ME3600-ME3800: service-instance & bridge-domain syntax

Similar Messages

• Bridge-domain and trunk configuration on ES20 card.

  Hello.
  I have two 7609-S boxes equipped with ESM20G cards and WS-X6748-GE-TX cards. A trunk is configured on ports of WS cards between these devices. A very important system is to be connected with two optical links to both devices via ES20 cards for redundancy. I consider configuring it using EVC framework in the following way:
  service instance -> bridge-domain XXX -> interface VLAN XXX and enable HSRP on my devices.
  I am not sure what is the structure of conecting system so I would like to have some kind of L2 connectivity between my devices for this connection. For other connections made using ports on WS card a dedicated VLAN is allocated for every one of them and then this VLAN is simply put in trunk between devices. Can I simply add vlan XXX to the list of VLANs allowed on the WS-card-based-trunk or do I have to utilize some completely different solution? Links to any related documentation are appreciated. Tomorrow I am going to test this configruation any way but I would like to have some backup solution in case this will not work.
  Thanks in advance,
  Andrew.

  Hi Andrei,
  Im having the same dilemna and im wondering if you were able to find a solution for this?
  I need to support HSRP on a vlan interface with bridging over port channel bundled interface between routers.
  im trying this but i cant seem to get this to work.
  ----R2----
  interface Vlan10
  ip vrf forwarding BOB
  ip address 10.1.1.2 255.255.255.248
  standby 1 ip 10.1.1.1
  standby 1 priority 110
  standby 1 preempt
  end
  interface Port-channel1
  no ip address
  service instance 10 ethernet
    encapsulation dot1q 10
    bridge-domain 10
  --- R2----
  interface Vlan10
  ip vrf forwarding BOB
  ip address 10.1.1.3 255.255.255.248
  standby 1 ip 10.1.1.1
  end
  interface Port-channel1
  no ip address
  service instance 10 ethernet
    encapsulation dot1q 10
    bridge-domain 10
  BR//
  Chanuka

• ME3600 does not forward frames out one interface in service instance

  Hi,
  I have an issue with ME3600 running 15.3(1)S. I have a BDI used for CPE
  management.
  cisco ME-3600X-24FS-M
  Cisco IOS Software, ME360x Software (ME360x-UNIVERSALK9-M), Version
  15.3(1)S, RELEASE SOFTWARE (fc1)
  This is the BDI and VRF configuration:
  interface Vlan1620
  ip vrf forwarding 65000:1620
  ip address 10.232.28.1 255.255.252.0
  no ip redirects
  ip vrf 65000:1620
  rd 65000:1620
  route-target export 65000:1620
  route-target import 65000:1620
  address-family ipv4 vrf 65000:1620
  redistribute connected
  The MPLS part is working fine, no issues there. There is also a DHCP
  pool handing out IPs to the CPEs.
  ip dhcp pool 65000:1620
  vrf 65000:1620
  network 10.232.28.0 255.255.252.0
  domain-name xyz
  default-router 10.232.28.1
  option 66 ascii 10.232.28.1
  dns-server 8.8.8.8
  lease 0 0 30
  This also works fine and I have verified that CPE has both IP and GW.
  Then for the service instance configuration:
  interface GigabitEthernet0/5
  switchport trunk allowed vlan none
  switchport mode trunk
  service instance 1620 ethernet
  encapsulation dot1q 1620
  rewrite ingress tag pop 1 symmetric
  bridge-domain 1620
  interface GigabitEthernet0/11
  switchport trunk allowed vlan none
  switchport mode trunk
  service instance 1620 ethernet
  encapsulation dot1q 1620
  rewrite ingress tag pop 1 symmetric
  bridge-domain 1620
  Traffic to CPEs behind Gi0/11 works:
  sh ip arp vrf 65000:1620 vlan 1620 | i 29.26
  Internet 10.232.29.26 0 0022.07f3.3450 ARPA Vlan1620
  show mac-address-table address 0022.07f3.3450
  Mac Address Table
  Vlan Mac Address Type Ports
  1620 0022.07f3.3450 DYNAMIC Gi0/11+Efp1620
  Total Mac Addresses for this criterion: 1
  Pinging 10.232.29.26 with 32 bytes of data:
  Reply from 10.232.29.26: bytes=32 time=33ms TTL=61
  Reply from 10.232.29.26: bytes=32 time=32ms TTL=61
  Reply from 10.232.29.26: bytes=32 time=34ms TTL=61
  Reply from 10.232.29.26: bytes=32 time=32ms TTL=61
  Traffic to CPEs behind Gi0/5 does not work.
  sh ip arp vrf 65000:1620 vlan 1620 | i 28.190
  Internet 10.232.28.190 2 0022.07f2.76a6 ARPA Vlan1620
  show mac-address-table address 0022.07f2.76a6
  Mac Address Table
  Vlan Mac Address Type Ports
  1620 0022.07f2.76a6 DYNAMIC Gi0/5+Efp1620
  Total Mac Addresses for this criterion: 1
  Pinging 10.232.28.190 with 32 bytes of data:
  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.
  This is also confirmed by looking at counters. There seems to be no
  egress traffic on Gi0/5.
  Service Instance 1620, Interface GigabitEthernet0/11
  Pkts In Bytes In Pkts Out Bytes Out
  31717 2955368 4569808 1709207624
  Service Instance 1620, Interface GigabitEthernet0/5
  Pkts In Bytes In Pkts Out Bytes Out
  4850878 367975447 0 0
  It does work to ping locally from the 3600 though:
  ping vrf 65000:1620 10.232.28.190
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.232.28.190, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
  I'm not sure how to troubleshoot it further. I've also tried setting up
  ERSPAN sessions for RX traffic on Gi0/5 but I don't get anything in
  unless I ping 28.1 which is the IP of the interface on the 3600.
  Any clues?
  Daniel Dib
  CCIE #37149
  Please rate helpful posts.       

  It could not have been caused by a virus, since there are no viruses for Mac OS X. I would guess it was a typo when you first setup the account, and when you set it up again, a user may have gone to Preferences and selected the Outgoing mail server drop down menu and inadvertently selected the typo'd server entry.
  Mulder

• Cant create more than 16 services instances in ME3600

  I have an issue in creating services instances with bridge-domain in ME3600x
  the license level is AdvancedMetroIPAccess.
  i have currently 16 services instances, and if i create 1 more the number 16th puts himself in shutdown. 
  show version results:
  Cisco IOS Software, ME360x Software (ME360x-UNIVERSAL-M), Version 15.1(2)EY2a, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2012 by Cisco Systems, Inc.
  Compiled Wed 04-Apr-12 06:37 by prod_rel_team
  ROM: Bootstrap program is WHALES boot loader
  MIL-PE-3600-01 uptime is 20 weeks, 4 days, 22 hours, 51 minutes
  System returned to ROM by power-on
  System restarted at 00:20:14 GMT Sun Nov 17 2013
  System image file is "flash:/me360x-universal-mz.151-2.EY2a/me360x-universal-mz.151-2.EY2a.bin"
  License Level: AdvancedMetroIPAccess
  License Type: Permanent
  Next reload license Level: AdvancedMetroIPAccess
  cisco ME-3600X-24TS-M (PowerPC8572) processor (revision A0) with 1015808K/32760K bytes of memory.
  Processor board ID FOC1617V1GZ
  Last reset from power-on
  32 Virtual Ethernet interfaces
  25 Gigabit Ethernet interfaces
  2 Ten Gigabit Ethernet interfaces
  The password-recovery mechanism is enabled.
  1536K bytes of flash-simulated non-volatile configuration memory.

  I had a couple of small hard disks (scsi) that I amalgamted into one large disk using raidtools. I then used LVM on the 'MD0' result of that to slice it into 23 bits as RAW.
  Worked fine. You should be able to use the same methods (or parts therof as needed) on IDE.
  Now that you can buy a firewire HD and Firewire cards (check out driver chip type first)without breaking the bank, this would be the simplest option for a RAC.
  HTH

• ME3600 - SVI's + Service Instances‏

  Hi Everyone,
  Very new to the ME3600 platform, so hoping someone can assist with the following:
  We currently have 4948's connecting to various carriers - Each port is a trunk, and has a vlan per tail.
  i.e.
  int gig1/1
  desc AGG_TO_CARRIER_A
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport trunk allowed vlan 10,20,30
  We then have another port on the 4948's (Trunk), that allows all vlans from all the carrier AGG ports that connects to 7200's or ASR1000's (We have multiple POP's), and each vlan is then added to dot1q subint and thrown into a vrf or standard "Inet" Interface....we also apply service-policys (egress shaping/ingress marking) on the L3 Interfaces
  We are wanting to run MPLS on the ME3600s, and do all the L3 stuff on them rather than the 7200'sand ASR's - So, we will still have the 4948's, multiple carrier AGG's, multiple vlans's but the trunk port(From the 4948s) that currently goes to the 7200's and ASR's will now go to the ME3600s - So, a few questions:
  1. What would the ME3600 Trunk port(That connects back to the 4948) config look like? i.e. Similar to how we currently do it (switchport trunk allowed vlan 10,20.30,40...), and then create SVI's for each vlan and apply L3/VRF/service policies? Or do SVI's not support service policies and we would need to use service instances? (The 4948's typically have ~100+ vlans(tails) from the various carrriers)
  2. If service instances are required, can anyone please provide an example of how the config would look (Or point me to some documentation please?)
  Thanks in advance for your help.

  Ariean wrote:
  1.) Thanks for your reply, so load balancing and/or fail over will only happen between different instances of the single database or can it also be possible between 2 different databases provided the databases are in sync??
  Yes, it can be done between two databases as well and this is called Standby database configuration. This won't do the load balancing for you but you would get teh switchover (or Failover) between two.
  2.) Would it be possible to have PROD & DR database servers with load/fail over options configured and also with dataguard setup between those 2 DB's will have same IP addresses & host names like below?
  PROD      DataBase Server     tsjipud186.xyz.mq.abcd.net     123.45.67.30
                       tsjipud187.xyz.mq.abcd.net     123.45.67.55
  DR     DataBase Server          tsjipud186.xyz.mq.abcd.net     123.45.67.30
                      tsjipud187.xyz.mq.abcd.net     123.45.67.55
  Hmm may be I need a cup of coffee because not able to parse the question.
  Aman....

• Bridge domain issue

  Hi,
  Im Currently using a 4431 router configuring it with a bridge domain. Im encountering problems with the bridge domain interface not able to ping my load balancer IP address.
  We have one 4431 router connected to 2 2960 switches with 2 F5 connected to both of the switches also.
  Below is my configuration for the bridge domain:
  interface BDI1
   ip address 192.168.1.219 255.255.255.224
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   no cdp enable
  interface GigabitEthernet0/0/1
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   negotiation auto
   service instance 1 ethernet
    encapsulation untagged
    bridge-domain 1
  interface GigabitEthernet0/0/2
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   negotiation auto
   service instance 1 ethernet
    encapsulation untagged
    bridge-domain 1
  Im not able to ping my load balancer IP address:
  sg-wr01#ping 192.168.1.220
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.1.220, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  sg-wr01#ping 192.168.1.221
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.1.221, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  sg-wr01#ping 192.168.1.222
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.1.222, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  But when I change the bridge domain interface to a layer 3 interface I can ping the load balancer IP address:
  interface GigabitEthernet0/0/1
   ip address 192.168.1.219 255.255.255.224
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   negotiation auto
  end
  sg-wr01#ping 192.168.1.220
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.1.220, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
  sg-wr01#ping 192.168.1.221
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.1.221, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
  sg-wr01#ping 192.168.1.222
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.1.222, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
  Has anyone encountered this before?
  Below is the network diagram:
  Thanks,
  Marvin

  Did you do a no shut on the BDI?
  "The initial administrative state of a BDI depends on how the BDI is created. When a BDI is created at boot time in the startup configuration, the default administrative state for the BDI will be up, and will remain in this state unless the startup configuration includes the shutdown command. This behavior is consistent with all the other interfaces. When a BDI is created dynamically by a user at command prompt, the default administrative state is down."

• ME 3800 X - QinQ across service instance

  I realize a test rig of ME-3800-X.
  I use the MPLS and QinQ.
  EoMPLS for pseudowire is Ok in test rig.
  QinQ also.
  In fact, everything is ok.
  But, in documentation, it is not said that we can forward the frame QinQ across a Service Instance.
  Header:vlan+eth+data                     >>ingress 3800 -A >> evc bridge-domain 100 >>>>>> Vlan 100 and rewite imposition and Xconnect to B>>
                                        egress 3800 -A  >> Eompls+QinQ+Vlan+eth+data >>>>
                                                                                                                     |
                                                                                                                     |
                                                                                                      BACKBONE MPLS
                                                                                                                     |
                                                                                                                     |
  >>>ingress 3800- B >>>> Vlan 100 (not rewite) + xconnect to A >>>> evc bridge-domain 100 >>>>egress 3800 - B >  Header QinQ+ETH+DATA
  It has QinQ frames within the bridge domaine not frame Vlan.
  Question:
  Is what I can do this even if the documentation does not indicate.
  Thanks for your comment.
  I am french, sorry for my bad english language.
  Cdlt,

  Hello Cdlt.
  but what is the  question? Is it something like "how come that even if my configuration does not match the guide my setup is working?"
  Is that one?
  Also, does it work when your config is matching the EVC guide instead (the one in green on your pdf)?
  Quick notation is that even if the configuration is not matching the guide  the final result is the same as you moved the pop operation of the outmost dot1q tag from the ingress PE (the one on top) to egress one by configuring 'platform rewrite imposition tag push 1 symmetric' on the SVIs.
  So you either strip the qinq tag on ingress or on egress the frame looks like the same way when the last mpls label is popped.
  Does this answer to your question or am I still missing the point?
  Riccardo

• Q-in-Q on an EVC/Service Instance

  Hi
  I want to take a bunch of VLANs from an interface, trunk them through my network, and spit them out on another end. Sounds like simple Q-in-Q to me.
  Problem is one end is a 3600X, and the other is a 4900M. The 4900M is simple. The problem I have is with the 3600X and the EVC. Let's say I want to take VLAN 10 from a customer, and carry it on my network as VLAN 100. I will take them from a port on my 3600X and then carry VLAN 100 along with another bunch of unrelated VLANs through my network.
  Can I configure a service instance on the customer facing port encapsulating their VLANs (let's say VLAN 10 for this example), then carry the internal VLAN (100) through on my trunks?
  Example, 3600X:
  interface GigabitEthernet0/1
  description FACING CUSTOMER NETWORK
   switchport trunk allowed vlan none
   switchport mode trunk
   service instance 1 ethernet
    encapsulation dot1q 10
    bridge-domain 100
  interface GigabitEthernet0/2
  description FACING SERVICE PROVIDER CLOUD
   switchport trunk allowed vlan 100
   switchport mode trunk
  Then the 4900M will be:
  interface GigabitEthernet0/1
  description FACING CUSTOMER NETWORK
  switchport access vlan 100
  switchport mode dot1q-tunnel
  interface GigabitEthernet0/2
  description FACING SERVICE PROVIDER CLOUD
  switchport trunk allowed vlan 100
  switchport mode trunk
  This doesn't work. I've tried various configs on the 3600 but can't get it working. I am not sure how to config the EVC properly - on the 3600X I suspect I also have to configure a service instance on the trunk facing into the cloud? This unfortunately isn't preferable as I want this to function as a basic, normal trunk (it has about 50 other VLANs on it).
  Cheers for any help!

  Not sure in 4900M, I would have to test it, but in ME switch, I believe you would have to push a tag because it seems you don't care about which VLAN it comes in.
  So for example, your encapsulation would be anything.
   service instance 1 ethernet
  encapsulation dot1q 1 - 4094
  rewrite ingress tag push dot1q 100 symmetric
  This would push a second VLAN (100) in a tagged frame that reaches the port.
  The symmetric would pop it when sending out of that interface so the inner VLAN would be kept.

• Service instance configuration

  Hello,
  I'm need help with following configuration, but can't figure it out myself:
  Existing config:
  int te0/1
  service instance 44 ethernet
    encapsulation dot1q 231,431,731
    l2protocol forward cdp stp
    bridge-domain 44
  service instance 58 ethernet
    encapsulation dot1q 246,446,746,2806
    l2protocol forward cdp stp
    bridge-domain 58
  int te0/2 
  service instance 44 ethernet
    encapsulation dot1q 1429 <- S-Vlan. Can't be changed.
    rewrite ingress tag pop 1 symmetric
    l2protocol forward cdp stp
    bridge-domain 44
   service instance 58 ethernet
    encapsulation dot1q 1445 <- S-Vlan. Can't be changed.
    rewrite ingress tag pop 1 symmetric
    l2protocol forward cdp stp
    bridge-domain 58
  I'm need to add vlan 2806 to both sites.
  Many thanks.

  Hi Akash,
  I'm really don't understand how to brifge it. I'm tried this config, but it not working.
  service instance 1458 ethernet
    encapsulation dot1q 231,431,731,246,446,746,2806
    l2protocol forward cdp stp
    bridge-domain 58
  service instance 44 ethernet
    encapsulation dot1q 1429
    rewrite ingress tag pop 1 symmetric
    l2protocol forward cdp stp
    bridge-domain 58
   service instance 58 ethernet
    encapsulation dot1q 1445
    rewrite ingress tag pop 1 symmetric
    l2protocol forward cdp stp
    bridge-domain 58
  Also, i'm unable to use xconnect on this 3700 switch.

• Service instance and trunk ports

  hi I have the following configuration:
  interface Port-channel1
   description SHN-AX1-1-2-CNRY
   switchport trunk allowed vlan none
   switchport mode trunk
   load-interval 30
   no keepalive
   service instance 1 ethernet
    encapsulation untagged
    l2protocol peer lacp
    bridge-domain 1
   service instance 2 ethernet
    description IDP_VLAN_2
    encapsulation dot1q 2
    bridge-domain 3998
   service instance 3 ethernet
    description BBR_VLAN
    encapsulation dot1q 420
    bridge-domain 3998
   service instance 4 ethernet
    description MGMT_VLAN
    encapsulation dot1q 95
    bridge-domain 3998
   service instance 5 ethernet
    description STATIC_VLAN
    encapsulation dot1q 3641,3644,3777,3291
    bridge-domain 3998
   service instance 6 ethernet
    description SME_VLAN
    encapsulation dot1q 2098,2339
    bridge-domain 3998
  interface Port-channel1
   description SHN-AX1-1-2-CNRY
   switchport trunk allowed vlan none
   switchport mode trunk
   load-interval 30
   no keepalive
   service instance 1 ethernet
    encapsulation untagged
    l2protocol peer lacp
    bridge-domain 1
   service instance 2 ethernet
    description IDP_VLAN_2
    encapsulation dot1q 2
    bridge-domain 3998
   service instance 3 ethernet
    description BBR_VLAN
    encapsulation dot1q 420
    bridge-domain 3998
   service instance 4 ethernet
    description MGMT_VLAN
    encapsulation dot1q 95
    bridge-domain 3998
   service instance 5 ethernet
    description STATIC_VLAN
    encapsulation dot1q 3641,3644,3777,3291
    bridge-domain 3998
   service instance 6 ethernet
    description SME_VLAN
    encapsulation dot1q 2098,2339
    bridge-domain 3998
  interface GigabitEthernet0/1
   switchport trunk allowed vlan none
   switchport mode trunk
   channel-group 1 mode on
  interface GigabitEthernet0/2
   switchport trunk allowed vlan none
   switchport mode trunk
   channel-group 1 mode on
  interface Port-channel12
   description SHN-AGG-BX1
   switchport trunk allowed vlan 34,50,76,3998
   switchport mode trunk
   mtu 9000
  interface GigabitEthernet0/23
   switchport trunk allowed vlan 34,3998
   switchport mode trunk
   mtu 9000
   channel-group 12 mode active
  interface GigabitEthernet0/24
   switchport trunk allowed vlan 34,3998
   switchport mode trunk
   mtu 9000
   channel-group 12 mode active
  the input interfaces are gigEth0/1 and gigEth0/2 and the output interfaces are gigEth0/23 and gigEth0/24.
  the ingress traffic at the input port has a single tag and the ingress traffic at the output port has two tags.
  please explain me, where tags would be pushed/popped and why??
  thank you.

  Hello.
  You might have confused service instance configuration and usual switchport mode trunk.
  Please refer figure 11-10 in the document http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/12-2_52_ey/configuration/guide/3800x3600xscg/swevc.html
  >But there is a typo - per description it should be "enc doat1q 20" under service instance 9on the picture).
  Also under Figure 11-2 we have following example:
   QinQ is also supported when sending packets between an EFP and a switchport trunk, because the switchport trunk is implicitly defined as rewrite ingress tag pop 1 symmetric. The same external behavior as Method 1 can be achieved with this configuration:
  Switch (config)# interface gigabitethernet0/1 
  Switch (config-if)# service instance 1 Ethernet 
  Switch (config-if-srv)# encapsulation dot1q 1-100 
  Switch (config-if-srv)# bridge-domain 30
  Switch (config)# interface gigabitethernet0/2 
  Switch (config-if)# switchport mode trunk
  Again, service instance 1 on Gigabit Ethernet port 0/1 is configured with the VLAN encapsulations used by the customer: C-VLANs 1-100. These are forwarded on bridge-domain 30. The service provider facing port is configured as a trunk port. The trunk port implicitly pushes a tag matching the bridge-domain that the packet is forwarded on (in this case S-VLAN 30). 

• Bridge domain questions

  Hi everybody.
  At work , I have seen a lot of bridge domains configured on a single switch. My question is what is bridge domain and why we use them. An example with configurations will be great.
  Thanks and have a great day.

  Hi Marvin and Rick
  Please consider the following config and questions:
  R1#  show platform
  Interrupt Throttling:
    Throttle Count   = 00052552   Timer Count      = 00039372
    Netint usec      = 00000800   Netint Mask usec = 00000240
    Active           =        0   Configured       =        1
    Longest IRQ(usec)= 00003999
  MSFC CPU IDPROM:
  IDPROM image:
    (FRU is 'C7600 MSFC4 Daughterboard')
  +++++++++++++++++++++++++++++++++++++++++
  R1#show running-config interface gigabitEthernet 9/7
  service instance 1251 ethernet
    encapsulation dot1q 1251
    rewrite ingress tacg pop 1 symmetri
    bridge-domain 440
  service instance 2001 ethernet
    encapsulation dot1q 2001
    rewrite ingress tag pop 1 symmetric
    bridge-domain 440
  +++++++++++++++++++++++++++++++++++++++++
  Let say R1 receives a packet with vlan tag 1251 on g9/7. What will happen next? will R1 update its MAc table with source mac?
  1)Will there be a mac table for bridge -domain 440?  Do we have one-to one correspondence between the two i.e each  bridge-domain has its own mac table.?
  2)Let say R1 receives a packet with vlan tag 1251 on g9/7. What will happen next? will R1 update its MAc table with source mac?
  3) Let say R1 receives a frame with vlan tag 1251 with destination mac ff:ff:ff:ff
  What will R1 do next?
  4)Will R1 forward it to all service instance in bridge-domain 440 except the one R1 receives the broadcast frame? 
  ( in our case we have two service instances under  bridge -domain 440 i.e service instance 1251 ethernet,service instance  2001 ethernet)
  5) Will R1 change the vlan tag 1251 to 2001 when forwarding the broadcast frame out of instance 2001?
  Appreciate your help.
  Thanks

• Service instance

  Hi.
  I would like to know is there a command to see traffic througput over service instance?
  Thank you

  Hello.
  You might have confused service instance configuration and usual switchport mode trunk.
  Please refer figure 11-10 in the document http://www.cisco.com/c/en/us/td/docs/switches/metro/me3600x_3800x/software/release/12-2_52_ey/configuration/guide/3800x3600xscg/swevc.html
  >But there is a typo - per description it should be "enc doat1q 20" under service instance 9on the picture).
  Also under Figure 11-2 we have following example:
   QinQ is also supported when sending packets between an EFP and a switchport trunk, because the switchport trunk is implicitly defined as rewrite ingress tag pop 1 symmetric. The same external behavior as Method 1 can be achieved with this configuration:
  Switch (config)# interface gigabitethernet0/1 
  Switch (config-if)# service instance 1 Ethernet 
  Switch (config-if-srv)# encapsulation dot1q 1-100 
  Switch (config-if-srv)# bridge-domain 30
  Switch (config)# interface gigabitethernet0/2 
  Switch (config-if)# switchport mode trunk
  Again, service instance 1 on Gigabit Ethernet port 0/1 is configured with the VLAN encapsulations used by the customer: C-VLANs 1-100. These are forwarded on bridge-domain 30. The service provider facing port is configured as a trunk port. The trunk port implicitly pushes a tag matching the bridge-domain that the packet is forwarded on (in this case S-VLAN 30). 

• VPLS: bridge-domain o xconnect?

  Hi all,
  to attach an interface to a vfi I have seen two kind of possible solution:
  L2 vfi <name> manual
  Vpn id <VPNid>
  bridge-domain <bridge-domain id>
  Neighbor <Remote-PE>
  interface fastethernetx/y
  bridge-domain < bridge-domain id>
  or
  interface fastethernetx/y
  xconnect vfi <name>
  What is the difference between the command bridge-domain o xconnect? When I must use one or the other?
  Thanks in advance
  Gianluca

  hi! I am not entirely sure about it but this is my best shot...
  X-connect would be used to establish a pseudo-wire (point-to-point) for an EPL service like EoMPLS. That will just connect the 2 UNI together to the VC created by the X-connect command. In this case ther would be no mac table maintained for the VSI in the router.
  Bridge domain can be used so that you create a seperate bridge domain ( like a virtual bridge) and add ports to that and connect it to remote PE so that you create a VPLS connection. The PE will maintain a seperate mac table for the VSI.
  So thats what I think - PWE3 v/s VPLS..
  Correct me if I am wrong.
  Thanks....

• Bridge Domain and multicast traffic

  Hi All,
  i am planning to build a Point to multipoint network based on ME3600X switch at the HQ and ISR 2900 routers at the Branches. i need to simulate a lan service.
  i though of using EOMPLS at the ISR 2900 and closing them at the ME3600X. at the ME3600X i will use bridge domain to have this point to multipoint functionality.
  at the configuration guide i saw that when i am using bridge domain i need to disable IGMP snooping on every Vlan.
  my question is how the bridge domain treat Multicast traffic ?
  furthermore, can i mix EOMPLS and Bridge Domain ?
  Thanks,
  Avi.

  Hi Avi,
  ME3600X doesn't support VPLS yet (check with your account team for the roadmap) so I don't think your design will work here. What you can do is having a router behind the ME3600X which will have a dedicated VLAN with each remote site.
  HTH
  Laurent.

• Bridge-domain traffic paths

  Hi guys,
  Couldn't really get into logic of bridge-domain and hsrp coexistence. How traffic will be flooded?
  Imagine following topology:
  Bridge-domain and hsrp is running between ASR1 and ASR2.
  Host C has two network adapters. Both are in UP state, but only one of them is forwarding traffic.
  I am curious, what path traffic will take from host A to host C and from B to C in situation when :
  1) net.adapter #1 is active
  2) net.adapter #2 is active
  p.s. active router for hsrp remains the same.
  We have captured traffic on the devices, and it was a bit confusing to me that standby hsrp router was forwarding traffic from host B out of g0/0/0/0 and pw 3
  I would appriciate any help...

  Okay, that really make sence. Thank You very much for the explanation!
  Yes, You are right, that's RNC.
  Theoretically the MAC address should be flushed away from the memory when the switchover of the network card appears, because, the connection for some seconds goes down.
  Could You please tak a look on the following output:
  As I understand, both ASR's do know where 0040.4384.8260 (This is RNC NPGEP mac address) is. So basically there should not be any flooding..
  RP/0/RSP1/CPU0:ASR9k-1#sh l2vpn forwarding bridge-domain RNC:RNC3_TEST mac-address detail location 0/0/CPU0
  Mon Dec  2 21:05:25.639 EET
  Bridge-domain name: RNC:RNC3_TEST, id: 20, state: up
  MAC learning: enabled
  MAC port down flush: enabled
  Flooding:
     Broadcast & Multicast: enabled
     Unknown unicast: enabled
  MAC aging time: 300 s, Type: inactivity
  MAC limit: 4000, Action: none, Notification: syslog
  MAC limit reached: no
  MAC Secure: disabled, Logging: disabled
  DHCPv4 snooping: profile not known on this node
  Dynamic ARP Inspection: disabled, Logging: disabled
  IP Source Guard: disabled, Logging: disabled
  IGMP snooping: disabled, flooding: enabled
  Routed interface: BVI3, Xconnect id: 0x8000001f, state: up
    IRB platform data: {0x14000a, 0x1, 0x0, 0x80000000}, len: 16
  Bridge MTU: 1500 bytes
  Number of bridge ports: 2
  Number of MAC addresses: 2
  Multi-spanning tree instance: 0
  Mac Address: 0000.0c07.ac03, LC learned: N/A
     Resync Age: N/A, Flag: static, BVI
  Mac Address: 6c9c.ed0a.2e3d, LC learned: N/A
     Resync Age: N/A, Flag: static, BVI
    GigabitEthernet0/0/0/0, state: oper up
      Number of MAC: 1
      Statistics:
        packets: received 48765801690, sent 309298266072
        bytes: received 33416543382293, sent 54307173696538
      Storm control drop counters:
        packets: broadcast 0, multicast 0, unknown unicast 0
        bytes: broadcast 0, multicast 0, unknown unicast 0
      Dynamic arp inspection drop counters:
        packets: 0, bytes: 0
      IP source guard drop counters:
        packets: 0, bytes: 0
  Mac Address: 0040.4384.8260, LC learned: 0/0/CPU0
     Resync Age: 0d 0h 0m 0s, Flag: local
    Nbor 10.9.9.253 pw-id 3
      Number of MAC: 1
      Statistics:
        packets: received 19771488146, sent 198111062527
        bytes: received 10977874479587, sent 50825792902418
      Storm control drop counters:
        packets: broadcast 0, multicast 0, unknown unicast 0
        bytes: broadcast 0, multicast 0, unknown unicast 0
      Dynamic arp inspection drop counters:
        packets: 0, bytes: 0
      IP source guard drop counters:
        packets: 0, bytes: 0
  Mac Address: 6c9c.ed0a.9ced, LC learned: 0/0/CPU0
     Resync Age: 0d 0h 0m 0s, Flag: global
     L3 encapsulation Vlan: 2558
  RP/0/RSP1/CPU0:ASR9k-2#sh l2vpn forwarding bridge-domain RNC:RNC3_TEST mac-address detail location 0/0/CPU0
  Mon Dec  2 21:05:49.504 EET
  Bridge-domain name: RNC:RNC3_TEST, id: 15, state: up
  MAC learning: enabled
  MAC port down flush: enabled
  Flooding:
     Broadcast & Multicast: enabled
     Unknown unicast: enabled
  MAC aging time: 300 s, Type: inactivity
  MAC limit: 4000, Action: none, Notification: syslog
  MAC limit reached: no
  MAC Secure: disabled, Logging: disabled
  DHCPv4 snooping: profile not known on this node
  Dynamic ARP Inspection: disabled, Logging: disabled
  IP Source Guard: disabled, Logging: disabled
  IGMP snooping: disabled, flooding: enabled
  Routed interface: BVI3, Xconnect id: 0x8000001a, state: up
    IRB platform data: {0xf000a, 0x1, 0x0, 0x80000000}, len: 16
  Bridge MTU: 1500 bytes
  Number of bridge ports: 2
  Number of MAC addresses: 3
  Multi-spanning tree instance: 0
  To Resynchronize MAC table from the Network Processors, use the command...
      l2vpn resynchronize forwarding mac-address-table location
    GigabitEthernet0/0/0/0, state: oper up
      Number of MAC: 0
      Statistics:
        packets: received 782133119087, sent 620642426712
        bytes: received 514958352902308, sent 107302134940298
      Storm control drop counters:
        packets: broadcast 0, multicast 0, unknown unicast 0
        bytes: broadcast 0, multicast 0, unknown unicast 0
      Dynamic arp inspection drop counters:
        packets: 0, bytes: 0
      IP source guard drop counters:
        packets: 0, bytes: 0
    Nbor 10.9.9.254 pw-id 3
      Number of MAC: 3
      Statistics:
        packets: received 297905813562, sent 17722149746
        bytes: received 68165206300571, sent 10642920750826
      Storm control drop counters:
        packets: broadcast 0, multicast 0, unknown unicast 0
        bytes: broadcast 0, multicast 0, unknown unicast 0
      Dynamic arp inspection drop counters:
        packets: 0, bytes: 0
      IP source guard drop counters:
        packets: 0, bytes: 0
  Mac Address: 0000.0c07.ac03, LC learned: 0/0/CPU0
     Resync Age: 0d 0h 0m 0s, Flag: global
     L3 encapsulation Vlan: 510
  Mac Address: 0040.4384.8260, LC learned: 0/0/CPU0
     Resync Age: 0d 0h 0m 0s, Flag: global
     L3 encapsulation Vlan: 510
  Mac Address: 6c9c.ed0a.2e3d, LC learned: 0/0/CPU0
     Resync Age: 0d 0h 0m 0s, Flag: global
     L3 encapsulation Vlan: 3582