[c-nsp] Processing one VLAN received on a Q-in-Q port

Pete Lumbis alumbis at gmail.com
Mon Mar 25 08:20:45 EDT 2013 

*I think* they are trying to imply that the traditional Q-in-Q
configuration style is not supported. All of the same Q-in-Q functions can
be accomplished with EVC configuration.

>From the way I read your description the customer traffic will leave your
box with two tags, where you are imposing a single tag on their single
tagged frame?

Here I've expand on Adam's example. The first service instance just takes
in tag 10 and puts it in the SVI 10, just like a normal trunk -> SVI
configuration.
The second service instance uses flexible matching to match the range you
specified. It does not do anything to the 802.1q tag. The frame is then put
in bridge-domain (vlan) 500. When the frame received on g0/0 goes out g1/0
(the classic ethernet trunk carrying vlan 500), tag 500 will be imposed on
the frame.


int g0/0
 service instance 10 ethernet
  encapsulation dot1q 10
  rewrite ingress tag pop 1 symmetric
  bridge-domain 10
 !
 service instance 99 ethernet
  encapsulation dot1q 1-9,11-4094
  bridge-domain 500
!
int g1/0
 description uplink to SP Core
 switchport mode trunk
 switchport trunk allowed vlan 500
!
int vlan 10
 description BGP Peering Interface
 ip address 192.168.1.1 255.255.255.0







On Mon, Mar 25, 2013 at 12:32 PM, Robert Williams <Robert at custodiandc.com>wrote:

>  Hi – thanks,****
>
> ** **
>
> Interestingly it states:****
>
> ** **
>
> •[image: http://www.cisco.com/en/US/i/templates/blank.gif]These features
> are not supported on EVCs:****
>
> –[image: http://www.cisco.com/en/US/i/templates/blank.gif]QinQ tagging****
>
> ** **
>
> Which is a bit unclear and maybe out of context, but we do need to apply a
> second tag to the existing traffic from the other service provider, so even
> if EVC is supported and we were running an ES or using a 2T it still reads
> (maybe) as if it’s not possible?...****
>
> ** **
>
> Either way, I could do with knowing if this is possible on a 2T at all?***
> *
>
> ** **
>
> Thanks again!****
>
> ** **
>
> *From:* Pete Lumbis [mailto:alumbis at gmail.com]
> *Sent:* 25 March 2013 10:13
> *To:* Robert Williams
> *Cc:* Adam Vitkovsky; cisco-nsp at puck.nether.net
> *Subject:* Re: [c-nsp] Processing one VLAN received on a Q-in-Q port****
>
> ** **
>
> On the 6k I think EVC configuration can only be accomplishes on ES+ (maybe
> ES-20?) or with Sup2t****
>
>
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/config_guide/sup2T/ethernet_virtual_connection.html
> ****
>
> On Mon, Mar 25, 2013 at 10:05 AM, Robert Williams <Robert at custodiandc.com>
> wrote:****
>
> Hi Adam,
>
> Many thanks for that, it reads like it would do exactly what we need,
> however the switch doesn't accept Ethernet encapsulation:
>
> (config-if)#service instance 10 ethernet
> (config-if-srv)#ethernet ?
>   lmi  Configure ether lmi parameters
> (config-if-srv)#?
> Ethernet EFP configuration commands:
>   default   Set a command to its defaults
>   ethernet  Configure ether lmi parameters
>   exit      Exit from ETHER EFP configuration mode
>   no        Negate a command or set its defaults
>
> It's running Version 12.2(33)SXJ3 / AdvIP Services and the line card is  a
> 6708-10GE with a DFC3CXL
>
> Any other pointers or maybe suggestions as to IOS versions / Line cards
> with or without this feature?
>
> Cheers!****
>
>
>
>
>
> Robert Williams
> Custodian Data Centre
> Email: Robert at CustodianDC.com
> http://www.CustodianDC.com****
>
> Robert Williams
> Custodian Data Centre
> Email: Robert at CustodianDC.com
> http://www.CustodianDC.com
>
> -----Original Message-----
> From: Adam Vitkovsky [mailto:adam.vitkovsky at swan.sk]
> Sent: 25 March 2013 08:42
> To: Robert Williams; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Processing one VLAN received on a Q-in-Q port
>
> Hi Robert,
>
> I believe you should be able to use the following config for the VLAN 10.
>
> interface Gi1/1
>  service instance 10
>  ethernet  encapsulation dot1q 10
>  rewrite ingress tag pop 1 symmetric
>  bridge-domain 40
>
> interface Vlan 40
>  ip address 1.1.1.1 255.255.255.0
>
> check out the following series:
>
> http://ccie-in-3-months.blogspot.com/2009/09/evc-flexible-service-mapping.html
>
> http://ccie-in-3-months.blogspot.com/2009/06/evc-flexible-frame-matching.html
>
> http://ccie-in-3-months.blogspot.com/2009/06/evc-flexible-vlan-tag-rewrite.html
>
>
> adam
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:
> cisco-nsp-bounces at puck.nether.net] On Behalf Of Robert Williams
> Sent: Sunday, March 24, 2013 10:24 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Processing one VLAN received on a Q-in-Q port
>
> Hi Guys,
>
> Hopefully someone here can assist with this, I need to process locally a
> VLAN which is received into our network from another service provider via
> one of our Q-in-Q ports.
>
> Currently we use a Q-in-Q port to double-tag all traffic we receive from
> the other provider, then transport it across our network and give it back
> to them where they then break it out on their own switch at one of our
> other facilities. We do this across a series of 6500/720XL chassis.
>
> This works fine, however, we now need to bring up an additional BGP
> session with the other provider, but the session has to be over the same
> physical port as we use for the Q-in-Q transport. To put it into a logical
> sentence, we need the port facing the other provider at the edge of our
> network to:
>
> “Double-tag VLANs 1-9 and 11-4094 with SPvLAN ID 500 - but switch VLAN 10
> locally without double-tagging it”
>
> We will then bring up the BGP session on VLAN 10, but allow all the others
> to pass across our network with the additional double-tag.
>
> All packets we receive from the other SP are single-tagged, including the
> VLAN on which we need to inject our BGP session.
>
> I’m not sure what other information may be relevant so please just ask me
> anything. If this is not possible on the 720 platform, then we will
> consider deploying either a 2T or ASR9k at this location to meet the
> requirement (both are currently being looked at as options for upgrading
> our 720 units anyway). However, it would be nice if the 2T can do it as the
> ASR may be overkill considering the other requirements of the site.
>
> Thanks in advance!
>
>
>
> Robert Williams
> Custodian Data Centre
> Email: Robert at CustodianDC.com
> http://www.CustodianDC.com
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/****
>
> ** **
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130325/3c0757e6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 167 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130325/3c0757e6/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 168 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130325/3c0757e6/attachment-0003.png>

More information about the cisco-nsp mailing list