[c-nsp] ME2600X FTTH design, shaping, road map questions
Christian Kratzer
ck-lists at cksoft.de
Fri Nov 28 04:05:39 EST 2014
Hi,
we currently have an ftth deployment with Cisco4506 switches with 80 port linecards in the larger pops.
We are evaluating the ME2600X for scenarios where we cannot justify a large chassis like in house fttth, curb side deployment or even temporary setups for small pops that will grow later.
We have a vlan per service architectur with one vlan for each of management, voip, iptv and dual stacked internet. The customers are in s ahred vlan which means we also need the full array of first hop security features that are available on the 4506.
I have succeeded in mapping our classic vlan trunk interfaces on the 4506 to service instances and bridge groups on the me2600x platform. We also have basic ipv4 dhcp snooping and dhcp based source guard setup and running.
1. DHCP Snooping
-----------------
The first thing that we found missing compared to the 4506 was the override option for dhcp option 82 circuit-id.
On the 4506 we configure dhcp option 82 circuit-id for vlans as follows:
ip dhcp snooping vlan 601 information option format-type circuit-id override string CUST-999999-50009999
On the ME2600X we do following on the service instance:
ip dhcp relay information option subscriber-id CUST-999999-50009999
There is no override which means that the switch prepends binary port/vlan/service instances/bridge group information to the subscriber id string. We could to work around this with python code on our ACS to detect the format and extract the string. Although it worked this time this is annoying as the binary option82 information varies wildly between platforms, is not exactly documented and we already have too many workarounds for various devices. First question woulbe be if the override option is in the works for the ME2600X platform.
2. Per service speed profiles
-----------------------------
The second issue I am currently struggling with is how to properly implement our products with varying internet access speeds. We have both symmertric and asymmetric access speeds for residential and business customers. With speed profiles 100/10, 100/5, 50/5, 25/2.5 up/downstrom in mbits/s. All this is on gigabit fibre ports.
We would like to police/shape the internet service on vlan510/610 only.
On the 4506 we have per vlan ingress and egress policing on trunk ports as follows:
policy-map police-2dot5
class class-default
police cir 2750000
policy-map police-50
class class-default
police cir 55000000
!
interface GigabitEthernet2/3
switchport mode private-vlan trunk
vlan-range 510
service-policy output police-50
vlan-range 610
service-policy input police-2dot5
>From what I can make of the only documentation I could find at:
http://www.cisco.com/c/en/us/td/docs/switches/metro/me2600x/config/guide/b_ME2600X-scg/b_ME2600X-scg_chapter_010.html
The platform seems to be able to do ingress policing and egress shaping.
Ingress it seems we should be able put a policer on the internet service instance.
Egress it seems we are limited to per inteface shaping.
policy-map shape-100
class class-default
shape average 100000000
!
policy-map police-10
class class-default
police cir 10000000
!
interface GigabitEthernet0/1
service-policy output shape-100
!
service instance 610 ethernet
encapsulation dot1q 610
rewrite ingress tag pop 1 symmetric
service-policy input police-10
bridge-domain 610 split-horizon
To get the egress policer to focus on vlan 610 only we have tried:
class-map match-any class-inet
match vlan 610
policy-map shape-inet-100
class class-inet
shape average 100000000
!
interface GigabitEthernet0/1
service-policy output shape-inet-100
!
I am not through testing all of this but would like to know if we are on the right track. I see there is also interface based rate limiting available with an acl that we might be able to use.
How are we supposed to implement per service instance speed profiles on this platform ?
3. IPv6 FHS roadmap
-------------------
Third questions is on the roadmap of IPv6 FHS features like dhcp prefix snooping, and dhcpv6 prefix-guard features already available on the 4506.
4. Fibre port speed/duplex negotiation
--------------------------------------
Finally we also have recently migrated all our Fibre ports to full duplex and no speed negotiation as Cisco has removed duplex and speed negotiation from all other known switching platforms. After consultation with TAC we have "speed nonegotiate" configured on all the 4506 ports which is supposed to force the port to up.
What would be the correct magic word for the ME2600X to force a port not only to speed 1000 and duplex full but also to force it up.
We need the ports to be always on so the dumb FTU units we have deployed see gigabit frames and bring their link up.
I would be happy to hear from others using or evaluatiing the ME2600X for their experiences.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: ck at cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
More information about the cisco-nsp
mailing list