than one CERC.

Figure 18-11 illustrates three types of CERC topologies.

The attributes for which you can configure for a CERC are outlined in Table 18-11 below. Attributes marked with asterisk "*" are read-only.

Table 18-11: Attributes for a CERC

Attribute	Description	Acceptable Values
Common Attributes
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Profile	The profile is set to default.		Default*
CERC Description	Specify a description for the CERC.	text string
Scheduling
Internal Id	The internal Id for the CERC. This value is autogenerated.		0
Auto Pick RT	This indicates whether Route Targets (SRT, HRT) are to be automatically chosen or not.	TRUE, FALSE	TRUE
Hub Router RT	This is the Hub Router route target address.	text string (up to 64 characters)
Spoke Router RT	This is the Spoke Router route target address	text string (up to 64 characters)
Contained By
VPN Name	The name of the VPN that contains the CERC.	text string (up to 32 characters)	Derived*

Creating a CERC

To create a CERC, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Click the Service Contract folder and double-click the specific service contract that contains the VPN.

Step 5   Click the VPN folder, double-click on the specific VPN.

Step 6   Click the CERC folder, click on the Object Viewer in the toolbar,

Step 7   Enter the required attribute values listed in the table above.

Step 8   Save the CERC by clicking the save button on the toolbar.

Step 9   Apply the Transaction by clicking the apply button on the toolbar.

Establishing VPN Services

This section describes the procedures for configuring the connectivity for a Service Request VPN Configuration (SRVC) between a CE Router and a PE Router.

Creating Ports On a PE Router

You must create Pport and Lport for every new PE interface without L3 connectivity (SRVC) on it. Physical ports must be created before logical ports.

When creating physical ports, you must include a prefix that specifies the port type when naming the port. For PE physical ports, the following prefixes are supported.

• Serial_PPP, HSSI_PPP, Serial_FrameRelay, HSSI_FrameRelay, Serial_HDLC, ATM, HSSI, HDLC, FDDI, GigabitEthernet, ISL.

Perform the following procedure to create physical ports.

Step 2   Double-click the IP VPN Service Application folder.

Step 3   Double-click the Provider folder and then double-click the specific provider that will contain the PE router.

Step 4   Double-click the VPN Network folder and double-click the specific network that will contain the additional PE router.

Step 5   Double-click the VPN Admin Domain folder and double-click the specific administrative domain that will contain the additional PE router.

Step 6   Double-click the Region folder and double-click the specific region that will contain the additional PE router.

Step 7   Double-click the PE Router folder and double-click the specific router that you want to create physical ports for.

Step 8   Click the PE Physical Port folder and click the Object Viewer button on the toolbar.

Step 9   Enter the required attribute values listed in Table 18-12.

Step 10   Save the physical port by clicking the save button on the toolbar.

Step 11   Apply the Transaction by clicking the apply button on the toolbar.

Note   Physical ports created in CPC do not get downloaded to Cisco VPN Solution Center until a member connectivity is created which uses the port. As a consequence, any upload from CVPNSC will remove all physical ports for which there are no corresponding member connectivities.

Table 18-12: Attributes for a PE Physical Port

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Physical Port Name	Specify a name for the physical port. The port name must include a prefix specifying the type of physical port. The physical port name must include the port type prefix and the interface number. For example, ATM/0, Serial1 are examples of physical port names.	text string (up to 32 characters)
domain	Specify the management domain	text string (up to 16 characters)
VPN	Specify the customer	text string (up to 16 characters)
Profile	The profile is set to default.	Default*	Default*
Contained By
Containing Node	This the node that contains the physical port.		Derived*
Parameters
Port Number	This is the number of the physical port.	0-214483647
Shelf Slot	This is the shelf slot.	text string (up to 16 characters)
Port Type	This is the physical port type.	POS_PPP, POS_HDLC, POS_FrameRelay, FastEthernet, FastEthernet_ISL, Ethernet, Serial_PPP, Serial_FrameRelay, Serial_HDLC, ATM, HSSI, HSSI_HDLC, HSSI_PPP, HSSI_FrameRelay, FDDI, GigabitEthernet, GigabitEthernet_ISL, Switch	Unknown
Bandwidth (kbits)	This is the bandwidth		2000000
Maximum PDU	This is the maximum PDU value.	0-2147483647	0
Class	This is the CPC class name for the physical port.	CVpp	CVpp

Creating Logical Ports on a PE Router

Once physical ports have been created for a PE router within CPC, logical ports must be created. To create logical ports, perform the following procedure:

Step 2   Double-click the IP VPN Service Application folder.

Step 3   Double-click the Provider folder and then double-click the specific provider that will contain the PE router.

Step 4   Double-click the VPN Network folder and double-click the specific network that will contain the additional PE router.

Step 5   Double-click the VPN Admin Domain folder and double-click the specific administrative domain that will contain the additional PE router.

Step 6   Double-click the Region folder and double-click the specific region that will contain the additional PE router.

Step 7   Double-click the PE Router folder and double-click the specific router that you want to create physical ports for.

Step 8   Click one of the following folders to create a specified logical port

• PE ATM Logical Port allows you to create an ATM logical port to communicate with an ATM interface on a WAN switch

• PE Frame Relay Logical Port allows you to create a Frame Relay logical port to communicate with a Frame Relay interface on a WAN switch

• PE Standard Logical Port allows you to create a standard logical port to communicate with a CE interface.

Step 9   Enter the required attribute value as follows:

• For an ATM logical port, enter the values listed in Table 18-13.

• For a Frame Relay logical port, enter the values listed in Table 18-14.

• For a standard logical port, enter the values listed in Table 18-15.

Step 10   Save the logical port by clicking the save button on the toolbar.

Step 11   Apply the Transaction by clicking the apply button on the toolbar.

Note   Logical ports created in CPC do not get downloaded to Cisco VPN Solution Center until a member connectivity is created which uses the port. As a consequence, any upload from CVPNSC will remove all logical ports for which there are no corresponding member connectivities.

The attributes for which you can provide values for an ATM logical port on a PE router are outlined in the Table 18-13 below. Attributes marked with an asterisk "*" are read-only.

Table 18-13: Attributes for a PE ATM Logical Port

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Name	Specify the name of the ATM logical port. The name must be the same as the name of the corresponding physical port.	text string (up to 32 characters)
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Profile	The profile is set to default.	Default*	Default*
Contained By
Network	This the network that contains the logical port.		Derived*
Node	This is the name of the PE router.		Derived*
Physical Port	This is the name of the associated physical port.
Protocol	This is the protocol to be used for this logical port. ATM is the mandatory default.	ATM	ATM
Signalling Role	You use the DCE logical port to communicate with most ATM CPE. A DCE logical port represents the "network side" equipment. This logical port type supports all types of PVCs. The DTE is almost identical to the DCE logical port type but with SVC applications, it assumes the role of the "user side" of the UNI signalling interface.	DCE, DTE	DCE
NNI enable	You can enable or disable NNI resiliency for the logical port.	false, true	false
Admin Status	The administrative status for the logical port.	unlocked, locked	unlocked
Maximum Connections	The maximum number of connections for the logical port.		500
Class	The CPC class for the logical port.	CVal	CVal
Resource Map	The resource map.	0	0
Peer Logical Port	The peer logical port.	text string (up to 40 characters)
Priority	The logical port usage priority.	0	0
ATM Attributes
Maximum (kbits/s) (Incoming/Outgoing)	This is the maximum bandwidth in both incoming and outgoing directions.		2000000
Nominal Threshold (%) (Incoming/Outgoing)	This is the nominal bandwidth threshold as a percentage.	100	100
Committed (kbits/s) (Incoming/Outgoing)	This is the committed bandwidth. Committed bandwidth is calculated by multiplying the maximum bandwidth with the nominal threshold and dividing that figure by 100.		Derived
Local Management Interface
ILMI ID (VPI/VCI)	This ILMI identification number	0	0
Max VPI/VCI (bits)	The maximum VPI/VCI bits.	12	12
ILMI N491 Error Threshold	The ILMI N491error threshold.		0
ILMI N492 Event Threshold	The ILMI N492 event		0
ILMI T493 Enquiry Interval	The ILMI T493 enquiry interval.		0
LMI T394 Update Status Interval	The LMI T394 update status interval.		0
LMI N395 Update Status Threshold	The LMI N395 updates status threshold.		0
LMI T393 Enquiry Timer	The LMI T393 enquiry timer		0
LMI T394 Update Status Interval	The T394 update status interval.		0
LMI T396 Poll Interval	The LMI T396 poll interval.		0
Management Protocol			3
Default ATM Address Type	The default ATM address type.	Private
Default ATM Address	The default ATM address.

The attributes for which you can provide values for a Frame Relay logical port on a PE router are outlined in Table 18-14 below. Attributes marked with an asterisk "*" are read-only.

Table 18-14: Attribute for a PE Frame Relay Logical Port

Attribute	Description	Acceptable Values
Common Attributes
Name	Specify the name of the interface. This corresponds with the name of the physical port, since CPC models interfaces as physical ports	text string (up to 32 characters)
Domain	Specify the management domain	text string (up to 16 characters
Customer	Specify the customers	text string (up to 16 characters)
Profile	The profile is set to default.	Default*	Default*
Contained By
Network	This is the network that contains the physical port.	text string (up to 32 characters)	Derived*
Node	This is the name of the PE router.		Derived*
Physical Port	This is the name of the associated physical port.
EMS Name	Specify the logical port name known to the Element Management System
Protocol	Specify the protocol that the logical port is using.	FR	FR
Signalling Role	You use the DCE logical port to communicate with most ATM CPE. A DCE logical port represents the "network side" equipment. This logical port type supports all types of PVCs. The DTE is almost identical to the DCE logical port type but with SVC applications, it assumes the role of the "user side" of the UNI signalling interface.	DCE, DTE	DCE
NNI Enable	You can enable or disable NNI resiliency for the logical port.	false, true,	false
Admin Status	The administrative status for the logical port.	Unlocked, Locked	Unlocked
Maximum Connections	The maximum number of connections for the logical port.		500
Class	The CPC class for the logical port.	CVfl	CVfl
Resource Map	The resource map.	0	0
Peer Logical Port	The peer logical port.
QOS	The Quality of Service provided by this logical port.
Group	The logical group membership, allowing several logical ports to be grouped together as a shared resource.
Priority	The logical port usage priority.
Bandwidth
Maximum (kbits/s) (Incoming/Outgoing)	This is the maximum bandwidth in both incoming and outgoing directions.		2000000
Nominal Threshold (%) (Incoming/Outgoing)	This is the nominal bandwidth threshold as a percentage.		100
Committed (kbits/s) (Incoming/Outgoing)	This is the committed bandwidth.		Derived
Universal FR Specific Attributes
Interface Speed (kbits/s)	The interface speed.	64	64
FR Attributes
Address Length	The address length.		2Byte10
Management Protocol	The management protocol for the logical port.		None
DTE Polling Interval (seconds)	The DTE polling interval.		0
DTE Full Inquiry Intervals.	The DTE full enquiry interval.		0
DTE Error Threshold	The DTE error threshold.		0
DTE Error Window	The DTE error window.		0
DCE Polling Interval (seconds)	The DCE polling interval.		0
DCE Error Threshold	The DCE error threshold.		0
DCE Error Window	The DCE error window.		0
Allocated Channels
Channels 0-31	Specify which channels have been allocated.

VPN network object attribute values are outlined in Table 18-15 below. Attributes marked with asterisk "*" are read-only.

Table 18-15: Attributes for a PE Standard Logical Port

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Interface Name	Specify the name of the interface. This corresponds with the name of the physical port, since CPC models interfaces as physical ports.	text string (up to 32 characters)
MD	Specify the management domain	text string (up to 16 characters)
VPN	Specify the customer	text string (up to 16 characters)
Profile	The profile is set to default.	Default*	Default*
Contained By
Containing Network	This the network that contains the physical port.	text string (up to 64 characters)	*
PE Router	This is the name of the PE router.		*
Associated Physical Port	This is the name of the associated physical port.
Protocol/Bandwidth
Protocol	This is the protocol to be used for this logical port. Other is the mandatory default.		OTHER*
Class	This is the CPC class name for the logical port.		CVlp*
Maximum (kbits/s) (Incoming/Outgoing)	This is the maximum bandwidth in both incoming and outgoing directions.		2000000
Nominal Threshold (%) (Incoming/Outgoing)	This is the nominal bandwidth threshold as a percentage.		100
Committed (kbits/s) (Incoming/Outgoing)	This is the committed bandwidth.		Derived

Adding a CE Router

The following procedure will allow you to enable an initial or an additional CE router to your network. It is assumed that you have installed the CE router according to the appropriate Cisco documentation. This process will includes the following procedures:

• Creating a CE Router object in CPC

• Creating physical ports in CPC

• Creating logical ports in CPC

• Creating links between the BPX WAN switch/DSLAM and the CE router (if necessary)

• Creating links between the DSLAM and the CE router (if necessary)

• Creating links between PE and CE routers if they are directly connected.

For information on creating links between CE routers and BPX WAN switches and DSLAMs, refer to the following chapters:

• Refer to the chapter titled "Configuring the Cisco WAN Manager Equipment Module" to create links between a CE router and a BPX WAN switch.

• Refer to the chapter titled "Configuring the Cisco 6260 DSLAM Equipment Module" to create links between a CE router and a 6260 DSLAM.

To create a CE router in CPC, perform the following procedure:

Step 2   Double-click the Service Application folder and double-click the IP VPN Service Application folder.

Step 3   Double-click the Subscriber folder and double-click the specific subscriber folder that will contain the additional CE router.

Step 4   Double-click the Site folder and double-click the specific site that will contain the new CE router.

Step 5   Double-click the CE Router folder and click the Object Viewer button on the toolbar.

Step 6   Enter the required attribute values listed in Table 18-16.

Step 7   Save the CE router object by clicking the save button on the toolbar.

Step 8   Apply the Transaction by clicking the apply button on the toolbar.

Cisco CE router attribute values are outlined in Table 18-16 below. Attributes marked with an asterisk "*" are read-only.

Table 18-16: Attributes for a Cisco CE Router

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Name	Specify a name for the CE router. You must use the format routername:domain:network	text string (up to 32 characters)
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Parameters
Eureka ID	This is the ID generated by VPN Solutions Center. You must not modify this value in CPC.
E-Mail Address	An e-mail address for the CE router. The VPN Solutions Center Equipment Module will use this address to change the management type of a CE Router from managed to unmanaged when an SRVC is deleted from that router.	text string (up to 64 characters)
Management Type	This is the management type.	ManagedRegular, ManagedShadlowRTR, ManagedRegularRTR, Unmanaged	ManagedRegular
Passwords
Login User Id	Specify the login user for the router.	text string (up to 64 characters)
Enable User Id	Specify the enable user Id for the router.	text string (up to 64 characters)
Login User Password	Specify the login user password for the router. The password must be a combination of alphanumeric characters (a-z), A-Z, 0-9, _-).	text string (up to 64 characters)
Enable User Password	Specify the enable user password for the router. The password must be a combination of alphanumeric characters (a-z, A-Z, 0-9, _-_.	text string (up to 64 characters)
SNMP RO Community	Specify the SNMP read-only community	text string (up to 64 characters)
SNMO RW	Specify the SNMP read-write community	text string (up to 64 characters)
Level	Specify the password level in the multi-level password scheme.	0-2147483647	0
Common Parameters
Transit Cost	This is the node transit cost. This attribute is not used by VPN Solutions Center.	0-2147483647	100
Node Type	This is the type of router.	text string (up to 24 characters)	CE
Class	This the CPC class name for the router.		CVct*
Contained By
Network	This is the network that will contain the router.		Derived*
Site	This is the customer site that will contain the router.		Derived*

CE Router Management Types

Managed CE routers are provisioned using VPN Solutions Center. VPN Solutions Center does not send any configuration down to unmanaged CE routers (Cisco or non-Cisco). For unmanaged routers, VPN Solutions Center generates an IOS configlet as though the router is managed and the Equipment Module can email it to an address configured for the router.

The email recipient can then download the configuration changes to the actual router using the IOS configlet. If the router is a managed Cisco device, the configuration may be applied to the router directly rather than using VPN Solutions Center. For non-Cisco devices, the configlet contains enough information to make the corresponding changes on the target device.

The configuration of unmanaged CE routers is not known by VPN Solutions Center and any interfaces specified cannot be check for validity.

The following outlines the steps required to change the management type of a CE router:

Step 2   Double-click the Service Application folder and double-click the IP VPN Service Application folder.

Step 3   Double-click the Subscriber folder and double-click the specific subscriber folder that will contain the CE router.

Step 4   Double-click the Site folder and double-click the specific site that will contain the new CE router.

Step 5   Click the CE Router to highlight it and click the Object Viewer button on the toolbar.

Step 6   Select the Management Type of the CE routers from the list. The choices are ManagedShadowRTR, ManagedRegularRTR, ManagedRegular or Unmanaged.

Step 7   Select the Management Type of the CE router

a. If the CE router is unmanaged, select Unmanaged from the list and include an email address where emails containing VPN Solutions Center configlets can be forwarded.

b. If the CE router is managed, select one of the management types from the list.

Note   This procedure outlines the steps that needed to change the management type of a CE router and should not be confused with creating a CE router. For more information on creating CE routers, refer to the section above titled "Adding a CE Router".

Creating Ports On a CE Router

If you are performing an initial or additional installation of a CE router, you need to create physical ports for the router within CPC. Physical ports must be created before logical ports. To create physical ports, perform the following procedure:

Step 2   Double-click the IP VPN Service Application folder.

Step 3   Double-click the Subscriber folder and double-click the specific provider that will contain the CE router.

Step 4   Double-click the Site folder and double-click the specific site that will contain the additional CE router.

Step 5   Double-click the CE Router folder and double-click the specific CE Router that will contain the physical port.

Step 6   Click the CE Physical Port folder and click the Object Viewer button on the toolbar.

Step 7   Enter the required attribute values listed in Table 18-17.

Step 8   Save the physical port by clicking the save button on the toolbar.

Step 9   Apply the Transaction by clicking the apply button on the toolbar.

CE Physical Port attribute values are outlined in Table 18-17 below. Attribute marked with an asterisk "*" are read-only.

Table 18-17: Attributes for a CE Physical Port

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Physical Port Name	Specify a name for the physical port. The name must include one of the prefixes specified in the next column. For example, an ATM physical port could be named ATM/2.	ATM, Serial, HSSI, POS, FastEthernet_ISL, GigabitEthernet_ISL, Ethernet, FastEthernet, GigabitEthernet, FDDI, Switch
MD	Specify the management domain	text string (up to 16 characters)
VPN	Specify the customer	text string (up to 16 characters)
Profile	The profile is set to default.	Default*	Default*
Contained By
Containing Node	This the node that contains the physical port.		Derived*
Parameters
Port Number	This is the physical port number.
Shelf Slot	This is the shelf slot.
Port Type	This is the physical port type.	POS_PPP, POS_HDLC, POS_FrameRelay, FastEthernet, FastEthernet_ISL, Ethernet, Serial_PPP, Serial_FrameRelay, Serial_HDLC, ATM, HSSI, HSSI_HDLC, HSSI_PPP, HSSI_FrameRelay, FDDI, GigabitEthernet, GigabitEthernet_ISL, Switch	Unknown
Bandwidth	This is the bandwidth	0-2147483647	2000000
Maximum PDU	This is the maximum PDU value.	0-2147483647	0
Class	This is the CPC class name for the physical port.		CVpp*
IP address	This is the IP address of the CE interface

Creating Logical Ports On a CE Router

Once physical ports have been created for a CE router within CE, logical ports must be created. To create logical ports, perform the following procedure:

Step 2   Double-click the IP VPN Service Application folder.

Step 3   Double-click the Subscriber folder and double-click the specific subscriber that will contain the logical port.

Step 4   Double-click the Site folder and double-click the specific site that will contain the logical port.

Step 5   Double-click the CE Router folder and double-click the specific CE Router that will contain the logical port.

Step 6   Click one of the following folders to create a specified logical port:

• CE ATM Logical Port allows you to create an ATM logical port to communicate with an ATM interface on a WAN switch

• CE Frame Relay Logical Port allows you to create a Frame Relay logical port to communicate with a Frame Relay interface on a WAN switch

• CE Standard Relay Logical Port allows you to create a Frame Relay logical port to communicate with a Frame Relay interface on a WAN switch.

Step 7   Enter the required attribute values listed as follows:

• For an ATM logical port, enter the values listed in Table 18-13. The attributes that you can specify are the same for a PE router.

• For a Frame Relay logical port, enter the values listed in Table 18-14. The attributes that you can specify are the same as for a PE router.

• For a standard logical port, enter the values listed in Table 18-15. The attributes that you can specify are the same as for a PE router.

Step 8   Save the logical port by clicking the save button on the toolbar.

Step 9   Apply the Transaction by clicking the apply button on the toolbar.

Add a New Member to a VPN

When you add a new member to a VPN, CPC will create a subscriber site's membership in a specified VPN.

Figure 18-12 shows the VPN Member Object Viewer.

VPN Member attribute values are outlined in Table 18-18 below. Attributes marked with an asterisk "*" are read-only.

Table 18-18: Attributes for a Cisco VPN Member

Attributes	Description	Acceptable Values	Default Values
Common Attributes
Name	Specify a name for the VPN member.	text string (up to 32 characters)
Containing VPN	Specify the name of the containing VPN.	text string (up to 64 characters)	Derived*
Relationship
Associated CE	Specify the name of the associated CE router. You can find/choose from a list of CE routers by double clicking on the CE Router folder and selecting from the list.	text string (up to 64 characters)

Adding a New Member to a VPN

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Service Contract folder and double-click the specific Service contract.

Step 5   Double-click the VPN folder and double click a specific Service Contract

Step 6   Click the VPN Member folder and click the Object Viewer button on the toolbar.

Step 7   Enter the required attribute values listed in Table 18-10.

Step 8   Save the VPN Member by clicking the save button on the toolbar.

Step 9   Apply the Transaction by clicking the apply button on the toolbar.

Add Connectivity for a New Member to a VPN

CPC allows you to define VPN connectivity for each VPN member. For a VPN member, one or more member connectivities can be created. This procedure co-ordinates layer three (L3) IP Connectivity between CE and PE routers (an SRVC) and layer two (L2) connectivity (an ATM or FR PVC). CPC can create L2 and L3 connectivity in one step or both layers can be configured individually.

The Member Connectivity Object Viewer contains tabs to autocreate L3, L2 objects as well as other objects associated with the connection. You may create each of these individually or autocreate them in the Member Connectivity Object Viewer. If you would like to only create the Member Connectivity object, then is sufficient to populate fields in the "Common Attributes", "VPN Member", and "Connectivity" tabs. See Table 18-18 sections, "Common Attributes", "VPN Member", and Connectivity for details on attribute values for the Member Connectivity Object.

If you are autocreating L3, L2 and other associated objects, you must fill in the attributes in the""L2/L3 creation" and "Other Creation" tab in the Member Connectivity Object Viewer. After you save the current object viewer, the L3 (SRVC), L2 (network connections, cross-connects, PVCs, etc.) and other objects (CERC Membership, Routes, Redistributed Protocol) will be created along with the Member Connectivity object. You may add additional CERC memberships, routes, and redistributed protocols by using the respective object viewers; see the "CERC Membership", "Routes", "Redistributed Protocol" for details. Note that the fields within the "L3/L2 Creation" and "Other Creation" tab in the Membership Connectivity Object Viewer will be empty after the objects have been created. This is because those objects are separate from the Member Connectivity object. The Member Object Connectivity Object Viewer is only a mechanism to autocreate these objects in one step. See Table 18-19, sections "L3/L2 Creation", and "Other Creations" for details on attribute values.

Figure 18-13 shows the Member Connectivity Object Viewer.

Member Connectivity attribute values outlined in Table 18-19 below. Attributes marked with an asterisk "*" are read-only.

Table 18-19: Attributes for Member Connectivity

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Name	Specify a name.	text string (up to 32 characters)
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
VPN Member
VPN Member	Specify a VPN member name.	text string (up to 64 characters)
Connectivity
PE	Specify the name of the associated PE router. You can find/choose from a list of PE routers by double clicking on the PE Router folder and selecting from the list.	text string (up to 64 characters)
SRVC	Specify the name of the associated SRVC. You can find/choose from a list on the SRVC folder and selecting from the list, leave empty if you are creating a new SRVC for this	text string (up to 64 characters)
L2 NC	Specify the name of the associated L2 connectivity. Leave empty if you are creating new L2 connectivity.	text string (up to 64 characters)
L3/L2 Creation
PE Interface	This is the associated PE interface (Mandatory). If there is a sub-interface for this interface, then the format of this field is: logicalport.subinterfacenumber	text string (up to 64 characters)	e.g., ATM1/0.1001
CE Interface	This is the associated CE interface (Mandatory). If there is a sub-interface for this interface, then the format of this field is: logicalport.subinterfacenumber	text string (up to 64 characters)	e.g., ATM2/0.5
Routing Protocol	the routing protocol between PE and CE routers for exchanging advertised routes.	UnknownRouting Type, StaticRoutingType, RiPv2RoutingType, BGPRoutingType	UnknownRoutingType
CE BGP ASN	This is the ASN number for the CE BGP.	0-65535
CoS Profile	This is the associated CoS profile (optional).	text string (up to 32 characters)
IP Unnumbered	This indicates whether IP unnumbered interfaces are used on PE and CE routers.	InterflPNumbered, InterflPEIPUnnumbered, InterfCEIPUnnumbered, InterfPECEIPUnnumbered	InterflPNumbered
PE IP Address	An IP address assigned to the associated PE interface. It is required when the autopick attribute (auto-picking from an address pool) is set to false. The format must be in dotted decimal notation and must include a mask. For example, 192.114.128.13/24
CE IP Address	An IP address assigned to the associated CE Interface. Is is required when the auotpick attribute (auto-picking from an address pool) is set to false.The format must be in dotted decimal notation and must include a mask. For example, 192.114.128.13/24
VPI (A Endpt/Z Endpt)	The VPI for the A/Z endpoints.	-1-255	-1
VCI (A Endpt/Z Endpt)	The VCI for the A/Z endpoints.	-1-65535	-1
PE-CE Bandwidth (kbits/s)	The bandwidth from the PE to the CE router.
CE-PE Bandwidth (kbits/s)	The bandwidth from the CE to the PE router.
ATM QOS	The ATM Quality of Service.	CBR, rt_VBR, nrt_VBR, ABR, UBR
Other Creation
PE Template File	Specify the PE template file.	text string (up to 64 characters)
PE Interface Template File	Specify the PE interface template file.	text string (up to 64 characters)
CE Template File	Specify the CE template file.	text string (up to 64 characters)
CE Interface Template File	Specify the CE interface template file.	text string (up to 64 characters)
Default CERC Description	Specify the default CERC description
Advertised Route Address/Mask	Specify the Advertised route Address/Mask
Route Address/Mask	Specify the Route Address/Mask
Redistributed Protocol	Specify the Redistributed Protocol.	static, connected, rip, bgp, igrp, ospf, eigrp,	(blank)
Protocol Number	Specify the number associated with the Redistributed Protocol (ASN or identifier or process number)	text string (up to 10 characters)

Add Connectivity for a New Member to a VPN

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Service Contract folder to open it and double-click the specific Service contract that will contain the new Member.

Step 5   Double-click the VPN folder to open it and double-click a specific VPN that will contain the new member.

Step 6   Double-click the VPN Member folder and double-click a specific VPN Member to add connectivity.

Step 7   Click the Member Connectivity folder and click the Object Viewer button on the toolbar.

Step 8   Enter the required attribute values listed in Table 18-19 above.

Step 9   Save the Member Connectivity by clicking the save button on the toolbar.

Step 10   Apply the Transaction by clicking the apply button on the toolbar.

L3 Connectivity: SRVC

Configuring L3 connectivity is actually creating the Service Request VPN Configurations (SRVC). This object establishes the IP connectivity configuration in the PE and CE. You must create the SRVC (L3 connectivity) before creating the L2 connectivity. Also, you must create the SRVC object and at least one corresponding CERC Membership object within one transaction. The information within the SRVC object and the CERC Membership object must be delivered to VPN Solutions Center together. The attributes for SRVC are outlined in Table 18-20.

There are several values in the SRVC that are obtained after the initial SRVC configuration have been delivered to the VPN Solution Center. These values cannot be set in CPC, and are set after the SRVC have been successfully delivered to the VPN Solution Center. Here are the details of the various SRVC fields:

Name	The SRVC name is initially set to 0. VPN Solutions Center will generate an unique number for this new SRVC after CPC successfully applies the transaction.
State	This field reflects the current status of the SRVC. It is only obtained through VPN Solution Center.
VRF Name	This field is obtained through VPN Solutions Center after a successful SRVC delivery by CPC.
Auto Pick Address	This value is always reset back to FALSE after the SRVC is delivered successfully to VPN Solutions Center, regardless if it's set TRUE or FALSE by the user.

Also depending if the IP Addresses are autopicked, these values are also being updated by the VPN Solutions Center:

• PE IP Address

• CE IP Address

Care must be taken when modifying and deleting an SRVC due to the IOS commands that are generated by VPN Solution Center. Please refer to the VPN Solution Center documentation for more information.

The attributes for the L3 Connectivity are outlined in below. Attributes marked with an asterisk "*" as their Default Value are read only and cannot be changed.

Table 18-20: Attributes for L3 Connectivity (SRVC)

Attribute	Description	Acceptable Values	Default Values
Common Attributes
Name	The name of the SRVC is generated by the VPN Solutions Center.	Text String (up to 33 characters)	*
MD	Specify the management domain	Text String (up to 16 characters)
VPN	Specify the customer	Text String (up to 24 characters)
Common Parameters
State	This field specifies the state of the SRVC. It is generated by VPN Solutions Center.	Text String (up to 16 characters)
IP Unnumbered	Specify which router will have their IP addresses unnumbered. If you are specifying both the IP addresses, select InterfIPNumbered. If you are specifying the PE router IP address, select InterfCEUunumbered. If you are specifying an IP address for either, select InterfPE-CEIPUnnumbered.	Text String (up to 24 characters)	InterfIPNumbered
PECE Link Protocol	Specify the link protocol used to link the PE and CE routers.	UnknownRoutingType, StaticRoutingType, RIPv2RoutingType, BGPRRoutingType	UnknownRouting-Type
Auto Pick Addresses	Specify whether or not to auto-pick the IP addresses for the CE and PE routers. If this is set too "True" and the CE/PE interfaces are IP numbered, their addresses will be picked from the address pools of the regions that the CE/PE routers belong to. If this is set to "True", IP addresses specified for these routers will be ignored.	True, False	False
CoS Profile	Specify the Class of Service profile.	Text String (up to 32 characters)
VRF Name	VRF (VPN Routing/Fowarding) table name taken from the VPN Solutions Center.	Text String (up to 64 characters)
PE Parameters
PE Interface Down	Specify whether or not the PE Interface is down. Select "True" if the major PE interface is not being brought up by CPC (a shutdown command will be generated). In this case, the service request is used for port reservation only.	True, False	False
Send Only Default Routes	Specify whether the CE is using full routing or default routing. CE routers can only have one default route. This can be set to "True" only if the CE router does not already have one default route.	True, False	False
PE Template File	Specify the PE template filename. For more information on templates, refer to the chapter titled "Configuring the Cisco VPN Solutions Center Equipment Module".	Text String (up to 64 characters)
PE Interface Template File	Specify the PE interface template filename. For more information on templates, refer to the chapter titled	Text String (up to 64 characters)
PE Subinterface Number	Specify the PE subinterface number.	Text String (up to 10 characters)
PE IP Address	Specify the PE router's IP address.	Text String (up to 19 characters)
PE ATM VCD	Specify the VDC for the L3 connectivity (ATM only).	0-4096	-1
PE ATM VPI	Specify the VPI for the L3 connectivity (ATM only).	-1-255	-1
PE ATM VCI	Specify the VCI for the L3 connectivity (ATM only)	-1-65535	-1
PE FR DLCI	Specify the DLCI for the L3 connectivity (FR only).	16-1007	-1
CE Parameters
CE Template File	Specify the CE template filename. For more information on templates, refer to the chapter titled "Configuring the Cisco VPN Solutions Center Equipment Module"	Text String (up to 64 characters)
CE Interface Template File	Specify the CE interface template filename. For more information on templates, refer to the chapter titled "Configuring the Cisco VPN Solutions Center Equipment Module"	Text String (up to 64 characters)
CE BGP ASN	Specify the BGP, ASN. This is required only if the routing protocol (PECE Link Protocol) between the PE and CE routers is BGP.	0-65535	0
CE Subinterface Number	Specify the CE subinterface number.	Text String (up to 10 characters)
CE IP Address	Specify the CE router's IP address	Text String (up to 19 characters)
CE ATM VCD	Specify the VCD for the L3 connectivity (ATM only).	0-4096	-1
CE ATM VPI	Specify the VPI for the L3 connectivity (ATM only).	-1-255	-1
CE ATM VCI	Specify the VCI for the L3 connectivity (ATM only).	-1-65535	-1
CE FR DLCI	Specify the DLCI for the L3 connectivity (ATM only).	16-1007	-1
Contained By
Containing Network	The network that contains the L3 connectivity service object. This attribute is auto-generated.	Text String (up to 32 characters)	*
Subscriber	The subscriber than owns this L3 connectivity service object. This attribute is auto-generated.	Text String (up to 32 characters)	*
Logical Port Associations
PE Node	The PE node that contains the logical port used for the PECE link. This will be autogenerated based in the logical port you can choose.	Text String (up to 19 characters)	*
PE Logical Port	Specify the PE logical port to be used for the L3 connection. You can choose from a list of logical ports by highlighting the cell and clicking the find to paste button. A subset viewer will appear; populate the list by clicking the get list button and copy/paste the logical port into this field.	Text String (up to 19 characters)
CE Node	The CE node that contains the logical port used to the PECE link. This will be auto-generated based on the logical port you choose.	Text String (up to 19 characters)
CE Logical Port	Specify the CE logical port to be used for the L3 connection. You can choose from a list of logical ports by highlighting the cell and clicking the find to paste button. A subset viewer will appear; populate the list by clicking the get list button and copy/paste the logical port into this field.	Text String (up to 19 characters)

Configuring L3 Connectivity

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Service Contract folder to open it and double-click the specific Service contract that will contain the new Member.

Step 5   Double-click the VPN folder to open it and double-click a specific VPN that will contain the new member.

Step 6   Double-click the VPN Member folder and double-click a specific VPN Member to add connectivity.

Step 7   Double-click the Member Connectivity folder and double-click the specific Member Connectivity to add to the SRVC.

Step 8   Click on the L3 Connectivity folder and click the Object Viewer button on the toolbar.

Step 9   Enter the required attribute values listed in Table 18-20 above.

Step 10   Save the SRVC by clicking the save button on the toolbar.

Step 11   Do not apply the transaction. You must create at least one CERC Membership for this SRVC before you apply the transaction. See CERC Membership section for details.

Note   For adding CERC Membership from a different VPN to an existing SRVC, please refer to the section titled "CERC Membership".

CERC Membership

You will need to reconfigure CERC membership as the topology of your IP-VPN services grow.

The attributes for which you can provide values for the CERC Membership are outlined in Table 18-21 below.

Table 18-21: Attributes for CERC Membership

Attribute	Description	Acceptable Values	Default Values
Common Attributes
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Profile	The profile is set to default.	text string (up to 32 characters)	Default*
CERC Membership Parameters
Hub or Spoke	Select either Hub or Spoke	Hub, Spoke	Spoke
Contained By
SRVC Name	The SRVC name.	text string (up to 32 characters)	Derived*
CERC Id	Specify the CERC.	text string (up to 32 characters)

Configuring a CERC Membership

To configure a CERC membership, complete the following procedure:

Step 2   Double-click the Service Application folder and then double-click the IP VPN Specific Application folder.

Step 3   Double-click the Service Contract folder to open it and double-click the specific Service contract that will contain the new Member.

Step 4   Double-click the VPN folder to open it and double-click a specific VPN that will contain the new member.

Step 5   Double-click the VPN Member and then click the specific VPN member folder to open it.

Step 6   Double-click the Member Connectivity folder and then click the specific member connectivity folder to open it.

Step 7   Double-click the L3 Connectivity folder and then click the specific L3 connectivity folder to open it.

Step 8   Click the CERC Membership folder and click the Object Viewer button on the toolbar.

Step 9   Enter the required attribute values listed in Table 18-21 above. The SRVC value is autogenerated.

Step 10   Save the membership by clicking the save button on the toolbar.

Step 11   Apply the Transaction by clicking the apply button on the toolbar.

Adding CERC Membership from a Different VPN to an Existing SRVC

SRVCs may be shared by different VPNs through adding CERC information from different VPNs to the shared SRVC. To add a VPN's CERC to an existing SRVC (in a different VPN), you must add a CERC Membership to the existing SRVC which references the CERC. The procedure to do this is as follows:

Note   The SRVC to be shared will be called "old SRVC."

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Service Contract folder and double-click a specific Service Contract.

Step 5   Double-click the VPN folder and double click a specified VPN (that contains the CERC you would like to add to the old SRVC).

Step 6   Click the VPN Member folder and click the Object Viewer button on the toolbar.

Step 7   Enter the required attribute described in "Add a New Member to a VPN". You must reference to CE router that the old SRVC references.

Step 8   Save the VPN Member by clicking the save button on the toolbar.

Step 9   Double-click the VPN Member folder and double-click the VPN Member that you just created in step 7.

Step 10   Click the Member Connectivity folder and click the Object Viewer button on the toolbar.

Step 11   Enter attribute values in the "Common Attributes", "VPN Member" and "Connectivity" tabs described in the "Add Connectivity" for a New Member to a VPN" section. Under the "Connectivity" tab, enter the old SRVC ID value in the SRVC field. Ensure that the PE values reflect those of the old SRVC.

Step 12   Save the Member Connectivity by clicking the save button on the toolbar. After the save, you should see the old SRVC in the L3 Connectivity folder for the new Member Connectivity that you just created.

Step 13   Double-click on the old SRVC, then click the CERC Membership folder and click the Object Viewer button on the toolbar.

Step 14   Enter the required attribute values for a CERC Membership (see the previous section).

Step 15   Save the membership by clicking the save button on the toolbar.

Step 16   Apply the Transaction by clicking the apply button on the toolbar.

Routes

CPC allows you to add advertised routes and route addresses to your configuration on an existing SRVC.

Figure 18-15 shows the Route Object Viewer.

Route attribute values are outlined in Table 18-22 below.

Table 18-22: Attributes for Route

Attribute	Description	Acceptable Values	Default Values
Common Attributes
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Profile	The profile is set to default.	text string (up to 32 characters)	Default*
Routes
Route	Specify the route.	text string (up to 64 characters)
Type	Specify the type.	AdvertisedRoute or RouteAddress	AdvertisedRoute
Contained By
Containing L3 Network Connection	Specify the L3 connection (SRVC)	text string (up to 32 characters)	Derived*

Adding a Route

Step 2   Double-click the Service Application folder and then double-click the IP VPN Specific Application folder.

Step 3   Double-click the Subscriber folder and then double-click the specific subscriber folder to open it.

Step 4   Double-click the Site folder and then double-click the specific site folder to open it.

Step 5   Double-click the CE Router folder and then click a specific CE router folder to open it.

Step 6   Double-click the VPN Member and then click the specific VPN member folder to open it.

Step 7   Double-click the Member Connectivity folder and then click the specific member connectivity folder to open it.

Step 8   Double-click the L3 Connectivity folder and then click the specific L3 connectivity folder to open it.

Step 9   Click the Routes folder and then click the Object Viewer button on the toolbar.

Step 10   Enter the required attribute values listed in Table 18-22 above.

Step 11   Save the route by clicking the save button on the toolbar.

Step 12   Apply the Transaction by clicking the apply button on the toolbar.

Redistributed Protocol

CPC allows you to configure redistributed protocols.

Figure 18-16 shows the Redistributed Protocol Object Viewer.

The attributes for which you can provide values for the Redistributed Protocol are outlined in Table 18-23 below.

Table 18-23: Attributes for Redistributed Protocol

Attribute	Description	Acceptable Values	Default Values
Common Attributes
MD	Specify the management domain.	text string (up to 16 characters)
VPN	Specify the customer.	text string (up to 16 characters)
Profile	The profile is set to default.	text string (up to 16 characters)	Default*
Redistributed Protocol
Redistributed Protocol	Specify the redistributed protocol.	static, connected, rip, bgp, igrp, ospf, eigrpm isis	static
Protocol Number	Specify the number associated with the Redistributed Protocol (ASN or identifier or process number)	text string (up to 10 characters)
Contained By
Containing L3 Network Connection.	Specify the SRVC.	text string (up to 44 characters)	Derived*

Configuring Redistributed Protocol

Step 2   Double-click the Service Application folder and then double-click the IP VPN Specific Application folder.

Step 3   Double-click the Subscriber folder and then double-click the specific subscriber folder to open it.

Step 4   Double-click the Site folder and then double-click the specific site folder to open it.

Step 5   Double-click the CE Router folder and then click a specific CE router folder to open it.

Step 6   Double-click the VPN Member and then click the specific VPN member folder to open it.

Step 7   Double-click the Member Connectivity folder and then click the specific member connectivity folder to open it.

Step 8   Double-click the L3 Connectivity folder and then click the specific L3 connectivity folder to open it.

Step 9   Click the Redistributed Protocol folder and then click the Object Viewer button on the toolbar.

Step 10   Enter the required attribute values listed in Table 18-23 above.

Step 11   Save the RProtocol by clicking the save button on the toolbar.

Step 12   Apply the Transaction by clicking the apply button on the toolbar.

Configuring L2

When the connectivity of the service involves multiple networks, you must create elements that connect the service together at the layer tow level. The layer two (L2) connectivity can be a circuit from the PE router to a BPX switch to the subscriber's CE router or it can be a circuit from the PE router to the BPX switch to the DSLAM to the CE router. Before the L2 connectivity can be established, you must ensure that all the associated fabric elements exist in the CPC database. This includes the BPX switch, the DSLAM physical ports, logical ports, DSL profiles, as well as links between the various networks.

In addition, the layer three connectivity (i.e., the SRVC) must be created before the L2 connectivity can be created. The L2 object viewer in the IP VPN service application autogenerates many attribute values from the SRVC object. The creation of L2 connectivity will build the various PVC and cross-connects in the path of the PE router to the CE router connection. QoS, traffic descriptors, and bandwidth are still restricted to the equipment that the PVC and the cross-connects resides on.

The attribute for the L2 Connectivity are outlined in Table 18-24 below. Attributes marked with an asterisk "*" as their Default Value are read only and cannot be changed.

Table 18-24: Attributes for L2 Connectivity

Attribute	Description	Acceptable Values	Default Value
Common Attributes
L2 NC Name	The N2 network connection name.	Text String (up to 64 characters)
Member Connectivity	The member connectivity that contains this L2 network connection. This attribute is auto-generated based on the member connectivity you are configuring.	Text String (up to 32 characters)	Derived
Containing Network	The VPN network that contains the L2 network connection.	Text String (up to 64 characters)
PE Logical Port		Text String (up to 19 characters)	Derived
CE Logical Port		Text String (up to 19 characters)	Derived
Incoming Bandwidth (kbits/s)	Specify the incoming bandwidth for the L2 connection. This attribute can be auto-generated from traffic descriptors
Outgoing Bandwidth (kbits/se)	Specify the outgoing bandwidth for the L2 connection. This attribute can be auto-generated from traffic descriptors
ATM Parameters
QoS	Specify the QoS.	CBR, rt_VBR, nrt_VBR, ABR,UBR
Round-trip time	This attribute specifies the round-trip time in milliseconds.
A Endpoint VCI	The VCI for the A endpoint.Autogenerates through SRVC		Derived from SRVC
A Endpoint VPI	The VPI for the A endpoint.Autogenerates through SRVC		Derived from SRVC
Z Endpoint VCI	The VCI for the Z endpoint.Autogenerates through SRVC		Derived from SRVC
Z Endpoint VPI	The VPI for the Z endpoint.Autogenerates through SRVC		Derived from SRVC
ATM Traffic Parameters (A to Z, Z to A directions)
TD Type	Select the traffic descriptor type.	None, CBR.1, ABR_FC, ABR_NFC, UBR.1, UBR.2, VBR.1, VBR.2, VBR.3
Substainable Cell Rate (cells/s)	SCR is the maximum average cell transmission rate that is allowed over a given period of time on a a given circuit. It allows the network to allocate sufficient resources for guaranteeing the network performance objectives are met.	0-2147483647	0
Peak Cell Rate (cells/s)	PCR is the maximum allowed cell transmission rate. It defines the shortest time period between cells and provides the highest guarantee that the network performance objectives (based on cell loss ratio) will be met.	0-2147483647	0
Minimum Cell Rate (cells/s)	MCR is the minimum cell rate, which is the minimum allocated bandwidth for a connection.	0-2147483647	0
Maximum Burst Size (cells)	MBS is the maximum number of cells that can be received at the PCR. This allows a burst of cells to arrive at a rate higher than the SCR. If the burst is larger than anticipated, the additional cells are either tagged or dropped. This parameter applies only to VBR traffic.	10-5000000	1000
CDVT (microseconds)	Cell Delay Variation Tolerance establishes the time scale over which the PCR is policed. This is set to allow for jitter (CDV)	0-250000	0
Peak to Peak Cell Delay Variation	Cell delay variation (CDV) represents the difference between the maximum CTD and the minimum CTD.
Max Cell Transfer Delay	Cell transfer is the time elapsed between departure time of a cell from the generating endsystem and the arrival time at the destination.
Cell Loss Ratio	The cell loss ratio QoS parameter is defined on a per connection basis as the number of lost cells divided by the total number of transmitted cells.
Initial Cell Rate	The rate at which a source should send initially and after an idle period.
Rate Increase Factor	The Rate Increase Factor controls the amount by which the cell transmission rate my increase upon receipt of an RM-cell.	1, 1/2, 1/4, 1/8, 1/16, 1/32, 1/64, 1/128, 1/256, 1/512, 1/1024, 1/2048, 1/4096, 1/8192, 1/16384, 1/32768
NRM (cells)	The maximum number of cells a source may send for each forward RM-cell.	1, 1/2, 1/4, 1/8, 1/16, 1/32, 1/64, 1/128, 1/256, 1/512, 1/1024, 1/2048, 1/4096, 1/8192, 1/16384, 1/32768
Rate Decrease Factor	The Rate Decrease Factor controls the amount by which the cell transmission rate may decrease upon receipt of an RM-cell.	1, 1/2, 1/4, 1/8, 1/16, 1/32, 1/64, 1/128, 1/256, 1/512, 1/1024, 1/2048, 1/4096, 1/8192, 1/16384, 1/32768
ACR Decrease Time Fact (milliseconds)	The Allowed-Cell-Rate-Decrease factor specifies the time permitted between sending RM cells before the rate is decreased to ICR.
TRM (milliseconds)	This specifies an upper bound on the time between forward RM-cells for an active source (for example, RM cells must be sent at least every TRM ms).
Transient Buffer Exposure	This specifies the negotiated number of cells that the network would like to limit the source to sending during start-up periods, before the first RM-cell returns.
Cutoff Decrease Factor	The decrease factor that controls the decrease in ACR associated with CRM	1/64, 1/32, 1/16, 1/8, 1/4, 1/2, 1, 0
Parameters
Priority	Specify the frame relay priority.	High, Medium, Low
A Endpoint DLCI	Specify t he A endpoint DLCI
Max Frame Size for A Endpoint	Specify the maximum frame size for the A endpoint.
Z Endpoint DLCI	Specify the Z endpoint DLCI.
Max Frame Size for Z Endpoint	Specify the maximum frame size for the Z endpoint.
A to Z, Z to A Directions
Committed Information Rate (CIR)	The rate at which the network commits to transfer information under normal conditions. The rate is averaged over a minimum time interval (Tc).
Committed Burst Size (Bc)	Bc is the maximum number of bits of user data that the network commits to transfer during the Tc at the CIR under normal conditions.
Excess Burst Size (Bc)	Be is the maximum number of bits in excess of the committed burst (Bc) that the network will attempt to transfer over the Tc under normal conditions.
Interworking
Interworking Type	Network interworking (N_IW) transports Frame Relay packets across an intermediate ATM network to another Frame Relay network. The frames are encapsulated into ATM cells. Service interworking (S_IW) adapts Frame relay packets into ATM cells for transmission onto an ATM network. After the ATM cells enter the network, the network can send then to ATM-attached devices or Frame Relay devices.	N_IW, S_IW	N_IW
FR CLP	This parameter allows you to set mapping from the Frame Relay DE bit to the ATM CLP bit of 0 of 1.	DE, 0,1	DE
ATM DE	This parameter allows you to set mapping from the Frame Relay DE bit to the ATM CLP bit of 0 or 1.	CLP, FR, 0, 1
Service IW Protocol	For translated protocol mapping, the system determines the protocol type and remaps the Frame Relay protocol to the ATM protocol, and vice versa. For transparent protocol mapping, the system does not determine the protocol type, it only removes the Frame Relay header and transfer the payload transparently between the Frame Relay and ATM networks.	TRANSLATED, TRANSPARENT
ATM EFCI	This parameter allows you to set mapping form Frame Relay FECN (Forward Explicit Congestion Notification) bits to the ATM EFCI (Exploit Forward Congestion Indication) bit to 0.	0, FECN
IW QoS	Specify the QoS for the L2 connection.	nrt_VBR, ABR, UBR
IW Fixed Round-Trip Time	This attribute specifies the round-trip time in milliseconds.

Creating L2 Connectivity

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Service Contract folder to open it and double-click the specific Service contract that will contain the new Member.

Step 5   Double-click the VPN folder to open it and double-click a specific VPN that will contain the new member.

Step 6   Double-click the VPN Member folder and double-click a specific VPN Member to add connectivity.

Step 7   Click the Member Connectivity folder and double-click the specific VPB Member Connectivity to add the L2 connectivity.

Step 8   Click on the L2 Connectivity folder and click the Object Viewer button on the toolbar.

Step 9   Enter the required attribute values listed in the table above.

Step 10   Save the L2 Connectivity by clicking the save button on the toolbar.

Step 11   Apply the transaction by clicking the apply button on the toolbar.

Using the IP-VPN Graph Viewer

CPC's Graph Viewer can be used to provide a view or IP-VPN services and to view different parts of a VPN containing a large number of objects (i.e., members of a particular VPN).

Overview

A typical VPN can include many hundreds or thousands of members. Obviously, it would be extremely difficult to show a view containing all VPN members at once because of the number of objects this would involve. The Graph Viewer provides you with the ability to partition a VPN into distinct geographical regions and groups the members into the appropriate region.

Concepts

Unlike other viewer within CPC, the IP-VPN Graph Viewer requires a graph object to be created before it is populated with objects. You can only spawn a graph viewer on a graph object. Graphs can be created manually or they can be generated using the graph generation function.

Once you have created a graph object, CPC allows you to further expand the graph by adding in objects that exist in the database.

Navigating the Graph Viewer

Navigation within the IP-VPN Graph Viewer follows the hierarchical structure using Groups. When you select a view within the Graph Viewer, you are identifying a specific Group and displaying all the elements belonging to that Group. Views can contain multiple groups, but a group cannot span multiple views.

Groups can contain multiple subgroups and views can be initiated on these subgroups. Graph Viewer allows you to navigate through views with several tools. You can move forward or back through views like you would navigate through hypertext pages on a web browser, or you can select specific views by navigating through folders on the Tree Viewer.

Views can be manipulated through four modes of interaction. Each mode of interaction allows a different way to manipulate the view or groups within the view. Table 18-25 explains the different modes of interaction within Graph Viewer and their associated button on the sidebar.

Table 18-25: Graph Viewer Interaction Modes

Mode	Select
Select	Allows you to select Groups within a view and view details about that group by invoking a Subset Viewer or an Object Viewer on that Group. Select Mode also lets you open the group and reveal subgroups in a new view. Select Mode is represented by the arrow button within the Graph Viewer. Select mode is invoked by clicking the arrow icon within a Graph Viewer.
Pan	Allows you to "pan" an entire view within the Graph Viewer windows. A view can be moved in all directions within the window by dragging the cursor over the view and moving it in the desired direction. Pan mode is invoked by clicking the hand icon within a Graph Viewer.
Zoon Box	Allows you to enlarge a selected area within the view to populate the entire viewable area within the Graph Viewer. You can "zoom" on any group within a view. Zoom Box Mode is invoked by clicking the magnify icon within a Graph Viewer.
Label Edit	Allows you to edit a label for a particular group. This mode is useful for instances when a node is moved and it has to be renamed, or a card for a particular customer is upgraded. Label Edit Mode is invoked by clicking the pen icon within a Graph Viewer.

Interaction Modes

Graph Viewer has four modes that can be initialized to manipulate the contents of the Graph Viewer. Select Mode is used to select groups and to retrieve attribute information for these groups. Pan Mode is used to move a view in any direction within the viewer. Zoom Box Mode is used to select an area within a view to enlarge. Label Edit Mode is used to edit the default labels that are assigned when a new group is created or to change existing labels on groups or network elements.

Each selection mode is accessed from the sidebar on the graph viewer. These are four icons that represent the different selection modes. Placing your cursor on an icon will spawn a "hint text" box revealing the mode.

Using Select Mode

When using Select Mode within the Graph Viewer, you are able to select groups and objects within a view and drill down on them to create new views. To invoke Select Mode from a Graph Viewer, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Graph folder to open it and click a specific graph to highlight it.

Step 5   Select graph viewer from the Graph menu.

Step 6   Click the arrow icon to invoke Select Mode.

.

Using Pan Mode

Pan Mode enable you to pan a view in any direction within the Graph Viewer window. To pan a view, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Graph folder to open it and click a specific graph to highlight it.

Step 5   Select graph viewer from the Graph menu.

Step 6   Pan the view by clicking the hand icon on the sidebar and dragging the directional cursor over the view in the desired direction.

Using Zoom Box Mode

Zoom box mode allows you to enlarge a selected area within a view. To enlarge a specific area within a view, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Graph folder to open it and click a specific graph to highlight it.

Step 5   Select graph viewer from the Graph menu.

Step 6   Click the magnify icon on the sidebar. This will enable zoom box mode. Left-click an area within the view to expand a box around the area that you want to enlarge. When the left-click is released, the area will be enlarged to fit the window of the Graph Viewer.

Using Label Edit Mode

Label Edit Mode is used to change the default labels generated by the Graph Viewer when a new group is created or to change an existing label. To use label edit mode, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder to open it.

Step 4   Double-click the Graph folder to open it and click a specific graph to highlight it.

Step 5   Select graph viewer from the Graph menu.

Step 6   Click the pen in the sidebar. This will enable label edit mode.

Step 7   Click a label to edit it. A dialogue box will appear. Make the necessary modifications to the label.

Step 8   Click the apply button to save changes made to the labels.

Operational Modes

The Graph Viewer can operate in either the default Standard Mode or Group Mode. Standard Mode allows you to navigate through the views that you have created and view network-specific attributes by invoking an Object Viewer.

Graph Viewer Features

Viewer feature are specific to the display of a view; they do not have any effect on the underlying data. Table 18-26 lists the viewer features.

Table 18-26: IP-VPN Graph Viewer Features

Feature	Description
Zooming	Allows you to zoom in and out of a view using a predefined scaling factor.
Panning	Provides the ability to shift the view in any direction.
Zoom box	A user-specified region that is expanded to fit the entire viewer.
Zoom overview	Fitting the entire view into the window viewer.
Multiple Viewer Interactivity	Network fabric (nodes, links) represented graphically in the Graph Viewer can be viewed in an Object Viewer or Subset Viewer. Both viewers can be launched from the CPC toolbar.
Cursor	A marker on the Graph Viewer used for zooming and pasting. The zoom in/out actions are centered around the cursor. The pasted objects are located at the current cursor location.
Selection mode	A mode that provides a way to select objects and groups inside the graph viewer. You can select multiple objects and groups by holding down the CTRL key or dragging out a selection box.

Using a Graph Viewer

You can access the Graph viewer through the main CPC Graph menu. Table 18-27 describes the menu items.

Table 18-27: Graph Viewer Menu Items

Item	Description
graph viewer	This command spawns the IP-VPN Graph Viewer. An IP-VPN Graph Hierarchy must be selected in order to run the Graph Viewer.
back	This command moves backward along the path in the history stack, much like the back arrow views the previous page in a web browser.
forward	This command moves forward along the path in the history stack, much like the forward arrow views the next web page in a web browser.
create group	This command creates a new group within the Graph Viewer (At the current cursor (+) location). A Graph Viewer must be open to use this command.
zoom in	This command zooms in on the view using a predefined scaling factor.
zoom out	This command zooms out on the view using a predefined scaling factor.
zoom overview	This command fits the entire view in the viewer window.
zoom 1:1	This command shows the entire view in the original size that it was created.

Groups

You can create a group hierarchy manually within the Generic Subset Viewer or you can cut and paste network elements from any viewer from the Tree Viewer into the Graph Viewer. Creation of a group hierarchy must be done in order to invoke a Graph Viewer on this hierarchy. Once a Graph Viewer is invoke on a hierarchy, you can create groups within the hierarchy and move them to a desire location in the window. You can create and modify group objects at any time.

Constructing a VPN Root Group

When constructing a VPN Map View, you must first create a Root Group. A Root Group is a group of objects that is not contained by any other group. Once the Root Group is created and associated with a particular VPN, subgroups (CEs) can be added to the group.

To construct a VPN Root Group, complete the following:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder.

Step 4   Enter the required attribute values listed in Table 18-28. Only the name attribute is mandatory. Once this information is entered, a Root Group will be created.

Step 5   Save the Root Group by clicking the save button on the toolbar.

Step 6   Apply the Transaction by clicking the save button on the toolbar.

Step 7   Close or minimize the Object Viewer.

Step 8   Double-click the Graph folder in the Tree Viewer and select the Root Group that you have just created.

Step 9   Select Graph Viewer from the Graph menu. A Graph Viewer will appear. Figure 18-17 shows an example of a Root Group Graph Viewer with an associated topology map background file.

Constructing a VPN Root Group for Small VPNs

For VPNs with less than 200 members, you can generate a graph of the entire VPN by following the steps below.

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP VPN Service Application folder.

Step 4   Double-click the Service Contract folder to open it and then double-click the specific service contract that contains the VPN you want to view.

Step 5   Double-click the VPN folder to open it and then double-click the specific VPN that you want to generate a graph for.

Step 6   Select create graph from the VPN menu.

Step 7   Double-click the Graph folder to open it.

Step 8   Click the specific graph (in this case the VPN graph that was created) to highlight it.

Step 9   Select Graph Viewer from the Graph menu.

Importing Objects Into the Root Group

Once a Root Group has been created, you can import objects into the group by using the copy and paste feature from the Tree Viewer. To import objects into the Root Group, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Click the Graph folder and click the Object Viewer on the toolbar.

Step 4   Select the specific Root Group (Graph) that you want to associate objects with and select Graph Viewer from the Graph menu.

Step 5   Click an object in the Tree Viewer. This object should represent the root object of the network topology. For an IP-VPN network, a Provider object should be associated with the Root Group. To select a Provider, click IP VPN Service Application>Provider and then click the specific Provider folder to highlight it. This process can be repeated for any IP-VPN object that you want to plot.

Step 6   Click the copy button on the toolbar to copy the Provider object.

Step 7   Click an area within the Root Group Graph Viewer and click the paste button on the toolbar. The Provider object will be pasted in this area. The pasted object will be located at the current cursor (+) location.

Step 8   Repeat steps 6 and 7 for each object that you want to import into the group

Step 9   Apply the Transaction by clicking the apply button on the toolbar

VPN Graph attribute values are outlined in the Table 18-28 below

Table 18-28: Attributes for a VPN Graph

Tab	Attribute	Description	Acceptable Values	Default Values
Common Attributes	Label	Specify a name for the graph	text string (up to 32 characters)
	Navigation Path	Specify the navigation path.
	X-coordinate	Specify the X-coordinate	floating point values (decimal)
	Y-coordinate	Specify the Y-coordinate	floating point values (decimal)
	Object	Specify the object Id number
	Background	Specify an absolute path to a background image file. You can use a gif or jpeg image as your topology map.	text string (up to 32 characters)
	Color	Specify the color in terms of the RBG color model. Values for each red, green and blue value must be between 0-255.	0-255 0-255 0-255

Modifying a Group

Modification of groups can be done directly in the Graph Viewer or through an Object Viewer. Modification can be done at any time unless the group is being modified by another use, in which case the group will be locked by the transaction created by the other use. To modify the characteristics of a group through the Graph Viewer, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP-VPN Service Application folder to open it.

Step 4   Double-click the Graph folder to open it and click a specific graph to highlight it.

Step 5   Select the graph viewer from the Graph menu.

Step 6   Navigate to the group that you want to modify.

Step 7   You can modify the position of the group within the view, the label of the group, and the background that the group will use.

• To modify the name, click the pen icon on the sidebar to enter Label Edit Mode. Drag the cursor over to the existing label and click it. An editable field will appear where you can edit the label.

• To modify the background, right click and ensure that the Group Mode toggle is turned on. This will enable Group Mode. Click the arrow icon on the sidebar, and then click the group. The group will be highlighted by a blue box. Click the Object Viewer button on the toolbar and then edit the Background field.

• To modify the position of the group within a specific view, right click and ensure that the Lock Position toggle is turned off. This will enable you to move the group.

Step 8   Save the modifications by clicking the save button on the toolbar.

Step 9   Apply the Transaction by clicking the apply button on the toolbar.

Groups can also be modified using the Tree Viewer and the Subset Viewer. To modify using these viewers, perform the following procedure:

Step 2   Click the group within the Graph Viewer and click either the Subset Viewer button or the Object Viewer button on the toolbar.

Step 3   Modify the name, position, and background in the fields provided in either viewer. Within the Subset Viewer, you can modify more than one group at a time.

Step 4   Save the modifications by clicking the save button on the toolbar.

Step 5   Apply the Transaction by clicking the apply button on the toolbar.

Deleting a Group

Groups can be deleted from the Graph Viewer. To delete a group, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP-VPN Service Application folder to open it.

Step 4   Double-click the Graph folder to open it and click a specific graph to highlight it.

Step 5   Select the graph viewer from the Graph menu.

Step 6   Within the Graph Viewer window, right-click and ensure that the Group Mode menu item is selected (toggled on). This will enable Group Mode.

Step 7   Click the group that you want to delete and click the delete button on the toolbar

Note   To delete a group within the Graph Viewer, you must be in Graph Mode. If you attempt to delete the group in Standard Mode, an attempt will be made to delete the actual object represented by the group. Groups can also be deleted from the Tree Viewer and a Subset Viewer by clicking the delete button on the toolbar

Drilling Down On an Object

You can "drill down" on a group to reveal more specific information on related objects. When drilling down on a group, only objects you have created or those automatically generated by the IP-VPN graph generator can be viewed. For example, drilling down on a VPN network will reveal an Administrative Domain. (You must create an Admin Domain group.) Performing a drill down on an Admin Domain will reveal one or more Regions. (You must create a Region group.)

To drill down on an object within the Graph Viewer, perform the following procedure:\

Step 2   Verify that the view has changed. The status bar should display the message "Drilldown Complete."

Step 3   You can move up to the previous view or to the root view if multiple drill down operations are performed

• To revert to the previous view, right click and select Show Parent from the drop-down menu

• To revert to the root view, right click and select Show Root from the right-down menu

Viewing the Parent or Root Groups

For any view within the Graph Viewer, you can view the group that contains it or the Root Group that contains all of the view within a specific hierarchy. To view parent or root groups for a particular view, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP-VPN Service Application folder to open it.

Step 4   Double-click the Graph folder to open it.

Step 5   Click a specific map and select graph viewer from the Graph menu.

Step 6   Navigate through the views as desired. At any time, you can return to the group that contains the current view by right-clicking within the Graph Viewer and selecting Show Parent from the menu that appears. You can also return to the Root Group by right-clicking within the Graph Viewer and selecting Show Root from the menu that appears.

Selecting an Operation Mode

Within the Graph Viewer, you can select either Group Mode or Standard Mode. When you initialize a Graph Viewer on a particular hierarchy, the operation mode will always default to Standard Mode. To toggle between Group and Standard modes within a Graph Viewer, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP-VPN Service Application folder to open it.

Step 4   Double-click the Graph folder to open it.

Step 5   Click a specific map and select graph viewer from the Graph menu.

Step 6   Once you have initialized a Graph Viewer for a map, the mode defaults to Standard Mode. Right -click within the Graph Viewer and select Group Mode from the menu that appears to change to Group Mode. If you are working in Group Mode and want to return to Standard Mode, right-click within the Graph Viewer and select Group Mode again.

Selecting All Objects Within a View

You can select all object within a view. To select all objects within a view, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP-VPN Service Application folder to open it.

Step 4   Double-click the Graph folder to open it.

Step 5   Click a specific map and select graph viewer from the Graph menu.

Step 6   Right-click and select Select All from the menu that appears. All objects will appear with an outline, indicating that they are selected. To deselect all of the objects, click any area within the Graph Viewer. The blue outlines will disappear, indicating that the objects are no longer selected. You can also select multiple objects by dragging a rectangle around objects. To do this, click the arrow icon in the graph viewer and drag the resulting rectangle to select the objects.

Zooming Within a View

The Graph Viewer allows you to zoom in and out of a view to highlight details of a hierarchy or abstract details to create an overview of a hierarchy. They position of the cursor (+) within the graph viewer determines which area will be magnified. To use the zooming function on a view, perform the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP-VPN Service Application folder to open it.

Step 4   Double-click the Graph folder to open it.

Step 5   Click a specific map and select graph viewer from the Graph menu.

Step 6   You can now zoom in on the view, zoom out from the view, zoom on overview of the view or zoom to a predefined scale.

• To zoom in on the view, select zoom in from the Graph menu.

• To zoom out from the view, select zoom out from the Graph menu.

• To zoom to an overview of the view, select zoom overview from the Graph menu.

• To zoom to the actual size that the view was created, select zoom 1:1 from the Graph menu.

Moving a View

Extremely large views can exceed the size of the Graph Viewer. In order to navigate to objects within a large view, you must move a view within the Graph Viewer. You can also use the scroll bars to navigate through the viewer. To move a view, perform the following procedure:

Step 2   Position the directional cursor over the view and click to drag the view within the Graph Viewer. The view can be dragged left, right, up, and down within the Graph Viewer.

VPN Connectivity Views

VPN connectivity view allow you to graph and view different layers of connectivity between the CE and PE devices in you VPN.

Creating a CERC Map View

A CE routing community (CERC) represents a logical connectivity between members of a VPN. This logical grouping provides a scalable way to view different parts of a VPN one at a time (assuming there are less than 100 member in a CERC). To create a CERC map view, complete the following steps:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP-VPN Service Application folder to open it.

Step 4   Double-click the Service Contract folder to open it and then double-click the specific service contract that contains the CERC you want to view.

Step 5   Double-click the VPN folder to open it and then double-click the specific VPN that contains the CERC you want to view.

Step 6   Double-click the CERC folder to open it and then click the specific CERC folder that you want to view to highlight it

Step 7   Select create graph from the VPN menu

Step 8   Double-click the Graph folder to open it

Step 9   Click the specific graph (in this case the CERC graph that was created) to highlight it

Step 10   Select graph viewer from the Graph menu

.

Creating a VPN Member CE-PE Map View

For a given VPN Member, the associated Member Connectivity can be determined which, in turn, is used to generated an L3 map view. The IP-VPN map viewer can automatically generate VPN Member views via a VPN Member Group generation routine. To create a VPN Member group, complete the following steps:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP-VPN Service Application folder to open it.

Step 4   Double-click the Service Contract folder to open it and then double-click the specific service contract that contains the VPN Member you want to view.

Step 5   Double-click the VPN folder to open it and then double-click the specific VPN that contains the VPN Member you want to view.

Step 6   Double-click the VPN folder to open it and then click the specific VPN member folder that you want to view to highlight it.

Step 7   Select create graph from the VPN menu.

Step 8   Apply the Transaction by clicking the apply button the toolbar.

Step 9   Double-click the Graph folder to open it.

Step 10   Click the specific graph (in this case the VPN Member graph that was created) to highlight it.

Step 11   Select graph viewer from the Graph menu.

Creating a Member Connectivity Map View

For a given VPN Member, the associated member connectivity can be determined. From the Member Connectivity, an L2 map view can be generated. The IP-VPN map viewer can automatically generate Member Connectivity views via a VPN Member Group generation routine. To create a Member Connectivity group, complete the following procedure:

Step 2   Double-click the Service Application folder to open it.

Step 3   Double-click the IP-VPN Service Application folder to open it.

Step 4   Double-click the Service Contract folder to open it and then double-click the specific service contract that contains the Member Connectivity you want to view.

Step 5   Double-click the VPN folder to open it and then double-click the specific VPN that contains the Member Connectivity you want to view.

Step 6   Double-click the VPN Member folder to open it and then double-click the specific VPN Member whose Member Connectivity you want to view.

Step 7   Double-click the VPN Member folder to open it and then double-click the specific Member whose Member Connectivity you want to view.

Step 8   Select create graph from the VPN menu.

Step 9   Apply the Transaction by clicking the apply button on the toolbar.

Step 10   Double-click the Graph folder to open it.

Step 11   Click the specific graph (in this case the Member Connectivity graph that was created) to highlight it.

Step 12   Select graph viewer from the Graph menu.

Posted: Thu Aug 3 16:44:40 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.