[c-nsp] ASR 1K : EFP / XCONNECT / BDI
Vitkovský Adam
adam.vitkovsky at swan.sk
Sun Dec 14 05:37:26 EST 2014
Hi Nicolas ,
Have you been able to figure this out please?
The configuration seems perfectly valid, one think that’s not clear to me is if both services are between the same ASR and ISR routers why the PW neighbor IP address is different on each: 2.2.2.2 vs 81.23.32.79.
adam
From: nicolas at karp.fr [mailto:nicolas at karp.fr] On Behalf Of Nicolas KARP
Sent: Thursday, December 04, 2014 11:52 PM
To: Vitkovský Adam
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASR 1K : EFP / XCONNECT / BDI
Hi Adam, all,
I have now an issue when i configure a second xconnect under an efp. The idea is to create several xconnect between an ASR and a ISR 2801 to xconnect some vlans between the 2 platforms. As soon as I configure the 2nd xconnect and as soon as it comes UP, the trafic associated with the EVC is not going through.. In fact, all EVC under the interface g0/0/4 stop working...
BDI4096
BDI4093
ASR 1001x <---- xconnect MPLS ---> 2801
| |
| |
switch switch
vlan 4094 vlan 4094
vlan 4093 vlan 4093
vlan 4092 vlan 4092
Here is the config of the 1001x :
interface GigabitEthernet0/0/4
mtu 1530
no ip address
load-interval 30
negotiation auto
service instance 4092 ethernet
encapsulation dot1q 4092 exact
rewrite ingress tag pop 1 symmetric
xconnect 2.2.2.2 12 encapsulation mpls
!
service instance 4093 ethernet
encapsulation dot1q 4093 exact
rewrite ingress tag pop 1 symmetric
bridge-domain 4093
!
service instance 4094 ethernet
encapsulation dot1q 4094
rewrite ingress tag pop 1 symmetric
bridge-domain 4096
!
end
l2 vfi TEST2 manual (it's working when the service instance 4092 is not configured)
vpn id 258
bridge-domain 4093
mtu 1530
neighbor 81.23.32.79 11 encapsulation mpls
!
interface BDI4093
mtu 1530
ip vrf forwarding TEST2
ip address 172.31.0.253 255.255.255.0
standby 1 ip 172.31.0.254
standby 1 priority 110
standby 1 preempt delay minimum 60
end
interface BDI4096
ip vrf forwarding TEST
ip address 10.84.6.2 255.255.255.0
standby 1 ip 10.84.6.1
standby 1 priority 110
standby 1 preempt delay minimum 60
end
and the config on the 2801 :
interface FastEthernet0/1.4092
encapsulation dot1Q 4092
no cdp enable
xconnect 1.1.1.1 12 encapsulation mpls
end
interface FastEthernet0/1.4093
encapsulation dot1Q 4093
no cdp enable
xconnect 1.1.1.1 11 encapsulation mpls
end
bridge domain when it works :
RTI-MPLS-SAB-01#show bridge-domain 4093
Bridge-domain 4093 (3 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
BDI4093 (up)
GigabitEthernet0/0/4 service instance 4093
vfi OCTEY neighbor 81.23.32.79 11
AED MAC address Policy Tag Age Pseudoport
0 0024.E84F.9A87 forward dynamic 292 GigabitEthernet0/0/4.EFP4093
- 881D.FCD4.293F to_bdi static 0 BDI4093
0 0022.195F.166B forward dynamic 279 GigabitEthernet0/0/4.EFP4093
1 FFFF.FFFF.FFFF flood static 0 OLIST_PTR:0x2edad820
- 0000.0C07.AC01 to_bdi static 0 BDI4093
0 001B.213F.EDA8 forward dynamic 286 GigabitEthernet0/0/4.EFP4093
and when there is an issue :
RTI-MPLS-SAB-01#show bridge-domain 4096
Bridge-domain 4096 (2 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
BDI4096 (up)
GigabitEthernet0/0/4 service instance 4094
AED MAC address Policy Tag Age Pseudoport
- 881D.FCD4.293F to_bdi static 0 BDI4096
1 FFFF.FFFF.FFFF flood static 0 OLIST_PTR:0x2edad810
- 0000.0C07.AC01 to_bdi static 0 BDI4096
The mac address of the switch behind the ASR disappeared... Not too sure why... If i remove the xconnect under the service instance 4092, it still doesn't work. I have to remove the xconnect and do a shut/no shut on the physical port...
Do you know what is happening ?
Thank you.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# - - Nicolas KARP
# - - Network and Security Engineer
# - - Email : liste at karp.fr<mailto:nicolas at karp.fr>
# - - Linkedin : http://www.linkedin.com/in/nicolaskarp
# - - Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp <http://www.viadeo.com/fr/profile/nicolas.karp%20>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2014-12-03 15:54 GMT+01:00 Nicolas KARP <liste at karp.fr<mailto:liste at karp.fr>>:
That's the point !! I modified the mtu under the bdi interface and i had to modify the mu under the l2 vfi interface in order to get it funtionnal.
Thanks for the help.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# - - Nicolas KARP
# - - Network and Security Engineer
# - - Email : liste at karp.fr<mailto:nicolas at karp.fr>
# - - Linkedin : http://www.linkedin.com/in/nicolaskarp
# - - Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp <http://www.viadeo.com/fr/profile/nicolas.karp%20>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2014-12-03 13:13 GMT+01:00 Vitkovský Adam <adam.vitkovsky at swan.sk<mailto:adam.vitkovsky at swan.sk>>:
Does the MTU match on both ends please?
You can see the MTU on both ends in the output of the cmd “sh mpls l2 vc det”
adam
From: nicolas at karp.fr<mailto:nicolas at karp.fr> [mailto:nicolas at karp.fr<mailto:nicolas at karp.fr>] On Behalf Of Nicolas KARP
Sent: Wednesday, December 03, 2014 12:29 PM
To: Vitkovský Adam
Cc: cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] ASR 1K : EFP / XCONNECT / BDI
I've found another thread where you were talking about router pw on an ASR1k.
He is the config i've done so far :
ASR 1001X :
l2 vfi TEST2 manual
vpn id 258
bridge-domain 4093
neighbor 2.2.2.2 11 encapsulation mpls
interface BDI4093
mtu 1530
ip vrf forwarding TEST2
ip address 172.31.0.253 255.255.255.0
standby 1 ip 172.31.0.254
standby 1 priority 110
standby 1 preempt delay minimum 60
end
interface GigabitEthernet0/0/4
no ip address
load-interval 30
negotiation auto
service instance 4093 ethernet
encapsulation dot1q 4093 exact
rewrite ingress tag pop 1 symmetric
bridge-domain 4093
!
ISR 2801 :
interface FastEthernet0/1.4093
encapsulation dot1Q 4093
no cdp enable
xconnect 1.1.1.1 11 encapsulation mpls
//
For some reason the xconnect is not coming up...
RTI-MPLS-SAB-01#sh xconnect all
DN pri vfi OCTEY UP mpls 2.2.2.2:11<http://2.2.2.2:11> DN
UP pri bd 4093 UP vfi TEST2 UP
Thanks for your help.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# - - Nicolas KARP
# - - Network and Security Engineer
# - - Email : liste at karp.fr<mailto:nicolas at karp.fr>
# - - Linkedin : http://www.linkedin.com/in/nicolaskarp
# - - Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp <http://www.viadeo.com/fr/profile/nicolas.karp%20>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2014-12-03 11:14 GMT+01:00 Nicolas KARP <liste at karp.fr<mailto:liste at karp.fr>>:
Hi Adam,
I don't have the xconnect command under the bdi interface :
RTI-MPLS-SAB-01(config)#interface BDI4093
RTI-MPLS-SAB-01(config-if)#xconnect ?
% Unrecognized command
I'm using ASR1001X , ves 03.13.01.S
Any thought ?
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# - - Nicolas KARP
# - - Network and Security Engineer
# - - Email : liste at karp.fr<mailto:nicolas at karp.fr>
# - - Linkedin : http://www.linkedin.com/in/nicolaskarp
# - - Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp <http://www.viadeo.com/fr/profile/nicolas.karp%20>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2014-12-03 10:21 GMT+01:00 Vitkovský Adam <adam.vitkovsky at swan.sk<mailto:adam.vitkovsky at swan.sk>>:
Hi Nicolas,
This is the config for mixing EFPs and PWs in a common BD + IP interface for the BD.
Manual hub and spoke type of configuration with IP address + VFR at the hub location.
interface TenGigabitEthernet0/3
mtu 9000
service instance 8000 ethernet
description CUSTOMER-B
encapsulation dot1q 20,30,40
rewrite ingress tag pop 1 symmetric
bridge-domain 8000
interface BDI8000
mtu 9000
vrf CUST-B
ip add 192.0.2.1 255.255.255.0
xconnect vfi CUST-B-BD
l2 vfi CUST-B-BD manual
vpn id 1
neighbor 10.0.1.3 100 encapsulation mpls
neighbor 10.0.1.4 200 encapsulation mpls
neighbor 10.0.1.5 300 encapsulation mpls
Spokes would have just EFPs with xconnect.
adam
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>] On Behalf Of
> Nicolas KARP
> Sent: Tuesday, December 02, 2014 6:03 PM
> To: cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> Subject: [c-nsp] ASR 1K : EFP / XCONNECT / BDI
>
> Hi,
>
> I need to interconnect 2 platforms on 2 different datacenters.
>
> The idea is to create several EFPs on each PE (one at each side) and create a
> default xconnect pw in order to encapsulate the layer2 traffic over our MPLS
> network. I also have some layer 3 interfaces for different vlans which need to
> be used on both datacenters :
>
>
> *PE1 : (same config on PE2, except for the BDI interface)*
>
>
> *interface GigabitEthernet0/0/4*
> * no ip address*
> * load-interval 30*
> * negotiation auto*
>
> *## default XCONNECT to DC2*
> * service instance 1 ethernet*
> * encapsulation default*
> * xconnect 1.1.1.1 9999 encapsulation mpls pw-class EOMPLS-ETH-TO-VLAN*
> * !*
>
> *## Layer 3 interface via BDI*
> * service instance 4093 ethernet*
> * encapsulation dot1q 4093 exact*
> * rewrite ingress tag pop 1 symmetric*
> * bridge-domain 4093*
> * !*
>
> *interface BDI4093*
> * ip vrf forwarding TEST2*
> * ip address 172.31.0.253 255.255.255.0*
> * standby 1 ip 172.31.0.254*
> * standby 1 priority 110*
> * standby 1 preempt delay minimum 60*
> *end*
>
> *--> I'm missing a xconnect for the vlan 4093...*
>
>
> How can I create a layer3 interface and run a xconnect on the same EFP ?
> The idea would be to use the same vlans at both locations and terminate the
> Layer3 on a BDI interface in Datacenter1.
>
> Do you think it's possible ?
> I'm not too sure if i'm really clear. Don't hesitate to ask me if you have any
> questions :)
>
> Many Thanks for your help !
>
> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - - - - -
> # - - Nicolas KARP
> # - - Network and Security Engineer
> # - - Email : liste at karp.fr<mailto:liste at karp.fr> <nicolas at karp.fr<mailto:nicolas at karp.fr>>
> # - - Linkedin : http://www.linkedin.com/in/nicolaskarp
> # - - Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp
> <http://www.viadeo.com/fr/profile/nicolas.karp%20>
> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - - - - -
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list