[c-nsp] Connecting 2 offices with a VLAN via sub-ints

Justin Shore justin at justinshore.com
Mon Feb 18 12:14:40 EST 2008 

Late last week I finished my scheduled work in an early AM maintenance 
window when I got the brilliant idea to try and address an 
interconnection issue between a branch office and our HQ.  L2L IPSec VPN 
has caused us problems in the past between these 2 sites and they are 
currently connected via a fractional T1 (woefully inadequate bandwidth 
for data but enough for VoIP).  Each site connects directly to the ISP 
backbone via Ethernet.

I've tried to get EoMPLS working over the past few weeks unsuccessfully 
(see the thread from a few weeks ago).  I could never get both sides up 
in the lab and could never get traffic to pass in the field.  SVI-based 
EoMPLS isn't supported on my linecards (67XXs).  Using physical 
interfaces didn't work either.  I couldn't find any workable solutions 
so I moved onto to the less desirable solution of carrying a VLAN 
between the POPs as a workaround.

Here's what I have to work with:

   HQ     POP1        POP2                Branch
3560E---7600-1======6524-1======2960======2811
           |           |
         7600-2======6524-2

All links with equals signs are 1Q trunks and the dashes on access mode 
ports.

At the end of the maintenance window I started work on the sub-int 
approach.  I changed the GigE connections between each pair of core 
routers at each POP to utilize sub-ints instead of access mode 
switchports.  (A second upside to this is that I won't lose BFD support 
when I upgrade the 7600s in one POP to SRC and the ME6524s in the other 
POP to SXH (which I would have lost with the SVI approach I was 
previously using).)  My intent was to carry 2 VLANs across the GigE 
using sub-ints, one for POP to POP communication and the other for the 
branch office to HQ link.  I had to remove the L2 VLAN on both sides to 
create the sub-int (gave me an error when I tried to define the 
encapsulation mode).  Without the local L2 VLAN how do I connect the 
sub-int with the VLAN I map to an access port on the 7600s and onto a 
trunk on the ME6524s?  My intent at the time was to use IRB to bond an 
additional VLAN on each side together.  Now that I've caught up on my 
sleep I'm thinking that I should find a better way.

I would love to use EoMPLS for this but I could never make it work.  I 
should have been able to make that work but I didn't have any luck. 
It's very likely that I was doing something wrong but I'm short on time 
to try and figure out what I missed.  Can anyone offer any advice on the 
VLAN solution?  I could have use trunk mode switchports and I know it 
would have worked fine but that would have caused me grief down the road 
when I upgraded the code on either set of routers and lost my BFD on SVI 
support.  The sub-int option looked attractive at the time but I either 
forgot where I was headed with it after catching up on my sleep or it 
simply wasn't a workable solution.  Suggestions?

Thanks
  Justin

More information about the cisco-nsp mailing list