[c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans
Erik Sundberg
ESundberg at nitelusa.com
Wed Feb 3 02:32:06 EST 2016
http://supportforums.cisco.com/sites/default/files/legacy/8/2/1/96128-ASR%209000%20Multiple%20Services%20onthe%20same%20port%20example.jpg
Look at the Routed VPLS/EoMPLS section
http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/15-1_2_ey/configuration/guide/3800x3600xscg/swmpls.html#pgfId-1260366
What you are looking for a is a VPLS Routed Interface Configuration, just association the VPLS instance with the bridge group. I have never tried this, so I could be wrong, but it's worth a shot.
Try adding this. This creates' a VPLS Instance and associates it to the Bridge Group 941.
l2 vfi TESTING manual
vpn id 941
bridge-domain 941
Then under your VLAN Interface associate the VLAN Interface with the VPLS Instanace.
interface Vlan941
xconnect vfi TESTING <<<<<<<<<<<< ADD THIS
description INNER_OUTER_TAG_TEST
mtu 9100
ip address xxx.xxx.xxx.xxx 255.255.255.252 no ip proxy-arp
Also watch your MTU Size's a mismatch can cause the VPLS instance to be down. You can check it with
"show mpls l2transport vc vcid 941 detail"
This looks good
interface GigabitEthernet0/24 <- Connects to 4500X
service instance 940 ethernet
description description Inner_outer_tag_test_Outer_940_Inner_941
encapsulation dot1q 940 second-dot1q 941
rewrite ingress tag pop 2 symmetric
bridge-domain 941
-----Original Message-----
From: CiscoNSP List [mailto:CiscoNSP_list at hotmail.com]
Sent: Wednesday, February 03, 2016 12:06 AM
To: Erik Sundberg <ESundberg at nitelusa.com>; cisco-nsp at puck.nether.net
Subject: Re: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans
Thanks Eric,
We have no visibility into the remote end, but I have setup the following on one of our ME's (Test service, that has supposedly been configured by carrier, and remote end)
Vlans are:
940 (outer)
941 (Inner)
Both vlans have been created on the ME, and only vlan 940 on the 4500X that connects to carrier:
ME3600 conf
interface GigabitEthernet0/24 <- Connects to 4500X
service instance 940 ethernet
description description Inner_outer_tag_test_Outer_940_Inner_941
encapsulation dot1q 940 second-dot1q 941
rewrite ingress tag pop 2 symmetric
bridge-domain 941
interface Vlan941
description INNER_OUTER_TAG_TEST
mtu 9100
ip address xxx.xxx.xxx.xxx 255.255.255.252 no ip proxy-arp
Im unable to ping remote end, nor am I seeing any dynamic Macs for bridge domain 941 - Is there any additional commands I can run to "see" if we are indeed receiving the Outer and Inner Tags on the ME?
The only MAC I am learning on the 4500X is from the ME3600
#sh mac address-table dynamic vlan 940
Unicast Entries
vlan mac address type protocols port
---------+---------------+--------+---------------------+---------------
---------+---------------+--------+---------------------+----------
940 3462.882a.4640 dynamic ip,ipx,assigned,other TenGigabitEthernet1/1/3
cheers
________________________________________
From: Erik Sundberg <ESundberg at nitelusa.com>
Sent: Tuesday, 2 February 2016 10:10 PM
To: CiscoNSP List; cisco-nsp at puck.nether.net
Subject: RE: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans
You are probably better using a service instance for each vlan. Then you can send each VLAN where ever.
service instance 800 ethernet
description description LINK_TO_CARRIER_X_VIA_4500X
encapsulation dot1q 800 second-dot1q 10
rewrite ingress tag pop 2 symmetric
bridge-domain 10
service instance 801 ethernet
description description LINK_TO_CARRIER_X_VIA_4500X
encapsulation dot1q 800 second-dot1q 20
rewrite ingress tag pop 2 symmetric
bridge-domain 20
--------------------------------------------------------------------------
Another way of doing it is the following
If you have two tag come in, only POP 1 Tag. Then your CTag are put in to the Bridge Domain.
Int G0/1
service instance 800 ethernet
description LINK_TO_CARRIER_X_VIA_4500X
encapsulation dot1q 800
rewrite ingress tag pop 1 symmetric
bridge-domain 800
Then on your Egress port you can set it as untagged, C Tags of 10,20, 30 will be in the bridge domain and will be passed on egress.
Int G0/2
Description to 4500x
service instance 400 ethernet
description 4500X
encapsulation dot1q untagged
bridge-domain 800
If you need to pull one CTag out for something else you can do that like so.
Int G0/1
service instance 804 ethernet
description Go Somewhere else
encapsulation dot1q 800 second-dot1q 40
rewrite ingress tag pop 1 symmetric
bridge-domain 40
-----Original Message-----
From: CiscoNSP List [mailto:CiscoNSP_list at hotmail.com]
Sent: Tuesday, February 02, 2016 4:01 AM
To: Erik Sundberg <ESundberg at nitelusa.com>; cisco-nsp at puck.nether.net
Subject: Re: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans
Thanks for the quick reply - We use service instances quite a bit, but only popping first tag, then creating vlan int (for vrf), or PW....so fairly basic stuff :)
In this circumstance, where we would receive vlan 800 as outer tag, and we want to access inner vlans 10,20,30 how would this look under a service instance?
ie. Something like?
service instance 800 ethernet
description description LINK_TO_CARRIER_X_VIA_4500X
encapsulation dot1q 800 second-dot1q 10,20,30
rewrite ingress tag pop 2 symmetric
bridge-domain ?
or a separate service instance and pop inner vlans on each one?
service instance 800 ethernet
description description LINK_TO_CARRIER_X_VIA_4500X
encapsulation dot1q 800 second-dot1q 10
rewrite ingress tag pop 2 symmetric
bridge-domain 10
service instance 801 ethernet
description description LINK_TO_CARRIER_X_VIA_4500X
encapsulation dot1q 800 second-dot1q 20
rewrite ingress tag pop 2 symmetric
bridge-domain 20
Cheers
________________________________________
From: Erik Sundberg <ESundberg at nitelusa.com>
Sent: Tuesday, 2 February 2016 8:40 PM
To: CiscoNSP List; cisco-nsp at puck.nether.net
Subject: RE: QinQ 4500X -> ME3600 and access(pop) multiple inner vlans
http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/ME3600x_Design_Guide.pdf
http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/CE2-0_certification_v1.pdf
http://d2zmdbbm9feqrf.cloudfront.net/2012/usa/pdf/BRKSPG-2209.pdf
You must do switchport commands
Services Instance is just a number, we keep it the same as the VLAN Id Under the Service Instance you specify the VLAN ID with endcapsulation dot1q x Rewrite ingress Tag POP 1 symmetric -- This removes the first VLAN Tag on in incoming frame, if you do pop 2, it removes the 2 VLAN Tags.
First Example is VPLS with Bridge Domains. Bridge domain ID does not have to the same as the VLAN Id Second Example is EoMPLS XConnect
VPLS
------
l2 vfi VPLS1 manual
vpn id 41
bridge-domain 41
neighbor 1.2.3.4 encapsulation mpls
interface GigabitEthernet0/19
switchport trunk allowed vlan none
switchport mode trunk
mtu 9180
!VPLS Example
service instance 41 ethernet
encapsulation dot1q 41
rewrite ingress tag pop 1 symmetric
bridge-domain 41
!EoMPLS Example
service instance 117 ethernet
encapsulation dot1q 117
rewrite ingress tag pop 1 symmetric
xconnect 3.4.5.6 275 encapsulation mpls pw-class L2VPN
xconnect <Remote router IP> <Unique ID in the AS>
I hope this helps.
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of CiscoNSP List
Sent: Tuesday, February 02, 2016 3:28 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] QinQ 4500X -> ME3600 and access(pop) multiple inner vlans
Hi Everyone,
We have an AGG port(Standard trunk port) to a carrier on a 4500X - Port has multiple customer vlans for p-t-p eth services.
A service they have released will allow us to connect to azure/office 365 via QinQ(Carrier doing QinQ, not us) - i.e. We agree to an outer vlan tag with the carrier, and they create QinQ tunnel to azure/office 365...then multiple inner vlan tags are agreed to between us/azure for various services over this QinQ tunnel.
My question is this:
With our current setup (i.e. 4500X, standard dot1q trunk), we would just tag the outer vlan for the carrier to use for the QinQ tunnel to azure...this is fine, but for us to be able to "access" the inner vlans, Im hoping we can trunk this outer vlan to an ME3600, and then pop each inner vlan, and use them as needed.....Is this possible? ie will the "inner" tags be maintained going through the 4500X, and if so, if someone could point me in the direction of ME3600 docco that details how to pop the individual inner vlans, it would be greatly appreciated.
Eg.
Carriers outer vlan is 800
Inner tags from azure are 10,20,30
Cheers
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
________________________________
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
More information about the cisco-nsp
mailing list