[c-nsp] acl on bvi in ios xr (9k) 4.1.2

adam vitkovsky adam.vitkovsky at swan.sk
Mon Jul 23 08:45:49 EDT 2012 

Yes I admit solution #1 is bad 
And I also see that there's really no simple solution to replace BVI

> Suggestion 3 does not introduce redundancy for the ASR9k

Well in your picture there's only one ASR9k so if that one fails than it's game over anyways 
and yes I understand that putting additional SW (an active device for that matter) in front of the ASR9k would increase the overall probability of failure

If there are two  ASR9Ks than each would have to have an aggregation SW in from of it (aggregation SW would be inter-connected back to back and connected via trunk to ASR9k running L3 EFP per VLAN)
Than each switch from your picture would be connected to both of these aggregation switches


adam
-----Original Message-----
From: Peter Rathlev [mailto:peter at rathlev.dk] 
Sent: Monday, July 23, 2012 10:43 AM
To: adam vitkovsky
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] acl on bvi in ios xr (9k) 4.1.2

On Mon, 2012-07-23 at 10:14 +0200, adam vitkovsky wrote:
> > one router, two different switches, both switches are standalone and 
> > have no multi-chassis capabilities.
>
> If there's the same VLAN  running of the two switches you could 
> terminate it on two separate L3 sub-interfaces on the ASR9K /breaking 
> the VLAN subnet in two -loosing 4 addresses Or instead of the BVI you 
> could use a PW to aggregate the L2 traffic form the disjoint VLAN and 
> terminate the PW at ASR9K running L3 for the aggregation ring Or you 
> can use the already mentioned L2 switch to aggregate the VLANS from 
> the two switches and connect it via trunk to ASR9K

This is the scenario:

         +----------+
         |  Router  |
         +----------+
           |      |
 +----------+    +----------+
 | Switch 1 |    | Switch 2 |
 +----------+    +----------+

Suggestion 1, using two different subinterfaces and 2 networks, would exclude connecting to the same VLAN (not just ID) on the other side.
Imagine the two switches running e.g. HSRP on a SVI.

Suggestion 2 does not fall into the category "simple solution". And I fail to see how it introduces redundancy for the ASR9k, but that's probably because I'm not familiar with that way of doing it.

Suggestion 3 does not introduce redundancy for the ASR9k.

Summa summarum: There's no simple way to do it other than BVI. One might say that this kind of redundancy is irrelevant for a router of that size, but that's beside the point here.

--
Peter

More information about the cisco-nsp mailing list