[c-nsp] ME3600 - SVI's + Service Instances

CiscoNSP List cisconsp_list at hotmail.com
Mon Sep 15 20:42:57 EDT 2014 





Re-send, as diag was too large and was rejected:




Sure - Ive attached a diag.

Plan is to add ME's as necessary(Probably 4 ME's total), and install SPA-5 or SPA-8GE into the ASR1001's, and also add a second link to each ME to the ASR's, and use equal cost OSPF to "load share" (So we are not limited to 1Gb between ASR/ME)....once we get close to port capacity(ASR's or ME's), we are looking to move the ASR1001's to purely Edge roles(IPTransit, Customer peering), and look at pairs of ASR1004's (For More port density, or move to 10Gb?) as a "Core" 

re. urpf - Is it still not supported on the ME's?

Cheers.

> CC: adam.vitkovsky at swan.sk; cisco-nsp at puck.nether.net
> From: nick at foobar.org
> Subject: Re: [c-nsp] ME3600 - SVI's + Service Instances
> Date: Mon, 15 Sep 2014 18:01:59 +0100
> To: cisconsp_list at hotmail.com
> 
> Not clear what your topology looks like. Can you draw a diagram?
> 
> Also if you are terminating customers on the me3600, you will need to use acls instead of urpf. 
> 
> Nick
> 
> On 15 Sep 2014, at 00:46, CiscoNSP List <cisconsp_list at hotmail.com> wrote:
> > 
> > Thanks very much Adam! - Much appreciated.
> > 
> > So each service instance goes "under" the physical Interface where we expect that vlan to be presented? And bridge-domain (100) associates it with vlan100? So on this phyiscal Int, we will have 100+ service instances under it?(I wont have access to an ME to test until later this afternoon).
> > 
> > We will be doing IPTransit + Peering to customers on the ASR1001's, and one IPTransit provider hands off the IPTransit service on there AGG's (That connect to the 4948's) as a vlan - Therefore, we need to get that vlan up to the ASR1001's(As we receive full tables) - Would the trunk port connecting to the ASR -> ME3600 be configured in a similar way to how you have described below on the ME? And on the ASR, can we continue to just use a physical port, which dot1Q subints?  (Note we will also be running a p-t-p connection between the ASR1001 +ME and running MPLS+iBGP+OSPF).....I was going to use a dedicated port(s) for this(As each POP will have 2 x ASR1001's and 2 x ME3600's) connected via  a mesh.
> > 
> > Thanks again for your help
> > 
> > 
> >> From: adam.vitkovsky at swan.sk
> >> To: cisconsp_list at hotmail.com; cisco-nsp at puck.nether.net
> >> Subject: RE: [c-nsp] ME3600 - SVI's + Service Instances
> >> Date: Sun, 14 Sep 2014 14:59:53 +0000
> >> 
> >> Hi,
> >> 
> >> I'd use the service instances as it's more convenient. 
> >> 
> >> interface GigabitEthernet0/3
> >> description dot1q trunk to agg 4948
> >> switchport trunk allowed vlan none <--no vlans are accepted except those specified under service instances. 
> >> switchport mode trunk
> >> dampening
> >> mtu 9100
> >> load-interval 30
> >> !
> >> service instance 100 ethernet
> >>  description agg-circuit-to-end-customer-100
> >>  encapsulation dot1q 100 <--frames with topmost tag 100 will be accepted by this service instance and the bridge domain specified below.  
> >>  rewrite ingress tag pop 1 symmetric   <--vlan interface will accept only untagged frames. 
> >>  service-policy input customer-100_in <--service policies are attached under the service instance rather than vlan int. 
> >>  service-policy output customer-100_out
> >>  bridge-domain 100 <--this will associate the service instance with a BD 100 and vlan interface 100. 
> >> 
> >> interface Vlan100
> >> description agg-circuit-to-end-customer-100
> >> bandwidth 10000
> >> vrf forwarding customer-100
> >> ip address 100.1.1.1 255.255.255.252
> >> no ip proxy-arp
> >> 
> >> 
> >> adam
> >> 
> >>> -----Original Message-----
> >>> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> >>> CiscoNSP List
> >>> Sent: Sunday, September 14, 2014 3:31 AM
> >>> To: cisco-nsp at puck.nether.net
> >>> Subject: [c-nsp] ME3600 - SVI's + Service Instances
> >>> 
> >>> Hi Everyone,
> >>> 
> >>> Very new to the ME3600 platform, so hoping someone can assist with the
> >>> following:
> >>> 
> >>> We currently have 4948's connecting to various carriers - Each port is a trunk,
> >>> and has a vlan per tail.
> >>> i.e.
> >>> 
> >>> int gig1/1
> >>> desc AGG_TO_CARRIER_A
> >>> switchport trunk encapsulation dot1q
> >>> switchport mode trunk
> >>> switchport trunk allowed vlan 10,20,30
> >>> 
> >>> We then have another port on the 4948's (Trunk), that allows all vlans from all
> >>> the carrier AGG ports that connects to 7200's or ASR1000's (We have multiple
> >>> POP's), and each vlan is then added to dot1q subint and thrown into a vrf or
> >>> standard "Inet" Interface....we also apply service-policys (egress
> >>> shaping/ingress marking) on the L3 Interfaces
> >>> 
> >>> We are wanting to run MPLS on the ME3600s, and do all the L3 stuff on them
> >>> rather than the 7200'sand ASR's - So, we will still have the 4948's, multiple
> >>> carrier AGG's, multiple vlans's but the trunk port(From the 4948s) that
> >>> currently goes to the 7200's and ASR's will now go to the ME3600s - So, a few
> >>> questions:
> >>> 
> >>> 1. What would the ME3600 Trunk port(That connects back to the 4948) config
> >>> look like?  i.e. Similar to how we currently do it (switchport trunk allowed vlan
> >>> 10,20.30,40...), and then create SVI's for each vlan and apply L3/VRF/service
> >>> policies? Or do SVI's not support service policies and we would need to use
> >>> service instances? (The 4948's typically have ~100+ vlans(tails) from the
> >>> various carrriers)
> >>> 
> >>> 2. If service instances are required, can anyone please provide an example of
> >>> how the config would look (Or point me to some documentation please?)
> >>> 
> >>> Thanks in advance for your help.
> >>> 
> >>> 
> >>> 
> >>> _______________________________________________
> >>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >                         
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list