[c-nsp] Design considerations (sanity check) for ASR9K/REP Access Gateway

Jason Lixfeld jason at lixfeld.ca
Sat Jun 1 22:21:55 EDT 2013


Hi,

I've used REP before in a 7600/ME3400 configuration where a 7600 would anchor a bunch of ME3400 rings together and each ME3400 ring was on the same SVI, for example vlan 50.  So 20 7600 ports, each connecting to a ring of 8 ME3400s; 160 devices all on the same SVI.  Each of the 20 ports was it's own REP segment.  This all works find and dandy.

I'm looking do the same thing with 4500s but connect them to a pair of ASR9Ks using REP-AG (knowing that the 4500 ports facing the ASR9Ks need to be rep edge no-neighbor).  In doing so, I'm wondering if the design philosophy can be the same, relatively speaking, like so (not sanity checked):

! ASR1
!
int lo0
 ipv4 address 1.1.1.1/32
!
int te0/0/0/0
 description 4500 ring 1
int te0/0/0/0.1 l2transport
 encap untagged
int te0/0/0/0.500 l2transport
 encap dot1q 500
!
int te0/0/0/1
 description 4500 ring 2
int te0/0/0/0.1 l2transport
 encap untagged
int te0/0/0/0.500 l2transport
 encap dot1q 500
!
int BVI500
 vrf internet
 ipv4 address 1.1.1.1/24
!
l2vpn
 bridge group REP-CORE
  bridge-domain REP-CORE
  interface te0/0/0/0.500
  interface te0/0/0/1.500
  !
  routed interface BVI500
 !
!
 bridge group REP-AG
  bridge-domain REP-AG
  interface te0/0/0/0.1
  interface te0/0/0/1.1
  !
  vfi REP-AG
   vpn-id 1
   neigh 2.2.2.2 pw-id 1
  !
 !
! 
spanning-tree repag REP
 interface te0/0/0/0.1
 interface te0/0/0/1.1
!

! ASR2
!
int lo0
 ipv4 address 2.2.2.2/32
!
int te0/0/0/0
 description 4500 ring 1
int te0/0/0/0.1 l2transport
 encap untagged
int te0/0/0/0.500 l2transport
 encap dot1q 500
!
int te0/0/0/1
 description 4500 ring 2
int te0/0/0/0.1 l2transport
 encap untagged
int te0/0/0/0.500 l2transoprt
 encap dot1q 500
!
int BVI500
 vrf internet
 ipv4 address 1.1.1.2/24
!
l2vpn
 bridge group REP-CORE
  bridge-domain REP-CORE
  interface te0/0/0/0.500
  interface te0/0/0/1.500
  !
  routed interface BVI500
 !
!
 bridge group REP-AG
  bridge-domain REP-AG
  interface te0/0/0/0.1
  interface te0/0/0/1.1
  !
  vfi REP-AG
   vpn-id 1
   neigh 1.1.1.1 pw-id 1
  !
 !
! 
spanning-tree repag REP
 interface te0/0/0/0.1
 interface te0/0/0/1.1
!

With the exception of making sure vrf internet has per-vrf label allocation mode set to make sure the MPLS/BVI thing works, is any of what I'm doing here just dumb from what anyone can see?

Thanks in advance.


More information about the cisco-nsp mailing list