[c-nsp] ME3600 - SVI's + Service Instances

Nick Hilliard nick at foobar.org
Mon Sep 15 13:01:59 EDT 2014 

Not clear what your topology looks like. Can you draw a diagram?

Also if you are terminating customers on the me3600, you will need to use acls instead of urpf. 

Nick

On 15 Sep 2014, at 00:46, CiscoNSP List <cisconsp_list at hotmail.com> wrote:
> 
> Thanks very much Adam! - Much appreciated.
> 
> So each service instance goes "under" the physical Interface where we expect that vlan to be presented? And bridge-domain (100) associates it with vlan100? So on this phyiscal Int, we will have 100+ service instances under it?(I wont have access to an ME to test until later this afternoon).
> 
> We will be doing IPTransit + Peering to customers on the ASR1001's, and one IPTransit provider hands off the IPTransit service on there AGG's (That connect to the 4948's) as a vlan - Therefore, we need to get that vlan up to the ASR1001's(As we receive full tables) - Would the trunk port connecting to the ASR -> ME3600 be configured in a similar way to how you have described below on the ME? And on the ASR, can we continue to just use a physical port, which dot1Q subints?  (Note we will also be running a p-t-p connection between the ASR1001 +ME and running MPLS+iBGP+OSPF).....I was going to use a dedicated port(s) for this(As each POP will have 2 x ASR1001's and 2 x ME3600's) connected via  a mesh.
> 
> Thanks again for your help
> 
> 
>> From: adam.vitkovsky at swan.sk
>> To: cisconsp_list at hotmail.com; cisco-nsp at puck.nether.net
>> Subject: RE: [c-nsp] ME3600 - SVI's + Service Instances
>> Date: Sun, 14 Sep 2014 14:59:53 +0000
>> 
>> Hi,
>> 
>> I'd use the service instances as it's more convenient. 
>> 
>> interface GigabitEthernet0/3
>> description dot1q trunk to agg 4948
>> switchport trunk allowed vlan none <--no vlans are accepted except those specified under service instances. 
>> switchport mode trunk
>> dampening
>> mtu 9100
>> load-interval 30
>> !
>> service instance 100 ethernet
>>  description agg-circuit-to-end-customer-100
>>  encapsulation dot1q 100 <--frames with topmost tag 100 will be accepted by this service instance and the bridge domain specified below.  
>>  rewrite ingress tag pop 1 symmetric   <--vlan interface will accept only untagged frames. 
>>  service-policy input customer-100_in <--service policies are attached under the service instance rather than vlan int. 
>>  service-policy output customer-100_out
>>  bridge-domain 100 <--this will associate the service instance with a BD 100 and vlan interface 100. 
>> 
>> interface Vlan100
>> description agg-circuit-to-end-customer-100
>> bandwidth 10000
>> vrf forwarding customer-100
>> ip address 100.1.1.1 255.255.255.252
>> no ip proxy-arp
>> 
>> 
>> adam
>> 
>>> -----Original Message-----
>>> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
>>> CiscoNSP List
>>> Sent: Sunday, September 14, 2014 3:31 AM
>>> To: cisco-nsp at puck.nether.net
>>> Subject: [c-nsp] ME3600 - SVI's + Service Instances
>>> 
>>> Hi Everyone,
>>> 
>>> Very new to the ME3600 platform, so hoping someone can assist with the
>>> following:
>>> 
>>> We currently have 4948's connecting to various carriers - Each port is a trunk,
>>> and has a vlan per tail.
>>> i.e.
>>> 
>>> int gig1/1
>>> desc AGG_TO_CARRIER_A
>>> switchport trunk encapsulation dot1q
>>> switchport mode trunk
>>> switchport trunk allowed vlan 10,20,30
>>> 
>>> We then have another port on the 4948's (Trunk), that allows all vlans from all
>>> the carrier AGG ports that connects to 7200's or ASR1000's (We have multiple
>>> POP's), and each vlan is then added to dot1q subint and thrown into a vrf or
>>> standard "Inet" Interface....we also apply service-policys (egress
>>> shaping/ingress marking) on the L3 Interfaces
>>> 
>>> We are wanting to run MPLS on the ME3600s, and do all the L3 stuff on them
>>> rather than the 7200'sand ASR's - So, we will still have the 4948's, multiple
>>> carrier AGG's, multiple vlans's but the trunk port(From the 4948s) that
>>> currently goes to the 7200's and ASR's will now go to the ME3600s - So, a few
>>> questions:
>>> 
>>> 1. What would the ME3600 Trunk port(That connects back to the 4948) config
>>> look like?  i.e. Similar to how we currently do it (switchport trunk allowed vlan
>>> 10,20.30,40...), and then create SVI's for each vlan and apply L3/VRF/service
>>> policies? Or do SVI's not support service policies and we would need to use
>>> service instances? (The 4948's typically have ~100+ vlans(tails) from the
>>> various carrriers)
>>> 
>>> 2. If service instances are required, can anyone please provide an example of
>>> how the config would look (Or point me to some documentation please?)
>>> 
>>> Thanks in advance for your help.
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>                         
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list