[c-nsp] ASR 1K : EFP / XCONNECT / BDI

Nicolas KARP liste at karp.fr
Sun Dec 14 15:11:15 EST 2014


Hi Adam,

I opened a case with the Cisco TAC and for some reason, we can't mix a
l2vpn and l3vpn on the same interface with the configuration I wanted to do
(xconnect under a service instance // l2vfi + bdi interface under another
service instance). The only way to do what I wanted to do is to use a
second l2 vfi configuration.

The guy from Cisco didn't understand why the traffic was not going through
all the EVC as soon as i wanted to configure the second xconnect. I think
it should be a bug...

So my config is working and looks like :

l2 vfi OCTEY-ADMIN manual
 vpn id 258
 bridge-domain 4093
 mtu 1530
 neighbor 2.2.2.2
​
 11 encapsulation mpls

!

l2 vfi OCTEY-GRE manual
 vpn id 1258
 bridge-domain 4092
 mtu 1530
 neighbor
​
2.2.2.2
​ ​
12 encapsulation mpls

!

interface BDI4093
 mtu 1530
 ip vrf forwarding OCTEY
 ip address 172.31.0.253 255.255.255.0
 standby 1 ip 172.31.0.254
 standby 1 priority 110
 standby 1 preempt delay minimum 60

!

interface GigabitEthernet0/0/4

service instance 4092 ethernet
  description TUNNEL-GRE-OCTEY {L2 VFI OCTEY-GRE / VPN ID 1258}
  encapsulation dot1q 4092 exact
  rewrite ingress tag pop 1 symmetric
  bridge-domain 4092
 !
 service instance 4093 ethernet
  description ADMIN-OCTEY {L2 VFI OCTEY-ADMIN / VPN ID 258}
  encapsulation dot1q 4093 exact
  rewrite ingress tag pop 1 symmetric
  bridge-domain 4093
 !

On the other side, the router config is pretty basic, I have several
xconnect, one per subinterface.

Thank you so much for your help.

Best Regards,

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -
# - -   Nicolas KARP
# - -   Network and Security Engineer
# - -    Email : liste at karp.fr <nicolas at karp.fr>
# - -    Linkedin :  http://www.linkedin.com/in/nicolaskarp
# - -    Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp
<http://www.viadeo.com/fr/profile/nicolas.karp%20>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - -



2014-12-14 11:37 GMT+01:00 Vitkovský Adam <adam.vitkovsky at swan.sk>:
>
>  Hi Nicolas ,
>
>
>
> Have you been able to figure this out please?
>
> The configuration seems perfectly valid, one think that’s not clear to me
> is if both services are between the same ASR and ISR routers why the PW
> neighbor IP address is different on each: 2.2.2.2 vs 81.23.32.79.
>
>
>
> adam
>
>
>
> *From:* nicolas at karp.fr [mailto:nicolas at karp.fr] *On Behalf Of *Nicolas
> KARP
> *Sent:* Thursday, December 04, 2014 11:52 PM
>
> *To:* Vitkovský Adam
> *Cc:* cisco-nsp at puck.nether.net
> *Subject:* Re: [c-nsp] ASR 1K : EFP / XCONNECT / BDI
>
>
>
> Hi Adam, all,
>
>
>
> I have now an issue when i configure a second xconnect under an efp. The
> idea is to create several xconnect between an ASR and a ISR 2801 to
> xconnect some vlans between the 2 platforms. As soon as I configure the 2nd
> xconnect and as soon as it comes UP, the trafic associated with the EVC is
> not going through.. In fact, all EVC under the interface g0/0/4 stop
> working...
>
>
>
>
>
>
>
>   BDI4096
>
>   BDI4093
>
> ASR 1001x <---- xconnect MPLS ---> 2801
>
>     |                                                     |
>
>     |                                                     |
>
>   switch                                           switch
>
> vlan 4094                                     vlan 4094
>
> vlan 4093                                     vlan 4093
>
> vlan 4092                                     vlan 4092
>
>
>
>
>
> Here is the config of the 1001x :
>
>
>
>
>
> interface GigabitEthernet0/0/4
>
>  mtu 1530
>
>  no ip address
>
>  load-interval 30
>
>  negotiation auto
>
>  service instance 4092 ethernet
>
>  encapsulation dot1q 4092 exact
>
>   rewrite ingress tag pop 1 symmetric
>
>   xconnect 2.2.2.2 12 encapsulation mpls
>
> !
>
>  service instance 4093 ethernet
>
>   encapsulation dot1q 4093 exact
>
>   rewrite ingress tag pop 1 symmetric
>
>   bridge-domain 4093
>
>  !
>
>  service instance 4094 ethernet
>
>   encapsulation dot1q 4094
>
>   rewrite ingress tag pop 1 symmetric
>
>   bridge-domain 4096
>
>  !
>
> end
>
>
>
>
>
> l2 vfi TEST2 manual (it's working when the service instance 4092 is not
> configured)
>
>  vpn id 258
>
>  bridge-domain 4093
>
>  mtu 1530
>
>  neighbor 81.23.32.79 11 encapsulation mpls
>
> !
>
>
>
> interface BDI4093
>
>  mtu 1530
>
>  ip vrf forwarding TEST2
>
>  ip address 172.31.0.253 255.255.255.0
>
>  standby 1 ip 172.31.0.254
>
>  standby 1 priority 110
>
>  standby 1 preempt delay minimum 60
>
> end
>
>
>
>
>
> interface BDI4096
>
>  ip vrf forwarding TEST
>
>  ip address 10.84.6.2 255.255.255.0
>
>  standby 1 ip 10.84.6.1
>
>  standby 1 priority 110
>
>  standby 1 preempt delay minimum 60
>
> end
>
>
>
>
>
> and the config on the 2801 :
>
>
>
>
>
> interface FastEthernet0/1.4092
>
>  encapsulation dot1Q 4092
>
>  no cdp enable
>
>  xconnect 1.1.1.1 12 encapsulation mpls
>
> end
>
>
>
> interface FastEthernet0/1.4093
>
>  encapsulation dot1Q 4093
>
>  no cdp enable
>
>  xconnect 1.1.1.1 11 encapsulation mpls
>
> end
>
>
>
>
>
>
>
>
>
>
>
> bridge domain when it works :
>
>
>
> RTI-MPLS-SAB-01#show bridge-domain 4093
>
> Bridge-domain 4093 (3 ports in all)
>
> State: UP                    Mac learning: Enabled
>
> Aging-Timer: 300 second(s)
>
>     BDI4093  (up)
>
>     GigabitEthernet0/0/4 service instance 4093
>
>     vfi OCTEY neighbor 81.23.32.79 11
>
>    AED MAC address    Policy  Tag       Age  Pseudoport
>
>    0   0024.E84F.9A87 forward dynamic   292  GigabitEthernet0/0/4.EFP4093
>
>    -   881D.FCD4.293F to_bdi  static    0    BDI4093
>
>    0   0022.195F.166B forward dynamic   279  GigabitEthernet0/0/4.EFP4093
>
>    1   FFFF.FFFF.FFFF flood   static    0    OLIST_PTR:0x2edad820
>
>    -   0000.0C07.AC01 to_bdi  static    0    BDI4093
>
>    0   001B.213F.EDA8 forward dynamic   286  GigabitEthernet0/0/4.EFP4093
>
>
>
>
>
> and when there is an issue :
>
>
>
>
>
> RTI-MPLS-SAB-01#show  bridge-domain 4096
>
> Bridge-domain 4096 (2 ports in all)
>
> State: UP                    Mac learning: Enabled
>
> Aging-Timer: 300 second(s)
>
>     BDI4096  (up)
>
>     GigabitEthernet0/0/4 service instance 4094
>
>    AED MAC address    Policy  Tag       Age  Pseudoport
>
>    -   881D.FCD4.293F to_bdi  static    0    BDI4096
>
>    1   FFFF.FFFF.FFFF flood   static    0    OLIST_PTR:0x2edad810
>
>    -   0000.0C07.AC01 to_bdi  static    0    BDI4096
>
>
>
>
>
> The mac address of the switch behind the ASR disappeared... Not too sure
> why... If i remove the xconnect under the service instance 4092, it still
> doesn't work. I have to remove the xconnect and do a shut/no shut on the
> physical port...
>
>
>
>
>
> Do you know what is happening ?
>
>
>
> Thank you.
>
>
>
>
>   # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - - - - - - -
> # - -   Nicolas KARP
> # - -   Network and Security Engineer
> # - -    Email : liste at karp.fr <nicolas at karp.fr>
> # - -    Linkedin :  http://www.linkedin.com/in/nicolaskarp
> # - -    Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp
> <http://www.viadeo.com/fr/profile/nicolas.karp%20>
> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - - - - - -
>
>
>
> 2014-12-03 15:54 GMT+01:00 Nicolas KARP <liste at karp.fr>:
>
> That's the point !! I modified the mtu under the bdi interface and i had
> to modify the mu under the l2 vfi interface in order to get it funtionnal.
>
>
>
> Thanks for the help.
>
>
>   # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - - - - - - -
> # - -   Nicolas KARP
> # - -   Network and Security Engineer
> # - -    Email : liste at karp.fr <nicolas at karp.fr>
> # - -    Linkedin :  http://www.linkedin.com/in/nicolaskarp
> # - -    Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp
> <http://www.viadeo.com/fr/profile/nicolas.karp%20>
> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - - - - - -
>
>
>
> 2014-12-03 13:13 GMT+01:00 Vitkovský Adam <adam.vitkovsky at swan.sk>:
>
> Does the MTU match on both ends please?
>
> You can see the MTU on both ends in the output of the cmd “sh mpls l2 vc
> det”
>
>
>
> adam
>
>
>
> *From:* nicolas at karp.fr [mailto:nicolas at karp.fr] *On Behalf Of *Nicolas
> KARP
> *Sent:* Wednesday, December 03, 2014 12:29 PM
> *To:* Vitkovský Adam
> *Cc:* cisco-nsp at puck.nether.net
> *Subject:* Re: [c-nsp] ASR 1K : EFP / XCONNECT / BDI
>
>
>
> I've found another thread where you were talking about router pw on an
> ASR1k.
>
>
>
> He is the config i've done so far :
>
>
>
> *ASR 1001X : *
>
>
>
> l2 vfi TEST2 manual
>
>  vpn id 258
>
>  bridge-domain 4093
>
>  neighbor 2.2.2.2 11 encapsulation mpls
>
>
>
> interface BDI4093
>
>  mtu 1530
>
>  ip vrf forwarding TEST2
>
>  ip address 172.31.0.253 255.255.255.0
>
>  standby 1 ip 172.31.0.254
>
>  standby 1 priority 110
>
>  standby 1 preempt delay minimum 60
>
> end
>
>
>
> interface GigabitEthernet0/0/4
>
>  no ip address
>
>  load-interval 30
>
>  negotiation auto
>
>  service instance 4093 ethernet
>
>   encapsulation dot1q 4093 exact
>
>   rewrite ingress tag pop 1 symmetric
>
>   bridge-domain 4093
>
>  !
>
>
>
>
>
> *ISR 2801 : *
>
>
>
> interface FastEthernet0/1.4093
>
>  encapsulation dot1Q 4093
>
>  no cdp enable
>
>  xconnect 1.1.1.1 11 encapsulation mpls
>
>
>
>
>
> //
>
>
>
> For some reason the xconnect is not coming up...
>
>
>
>
>
> RTI-MPLS-SAB-01#sh xconnect all
>
> DN pri  vfi OCTEY                        UP mpls 2.2.2.2:11
> DN
>
> UP pri   bd 4093                         UP  vfi TEST2
>    UP
>
>
>
>
>
> Thanks for your help.
>
>
>
>
>   # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - - - - - - -
> # - -   Nicolas KARP
> # - -   Network and Security Engineer
> # - -    Email : liste at karp.fr <nicolas at karp.fr>
> # - -    Linkedin :  http://www.linkedin.com/in/nicolaskarp
> # - -    Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp
> <http://www.viadeo.com/fr/profile/nicolas.karp%20>
> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - - - - - -
>
>
>
> 2014-12-03 11:14 GMT+01:00 Nicolas KARP <liste at karp.fr>:
>
> Hi Adam,
>
>
>
> I don't have the xconnect command under the bdi interface :
>
>
>
> RTI-MPLS-SAB-01(config)#interface BDI4093
>
> RTI-MPLS-SAB-01(config-if)#xconnect ?
>
> % Unrecognized command
>
>
>
> I'm using ASR1001X , ves 03.13.01.S
>
>
>
>
>
> Any thought ?
>
>
>
>
>
>
>   # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - - - - - - -
> # - -   Nicolas KARP
> # - -   Network and Security Engineer
> # - -    Email : liste at karp.fr <nicolas at karp.fr>
> # - -    Linkedin :  http://www.linkedin.com/in/nicolaskarp
> # - -    Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp
> <http://www.viadeo.com/fr/profile/nicolas.karp%20>
> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - - - - - -
>
>
>
> 2014-12-03 10:21 GMT+01:00 Vitkovský Adam <adam.vitkovsky at swan.sk>:
>
> Hi Nicolas,
>
> This is the config for mixing EFPs and PWs in a common BD + IP interface
> for the BD.
> Manual hub and spoke type of configuration with IP address + VFR at the
> hub location.
>
> interface TenGigabitEthernet0/3
>  mtu 9000
>  service instance 8000 ethernet
>   description CUSTOMER-B
>   encapsulation dot1q 20,30,40
>   rewrite ingress tag pop 1 symmetric
>   bridge-domain 8000
>
> interface BDI8000
>  mtu 9000
>  vrf CUST-B
>  ip add 192.0.2.1 255.255.255.0
>  xconnect vfi CUST-B-BD
>
> l2 vfi CUST-B-BD manual
>  vpn id 1
>  neighbor 10.0.1.3 100 encapsulation mpls
>  neighbor 10.0.1.4 200 encapsulation mpls
>  neighbor 10.0.1.5 300 encapsulation mpls
>
> Spokes would have just EFPs with xconnect.
>
>
> adam
> > -----Original Message-----
> > From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> > Nicolas KARP
> > Sent: Tuesday, December 02, 2014 6:03 PM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] ASR 1K : EFP / XCONNECT / BDI
> >
> > Hi,
> >
> > I need to interconnect 2 platforms on 2 different datacenters.
> >
> > The idea is to create several EFPs on each PE (one at each side) and
> create a
> > default xconnect pw in order to encapsulate the layer2 traffic over our
> MPLS
> > network. I also have some layer 3 interfaces for different vlans which
> need to
> > be used on both datacenters :
> >
> >
> > *PE1 : (same config on PE2, except for the BDI interface)*
> >
> >
> > *interface GigabitEthernet0/0/4*
> > * no ip address*
> > * load-interval 30*
> > * negotiation auto*
> >
> > *## default XCONNECT to DC2*
> > * service instance 1 ethernet*
> > *  encapsulation default*
> > *  xconnect 1.1.1.1 9999 encapsulation mpls pw-class EOMPLS-ETH-TO-VLAN*
> > * !*
> >
> > *## Layer 3 interface via BDI*
> > * service instance 4093 ethernet*
> > *  encapsulation dot1q 4093 exact*
> > *  rewrite ingress tag pop 1 symmetric*
> > *  bridge-domain 4093*
> > * !*
> >
> > *interface BDI4093*
> > * ip vrf forwarding TEST2*
> > * ip address 172.31.0.253 255.255.255.0*
> > * standby 1 ip 172.31.0.254*
> > * standby 1 priority 110*
> > * standby 1 preempt delay minimum 60*
> > *end*
> >
> > *--> I'm missing a xconnect for the vlan 4093...*
> >
> >
> > How can I create a layer3 interface and run a xconnect on the same EFP ?
> > The idea would be to use the same vlans at both locations and terminate
> the
> > Layer3 on a BDI interface in Datacenter1.
> >
> > Do you think it's possible ?
> > I'm not too sure if i'm really clear. Don't hesitate to ask me if you
> have any
> > questions :)
> >
> > Many Thanks for your help !
> >
> > # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - -
> > - - - - - - - - - - - - - - - - - - -
> > # - -   Nicolas KARP
> > # - -   Network and Security Engineer
> > # - -    Email : liste at karp.fr <nicolas at karp.fr>
> > # - -    Linkedin :  http://www.linkedin.com/in/nicolaskarp
> > # - -    Viadeo : http://www.viadeo.com/fr/profile/nicolas.karp
> > <http://www.viadeo.com/fr/profile/nicolas.karp%20>
> > # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - -
> > - - - - - - - - - - - - - - - - - - -
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
>
>
>
>
>


More information about the cisco-nsp mailing list