[c-nsp] ME3600X rewrite push problem

Claes Jansson claes at gastabud.com
Mon Apr 8 05:15:44 EDT 2013


Hi,

the reason for trying this config was to reduce the xconnects from one 
per unique vlan/customer to one per interface. And also I want to reuse 
the same vlan's on the access switches for a more simplistic config on 
those devices.

And to use loopcable + EFPs/subints instead of using xconnects directly 
in bridge-domains. The reason for this is the limitations on IPSG, 
dhcp-snooping in the ASR...


My test-config on the ASR side looks like this...

!
l2vpn
  bridge group qinq
   bridge-domain access
    mtu 2000
    interface Bundle-Ether101
     dhcp ipv4 none
    !
    neighbor 1.1.1.221 pw-id 2210100
     dhcp ipv4 none

! Looped to bundle-ethernet 1
interface Bundle-Ether101
  description QinQ-Access_To_customer_EFPs
  mtu 1522
  bundle minimum-active links 1
  l2transport
!
interface Bundle-Ether1.333
  vrf test1
  ipv4 address 3.3.3.3 255.255.255.0
  encapsulation dot1q 2001 second-dot1q 102
!
interface Bundle-Ether1.444
  encapsulation dot1q 2001 second-dot1q 102
  rewrite ingress tag pop 2 sym
!
# Connect customer to "service"
l2vpn
  bridge group isp1
   bridge-domain vlanXX
    interface budle-ethernet 1.444
    interface ...
    interface ...
  routed interface BVI123
!

     //Claes

On 2013-04-08 01:43, Pshem Kowalczyk wrote:
> Hi,
>
> Any reason for not doing the push (or to be exact 'pop symmetric') on
> the remote end (i.e. ASR 9k)?
>
> kind regards
> Pshem
>
>
> On 8 April 2013 09:51, Claes Jansson <claes at gastabud.com> wrote:
>> I'm having some problems with qinq and "rewrite ingress tag push dot1q" on
>> the ME3600X, running version 15.3(2)S. The problem seems to be that the
>> range match of vlans and push of a tag works until the device is reloaded.
>> Has anyone else seen this happen?
>>
>> ME3600X config
>>
>> This config works until reload.
>> --------------------------
>> interface GigabitEthernet0/11
>>   description ACCESS_SWITCH
>>   switchport trunk allowed vlan none
>>   switchport mode trunk
>>   mtu 2000
>>   service instance 1000 ethernet
>>    encapsulation dot1q 101-122
>>    rewrite ingress tag push dot1q 2011 symmetric
>>    xconnect 1.1.1.2 2211100 encapsulation mpls
>> !
>>
>> Workaround
>> ----------
>> ME3600X-01(config)#int gi0/11
>> ME3600X-01(config-if)# service instance 1000 ethernet
>> ME3600X-01(config-if-srv)#encapsulation dot1q 666
>> ME3600X-01(config-if-srv)#encapsulation dot1q 101-122
>>
>> Another workaround could be to do 1 service instance per vlan match, since
>> that does not seem to trigger the problem...
>>
>> Trigger error at when running
>> -----------------------------
>> ME3600X-01(config)#interface GigabitEthernet0/11
>> ME3600X-01(config-if)# service instance 1000 ethernet
>> ME3600X-01(config-if-srv)#rewrite ingress tag push dot1q 2011
>>
>> # This will not recover the problem
>> ME3600X-01(config-if-srv)#  rewrite ingress tag push dot1q 2011 symmetric
>>
>> The only way to recover seems to be to change from a range match to a single
>> vlan (ie 666) and then back to a range (101-122).
>>
>>
>> The xconnect is then connected to a ASR9K bridge-domain which is then looped
>> back to an interface configured with EFP/subints for each customer
>> (outer+inner tag). AFAIK this is the only way since you cannot run IPSG and
>> DHCP snooping on pw's in BD's on the ASR9K yet... Or if there is a better
>> way to do this, please let me know :-)
>>
>> Tnx!
>>
>>      //Claes
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list