ASR1000 VPLS over TE
Hi,
Can someone please point out a documention on how to map VPLS PW into TE tunnel in ASR1k?
Best regards.
Larry
Hello Arun,
MTU has to be great enough to accomodate the additional label in Carrier Supporting Carrier scenario.
Another point of attention with modern VPLS is that if the customer attempts to use point to multipoint LSPs this could be a problem
Until the VPLS uses a collection of point to point LSPs to interconnect the L2 PE nodes it should be fine.
-Antonio:
are you referring to the different options of inter AS scenarios?
Hope to help
Giuseppe
Similar Messages
-
Is VPLS (or other types of Layer 2 VPNs) supported using "MPLS over FlexVPN"?
All of the configuration documentation that I have read only illustrates VRFs - just curious if anyone has tried this as I have not had time to lab it up yet. I have a requirement to support a number of different encrypted mult-ipoint layer 2 overlays and this would potentially be a good solution. Thanks!Hello Arun,
MTU has to be great enough to accomodate the additional label in Carrier Supporting Carrier scenario.
Another point of attention with modern VPLS is that if the customer attempts to use point to multipoint LSPs this could be a problem
Until the VPLS uses a collection of point to point LSPs to interconnect the L2 PE nodes it should be fine.
-Antonio:
are you referring to the different options of inter AS scenarios?
Hope to help
Giuseppe -
A-VPLS over GRE with Supervisor 2T
Hello,
I am trying to find the correct method of spanning two non-critical VLANs between campuses over a layer 3 IP network. We have 2 6500-VSS-2T swtiches and all the documentation I can find points to me using AVPLSoGRE but I do not have the virtual-ethernet interface option. I am running Advanced Services IOS. What am I missing that the documentation is not telling me? I'm not even able to get started for testing...
Also, is there a better way to do span these two VLANs? I would prefer not to at all, but as I am migrating the network design to a far less flat network, the business requirements require me to keep these two VLANs spanned for now.
Thanks
Robertmissed the attachment
-
Hi All,
We are planning to run VPLS over the DSL link and i think MTU cab be an issue in such scenario as the MTU size will depends uppon the DSL provider settings. So i am not sure how to acheive this solution in terms of MTU issues and also can some one please guide me how to calculate the required MTU for running VPLS in DSL access media ?
MTU on interface to CE ?
MTU on interface to the Core ?
Thanks in advance guys.
SreeHi Sree,
the rule for MPLS (hence for VPLS too) is to have the highest MTU you can configure on the core interfaces. Usually ISPs have nowaday 9000.
If this is not possible for VPLS you need to take into consideration the following for Max Frame Size:
Max Frame Size = Link Header + Tunnel label + VC label + Control Word +Transported L2 Header + Payload.
Link Header is the one of your DSL circuit (likely using ATM link header.. anyway it something you should know/ask your provider).
Tunnel label + VC label + Control Word = 12 Bytes (4 bytes per label + 4 bytes for control word which is optional as it sepends on underlying transport media and on vendor implementation... anyway you should consider it)
Transported L2 Header = it depends on what you transport. For Ethernet II encapsulation with dot1q consider 18 bytes (or 14 bytes if customer vlan id is not transported. This depends on implementations once again).
So in the worst scenario where you have CW and you transport customer vlan id you need at least 1530 Bytes + the DSL link header on the core facing interface.
On the customer facing interface I would leave the interface MTU you have (1500 if it is Ethernet - even though the actual value is higher as it considers the L2 link overhead already). Or else you need to change the MTU on every host.. not too handy.
Riccardo -
L2 services over routed network.
Does anyone know what Cisco recommends for multisite L2 lan services over a routed IP network(no MPLS core)? I've been reading about vpls over gre, but after checking Cisco feature navigator, it looks like the ME switches do not do it. Is there another way to accomplish multisite L2 lan services in the ME or do you have to use 6500 or 6800 series?
Hi,
I suggest doing NAT on both sites.
For Site A with ASA running 8.4 software the NAT configuration might look something like this
Base Information
Site A LAN: 192.168.1.0/24
Site A LAN NAT: 10.1.1.0/24
Site B LAN (NAT): x.x.x.x/24
Site A LAN interface = inside
Site A WAN interface = outside
Configuration
object network LAN-LOCAL
subnet 192.168.1.0 255.255.255.0
object network LAN-NAT
subnet 10.1.1.0 255.255.255.0
object network REMOTE-LAN
subnet x.x.x.x 255.255.255.0
nat (inside,outside) source static LAN-LOCAL LAN-NAT destination static REMOTE-LAN REMOTE-LAN
What the above configuration will do is
Do NAT between interfaces "inside" and "outside"
When Site A users connect from their LAN-LOCAL to REMOTE-LAN their NAT IP address will be LAN-NAT This works both ways. When Site B REMOTE-LAN connect to LAN-NAT they will reach LAN-LOCAL of Site A
Also notice that since you are using this type of NAT that every LOCAL and NAT address will match eachother regarding the last portion of the IP address
192.168.1.1 = 10.1.1.1
192.168.1.2 = 10.1.1.2
192.168.1.3 = 10.1.1.3
etc
As I said before I would suggest you ask the Site B admin to also NAT their local LAN 192.168.1.0/24 to something and then you can use that network range and insert to the above configuration to the place of x.x.x.x.
Please rate if you found the information helpfull
Also ask more if needed
- Jouni -
VPLS TLS and EVCS support?
I have been trying to read the VPLS section on the following page to what versions of VPLS are supported.
http://www.cisco.com/en/US/products/hw/routers/ps368/products_module_configuration_guide_chapter09186a00801e5c06.html
I have a few questions:
1. What flavors of VPLS does Cisco support?
2. For the config exmaple on that page, is it TLS of EVCS?
3. Can I attach multiple vlan interfaces to a VFI?
4. Related to last question, does the packet that enters the VPLS over the core maintain the VLAN header of is it stripped? I'll have more questions about this depedning on the answer I get.
5. I am seeing conflicting reports in the forum and in the docs about which SUP card I need. What do I need to get my 6509 to work with VPLS?
Thanks,
Greg1. I apologize. I guess I should have been more clear. I understand which draft Cisco used, it was more around vlan based and port based implementations I've seen on other vendors.
2. Sorry, I meant in the VPLS section. The section was a bit confusing saying where it kept mentioning the TLS and EVCS. But it never clearly showed which lines make it EVCS and which lines make it TLS. Are you saying that EVCS is actually just a reference to Martini?
3. Thanks. I guess this means vlan headers are maintained across VPLS.
4. I think I understand now. Mainly I was trying to see if Cisco's VPLS also did the same type4(vc-type vlan) and type5(vc-type ether) as they did with Martini. From what I iunderstand, Cisco's current VPLS is type4. Correct?
5. So for VPLS, I need at least a SUP2 MSFC2 with OSM+. For Martini, if I have a SUP720-3BXL, what card can I use to support MPLS core interface? Will a standard GE card work?
Thanks,
Greg -
Hi Team
Can someone advise me on a basic VPLS implementation. i.e. the configurations on the PE's and P nodes and customer CE devices. CE device's will be routers. Its for a single customer. The requirement will be for 8 sites.
But for now i just need an overview of how to implement VPLS over MPLS technology.
I've tried to make this post as simple as possible, my previous posts I think went into to much detail.
Thanks
C WilliamsC Williams,
there are many documents on Cisco's website covering this subject.
I use vpls within my P core network using a manual configuration. ie lets say you have 8 routers in a mesh and you want to create a vpls instance for vlan 400.
Using ES20 cards on a 7600 router the configs look like this.
R1
l2 vfi vlan400 manual
vpn id 400
neighbor ip-address(R2)
neighbor ip-address(R8)
each neighbor statement creates a l2 connection from R1. Do this on all routers. Thats it
you can also us iBGP to make this an auto connection.
Be aware if you are not using the ES20+ cards and SRE, MAC learning occurs with the xconnect statement.
The new configuration uses 802.1ah or MACinMAC so all the MAC address for a specific location is represented by 1 MAC address.
Regards
Jude Bryant
Network Engineer
Pioneer Telephone -
Ethernet over Public link with Cisco 65XX Series
We are transferring some equipment from one datacenter to another and we do not have private line connectivity between them at the current time.
We are hoping to be able to temporarily be able to establish some type of Layer2 connectivity between the facilities to help allow us to spread out the migration into 2 events. We have Cisco 65XX series switches at the core at both facilities and I am wondering what we might be able to use to make this happen?
EoMPLS is out as we have to be able to extend the layer2 functionality across carrier networks and L2TPv3 is not supported on Cisco 65XX from what I have read / checked on our switches (if there is an IOS version that does support it, please let me know).
I have read a bit about VPLS over GRE but I am not clear on the configuration and/or if it supported as it references MPLS at various points within the documentation that I have read.
Any guidance would be appreciated.I've absolutely no idea if this would help in your case.
But anyway, I think 6500 handles DMVPN. May be MPLS over DMVPN would be a solution?
https://sites.google.com/site/amitsciscozone/home/important-tips/traffic-engineering/p2mp-mpls-te-over-dmvpn
http://networkknerd.blogspot.be/2014/08/dmvpn-mpls-over-dmvpn-oh-yeah.html
HTH -
Virtualisation - trunking Vlans
Hi,
I am working on a requirement on virtualisation involving Business crtical applications in multiple data centers. The challenges being currently faced are:
1. The 3 Tier architecture with web servers, app servers and db servers to be virtualised with common ESX hosts along with multiple other intranet applications. Issues around security between environments, management of ESX, logging etc.
2. multiple swtiched environments to be virtualized with clash of Vlan id's, Vlan in excess on 512 to be trunked.
3. The ultimate goal is to go for the complete virtualised environment with full DR capability and flexibility akin Cloud computing.
4. Can we think of Q in Q support on Nexus 1000v?
Any help in untangling this situation will be highly appreciated.
regds/JohnJohn,
With 512 VLANs just keep in mind you are at the upper limit of Nexus 1000V number of active VLANs supported (512).
While the Nexus 1000V does not support Q-in-Q, the best place to implement such a feature would be at the physical switch layer anyway.
Or perhaps another approach would be to implement your own VPLS cloud to interconnect the various switched environments together. The VLAN #'s dont need to be the same at each location, you could for example have VLAN 10 at Site A bridged to VLAN 20 at Site B. The advantage of VPLS over plain Q-in-Q would be preserving STP isolation and autonomy between sites.
Also, talk to your Cisco SE about OTV for Nexus 7000 :)
Cheers,
Brad
p.s. please rate if helpful -
LACP or Link State Tracking over VPLS?
Hi all!
I have 2 sites connected with VPLS. Both sites are now having a 2nd VPLS circuit installed (with a different carrier) for redundancy/failover. I've got a Catalyst 3750 at each end to work with.
My question: what's the best way to configure the 3750's? I was thinking either LACP with 2 physical interfaces (one for each VPLS line) - in which case traffic would be balanced across them, which is fine.
OR I could use Link State Tracking, such that if 1 link fails it would failover. Though I'm new to Link State Tracking so I don't know if this would actually work over VPLS.
Your thoughts are very appreciated.Link state tracking, also known as trunk failover, provides Layer 2 redundancy in the network when used in conjunction with server network interface card (NIC) adapter teaming. Link-state tracking is used to mirror the state of the ports that carry upstream traffic from connected hosts and servers, and to allow the failover of the server traffic to an operational link on another Cisco Ethernet switch. Check out the following link for more information on link state tracking :
http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a00805a75e0.html#wp1285238
Hope this helps. -
Hi,
I'm looking for some guidance on how to configure a REP common link over VPLS. I've read a bunch of docs that more or less elude to the fact that it should be supported, but no combination of documents thus far have clearly outlined what the prerequisites are in terms of software, ES vs. ES+ hardware or relevant configuration glue to make this work.
http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_cfg_rep.html#wp1316104
http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_guide/baldpref.html
Cisco Live 2010 session BRKSPG-2205 (Deploying and Designing with Resilient Ethernet Protocol) page 79
I've got two 7600/SUP720/SRE5 boxes with a chain of ME3400s connecting the two over 6724 LAN based linecard ports. I've also got an ES port between each 7600 to carry the SVI based EoMPLS foo between the two, and this is where I'd like to establish the VPLS common link (hopefully the below ASCII diagram will show up OK):
[ 7600-1 ]--(6724-GE)--[ ME3400-1 ]--[ ME3400-2 ]--(6724-GE)--[ 7600-2 ]
| |
| |
+---------------------------(ES20-GE)-------------------------- +
In terms of config, I've got the 6724 chain side configured as a REP segment and the REP admin VLAN is 1/default. I haven't been able to find the configuration glue needed to make REP aware that the common link for the segment is the VPLS pseudowire between the two 7600s:
! 7600-1
interface loopback 0
ip address 2.2.2.2 255.255.255.255
ip router isis 21949
interface GigabitEthernet8/22
description Facing ME3400-1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
rep segment 19 edge primary
interface GigabitEthernet7/0/19
description Facing 7600-2
mtu 9216
ip address 1.1.1.2 255.255.255.254
no ip redirects
ip router isis 21949
mpls ip
mls qos trust dscp
bfd interval 250 min_rx 250 multiplier 4
clns mtu 9199
ethernet vlan color-block all
interface Vlan1
no ip address
xconnect vfi REP-PROTECT
l2 vfi REP-PROTECT manual
vpn id 2194900101
bridge-domain 1 vlan
neighbor 2.2.2.3 encapsulation mpls
! 7600-2
interface loopback 0
ip address 2.2.2.3 255.255.255.255
ip router isis 21949
interface GigabitEthernet8/22
description Facing ME3400-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
rep segment 19 edge
interface GigabitEthernet7/0/19
description Facing 7600-1
mtu 9216
ip address 1.1.1.3 255.255.255.254
no ip redirects
ip router isis 21949
mpls ip
mls qos trust dscp
bfd interval 250 min_rx 250 multiplier 4
clns mtu 9199
ethernet vlan color-block all
l2 vfi REP-PROTECT manual
vpn id 2194900101
bridge-domain 1 vlan
neighbor 2.2.2.2 encapsulation mpls
REP topology looks OK:
7600-1#show rep top
REP Segment 19
BridgeName PortName Edge Role
7600-1 Gi8/22 Pri Open
3400-1 Gi0/2 Open
3400-1 Gi0/1 Open
3400-2 Gi0/1 Open
3400-2 Gi0/2 Open
7600-2 Gi8/22 Sec Alt
VFI is up:
7600-1#show vfi name REP-PROTECT
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: REP-PROTECT, state: up, type: multipoint
VPN ID: 2194900101
Bridge-Domain 1 attachment circuits:
Vlan1
Neighbors connected via pseudowires:
Peer Address VC ID S
2.2.2.3 2194900101 Y
However in a REP segment failure, the pseudowire seems to be pretty much useless acting as a common link for the failed segment.
Is anyone running a config like this? Am I missing something obvious (or not so obvious?)?
Thanks in advance.I have a Mac and have tried the suggestion above with the places.sqlite but it DID NOT HELP! FIREFOX IS STILL HANGING!!!!!!!!!!!! I've been a real fan of firefox for several years, but lately it's just plain annoying!!! I have to force quit FF several times a day. I THINK I'M GOING TO SWITCH TO SAFARI until you guys get your act together soon :(
-
Hi,
I would appreciate if you answer my following questions :
- As you know EoMPLS is based on physical port, but how about VPLS?
- Could you tell me minimum router which supports VPLS?
- Any other solutions for transfer ethernet frames over MPLS except VPLS and EoMPLS?
- I think VPLS is better EoMPLS because it supports multipoint to multipoint ,is it true? could you please tell me VPLS advantage and disadvatage?
Regards,
M.Arshad radEhlo ,
1)EoMPLS is available in port and vlan mode.Since VPLS
is actually using martini encapsulations ( both lasserre and kompella ) it is possible to use raw and tagged modes.
2)IMHO only Cisco router that supports VPLS now is 7600.Additionaly VFI can be only assigned to SVI.
3)Juniper CCC ( RSVP based ) - but obviously you won't use it since it's proprietary ( nevertherless it has nice feature like lsp-stiching ) and IOS couldn't signall it .
4) VPLS is designed to support p-to-mp and therefore
it's more complex.IF you don't need its features you can stick with raw p2p martini , which is relatively simple and widely implemented ( no problem for example to configure it between ios and junos boxes ).
pm -
Hi,
We are building two DC which are connected by 2x10G L2 fibers.We are plannig to implement VPLS for DCI(see attached diagram).We would extend some VLANS for L2 connectivity ( Hearbeat,VMotion etc etc).But there is also a requirment to run L3 routing between two DC'S.
My question is,
Insted of run L3 routing over streached VLAN , will it be possible to run separate VRF inside VPLS between two DC's and enable L3 routing ?
Regards,Narayan, you can try couple to steps as below to troubleshoot.
1) I suspect there is 192.168.111.1 and 192.168.111.2 in the global routing table as well, have this checked.
2) To confirm that you have not established the tunnel with your MVRF CE enable tunnel keepalives so it will come down as there is no way it can establish a tunnel with your CE using a source from the VRF without the "tunnel vrf" command.
3) I believe your 7600 must be having the default IOS which it was shipped with 12.2SX, the SX doesnt have this command. You may have to migrate to SRA.
Following the above steps you can verify and solve your problem.
HTH-Cheers,
Swaroop -
Hi Everyone!
I have a scenario of 3 PE routers with full mesh VPLS Pseudo-wires configured over it. If you look into the design, I have connected two switches Sw1 and Sw2 with the PEs R2 and R3 respectively. Considering that the VPLS cloud is operating correctly, I have connected a CE switch [Sw3] with Sw1 and Sw2. Now, the issue is STP over VPLS. Without having STP running inside the VPLS cloud, it's causing loop all over the ring.
In order to avoid loop, I have run PVST+ on all the three switches but the PEs are not running STP as I believe that the BPDUs are to be transparently forwarded through the VPLS pseudo wires. But, i'm not really sure why i'm getting PVST_Inc error on both Sw1 and Sw2 for the links that are connected with their respective PEs. Any response regarding this will be highly appreciated.
For your reference, network diagram is attached below:
Thanks!What kind of PE routers do you have? Are they ASR9k running EVC/EFP on switch facing interfaces?
http://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/116514-problem-stp-00.html
Best Regards,
Bheem -
Hello.
I'm trying to create VPLS between two ASR1004 routers and one 7600 with ES+ card.
IGP/BGP and LDP connections between all routers are OK.
Configuration is the following:
Cisco 7600: (IP 12.12.12.12)
l2 vfi TEST manual
vpn id 777
neighbor 8.8.8.8 encapsulation mpls
neighbor 2.2.2.2 encapsulation mpls
interface Vlan777
no ip address
xconnect vfi TEST
end
interface GigabitEthernet1/12 // Link to switch1
description LINK to SW1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
end
And the ASR's config: (IP 8.8.8.8/2.2.2.2)
l2 vfi TEST manual
vpn id 777
bridge-domain 777
neighbor 12.12.12.12 encapsulation mpls
neighbor 8.8.8.8 encapsulation mpls
interface GigabitEthernet0/0/0 // Link to switch2
description DOWNLINK to SW2
load-interval 30
speed 1000
no negotiation auto
no clns route-cache
service instance 777 ethernet
encapsulation dot1q 777
bridge-domain 777
Then I created SVI interfaces on both switches, connected to 7600 and ASR1K (SW1 and SW2), but ping between them in the vlan 777 was failed.
sh xconnect all from the ASR:
UP pri vfi TEST UP mpls 12.12.12.12:777 UP
UP pri vfi TEST UP mpls 8.8.8.8:777 UP
What's wrong in this configuration?I've solved the problem.
Just added
rewrite ingress tag pop 1 symmetric
to the CE facing interface
and also
mpls no-split-horizon
to l2 vfi section
Maybe you are looking for
-
Hi colleagues, Some one could tell me why is it better to build report on cube rather than DSO ? What the argument list ? Cheers Moderator Message: Please check the forum before posting Edited by: Vikram Srivastava on Aug 31, 2010 4:31 PM
-
Basic query - check oracle server install type
How do I check if the Oracle 10g is configured as GENERAL_PURPOSE or TRANSACTION_PROCESSING or DATAWAREHOUSE? I searched the forums but did not find anything specific for this info. This is an existing installation, I cant find the the installation l
-
Unable to execute Custom SQL operation using DB Adapter
The SQL function i used is insert into QueueTable1 (select * from TQueueTable2) I executed this successfully in PL/SQL developer But while using DBadapter in BPEL. Its failing. No instance is created. I think the query is executed but haven't receive
-
i have no clue what to do, i'm thinking i just totally got screwed over with these products again. but i waited so long for this album and not i cant get it. so i'm a little angry. i just would really like to know if i could do anything.. at all. and
-
if alerts like "a database is down, or a file system is full", Can these be sent from one Grid Control to another with separate repositories? i would like to know if this is possible regardless of the version, say one is 10.2.0.5, the other is 11.1.0