[c-nsp] CSR1000v on AWS

Aftab Siddiqui aftab.siddiqui at gmail.com
Sun Jan 31 18:24:37 EST 2016 

Hi All,
I've been trying to terminate multiple VLANs in AWS instance of CSR1000v.
The scenario is like this:

VLAN 400 [CPE] --(L2)-- CSR1000v [Remote PoP] --- (L3 Link) -- CSR1000v
[AWS] (SVI 400)

I've tried VXLAN between remote end CSR1000v and AWS CSR1000v but due to
certain limitation in VXLAN implementation (I believe) you can't terminate
vlan on the same box after decapsulating the vxlan.

Testing the scenario in lab (VMWare) works fine IF I connect something else
with AWS CSR1000v via layer 2 and terminate the VLAN on that box in
following way:

VLAN400 [CPE] -- (L2) -- CSR1000v [Remote PoP] --- (L3 Link) --- CSR1000v
[AWS] --- (L2) --- CSR1000v [CPE] VLAN 400

Remote PoP CSR1000v:
---------------------------
redundancy
 mode none
bridge-domain 400
 member vni 400400
 member GigabitEthernet3 service-instance 1
!
interface Loopback0
 ip address 2.2.2.1 255.255.255.255
!
interface nve1
 no ip address
 member vni 400400
  ingress-replication 2.2.2.2
 !
 source-interface Loopback0
!
interface GigabitEthernet2
 ip address 1.1.1.1 255.255.255.252
!
interface GigabitEthernet3
 no ip address
 service instance 1 ethernet
  encapsulation dot1q 400
  rewrite ingress tag pop 1 symmetric
 !
router bgp 65000
 bgp log-neighbor-changes
 redistribute connected
 neighbor 1.1.1.2 remote-as 65001

AWS CSR1000v:
-------------------
redundancy
 mode none
bridge-domain 400
 member vni 400400
 member GigabitEthernet3 service-instance 1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface nve2
 no ip address
 member vni 400400
  ingress-replication 2.2.2.1
 !
 source-interface Loopback0
!
interface GigabitEthernet2
 ip address 1.1.1.2 255.255.255.252
!
interface GigabitEthernet3
 no ip address
 service instance 1 ethernet
  encapsulation dot1q 400
  rewrite ingress tag pop 1 symmetric
!
router bgp 65001
 bgp log-neighbor-changes
 redistribute connected
 neighbor 1.1.1.1 remote-as 65000

The problem is AWS doesn't offer any L2 connectivity between the instances
so I can't replicate what I've done in LAB. Please correct if am doing
something wrong here. Any other options instead of VXLAN?



-- 
Best Wishes,

Aftab A. Siddiqui

More information about the cisco-nsp mailing list