[c-nsp] L2PT over VPLS/VPWS between ME3600X and ASR920 (one for Warris?)

James Bensley jwbensley at gmail.com
Wed Aug 24 11:13:49 EDT 2016 

Hi All,

I have an ME3600X in DC1 which is part of a layer 2 ring and an ASR920
in DC2 which is part of the layer 2 ring there. Both are MPLS PEs.

I am trying to create pseudowires between a few specific VLANs in each
DC ring for replication. I want to do this without doing port based
pseudowires but that doesn't seem possible which to me doesn't sound
right for MEF certified devices.

Each PE device has at least two EFPs connected to a DC ring VLAN (east
and west) and all EFPs are configured with "2protocol forward" on both
PEs for all VLANs, as per the following example:

int gi0/0/0 ! ASR920
 service instance 2047 ethernet
  encapsulation dot1q 2047
  rewrite ingress tag pop 1 symmetric
  l2protocol forward
  bridge-domain 2047


Each PE device has a local layer 3 interface in the DC VLAN, interface
Vlan2047 on the ME and interface BDI2047 on the ASR920, each PE can
ping devices on it's local ring fine.

I tried using a VPLS style config as below, but on the ASR920 it says
there is no local access circuit:

  Bridge-Domain 2047 attachment circuits:

The VFI on the ASR920 shows as up but with no AC (there is no
"xconnect" or "member vfi" command available under the BDI2047, under
the bridge-domain it won't accept "member vfi VLAN-2047" for this type
of VFI, so this simlply wont work on the ASR920, having "bridge-domain
2047" under the VFI isn't enough, it doesn't see that the BDI2047 in
that bridge-domain is up or that the EFPs are up, as local ACs):

ME3600:
l2 vfi VLAN-2047 manual
 vpn id 2047
 neighbor 10.0.0.9 pw-class PWE3_Force_Tu1119

interface Vlan2047
 vrf forwarding UPDATA
 ip address x.x.x.2 255.255.255.0
 xconnect vfi VLAN-2047

ASR920:
l2 vfi VLAN-2047 manual
 vpn id 2047
 bridge-domain 2047
 neighbor 10.0.0.11 pw-class PWE3_Force_Tu1119
 exit

ASR920#show l2vpn vfi
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: VLAN-2047, state: up, type: multipoint, signaling: LDP
  VPN ID: 2047
  Bridge-Domain 2047 attachment circuits:
  Pseudo-port interface: pseudowire100009
  Interface          Peer Address     VC ID        S
  pseudowire2047     10.0.0.11        2047         Y


I can get this to work with a pseudowire stitching style config as per
below, but no layer 2 control protocol frames are forwarded:

ME3600
interface pseudowire2047
 encapsulation mpls
 control-word include
 preferred-path interface Tunnel1119 disable-fallback
 neighbor 10.0.0.19 2047
 exit

l2vpn vfi context VLAN-2047
 vpn id 2047
 member pseudowire2047
 exit

interface vlan 2047
 member vfi VLAN-2047
 exit


ASR920
interface pseudowire2047
 encapsulation mpls
 control-word include
 preferred-path interface Tunnel1119 disable-fallback
 neighbor 10.0.0.11 2047
 exit

l2vpn vfi context VLAN-2047
 vpn id 2047
 member pseudowire2047
 exit

bridge-domain 2047
 member vfi VLAN-2047
 exit


I don't want to waiste an interface on each PE by making a port based
pseudowire on each PE and having to plug the local AC into to another
switch in the ring and trunking those required inter-DC VLANs over
that interface, or useing a loopback cable.

Has anyone got this working, it seems pretty commong, I've done it
between MEs but not between an ME3600s and ASR920?

Something that is quite annoying is that here on the Cisco web site
(http://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/mpls/mp-l2-vpns-xe-3s-asr920-book/mp-l2-vpns-xe-3s-asr920-book_chapter_0111.html#topic_BC47C2CEAF9C45239A6AFB49D161A551)
it looks like my VPLS style config should work but the always says
there are no local ACs.

ME3600 is 15.3(3)S6 and ASR920 is 03.16.01a.S.

Cheers,
James.

More information about the cisco-nsp mailing list