STP over VPLS

Similar Messages

• LACP or Link State Tracking over VPLS?

  Hi all!
  I have 2 sites connected with VPLS.  Both sites are now having a 2nd VPLS circuit installed (with a different carrier) for redundancy/failover.  I've got a Catalyst 3750 at each end to work with.
  My question: what's the best way to configure the 3750's?  I was thinking either LACP with 2 physical interfaces (one for each VPLS line) - in which case traffic would be balanced across them, which is fine.
  OR I could use Link State Tracking, such that if 1 link fails it would failover.  Though I'm new to Link State Tracking so I don't know if this would actually work over VPLS.
  Your thoughts are very appreciated.

  Link state tracking, also known as trunk failover, provides Layer 2 redundancy in the network when used in conjunction with server network interface card (NIC) adapter teaming. Link-state tracking is used to mirror the state of the ports that carry upstream traffic from connected hosts and servers, and to allow the failover of the server traffic to an operational link on another Cisco Ethernet switch. Check out the following link for more information on link state tracking :
  http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a00805a75e0.html#wp1285238
  Hope this helps.

• REP common link over VPLS

  Hi,
  I'm looking for some guidance on how to configure a REP common link over VPLS.  I've read a bunch of docs that more or less elude to the fact that it should be supported, but no combination of documents thus far have clearly outlined what the prerequisites are in terms of software, ES vs. ES+ hardware or relevant configuration glue to make this work.
  http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_cfg_rep.html#wp1316104
  http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_guide/baldpref.html
  Cisco Live 2010 session BRKSPG-2205 (Deploying and Designing with Resilient Ethernet Protocol) page 79
  I've got two 7600/SUP720/SRE5 boxes with a chain of ME3400s connecting the two over 6724 LAN based linecard ports.  I've also got an ES port between each 7600 to carry the SVI based EoMPLS foo between the two, and this is where I'd like to establish the VPLS common link (hopefully the below ASCII diagram will show up OK):
  [ 7600-1 ]--(6724-GE)--[ ME3400-1 ]--[ ME3400-2 ]--(6724-GE)--[ 7600-2 ]
     |                                                               |
     |                                                               |
     +---------------------------(ES20-GE)-------------------------- +
  In terms of config, I've got the 6724 chain side configured as a REP segment and the REP admin VLAN is 1/default.  I haven't been able to find the configuration glue needed to make REP aware that the common link for the segment is the VPLS pseudowire between the two 7600s:
  ! 7600-1
  interface loopback 0
  ip address 2.2.2.2 255.255.255.255
  ip router isis 21949
  interface GigabitEthernet8/22
  description Facing ME3400-1
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  rep segment 19 edge primary
  interface GigabitEthernet7/0/19
  description Facing 7600-2
  mtu 9216
  ip address 1.1.1.2 255.255.255.254
  no ip redirects
  ip router isis 21949
  mpls ip
  mls qos trust dscp
  bfd interval 250 min_rx 250 multiplier 4
  clns mtu 9199
  ethernet vlan color-block all
  interface Vlan1
  no ip address
  xconnect vfi REP-PROTECT
  l2 vfi REP-PROTECT manual
  vpn id 2194900101
  bridge-domain 1 vlan
  neighbor 2.2.2.3 encapsulation mpls
  ! 7600-2
  interface loopback 0
  ip address 2.2.2.3 255.255.255.255
  ip router isis 21949
  interface GigabitEthernet8/22
  description Facing ME3400-2
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  rep segment 19 edge
  interface GigabitEthernet7/0/19
  description Facing 7600-1
  mtu 9216
  ip address 1.1.1.3 255.255.255.254
  no ip redirects
  ip router isis 21949
  mpls ip
  mls qos trust dscp
  bfd interval 250 min_rx 250 multiplier 4
  clns mtu 9199
  ethernet vlan color-block all
  l2 vfi REP-PROTECT manual
  vpn id 2194900101
  bridge-domain 1 vlan
  neighbor 2.2.2.2 encapsulation mpls
  REP topology looks OK:
  7600-1#show rep top
  REP Segment 19
  BridgeName       PortName   Edge Role
  7600-1           Gi8/22     Pri  Open
  3400-1           Gi0/2           Open
  3400-1           Gi0/1           Open
  3400-2           Gi0/1           Open
  3400-2           Gi0/2           Open
  7600-2           Gi8/22     Sec  Alt
  VFI is up:
  7600-1#show vfi name REP-PROTECT
  Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
  VFI name: REP-PROTECT, state: up, type: multipoint
  VPN ID: 2194900101
  Bridge-Domain 1 attachment circuits:
     Vlan1 
  Neighbors connected via pseudowires:
  Peer Address     VC ID        S
  2.2.2.3          2194900101   Y
  However in a REP segment failure, the pseudowire seems to be pretty much useless acting as a common link for the failed segment.
  Is anyone running a config like this?  Am I missing something obvious (or not so obvious?)?
  Thanks in advance.

  I have a Mac and have tried the suggestion above with the places.sqlite but it DID NOT HELP! FIREFOX IS STILL HANGING!!!!!!!!!!!! I've been a real fan of firefox for several years, but lately it's just plain annoying!!! I have to force quit FF several times a day. I THINK I'M GOING TO SWITCH TO SAFARI until you guys get your act together soon :(

• Strach VRF over VPLS

             Hi,
  We are building two DC which are connected by 2x10G L2 fibers.We are plannig to implement VPLS for DCI(see attached diagram).We would extend some VLANS for L2 connectivity ( Hearbeat,VMotion etc etc).But there is also a requirment to run L3 routing between two DC'S.
  My question is,
  Insted of run L3 routing over streached VLAN , will it be possible to   run separate VRF inside VPLS between two DC's and enable L3 routing ?
  Regards,  

  Narayan, you can try couple to steps as below to troubleshoot.
  1) I suspect there is 192.168.111.1 and 192.168.111.2 in the global routing table as well, have this checked.
  2) To confirm that you have not established the tunnel with your MVRF CE enable tunnel keepalives so it will come down as there is no way it can establish a tunnel with your CE using a source from the VRF without the "tunnel vrf" command.
  3) I believe your 7600 must be having the default IOS which it was shipped with 12.2SX, the SX doesnt have this command. You may have to migrate to SRA.
  Following the above steps you can verify and solve your problem.
  HTH-Cheers,
  Swaroop

• QoS Transport over VPLS

  Hi Guys,
  Good day.
  Just want to confirm if the QoS implemented on the CPEs can be transported transparently on a VPLS network.
  Hope to have your reply as soon as possible.
  Thanks,
  GIN

  Hi Smitesh,
  Does it mean that if the Customer implemented QoS and the Service Provider is not aware and does not implement QoS o its VPLS cloud, it is possible that the implemented QoS settings from one site will not reach the other site of the customer?
  Thanks,
  GIN

• Will EoMPLS carry STP BPDU's over SP Core?

  Hi All,
  I have a query. With Ethernet over MPLS (either port or vlan mode) connecting two different locations, is it possible to have STP BPDU's carrying over the SP core. Any recent enhancements in the IOS allow it.
  Our design requires two datacenters to be connected over EoMPLS and run STP over the SP. I heard in EoMPS, SP will not learn and store any MAC from customers but would eager to know if such options exist now.
  We could not do VPLS (which does our requirement) because of hardware limitation.
  thanks in advance.
  regards,
  Arun Kumar

  Hi Guys
  Many times I had faced this question but still not Satisfy with any answer.
  But Cisco Says :
  As per my understanding Router or Switch will forward the BPDU if they are having advance BRAIN i.e Supervisor Engine .
  So if you are using Router without Supervisor Engine ( 7200  or other )then it will not forward STP BPDU over EoMPLS but if you have 7600 Series router with specific hardware the it will support STP BPDU over MPLS.
  EoMPLS Guidelines and Restrictions
  • The following restrictions apply to using trunks with EoMPLS:
  – To support Ethernet spanning tree bridge protocol data units (BPDUs) across an EoMPLS cloud, you must disable the supervisor engine spanning tree for the Ethernet-over-MPLS VLAN. This ensures that the EoMPLS VLANs are carried only on the trunk to the customer router. Otherwise, the BPDUs are directed to the supervisor engine and not to the EoMPLS cloud.
  – The native VLAN of a trunk must not be configured as an EoMPLS VLAN.
  • In PFC3BXL or PFC3B mode, all protocols (for example, CDP, VTP, BPDUs) are tunneled across the MPLS cloud without conditions.
  http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/pfc3mpls.html#wp1109041
  Regards
  Chetan Kumar

• Spanning packets and VPLS

  Hi,
  I am bit confused whether spanning tree packets uses the native vlan (ie 1) or goes as untagged ? If it is untagged, how can associated the spanning tree to the VPLS considering that I am using lots of sub-interfaces considering I am using MSTP.  I need the spanning tree to flip over the BGP based multihome VPLS.
  regards,
  Skanda

  Hi Skanda,
  BPDU handling in VPLS environment is not that straighforwared as customer STP is transparent to the SP. Customer BPDUs are dropped or forwarded transparently depending on the configuration.
  In general the default behavior is:
  UNI is dot1q tunnel port
  By default, customer BPDU will be dropped. With L2PT configuration, STP BPDU, CDP and VTP packets can be  tunneled through
  UNI is dot1q trunk port
  By default, customer STP will interact with SP STP. In order to tunnel customer STP BPDU, STP must be disabled for that customer VLAN on SP switch. Recommend to config “spanning-tree bpdufilter enable” on SP switch.
  MST behaviour slightly differs from STP and RSTP; BPDUs for MST are carried untagged on the native VLAN. If you want to transport MST BPDUs over VPLS, you will need to QinQ all of the MST VLANs + the native VLAN through your VPLS SVI xconnect.
  Riccardo

• VPLS - ASR1k - ME3800 no l2 tunnelling ?

  Hi All
  I`m playing in the lab and I`m struggling with achieving a full L2 tunnel over VPLS between an ME3800-X and ASR1004.
  Ascii Diagram: 3560[1] - ME3800X -> MPLS <- ASR1004 - 3560[2]
  Essentially, I`m trying to l2 tunnel vtp/cdp/stp over a VPLS connection between the ME and ASR. LDP is Up, L2 VFI is Up, I can ping from vlan 1 on 3560[1] to vlan 1 on 3560[2] so the VPLS is essentially up.
  That's where the issues start:
  STP traffic is not being passed, both switches are root bridges.
  If I configure 3560[1] as VTP server, 3560[2] does not get any new vlans.
  If I configure 2560[2] as a VTP Server, 3560[1] DOES get new vlans.
  (so VTP tunnelling works from the ASR to the ME3800, but not vice versa)
  CDP wise, I see nothing from 3560[1] (expected as the ME is configured to tunnel all), but I see the ASR from 3560[2]
  Stumped ? has anyone done anything similar ? its only untagged traffic (CDP/VTP/STP) I`m seeing issues with - but that's essentially what I need
  The issue looks to the ASR, if I connect both 3560's to ports within the service-instance on the ME3800-X CDP, etc works, but I can't find any command that IOS-XE will accept to do the l2 tunnelling on the ASR.
  Config references a single neighbour but in truth this would be multiple, this is just a lab.
  Config from the ME:
  Cisco IOS Software, ME380x Software (ME380x-UNIVERSALK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1) - Metro Agg and Scaled Metro Agg Licenses, Metro Eth
  interface GigabitEthernet0/24
  Descr to 3560[1]
  switchport trunk allowed vlan none
  switchport mode trunk
  mtu 9216
  service instance 1 ethernet
    encapsulation untagged , dot1q 1-4094
    l2protocol tunnel
    bridge-domain 100
  end
  l2 vfi test1 manual
  vpn id 1
  bridge-domain 100
  neighbor 1.1.1.1 encapsulation mpls
  interface Vlan100
  no ip address
  xconnect vfi test1
  -- Config from the ASR:
  Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.3(1)S, RELEASE SOFTWARE (fc4)
  interface GigabitEthernet0/0/7
  Descr connected to 3560[2]
  no ip address
  negotiation auto
  cdp enable
  service instance 100 ethernet
    encapsulation untagged , dot1q 1-4094
    bridge-domain 100
  bridge-domain 100
  (ASR accepts the member config but doesn't show it)
  l2 vfi test1 manual
  vpn id 1
  bridge-domain 100
  neighbor 2.2.2.2 encapsulation mpls
  There is a command on the ASR l2 vfi to forward l2protocol, but this errors not with BPDU tunnel not supported.  Config guides especially from IOS-XE reference using l2vpn - but half of the commands on the guide, despite this being for the correct software don't exist.
  Any assistance appreciated, head broken :-/
  Chris

  anyone?

• Multiple Customer Default Routes over MPLS Cloud

  I have a customer with a Core network connected together over VPLS, and runnng EIGRP as the IGP. For the branch offices the are using MPLS, and SP requires us to use BGP when sending routes to them.
  We have the core site, A, B, C. Site A&B have an internet connection. I want to have 1/2 the branches going to Site A and 1/2 going to Site B, and the SiteA orB and Site C as a backup. there is a single VRF. The SP will not make any changes for us...so I have been told. So I need to find out if there is a way to do this without SP involvement. I have tried Communities (CE side) with no Luck unless I make changes in the P/PE Net.
  Attached is a drawing of the high level network.
  Any Ideas....

  Some addtional informtion
  Handling Multiple Default Routes with BGP as PE-CE Protocol
  http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/L3VPNCon.html#wp321066
  Layer 3 MPLS VPN Enterprise Consumer Guide Version 2
  This section tells almost what I want to do. But I want the left side of the diagram to go left...and the right side to go right.

• MSTP_Over_VPLS !

  Dear All
  Need some pointer regarding implementing MSTP over VPLS Cloud
  Setup is as below
                                                          -------L2_Trunk------  CE2    
       --------L2_Trunk-----------     ----------PE3                            !
  CE1          MSTP          PE1  
                                               VPLS           MSTP          L2_Trunk                                             
     --------L2_Trunk-----------PE2 -----------PE4                            ! 
                                                         -------L2_Trunk----------CE3  
  In the above setup am running VPLS Full mesh between PE1,PE2,PE3 and PE4 and MSTP at CE1 to break STP Loop between CE1 and PE1 & PE2.
  Similary MSTP at CE2 and CE3 to break STP Loop between CE1,CE2,PE3 and PE4.
  The MSTP is placing the uplink between CE2 to PE3 and CE3 to PE4 in root_inconsistent state and as marking those uplink ports as p2p PVST Boundary port.
  No Spanning Tree is enabled at any of the PE. Still the CE2 and CE3 uplinks are showing as p2p PVST boundary port ?
  Also unde this MSTP setup the CE2-to-CE3 Interswitch Trunk link is under forwarding state and CE2/CE3 uplniks to P33/PE4 are both in Blocking State.I have set the CE2-to-CE3 Links Cost to a higher value but still somehow the MSTP is not behaving properly.
  On PE am using separate VFI to tunnel MSTP BPDU over a separate native vlan.
  Can anyone look and help me with the correct design and configs to make this setup running ?
  Regards
  Varma

  What kind of PE routers do you have? Are they ASR9k  running EVC/EFP on switch facing interfaces?
  http://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/116514-problem-stp-00.html
  Best Regards,
  Bheem

• Encrypted L3 Communications Between LAP and WLC?

  Hi All,
  I am working with a client that wants to put LAPs remote to their WLC (a 4402). The rub is that the communications between the LAP and WLC must be secure even across their private WAN! I have a couple of resulting questions if anyone is able to help;
  I can't find out if and what encryption method is (is it AES etc.?) used on the backhaul between LAPs and the WLC and what's involved?
  Terminology may be wrong here, this is not a wireless mesh, just conventional LAP to WLC
  The client's WAN is already encrypted (IPSec VPN over VPLS) in parts - what's the consequence of running AP<-->WLC with end-to-end encryption (if possible) over a WAN with IPSec, i.e. double encryption?
  Strange but true - any pointers will be much appreciated.... Phil.C

  With a 4400 series controller the control traffic between the AP and controller is already AES encrypted.  The user traffic is not encrypted.  If you use a 5508 controller all traffic between the AP and controller is AES encrypted.
  As for running the traffic through a VPN, that should work.  The issue I typically see with this is with the MTU.  The controller will drop any packets with a data payload less than 32bytes.  Depending on the MTU over the VPN I have seen packets get fragmented and this to be an issue.  If you are using one of the CAPWAP versions (5.2 or newer) dynamic MTU discovery is part of the protocol and this MTU issue really doesn't exist.

• Lossless Audio Editing

  I have Apple Lossless audio format files to edit. Just simple trim, cut, copy, and paste. I do have QuickTime 7 pro for the job, but it doesn't export to any lossless format.
  Does Soundtrack would be able to do what I need?

  QuickTime itself doesn't do what STP does. STP is a sound-for-picture mixing and sweetening environment.
  In your particular instance there is no advantage to using STP over QuickTime unless you wanted to make additional changes such as compression/limitation, reverb, etc.

• Soundtrack pro or protools comparison

  Soundtrack Pro or Pro tools?
  What are the limitations of Soundtrack pro in comparison to protools? Specifically with regard to video production.
  i.e. if you were building a studio now, would you still use protools, or just go with soundtrack?

  Soundtrack Pro's main selling feature is it's integration with Final Cut Pro. So if you're building a video facility around FCP then STP is a reasonable proposition.
  If however you were building a dedicated audio facility that needed to do all kinds of work, I think it would be hard to justify STP over Protools, except maybe when comparing price points.
  previous expanded discussion

• Multicast, L2TPv3,EoMPLS support

  My requirements are to support Multicast for future deployment and vlan extension over a MPLS ISP( ISP is provding ospf handoff)
  I will have to use a software based solution since the tunnel needs to start and terminate on 3845s so L2tpv3 which is router-based solution is a good candidate.
  Also EoMPLS does not support multicast I would have to use a GRE tunnel to provide support for multicast.
  With MPLS over GRE with EoMPLS feature I am looking at a maximum mtu size of 1570 and if voice is deployed over this then each tiny voice packet will have a pretty big header compared to the header. here i would need to use an additional GRE tunnel for multicast support.
  With L2TPv3 it would add 20 bytes of header.
  So would l2TPv3 and a gre tunnel for multicast be a good design??
  I am thinking using L2TPv3 for layer 2 extension and a GRE tunnel for multicast support.

  Hi,
  it depends on your multicast application, and topology. Normally I've seen implemented the multicast transport over MPLS cloud in two ways:
  1. Multicast over MPLS, using MDT like a GRE tunnel:
  http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a0080242aa8.shtml
  2. Multicast over VPLS istance (treated like a broadcast):
  http://www.cisco.com/en/US/tech/tk436/tk891/technologies_q_and_a_item09186a00801ed3bf.shtml
  Today multicast is not label switched (last Farinacci draft is dated 2003).
  HTH
  Andrea

• Levels appear fine in STP, but over-modulated when imported back to FCP

  Hello,
  Trying to figure out how to work STP and FCP. Sent FCP to STP just fine. Worked the sound. Saved in STP and Exported to the original FTP file. The sound that appeared perfectly balanced in STP was over-modulated in FCP.
  Explanations, help, ideas.
  Thanks.
  DG

  hey there rosebud,
  try posting in the Soundtrack Pro Discussion.
  good luck.