[c-nsp] VPLS : Loop avoidance

Nicolas KARP liste at karp.fr
Thu Apr 9 06:04:44 EDT 2015 

Hi Adam,

Thank you for your response.

I was thinking that the 6880 will break the loop but I guess there should
be some issues with the L2 FIB in that case...
What do you think I can do ? Manual failover ?  Let the interface on the
second asr down and do a manual switchover in case of issue with the
"primary" ASR ?

I'm not too sure what would be the best scenario in that case.

I'm thinking about using xconnect and peer backup on the vlan interface but
I'm not too sure if I can use a Layer 3 on that interface at the same time.

Thank you for your help.

Nick


# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
# - -   Nicolas KARP
# - -   Network and Security Engineer
# - -    Email : liste at karp.fr <nicolas at karp.fr>
# - -    Linkedin :  http://www.linkedin.com/in/nicolaskarp
# - -    Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp
<http://www.viadeo.com/fr/profile/nicolas.karp%20>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -



2015-04-08 23:54 GMT+02:00 Adam Vitkovsky <Adam.Vitkovsky at gamma.co.uk>:

> Hello Nicolas,
>
> Right the split horizon is there so packets coming from a PW will not be
> forwarded to another PW in the same VFI so that takes care of loops in MPLS.
> However you need to take care of the loops created via LAN/DC side so you
> need to have a dedicated forwarder for the BUM traffic on one of the ASRs
> or break the loop.
>
> adam
> > -----Original Message-----
> > From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> > Nicolas KARP
> > Sent: 08 April 2015 15:21
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] VPLS : Loop avoidance
> >
> > Hello,
> >
> > We are going to interconnect two of our datacenters. In one datacenter we
> > have a 6880-X configured with VSS and on the other hand, we have a pair
> of
> > ASR 1001-X.
> >
> > We would like to configure the VPLS and I have some questions about the
> > redundancy and loop avoidance. You can find a diagram attached to my
> > email..
> >
> >
> > *6880 VSS : *
> >
> > *l2 vfi VPLS-VLAN-582 manual*
> > * vpn id 582*
> > * neighbor ASR-2 24 encapsulation mpls*
> > * neighbor ASR-1 23 encapsulation mpls*
> >
> > *interface Vlan582*
> > * mtu 9180*
> > * no ip address*
> > * xconnect vfi VPLS-VLAN-582*
> >
> >
> > *ASR 1: *
> >
> > interface GigabitEthernet0/0/5
> > service instance 100 ethernet
> > description VLAN582
> > encapsulation dot1q 582 exact
> > rewrite ingress tag pop 1 symmetric
> > bridge-domain 582
> > !
> >
> > l2 vfi VPLS-VLAN-582 manual
> > vpn id 582
> > bridge-domain 582
> > mtu 9180
> > neighbor VSS-6880 23 encapsulation mpls
> > !
> >
> >
> > *ASR 2 : *
>
> >
> > interface GigabitEthernet0/0/5
> > service instance 100 ethernet
> > description VLAN582
> > encapsulation dot1q 582 exact
> > rewrite ingress tag pop 1 symmetric
> > bridge-domain 582
> > !
> > l2 vfi VPLS-VLAN-582 manual
> > vpn id 582
> > bridge-domain 582
> > mtu 9180
> > neighbor VSS-6880 24 encapsulation mpls
> > !
> >
> >
> > At the moment, I've enabled one interface on the ASR-1 (g0/0/5), the
> g0/0/5
> > on ASR-2 is still shut. VPLS is working like a charm between the 6880 and
> > ASR-1 but now I would like to activate the second interface on ASR-2 :-)
> >
> > I have some doubts about a loop in this case...
> > I guess there should be no loop because the 6880 is configured with
> > split-horizon but I just wanted to be sure that I will not break my
> network
> > if I activate the second port.
> >
> > Can you please help me ?
> >
> > Thank you.
> >
> >
> > # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - -
> > - - - - - - - - - - - - - - - - - - -
> > # - - Nicolas KARP
> > # - - Network and Security Engineer
> > # - - Email : liste at karp.fr <nicolas at karp.fr>
> > # - - Linkedin : http://www.linkedin.com/in/nicolaskarp
> > # - - Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp
> > <<http://www.viadeo.com/fr/profile/nicolas.karp%20>>
> > # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - -
> > - - - - - - - - - - - - - - - - - - -
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> ------------------------------
> This email has been scanned for email related threats and delivered safely
> by Mimecast.
> For more information please visit http://www.mimecast.com
> ------------------------------
>

More information about the cisco-nsp mailing list