[c-nsp] cisco-nsp Digest, Vol 165, Issue 32

Jay McMaster jmcmaster at advancedipsolutions.ca
Wed Aug 24 12:07:48 EDT 2016 






Jay McMasterAdvanced IP Solutions  Inc.p: 905.807.7272e: jay at advancedip.solutions
Sent from my mobile device -------- Original message --------From: cisco-nsp-request at puck.nether.net Date: 2016-08-24  12:00  (GMT-05:00) To: cisco-nsp at puck.nether.net Subject: cisco-nsp Digest, Vol 165, Issue 32 
Send cisco-nsp mailing list submissions to
	cisco-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://puck.nether.net/mailman/listinfo/cisco-nsp
or, via email, send a message with subject or body 'help' to
	cisco-nsp-request at puck.nether.net

You can reach the person managing the list at
	cisco-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisco-nsp digest..."


Today's Topics:

   1. Re: Optic Shutdown TX State? (Tim Durack)
   2. L2PT over VPLS/VPWS between ME3600X and ASR920 (one for
      Warris?) (James Bensley)
   3. Re: L2PT over VPLS/VPWS between ME3600X and ASR920 (one for
      Warris?) (James Bensley)


----------------------------------------------------------------------

Message: 1
Date: Tue, 23 Aug 2016 14:58:29 -0400
From: Tim Durack <tdurack at gmail.com>
To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] Optic Shutdown TX State?
Message-ID:
	<CAE_ug16Q414gKH6prdXunwwDRQFBuRNFKdApX2ZfkdZQwY+tKw at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

On Fri, Aug 12, 2016 at 10:16 AM, Tim Durack <tdurack at gmail.com> wrote:

> On Thu, Aug 4, 2016 at 2:27 PM, Tim Durack <tdurack at gmail.com> wrote:
>
>> Question: when an optic is "shutdown" on a router, what is the state of
>> the transmitter?
>>
>> (10G DWDM SFP+ optic, EDFA amplified link etc...)
>>
>> --
>> Tim:>
>>
>
> To follow up on my own question: the optics do what the router instructs.
> However, "shutdown" does not guarantee the router is doing what you
> instruct. :-)
>
> OSA measurement confirms this unexpected behavior. I have a case open with
> Cisco to investigate optics turning on/off when router port is in a
> shutdown state. (C6880, SUP2T, 15.2(1)SY1a)
>
> --
> Tim:>
>

Cisco Engineering provided a work-around: "no diagnostic monitor module <n>
test TestUnusedPortLoopback"

Testing indicates this has worked around the problem. Waiting for further
comments from Cisco.

-- 
Tim:>


------------------------------

Message: 2
Date: Wed, 24 Aug 2016 16:13:49 +0100
From: James Bensley <jwbensley at gmail.com>
To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Subject: [c-nsp] L2PT over VPLS/VPWS between ME3600X and ASR920 (one
	for Warris?)
Message-ID:
	<CAAWx_pWS9ZZUGfrXMmtCuo0Ycnn5eABm1YYxYEccz-T_MqXOQQ at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Hi All,

I have an ME3600X in DC1 which is part of a layer 2 ring and an ASR920
in DC2 which is part of the layer 2 ring there. Both are MPLS PEs.

I am trying to create pseudowires between a few specific VLANs in each
DC ring for replication. I want to do this without doing port based
pseudowires but that doesn't seem possible which to me doesn't sound
right for MEF certified devices.

Each PE device has at least two EFPs connected to a DC ring VLAN (east
and west) and all EFPs are configured with "2protocol forward" on both
PEs for all VLANs, as per the following example:

int gi0/0/0 ! ASR920
 service instance 2047 ethernet
  encapsulation dot1q 2047
  rewrite ingress tag pop 1 symmetric
  l2protocol forward
  bridge-domain 2047


Each PE device has a local layer 3 interface in the DC VLAN, interface
Vlan2047 on the ME and interface BDI2047 on the ASR920, each PE can
ping devices on it's local ring fine.

I tried using a VPLS style config as below, but on the ASR920 it says
there is no local access circuit:

  Bridge-Domain 2047 attachment circuits:

The VFI on the ASR920 shows as up but with no AC (there is no
"xconnect" or "member vfi" command available under the BDI2047, under
the bridge-domain it won't accept "member vfi VLAN-2047" for this type
of VFI, so this simlply wont work on the ASR920, having "bridge-domain
2047" under the VFI isn't enough, it doesn't see that the BDI2047 in
that bridge-domain is up or that the EFPs are up, as local ACs):

ME3600:
l2 vfi VLAN-2047 manual
 vpn id 2047
 neighbor 10.0.0.9 pw-class PWE3_Force_Tu1119

interface Vlan2047
 vrf forwarding UPDATA
 ip address x.x.x.2 255.255.255.0
 xconnect vfi VLAN-2047

ASR920:
l2 vfi VLAN-2047 manual
 vpn id 2047
 bridge-domain 2047
 neighbor 10.0.0.11 pw-class PWE3_Force_Tu1119
 exit

ASR920#show l2vpn vfi
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: VLAN-2047, state: up, type: multipoint, signaling: LDP
  VPN ID: 2047
  Bridge-Domain 2047 attachment circuits:
  Pseudo-port interface: pseudowire100009
  Interface          Peer Address     VC ID        S
  pseudowire2047     10.0.0.11        2047         Y


I can get this to work with a pseudowire stitching style config as per
below, but no layer 2 control protocol frames are forwarded:

ME3600
interface pseudowire2047
 encapsulation mpls
 control-word include
 preferred-path interface Tunnel1119 disable-fallback
 neighbor 10.0.0.19 2047
 exit

l2vpn vfi context VLAN-2047
 vpn id 2047
 member pseudowire2047
 exit

interface vlan 2047
 member vfi VLAN-2047
 exit


ASR920
interface pseudowire2047
 encapsulation mpls
 control-word include
 preferred-path interface Tunnel1119 disable-fallback
 neighbor 10.0.0.11 2047
 exit

l2vpn vfi context VLAN-2047
 vpn id 2047
 member pseudowire2047
 exit

bridge-domain 2047
 member vfi VLAN-2047
 exit


I don't want to waiste an interface on each PE by making a port based
pseudowire on each PE and having to plug the local AC into to another
switch in the ring and trunking those required inter-DC VLANs over
that interface, or useing a loopback cable.

Has anyone got this working, it seems pretty commong, I've done it
between MEs but not between an ME3600s and ASR920?

Something that is quite annoying is that here on the Cisco web site
(http://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/mpls/mp-l2-vpns-xe-3s-asr920-book/mp-l2-vpns-xe-3s-asr920-book_chapter_0111.html#topic_BC47C2CEAF9C45239A6AFB49D161A551)
it looks like my VPLS style config should work but the always says
there are no local ACs.

ME3600 is 15.3(3)S6 and ASR920 is 03.16.01a.S.

Cheers,
James.


------------------------------

Message: 3
Date: Wed, 24 Aug 2016 16:44:56 +0100
From: James Bensley <jwbensley at gmail.com>
To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] L2PT over VPLS/VPWS between ME3600X and ASR920
	(one for Warris?)
Message-ID:
	<CAAWx_pU9o-Gii9bYwCe7cDq-Qo1DuVnzydcV-hEOKER31dBO5A at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Something to add to this is that the ASR920 won't allow me to
configure "forward permit l2protocol all" under the VFI when making a
manual VPLS style config:


l2 vfi VLAN-2047 manual
 vpn id 2047
 bridge-domain 2047
 forward permit l2protocol all
 neighbor 10.0.0.11 2047 encapsulation mpls
% % Command rejected - BPDU pseudowire config not allowed


Maybe I was wrong and L2 BPDUs can only be forwarded over MPLS on
ASR920 when using port based pseudowires, but I thought it was
supported.


This doc for the ASR903 indicates it would work on an ASR903:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l2_vpns/configuration/xe-3s/asr903/mp-l2-vpns-xe-3s-asr903-book/mp-hvpls-npe-red-mpls-access.html#d18808e286a1635

I have found this doc for an ASR920 which looks like it was copy and
pasted from the ASR903 page, so it gives the impression the above
config that has failed is supported for the ASR920:
http://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/mpls/mp-l2-vpns-xe-3s-asr920-book/mp-hvpls-npe-red-mpls-access.html#d16347e289a1635

However it then goes on to configure the "SVI" using "interface vlan
xxx" but since the ASR920s use bridge domain interfaces and not switch
virtual interfaces, that page is flat out wrong and I have to assume
it's copy and pasted from the ASR903 page, so the documentation is
wrong :(


Cheers,
James.


------------------------------

Subject: Digest Footer

_______________________________________________
cisco-nsp mailing list
cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp

------------------------------

End of cisco-nsp Digest, Vol 165, Issue 32
******************************************

More information about the cisco-nsp mailing list