EoMPLS PW
Guys I'm trying to make sense out of the attached Cisco Topology
My test environment consists of, various core (P)and distribution(PE) 7600?s (Sup720 without OSM, SIP-600, SPA). Access node consists of a Ethernet DSLAM (although kind of irrelevant at this point).
I?m focusing on layer 2 Access node ? Distribution (Active/backup) Redundancy (No aggregation layer) to two separate distribution PE?s. It seems as though its describing the classic triangular loop, completed by an inter-distribution EoMPLS PW. It then appears as if packets are been forwarded out of the layer 2 domain by an SVI on both distro?s, using HSRP as the floating gateway. The only issue is implementing PW on an interface and assigning an IP address. Unfortunately I cannot use VFI, though I?m not convinced this would help either. I cannot xconnect from an SVI either (due to restriction on non OSM, SPA modules). I?m guessing bridging using irb would be the only feasible solution (if it does work).
1) Am I way off?
2) Would VFI?s help in any way?
3) What would you suggest?
Any information related to this would be extremely useful. Many thanks in advance.
Hi,
In which mode your 7600 operates? to support MPLS features it should be either PFC3B or PFC3BXL. If you have any OSM module it will operate MPLS over OSM as long as the peer IP address is learned through WAN interface, though its not recommended.
SIP-600 for 7600 comes with 3BXL but if there is any module with DFC3A the system will operate with common denominator which is PFC3A . so you can't run MPLS.
Normally you cannot have both the IP and L2MPLS configuration on the same interface. and on 7600 we are restricted to one VLAN database, (i.e. even you configure routed ports you cannot reuse the same VLAN on two different physical ports under subinterface)
Since we have to create another EoMPLS tunnel to outside we have to emulate a bridge domain and therefore we have to use VPLS where we have to configure VFI.
If we have to configure any first-hop redundancy protocol where we can configure...?
Rgds,
Harin
Similar Messages
-
EoMPLS problem with 6500 and IOS SXF6 + SXE5
My EoMPLS stopped working after one ge-wan interface gone down and up.
Before the down it was working fine.
The connection is between two 6500 switches, trough GE-WAN (OSM+4GEWAN) ports.
One swith have IOS 12.2(18)SXF6 and the other is using 12.2(18)SXE5
Any incompatibilities between the IOS ?
or maybe another problem or BUG ?Did this help ? What I meen is: have you had another up/down after you have changed the OSM and did the EoMPLS worked fine after this up/down ?
-
Hello Everybody,
I am trying to deploy QoS for EoMPLS ERS service and would like to offer four Class of Service on a single ERS VC.
I am trying following config on Cisco 7606 Router with SUP720 3BXL and PFC3BXL.
My customer facing port is Gig Ethernet
class-map match-any BestEffort-EoMPLS
match cos 0 7
class-map match-any Business-EoMPLS
match cos 1 2
class-map match-any Multimedia-EoMPLS
match cos 3 4
class-map match-any Realtime-EoMPLS
match cos 5
policy-map EoMPLS
class Realtime-EoMPLS
police cir 128000 bc 8000 be 8000 conform-action set-mpls-exp-transmit 5 exceed-action drop
class Multimedia-EoMPLS
police cir 128000 bc 8000 be 8000 conform-action set-mpls-exp-transmit 4 exceed-action drop
class Business-EoMPLS
police cir 128000 bc 8000 be 8000 conform-action set-mpls-exp-transmit 2 exceed-action drop
class BestEffort-EoMPLS
police cir 128000 bc 8000 be 8000 conform-action set-mpls-exp-transmit 0 exceed-action drop
interface Vlan300
no ip address
load-interval 30
xconnect 192.168.196.6 300 encapsulation mpls
service-policy input EoMPLS
end
Problem Statment:
On the 7606 PE ( PE1 ) , I am not able to see any traffic being matched in any of the class , not even in default class (considering that CoS setting from the CE can have problems) . Also on the PE 1 the show policy-map interface vlan 300 command doesnt displays that mpls exp bit imposition configuration value though it has been configured on the CLI.
#sh policy-map interface vlan 300
Vlan300
Service-policy input: EoMPLS
class-map: Realtime-EoMPLS (match-any)
Match: cos 5
police :
128000 bps 8000 limit 8000 extended limit
class-map: Multimedia-EoMPLS (match-any)
Match: cos 3 4
police :
128000 bps 8000 limit 8000 extended limit
class-map: Business-EoMPLS (match-any)
Match: cos 1 2
police :
128000 bps 8000 limit 8000 extended limit
class-map: BestEffort-EoMPLS (match-any)
Match: cos 0 7
police :
128000 bps 8000 limit 8000 extended limit
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
If any body has deployed such scenarios kindly help me out ..
Also i would like to know if there are any limitations in offering such services
Thanks and Regards
Raj Panchalim afraid the answer here isnt that pleasent. Per VLan queueing in the fashion that you are trying to do is not supported. To do this you need to take a LAN port and loop it to a GE-WAN port (OSM blade). Then you do this kind of queueing on a sub interface on the WAN port. You have just ran into the same issue that i had a year back on the 7600's. Be aware that LAN ports can only offer basic queueing functionality and no more. To do anything fancy at all on the 7600 you always need to loop a lan port to a lan port (or just terminate your traffic onto a WAN port). Hope this helps this im sure it doesnt.
-
hy guys,
i read a previous post regarding how the
load-balancing is done for eompls.
someone says that the inner label (vc label) is responsable for this.
sincerely, if someone wants to explain me much deep how this works, it will be
very appreciate.
also, what is the meaning of the control word in the vc setup procedure ?Load-balancing in the core is indeed based on the inner label (vc label) for EoMPLS.
So if the P router has many outbound interfaces for a given LSP, it will use that innner label to compute the hash value to select the outbound interface for that specific packet.
For an explanation on the control word please refer to the Martini encapsulation draft:
http://www.ietf.org/internet-drafts/draft-martini-l2circuit-encap-mpls-10.txt
Hope this helps, -
hello guys,
is it possible to rate limit an eompls circuit between to PE (rate-limit per VC) ?Yes you can try with MQC. Have a class-map which matches any traffic and police the bandwidth
policy-map l2test
class l2test
police 2048000 c t e d
class l2test
match any
Let me know if it works -
Data Center Core based on EoMPLS ?
Hi,
We've currently a data center based on Layer 2 with many inter building links blocked by STP. To simplify a little bit the layer 2 topology (and improve inter-building link usage) i would like to introduce EoMPLS inside my Data Center core.
Is that a good idea ? or something to rapidly forget ?
regards
CedricHello,
EoMPLS is overkill for the goal presented. Basically you would introduce Layer3 in the core (needed for MPLS) and then use MPLS to make the core look like Layer2 ...
More simple approaches:
Either tune your STP (or better use Rapid Per VLAN STP or MVST) to get some load balancing and also convergence speed.
Or convert to a L3 core - i.e. IP routed. The latter step might require IP readdressing, which can be a major pain. On the other hand you then have separated broadcast (and failure) domains, nice load balancing, fast convergence and no more big STP hassle.
Hope this helps! Please rate all posts.
Regards, Martin -
Good morning everyone.... I was wondering if someone could help me out with this?
I have setup a dev lab setup to test some stuff out before I go forward and move to production but I have hit a brick wall...
Here is a general setup Diagram.
HQ_SW-CE
|
HQ_RTR-PE
branch2_rtr branch3_rtr
| |
BR2_SW-CE BR3_SW-CE
Here is the hardware
HQ-2811 with HWIC-4ESW ios adventerprisek9-mz.151-3.T1.bin
Branch2-2811 ios adventerprisek9-mz.151-3.T1.bin
Branch3-1841 ios advipservicesk9-mz.151-4.M.bin
Switches are 3560G but in production will probably be 2960s and 2950s
I started out with L2TPv3 which worked and did not work. If I went to the HQ_SW and show cdp and STP for VLAN 42 which is a MGMT vlan.
HQ_SW>show cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
HQ_RTR Gig 0/2 178 R S I 2811 Fas 0/2/2
HQ_RTR Gig 0/1 157 R S I 2811 Fas 0/2/1
BRANCH3_SW Gig 0/2 129 R S I WS-C3560G Gig 0/14
BRANCH2_SW Gig 0/1 130 R S I WS-C3560G Gig 0/11
HQ_SW>show spanning-tree vlan 42
VLAN0042
Spanning tree enabled protocol ieee
Root ID Priority 32810
Address 001e.79d1.c880
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32810 (priority 32768 sys-id-ext 42)
Address 001e.79d1.c880
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi0/1 Desg FWD 19 128.1 P2p
Gi0/2 Desg FWD 19 128.2 P2p
Now if if I try and ping 172.42.1.2 (BRANCH 2 INT VLAN 42) I get no where...
HQ_SW>ping 172.42.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.42.1.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
HQ_SW>ping 172.42.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.42.1.3, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Also I Have a mac address table but the l2 MACs for the remote switches do not show up, arps for those ip addresses show up as incomplete as well.
I switched to EoMPLS and had the same issue.
What we are trying to do is setup a backup link for a server should a main link fail. the HQ Router should be able to terminate MANY L2 tunnels. Basically I see that the HQ_PE router almost like a switch and interface 1 will go to NY, int 2 will go to Chicago, int 3 will go to Dallas, etc. Since this is a backup connection we are trying to deploy it as cheaply as possible. We did this with a 4esw/9esw on the HQ router because it will support up to 15 or so sites that we want to do. The issue is that even when the xconnect line is added to the hwic it does not want to pass traffic. EoMPLS is the same thing.... Can anyone help me out? Also does anyone know if I went to a older ME-sw for the HQ if it would support the MPLS commands from the HQ router?
Also the l2tun and mpls all show up see below
BRANCH2#show l2tun
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
1543017164 4034467245 HQ_RTR est 10.0.0.1 1 l2tp_default_cl
LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
908667366 3759587721 1543017164 104, Fa0/1 est 00:58:18 4I am positive the ipsec tunnel is good to go as I have set them up before tons of times, same with the GRE. Here is the requested information however.
HQ_RTR#show crypto ipsec sa peer 192.168.2.2. The reason you will see two is because of the ACLs i have
Extended IP access list 102
10 permit ip host 10.0.0.1 host 10.0.0.2 (19462 matches)
20 permit ip host 10.0.0.2 host 10.0.0.1
Extended IP access list 103
10 permit ip host 10.0.0.1 host 10.0.0.3 (17404 matches)
20 permit ip host 10.0.0.3 host 10.0.0.1
HQ_RTR#
You should look at only the ACLs witht he matchs so no the first SA but the second for the same peer see below
interface: FastEthernet0/0
Crypto map tag: VPN, local addr 192.168.1.2
protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.0.2/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.0.0.1/255.255.255.255/0/0)
current_peer 192.168.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.1.2, remote crypto endpt.: 192.168.2.2
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.0.1/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.0.0.2/255.255.255.255/0/0)
current_peer 192.168.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4548, #pkts encrypt: 4548, #pkts digest: 4548
#pkts decaps: 5004, #pkts decrypt: 5004, #pkts verify: 5004
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 2, #recv errors 0
local crypto endpt.: 192.168.1.2, remote crypto endpt.: 192.168.2.2
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0xD5EFC998(3589261720)
PFS (Y/N): Y, DH group: group2
inbound esp sas:
spi: 0x692F80B1(1764720817)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: NETGX:3, sibling_flags 80000046, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4390208/1595)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xD5EFC998(3589261720)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: NETGX:4, sibling_flags 80000046, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4390276/1595)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
HQ_RTR#ping 10.0.0.2 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.1
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
HQ_RTR#show crypto ipsec sa peer 192.168.2.2
interface: FastEthernet0/0
Crypto map tag: VPN, local addr 192.168.1.2
protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.0.2/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.0.0.1/255.255.255.255/0/0)
current_peer 192.168.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.1.2, remote crypto endpt.: 192.168.2.2
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.0.1/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (10.0.0.2/255.255.255.255/0/0)
current_peer 192.168.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4583, #pkts encrypt: 4583, #pkts digest: 4583
#pkts decaps: 5042, #pkts decrypt: 5042, #pkts verify: 5042
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 2, #recv errors 0
local crypto endpt.: 192.168.1.2, remote crypto endpt.: 192.168.2.2
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0xD5EFC998(3589261720)
PFS (Y/N): Y, DH group: group2
inbound esp sas:
spi: 0x692F80B1(1764720817)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: NETGX:3, sibling_flags 80000046, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4390204/1582)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xD5EFC998(3589261720)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: NETGX:4, sibling_flags 80000046, crypto map: VPN
sa timing: remaining key lifetime (k/sec): (4390272/1582)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
HQ_RTR#
HQ_RTR#
Also right now with the L2TPv3 setup I am not using the GRE I had it setup for when I was using EoMPLS. I know the two work as I can see the multicast of the cdp but nothing beyond that.. -
EoMPLS with Catalyst 3750 Metro Switches
Hi,
I am trying to setup an EoMPLS tunnel (VLAN mode) between two 3750 Metro switches. But I am not getting the Status down from the both PEs.Also the 'show mpls l2transport binding' shows no output interface and no label stack is attached. Can anybody in the forum help me out? Is it any IOS related problem.
The IOS version is:c3750me-i5k91-mz.122-25.SEG1.bin
Thank you,
Dabraj Sarkar
Grameenphone Ltd,
Dhaka, BangladeshHi,
can you provide the related config? Without this it is hard to tell anything.
Regards, Martin -
3750 - ME - MPLS P(E), Stackwise, EoMPLS
Hello,
I've three questions:
- can I use Cat 3750-ME with Advanced IP licence as MPLS "P" device, or is it "PE only" device - which feature is missing?
- 3750-ME has StackWise port, but it isn't supported now. Is there any chance it will be supported at least for "LAN features".
- 3750-ME Configuration Guide states:
"You cannot have a direct Layer 2 connection between PE routers with EoMPLS". I haven't found such limitation mentioned in Cat 6500 documentation. Is this limitaion only for Cat 3750-ME platform, or is it general limitation of this feature, independent on hardware ?
Thanks
Jan Klicka1. yes its functionality really is a PE but it can label switch also. Think about how these devices are usually deployed (ring format). That means they need to do limited P switching but as Paul Daniels would say "not a lot".
2. Sorry havent a scooby doo.
3. I really dont get that statement - I would need to ask "why not?". -
Transparent layer 2 tunneling through EoMPLS on Nexus 7K
Hello,
Does anyone know if the N7K supports transparent layer 2 tunneling of control traffic (CDP, STP and VTP) over EoMPLS? I'm unable to find exact info about this in Cisco's documentation.
Here's the problem I'm having:
I have an EoMPLS virtual connect configured between a ME3600X switch and a Nexus 7K switch to extend layer 2 domain across two different sites. The virtual connect is up and running and passing traffic successfully between the CEs. However, I'm having problem with tunneling CDP traffic from the N7K end to the ME3600X end. CDP tunneling in the other way is working fine. i.e. CE1 connected to the N7K is able to see the other CE (CE2) in its CDP table; however, CE2 connected to the ME3600X is unable to see CE1 in its CDP table, which I believe is caused by the N7K not tunneling the CDP traffic through the EoMPLS VC properly.
Below is the config:
! CE1 is connected to N7K port e3/28.
! CE2 is connected to ME3600X port g0/24.
! N7K:
feature mpls l2vpn
l2vpn
interface loopback100
ip address 10.255.255.200/32
ip router ospf 185 area 0.0.0.0
port-profile type pseudowire MPLS
encapsulation mpls
state enabled
l2vpn xconnect context TestToME
member Ethernet3/28 service-instance 1
member pseudowire185
interface pseudowire185
inherit port-profile MPLS
neighbor 10.255.255.150 102
encapsulation mpls
vc type ethernet
mtu 9216
interface Ethernet3/28
no cdp enable
no shutdown
service instance 1 ethernet
encapsulation default
no shutdown
! ME3600X
interface Loopback100
ip address 10.255.255.150 255.255.255.255
interface GigabitEthernet0/24
switchport trunk allowed vlan none
switchport mode trunk
service instance 1 ethernet
encapsulation default
l2protocol forward cdp
bridge-domain 102
interface Vlan102
mtu 9216
no ip address
xconnect 10.255.255.200 102 encapsulation mplsFolks,
I have this issue resolved.
There were reported bugs in earlier version of code for the ME3600X which dropped MSTP and RSTP BPDU's.
Also there are 2 different use cases for using the L2protocol command:
1, When creating a service instance between 2 devices that supports the L2protocol command use L2protocol tunnel (ME3600 to ME3600)
2, When creating a service instance between a deice that supports the L2protcol command and another device that does not support the L2protocol command use L2protocol forward (ME3600 - 2911 or ME3600 to non Cisco device)
I upgraded the s/w on the ME3600 to 15.3-2
Here is the working configuration between the ME3600 and the 2911
PE1 (ME 3600X)
int g0/1
port-type nni
switchport trunk allowed vlan none
switchport mode tunk
service instance 2 ethernet
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
l2protocol forward stp
xconnect 10.11.1.4 encapsulation mpls
PE 2 (2911)
int g0/2.2
xconnect 10.11.1.16 encapsulation mpls
CE 1 and CE 2
int g0/1
switchport mode trunk
Thanks for your help.
Colm -
Hi All,
I can't find much information or configuration examples about doing EoMPLS between different AS's.
I've got the basic setup:
PE1 -> P1 (7606) <--> P2 (7301) <--PE2
P1 & PE1 are in AS100
P2 & PE2 are in AS200
Vlan 37 originates on AS100 but I need PC's in AS200 to be in Vlan37 as well.
I have enabled BGP between the P routers.
For simplicity sake there is a /30 ethernet connection connecting the P routers.
Both AS's are running MPLS inside their core.
Could someone please point me in the right direction about what is required to get EoMPLS working between different AS's.
Thanks.
AndyThanks for the reply Giuseppe.
I was able to get more information by reading Layer 2 VPN Architectures by Wei Luo, Carlos Pignataro, Dmitry Bokotey, Anthony Chan. In there was a chapter dedicated to Pseudowire Emulation in Multi-AS Networks. And as you advised, the solution was to use the BGP "send-label" to redistribute the labels from one AS to another.
My only question is that the chapter goes on to talk about seeing THREE labels in the vc details but in my lab I'm only seeing TWO labels (everything is working in my lab setup). Am I missing something here???
From the book:
"Label 27 is the IGP label to reach ASBR1 that has the address 10.1.1.3, and label 32 is the BGP IPv4 label assigned by ASBR1 to reach PE4 that has the address 172.16.1.2"
PE1#show mpls l2transport vc 100 detail
Local interface: Et0/0.1 up, line protocol up, Eth VLAN 100 up
Destination address: 172.16.1.2, VC ID: 100, VC status: up
Preferred path: not configured Default path: active
Tunnel label: 32, next hop 10.23.12.2
Output interface: Et1/0, imposed label stack {27 32 16}
My Lab Setup:
test-mpls-cr#sh mpls l2transport vc detail
Local interface: Gi0/0.37 up, line protocol up, Eth VLAN 37 up
Destination address: 10.15.105.2, VC ID: 200, VC status: up
Output interface: Gi0/0.11, imposed label stack {7697 19}
Preferred path: not configured
Default path: active
Next hop: 203.10.110.195
Create time: 23:09:13, last status change time: 18:52:59
Signaling protocol: LDP, peer 10.15.105.2:0 up
MPLS VC labels: local 2851, remote 19
Group ID: local 0, remote 0
MTU: local 9000, remote 9000
Thanks.
Andy -
EoMPLS support on Cisco ISR G2 2921?
Hi there is saw in feature navigator that EoMPLS is a supported feature for 2921...
- Can somebody please confirm that EoMPLS is supported with Cisco 2921?
- Is pseudowire redundancy possible?
Thanks
ManuelHi Manuel,
yes it is supported (if I am not wrong since release 12(4)T) and also L2VPN PW redundancy is supported.
Riccardo -
Does anyone know if you can configure EoMPLS on an SVI interface if you have the ES20 cards facing the core and the x6724 cards facing the CPE. The 7600 documentation for 12.2SR says you have to have an OSM or Enhanced Flex Wan module facing the core but this was befoere the ES20 cards came out. Below is an example of what I would like to do.
CE--->(x6724--7600--ES20)---core---(ES20---7600---x6724)--->BRAS
7600 facing the CE.
vlan 10 name voice
vlan 20 name video
vlan 100 name data
int gig4/1
switchport
switchport trunk ecap dot1q
sw mode trunk
switcport trunk allowed vlan 10,20,100
int vlan 10
ip add 10.10.1.1 255.255.255.0
int vlan 20
ip add 10.20.1.1 255.255.255.0
int vlan 100
xconnect 10.10.100.101 100 encapsulation mplsWe tried this with x6724s facing the core and x6748s facing the CE and it didn't work and was told by TAC that we needed the OSM or Enhanced flex wan module. I'm hoping the ES20 card has the same functionality as the OSM or Enhanced flex wan. In reading over the data sheet last night it appears that it supports all the MPLS/AToM features that the OSM modules supports. I'm thinking if it doesn't work with an SVI it should work with sub-interfaces.
-
Hello,
Please clarify if the following features are supported over EoMPLS on 7600 platform (IOS 15.0) used as PE:
DSCP classification on ES+ EVC when xconnect is under SVI.
DSCP classification on SVI linked to ES20 EVC when xconnect is under SVI.
Police & marking (as confom action) on ES+ EVC when xconnect is under SVI.
Police & marking (as conform action) on SVI linked to ES20 EVC when xconnect is under SVI.
Please highlight any caveats related to the above features and share any related document if you can.
Best regards!Hi,
as long as the bandwidth for all combined voip calls is smaller than the configured bandwidth "priority XXX", VoIp is ok.
The reason is, that any voip packet will be serviced immediately and the data will be queued. So for voip the network looks like not being overloaded at all.
Hope this helps! please rate all posts.
Regards, Martin -
Virtually L3-terminate a EoMPLS Tunnel on a ASR1000
Hi all,
I am trying to terminate a EoMPLS Tunnel with a virtual L3 interface on a ASR1000 without any physical port interaction.
We need to send the Traffic from Subinterfaces of some PE's (7600 and ASR9k) to an ASR1000 which sould use ISG functionallity to authorize and bw-limit the subscribers.
On the current setup we terminate the xconnects on a 7600 PE as well, and we send the traffic dot1q tagged to the ISG which is the L3 endpoint for the customers.
To make the switchover from a failed device easier, we now want to terminate everything on the ASR1000. Im my understanding, this shoud be possible with an l2 vfi, with an configured bridge-domain with BDI Interface and an EoMPLS neighbor.
The config I tired on the ASR1000 looks like:
l2 vfi vfi50 manual
vpn id 50
bridge-domain 50
neighbor <PE IP> 103685 encapsulation mpls
interface BDI50
vrf forwarding ISG_TABLE
ip address <Service IP> <netmask>
ip helper-address <DHCP>
load-interval 30
The communication from the Customer Network to the DHCP works, and I can even ping the BDI Interface IP, but I can not get further to the internet. Pinging a public address from the BDI50 Interface however works fine.
When I do a debug ip packet on that range, I can only see broadcasted packets (which get forwarded to the helper address).
However, MAC Adresses and ARP tables and gateway on the client looks good:
ar90.bie005.bb#sh bridge-domain 50
Bridge-domain 50 (2 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 180 second(s)
BDI50 (up)
vfi vfi50 neighbor <PE IP> 103685
MAC address Policy Tag Age Pseudoport
C84C.75E1.CEBF to_bdi static 0 BDI50
88AE.1DAA.502A forward dynamic 179 vfi50.1020017 #88AE.1DAA.502A = Lab Laptop
ar90.bie005.bb#sh xconnect all
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP pri vfi vfi50 UP mpls <PE IP>:103685 UP
UP pri bd 50 UP vfi vfi50 UP
ar90.bie005.bb#sh ip arp vrf ISG_TABLE
Protocol Address Age (min) Hardware Addr Type Interface
Internet <SERVICE Address> - c84c.75e1.cebf ARPA BDI50
Internet <Lab Laptop IP> 0 88ae.1daa.502a ARPA BDI50
Am I missing something? Is there a limitation I am hitting? In the most documents I found there was always a Service Instance on an Interface involved, which is certainly missing here.
Thaks for any help!Hi,
yes actually it should be fixed ;-)
It was a bug on the ASR (
CSCub44215), it had somehow problems with that routed vpls scenareo with routes learned from mp-bgp.
I could verify the fix of the problem with an engineering release, however, I did not have time to check the functionallity on Software Version 3.7.1.S / 15.2(4)S1 where the fix of the bug was implemented officially. But I'm very confident that it will work with that version as well.
Regards
Maybe you are looking for
-
Hello, I think my iPod touch is a 3rd generation. It is a 4.2.1 Version, 8 GB. My 89 year old mother has totally lost her hearing. I would like to experiment with my ipod touch to see if an ipod is what she could use in her assisted living arrangemen
-
Hi All, We are facing issue in loading an XML file in database. It is an XML file from S-MART (PGS). If we try to load the xml file directly using an OWB mapping (as way we are doing for MARS), the mapping takes forever. We have tried several strateg
-
Call a transaction with Application WD ABAP
Dear Expert. In this moment I have the following requirement: I created an Application WD ABAP and created a button that must call a transaction of R/3 in the portal. I created a Transaction Iview and for this iView I created a Page. Now I want that
-
ACS 4.2.1 AND WINDOWS 7
HI all, We are having some authentication issues with windows 7. The issue some windows 7 machine fails randomly. We are using ACS 4.2.1 MS-PEAP with machine authentication, every now and then a pc fails to authen. And the log always show
-
Two Unrelated Macs Running 10.6.2 Experience Simultaneous Disk Corruption
Anyone else out there have this happen today? After shutting the lid on my MacBook Pro 17 2.8GHz, last last night, I awoke to a DOA laptop. The Mac (4 months old) would not boot. I tried single user-mode /sbin/fsck about 8 times but it still wouldn't