[c-nsp] spanning-tree for local switching on ASR920

Nick Cutting ncutting at edgetg.com
Tue Mar 13 14:09:22 EDT 2018 

Well in some of the earlier guides (16.5 and below) it is explicitly stated that MST only supported on EVC tagged ports:

"Untagged EVCs do not participate in MST loop detection"

16.6 and 16.7 Documentation, doesn't mention this restriction.

So I guess to run STP with the client facing ports - the EVC ports need to be trunks, OR normal dot1q service instanaces - they need to tag their traffic. (this works and RSTP works in 16.6 as other have stated)

Trying to do it under an normal EVC fails when I try and pop the tag towards the client.

ASR920(config-if-srv)#rewrite ingress tag pop 1
ASR920(config-if-srv)#rewrite egress tag pop 1 
Warning: Egress filtering rule fails due to encap set on SrvInst 900 (Gi0/0/0)

OR:
rewrite ingress tag pop 1 symmetric
rewrite egress tag pop 1
 Rewrite egress is not allowed with symmetric option on ServInst 1(Gi0/0/1)

If the encapsulation is set to untagged, or default, it is immediately removed as a candidate for STP.
Of the encapsulation is set to dot1q all - Watch out! It sets up a spanning tree instance all the way to the box limit (128 VLans)

This does work, with a tagged client frame and lets you run STP:

interface GigabitEthernet0/0/1
 no ip address
 media-type rj45
 negotiation auto
 cdp enable
 spanning-tree portfast
 spanning-tree link-type point-to-point
 service instance 1 ethernet
  encapsulation dot1q 900
  rewrite ingress tag pop 1 symmetric
  l2protocol peer cdp stp
  bridge-domain 900


So I just don't think this is possible with an untagged frame on the client side - unless anyone else has any ideas?




-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nick Cutting
Sent: Monday, March 12, 2018 5:07 PM
To: Mark Tinka <mark.tinka at seacom.mu>; Gert Doering <gert at greenie.muc.de>; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] spanning-tree for local switching on ASR920

This message originates from outside of your organisation.

I actually just got this kind of working, but had to use MST.
Cisco IOS XE Software, Version 03.18.00.SP.156-2.SP-ext

I'm going to introduce a L2 loop if I can.


This is the primary Internet Facing ASR920, and the southbound switching configuration, and the client gateway BDI.

interface TenGigabitEthernet0/0/15
 description Trunk to ASR-920-02
 no ip address
 cdp enable
 service instance trunk 1 ethernet
  encapsulation dot1q 900,901
  rewrite ingress tag pop 1 symmetric
  l2protocol peer cdp stp
  bridge-domain from-encapsulation
  
interface GigabitEthernet0/0/0
 description to downstream client Firewall  no ip address  negotiation auto  service instance 900 ethernet  encapsulation untagged  bridge-domain 900

interface BDI900
 ip address xx.xx.xx.2 255.255.255.0
 standby 1 ip xx.xx.xx.1
 standby 1 priority 105

I can ping across the service instance trunk between the BDI's - but I cannot get normal STP to start an instance.

sh spanning-tree
No spanning tree instance exists.

What is strange is that only mst is listed as a supported mode.
#spanning-tree mode ?
  mst  Multiple spanning tree mode

Once changing to MST - my instance works !

(config)#spanning-tree mode mst
#sh spanning-tree 

MST0
  Spanning tree enabled protocol mstp
  Root ID    Priority    0
             Address     00be.7515.7dbd
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    0      (priority 0 sys-id-ext 0)
             Address     00be.7515.7dbd
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Te0/0/15            Desg FWD 2000      128.22   P2p

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mark Tinka
Sent: Monday, March 12, 2018 5:04 PM
To: Nick Cutting <ncutting at edgetg.com>; Gert Doering <gert at greenie.muc.de>; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] spanning-tree for local switching on ASR920

This message originates from outside of your organisation.



On 12/Mar/18 22:21, Nick Cutting wrote:

> Sorry to drag this one up - Gert did you ever get a working config for this?
>
> I plan on using a pair of 920's with a layer 2 broadcast domain on the 12 gigabit Ethernet ports, and using the 10g ports to connect to separate carriers, bust also use 1 10g port to carry the HSRP for the /24 customer address space.
> The 1 gig ports will all need to be in the customer's /24 that they will advertise to the independent carriers, I would like run STP in case of a cabling error, but the routers are entirely owned by them, in their data center, and only to be used for ipv4 BGP internet services and a default route from each carrier.
>
> Usually we set this up with a pair of routers and 2 switches - in this 
> case I need to do it all on a ASR-920-12SZ-IM (cheap 10g router) Is this possible?

The ASR920 has not generally supported STP.

I think since 16.6(1), PVST+/RPVST+ is now supported.

I'd be naturally inclined to use BD's to solve this, but you should test this with the relevant code and let us know if it works.

Mark.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list