STP over VPLS
Hi Everyone!
I have a scenario of 3 PE routers with full mesh VPLS Pseudo-wires configured over it. If you look into the design, I have connected two switches Sw1 and Sw2 with the PEs R2 and R3 respectively. Considering that the VPLS cloud is operating correctly, I have connected a CE switch [Sw3] with Sw1 and Sw2. Now, the issue is STP over VPLS. Without having STP running inside the VPLS cloud, it's causing loop all over the ring.
In order to avoid loop, I have run PVST+ on all the three switches but the PEs are not running STP as I believe that the BPDUs are to be transparently forwarded through the VPLS pseudo wires. But, i'm not really sure why i'm getting PVST_Inc error on both Sw1 and Sw2 for the links that are connected with their respective PEs. Any response regarding this will be highly appreciated.
For your reference, network diagram is attached below:
Thanks!
What kind of PE routers do you have? Are they ASR9k running EVC/EFP on switch facing interfaces?
http://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/116514-problem-stp-00.html
Best Regards,
Bheem
Similar Messages
-
LACP or Link State Tracking over VPLS?
Hi all!
I have 2 sites connected with VPLS. Both sites are now having a 2nd VPLS circuit installed (with a different carrier) for redundancy/failover. I've got a Catalyst 3750 at each end to work with.
My question: what's the best way to configure the 3750's? I was thinking either LACP with 2 physical interfaces (one for each VPLS line) - in which case traffic would be balanced across them, which is fine.
OR I could use Link State Tracking, such that if 1 link fails it would failover. Though I'm new to Link State Tracking so I don't know if this would actually work over VPLS.
Your thoughts are very appreciated.Link state tracking, also known as trunk failover, provides Layer 2 redundancy in the network when used in conjunction with server network interface card (NIC) adapter teaming. Link-state tracking is used to mirror the state of the ports that carry upstream traffic from connected hosts and servers, and to allow the failover of the server traffic to an operational link on another Cisco Ethernet switch. Check out the following link for more information on link state tracking :
http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a00805a75e0.html#wp1285238
Hope this helps. -
Hi,
I'm looking for some guidance on how to configure a REP common link over VPLS. I've read a bunch of docs that more or less elude to the fact that it should be supported, but no combination of documents thus far have clearly outlined what the prerequisites are in terms of software, ES vs. ES+ hardware or relevant configuration glue to make this work.
http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_cfg_rep.html#wp1316104
http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_guide/baldpref.html
Cisco Live 2010 session BRKSPG-2205 (Deploying and Designing with Resilient Ethernet Protocol) page 79
I've got two 7600/SUP720/SRE5 boxes with a chain of ME3400s connecting the two over 6724 LAN based linecard ports. I've also got an ES port between each 7600 to carry the SVI based EoMPLS foo between the two, and this is where I'd like to establish the VPLS common link (hopefully the below ASCII diagram will show up OK):
[ 7600-1 ]--(6724-GE)--[ ME3400-1 ]--[ ME3400-2 ]--(6724-GE)--[ 7600-2 ]
| |
| |
+---------------------------(ES20-GE)-------------------------- +
In terms of config, I've got the 6724 chain side configured as a REP segment and the REP admin VLAN is 1/default. I haven't been able to find the configuration glue needed to make REP aware that the common link for the segment is the VPLS pseudowire between the two 7600s:
! 7600-1
interface loopback 0
ip address 2.2.2.2 255.255.255.255
ip router isis 21949
interface GigabitEthernet8/22
description Facing ME3400-1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
rep segment 19 edge primary
interface GigabitEthernet7/0/19
description Facing 7600-2
mtu 9216
ip address 1.1.1.2 255.255.255.254
no ip redirects
ip router isis 21949
mpls ip
mls qos trust dscp
bfd interval 250 min_rx 250 multiplier 4
clns mtu 9199
ethernet vlan color-block all
interface Vlan1
no ip address
xconnect vfi REP-PROTECT
l2 vfi REP-PROTECT manual
vpn id 2194900101
bridge-domain 1 vlan
neighbor 2.2.2.3 encapsulation mpls
! 7600-2
interface loopback 0
ip address 2.2.2.3 255.255.255.255
ip router isis 21949
interface GigabitEthernet8/22
description Facing ME3400-2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
rep segment 19 edge
interface GigabitEthernet7/0/19
description Facing 7600-1
mtu 9216
ip address 1.1.1.3 255.255.255.254
no ip redirects
ip router isis 21949
mpls ip
mls qos trust dscp
bfd interval 250 min_rx 250 multiplier 4
clns mtu 9199
ethernet vlan color-block all
l2 vfi REP-PROTECT manual
vpn id 2194900101
bridge-domain 1 vlan
neighbor 2.2.2.2 encapsulation mpls
REP topology looks OK:
7600-1#show rep top
REP Segment 19
BridgeName PortName Edge Role
7600-1 Gi8/22 Pri Open
3400-1 Gi0/2 Open
3400-1 Gi0/1 Open
3400-2 Gi0/1 Open
3400-2 Gi0/2 Open
7600-2 Gi8/22 Sec Alt
VFI is up:
7600-1#show vfi name REP-PROTECT
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: REP-PROTECT, state: up, type: multipoint
VPN ID: 2194900101
Bridge-Domain 1 attachment circuits:
Vlan1
Neighbors connected via pseudowires:
Peer Address VC ID S
2.2.2.3 2194900101 Y
However in a REP segment failure, the pseudowire seems to be pretty much useless acting as a common link for the failed segment.
Is anyone running a config like this? Am I missing something obvious (or not so obvious?)?
Thanks in advance.I have a Mac and have tried the suggestion above with the places.sqlite but it DID NOT HELP! FIREFOX IS STILL HANGING!!!!!!!!!!!! I've been a real fan of firefox for several years, but lately it's just plain annoying!!! I have to force quit FF several times a day. I THINK I'M GOING TO SWITCH TO SAFARI until you guys get your act together soon :(
-
Hi,
We are building two DC which are connected by 2x10G L2 fibers.We are plannig to implement VPLS for DCI(see attached diagram).We would extend some VLANS for L2 connectivity ( Hearbeat,VMotion etc etc).But there is also a requirment to run L3 routing between two DC'S.
My question is,
Insted of run L3 routing over streached VLAN , will it be possible to run separate VRF inside VPLS between two DC's and enable L3 routing ?
Regards,Narayan, you can try couple to steps as below to troubleshoot.
1) I suspect there is 192.168.111.1 and 192.168.111.2 in the global routing table as well, have this checked.
2) To confirm that you have not established the tunnel with your MVRF CE enable tunnel keepalives so it will come down as there is no way it can establish a tunnel with your CE using a source from the VRF without the "tunnel vrf" command.
3) I believe your 7600 must be having the default IOS which it was shipped with 12.2SX, the SX doesnt have this command. You may have to migrate to SRA.
Following the above steps you can verify and solve your problem.
HTH-Cheers,
Swaroop -
Hi Guys,
Good day.
Just want to confirm if the QoS implemented on the CPEs can be transported transparently on a VPLS network.
Hope to have your reply as soon as possible.
Thanks,
GINHi Smitesh,
Does it mean that if the Customer implemented QoS and the Service Provider is not aware and does not implement QoS o its VPLS cloud, it is possible that the implemented QoS settings from one site will not reach the other site of the customer?
Thanks,
GIN -
Will EoMPLS carry STP BPDU's over SP Core?
Hi All,
I have a query. With Ethernet over MPLS (either port or vlan mode) connecting two different locations, is it possible to have STP BPDU's carrying over the SP core. Any recent enhancements in the IOS allow it.
Our design requires two datacenters to be connected over EoMPLS and run STP over the SP. I heard in EoMPS, SP will not learn and store any MAC from customers but would eager to know if such options exist now.
We could not do VPLS (which does our requirement) because of hardware limitation.
thanks in advance.
regards,
Arun KumarHi Guys
Many times I had faced this question but still not Satisfy with any answer.
But Cisco Says :
As per my understanding Router or Switch will forward the BPDU if they are having advance BRAIN i.e Supervisor Engine .
So if you are using Router without Supervisor Engine ( 7200 or other )then it will not forward STP BPDU over EoMPLS but if you have 7600 Series router with specific hardware the it will support STP BPDU over MPLS.
EoMPLS Guidelines and Restrictions
• The following restrictions apply to using trunks with EoMPLS:
– To support Ethernet spanning tree bridge protocol data units (BPDUs) across an EoMPLS cloud, you must disable the supervisor engine spanning tree for the Ethernet-over-MPLS VLAN. This ensures that the EoMPLS VLANs are carried only on the trunk to the customer router. Otherwise, the BPDUs are directed to the supervisor engine and not to the EoMPLS cloud.
– The native VLAN of a trunk must not be configured as an EoMPLS VLAN.
• In PFC3BXL or PFC3B mode, all protocols (for example, CDP, VTP, BPDUs) are tunneled across the MPLS cloud without conditions.
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/pfc3mpls.html#wp1109041
Regards
Chetan Kumar -
Hi,
I am bit confused whether spanning tree packets uses the native vlan (ie 1) or goes as untagged ? If it is untagged, how can associated the spanning tree to the VPLS considering that I am using lots of sub-interfaces considering I am using MSTP. I need the spanning tree to flip over the BGP based multihome VPLS.
regards,
SkandaHi Skanda,
BPDU handling in VPLS environment is not that straighforwared as customer STP is transparent to the SP. Customer BPDUs are dropped or forwarded transparently depending on the configuration.
In general the default behavior is:
UNI is dot1q tunnel port
By default, customer BPDU will be dropped. With L2PT configuration, STP BPDU, CDP and VTP packets can be tunneled through
UNI is dot1q trunk port
By default, customer STP will interact with SP STP. In order to tunnel customer STP BPDU, STP must be disabled for that customer VLAN on SP switch. Recommend to config “spanning-tree bpdufilter enable” on SP switch.
MST behaviour slightly differs from STP and RSTP; BPDUs for MST are carried untagged on the native VLAN. If you want to transport MST BPDUs over VPLS, you will need to QinQ all of the MST VLANs + the native VLAN through your VPLS SVI xconnect.
Riccardo -
VPLS - ASR1k - ME3800 no l2 tunnelling ?
Hi All
I`m playing in the lab and I`m struggling with achieving a full L2 tunnel over VPLS between an ME3800-X and ASR1004.
Ascii Diagram: 3560[1] - ME3800X -> MPLS <- ASR1004 - 3560[2]
Essentially, I`m trying to l2 tunnel vtp/cdp/stp over a VPLS connection between the ME and ASR. LDP is Up, L2 VFI is Up, I can ping from vlan 1 on 3560[1] to vlan 1 on 3560[2] so the VPLS is essentially up.
That's where the issues start:
STP traffic is not being passed, both switches are root bridges.
If I configure 3560[1] as VTP server, 3560[2] does not get any new vlans.
If I configure 2560[2] as a VTP Server, 3560[1] DOES get new vlans.
(so VTP tunnelling works from the ASR to the ME3800, but not vice versa)
CDP wise, I see nothing from 3560[1] (expected as the ME is configured to tunnel all), but I see the ASR from 3560[2]
Stumped ? has anyone done anything similar ? its only untagged traffic (CDP/VTP/STP) I`m seeing issues with - but that's essentially what I need
The issue looks to the ASR, if I connect both 3560's to ports within the service-instance on the ME3800-X CDP, etc works, but I can't find any command that IOS-XE will accept to do the l2 tunnelling on the ASR.
Config references a single neighbour but in truth this would be multiple, this is just a lab.
Config from the ME:
Cisco IOS Software, ME380x Software (ME380x-UNIVERSALK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1) - Metro Agg and Scaled Metro Agg Licenses, Metro Eth
interface GigabitEthernet0/24
Descr to 3560[1]
switchport trunk allowed vlan none
switchport mode trunk
mtu 9216
service instance 1 ethernet
encapsulation untagged , dot1q 1-4094
l2protocol tunnel
bridge-domain 100
end
l2 vfi test1 manual
vpn id 1
bridge-domain 100
neighbor 1.1.1.1 encapsulation mpls
interface Vlan100
no ip address
xconnect vfi test1
-- Config from the ASR:
Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.3(1)S, RELEASE SOFTWARE (fc4)
interface GigabitEthernet0/0/7
Descr connected to 3560[2]
no ip address
negotiation auto
cdp enable
service instance 100 ethernet
encapsulation untagged , dot1q 1-4094
bridge-domain 100
bridge-domain 100
(ASR accepts the member config but doesn't show it)
l2 vfi test1 manual
vpn id 1
bridge-domain 100
neighbor 2.2.2.2 encapsulation mpls
There is a command on the ASR l2 vfi to forward l2protocol, but this errors not with BPDU tunnel not supported. Config guides especially from IOS-XE reference using l2vpn - but half of the commands on the guide, despite this being for the correct software don't exist.
Any assistance appreciated, head broken :-/
Chrisanyone?
-
Multiple Customer Default Routes over MPLS Cloud
I have a customer with a Core network connected together over VPLS, and runnng EIGRP as the IGP. For the branch offices the are using MPLS, and SP requires us to use BGP when sending routes to them.
We have the core site, A, B, C. Site A&B have an internet connection. I want to have 1/2 the branches going to Site A and 1/2 going to Site B, and the SiteA orB and Site C as a backup. there is a single VRF. The SP will not make any changes for us...so I have been told. So I need to find out if there is a way to do this without SP involvement. I have tried Communities (CE side) with no Luck unless I make changes in the P/PE Net.
Attached is a drawing of the high level network.
Any Ideas....Some addtional informtion
Handling Multiple Default Routes with BGP as PE-CE Protocol
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/L3VPNCon.html#wp321066
Layer 3 MPLS VPN Enterprise Consumer Guide Version 2
This section tells almost what I want to do. But I want the left side of the diagram to go left...and the right side to go right. -
MSTP_Over_VPLS !
Dear All
Need some pointer regarding implementing MSTP over VPLS Cloud
Setup is as below
-------L2_Trunk------ CE2
--------L2_Trunk----------- ----------PE3 !
CE1 MSTP PE1
VPLS MSTP L2_Trunk
--------L2_Trunk-----------PE2 -----------PE4 !
-------L2_Trunk----------CE3
In the above setup am running VPLS Full mesh between PE1,PE2,PE3 and PE4 and MSTP at CE1 to break STP Loop between CE1 and PE1 & PE2.
Similary MSTP at CE2 and CE3 to break STP Loop between CE1,CE2,PE3 and PE4.
The MSTP is placing the uplink between CE2 to PE3 and CE3 to PE4 in root_inconsistent state and as marking those uplink ports as p2p PVST Boundary port.
No Spanning Tree is enabled at any of the PE. Still the CE2 and CE3 uplinks are showing as p2p PVST boundary port ?
Also unde this MSTP setup the CE2-to-CE3 Interswitch Trunk link is under forwarding state and CE2/CE3 uplniks to P33/PE4 are both in Blocking State.I have set the CE2-to-CE3 Links Cost to a higher value but still somehow the MSTP is not behaving properly.
On PE am using separate VFI to tunnel MSTP BPDU over a separate native vlan.
Can anyone look and help me with the correct design and configs to make this setup running ?
Regards
VarmaWhat kind of PE routers do you have? Are they ASR9k running EVC/EFP on switch facing interfaces?
http://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/116514-problem-stp-00.html
Best Regards,
Bheem -
Encrypted L3 Communications Between LAP and WLC?
Hi All,
I am working with a client that wants to put LAPs remote to their WLC (a 4402). The rub is that the communications between the LAP and WLC must be secure even across their private WAN! I have a couple of resulting questions if anyone is able to help;
I can't find out if and what encryption method is (is it AES etc.?) used on the backhaul between LAPs and the WLC and what's involved?
Terminology may be wrong here, this is not a wireless mesh, just conventional LAP to WLC
The client's WAN is already encrypted (IPSec VPN over VPLS) in parts - what's the consequence of running AP<-->WLC with end-to-end encryption (if possible) over a WAN with IPSec, i.e. double encryption?
Strange but true - any pointers will be much appreciated.... Phil.CWith a 4400 series controller the control traffic between the AP and controller is already AES encrypted. The user traffic is not encrypted. If you use a 5508 controller all traffic between the AP and controller is AES encrypted.
As for running the traffic through a VPN, that should work. The issue I typically see with this is with the MTU. The controller will drop any packets with a data payload less than 32bytes. Depending on the MTU over the VPN I have seen packets get fragmented and this to be an issue. If you are using one of the CAPWAP versions (5.2 or newer) dynamic MTU discovery is part of the protocol and this MTU issue really doesn't exist. -
I have Apple Lossless audio format files to edit. Just simple trim, cut, copy, and paste. I do have QuickTime 7 pro for the job, but it doesn't export to any lossless format.
Does Soundtrack would be able to do what I need?QuickTime itself doesn't do what STP does. STP is a sound-for-picture mixing and sweetening environment.
In your particular instance there is no advantage to using STP over QuickTime unless you wanted to make additional changes such as compression/limitation, reverb, etc. -
Soundtrack pro or protools comparison
Soundtrack Pro or Pro tools?
What are the limitations of Soundtrack pro in comparison to protools? Specifically with regard to video production.
i.e. if you were building a studio now, would you still use protools, or just go with soundtrack?Soundtrack Pro's main selling feature is it's integration with Final Cut Pro. So if you're building a video facility around FCP then STP is a reasonable proposition.
If however you were building a dedicated audio facility that needed to do all kinds of work, I think it would be hard to justify STP over Protools, except maybe when comparing price points.
previous expanded discussion -
Multicast, L2TPv3,EoMPLS support
My requirements are to support Multicast for future deployment and vlan extension over a MPLS ISP( ISP is provding ospf handoff)
I will have to use a software based solution since the tunnel needs to start and terminate on 3845s so L2tpv3 which is router-based solution is a good candidate.
Also EoMPLS does not support multicast I would have to use a GRE tunnel to provide support for multicast.
With MPLS over GRE with EoMPLS feature I am looking at a maximum mtu size of 1570 and if voice is deployed over this then each tiny voice packet will have a pretty big header compared to the header. here i would need to use an additional GRE tunnel for multicast support.
With L2TPv3 it would add 20 bytes of header.
So would l2TPv3 and a gre tunnel for multicast be a good design??
I am thinking using L2TPv3 for layer 2 extension and a GRE tunnel for multicast support.Hi,
it depends on your multicast application, and topology. Normally I've seen implemented the multicast transport over MPLS cloud in two ways:
1. Multicast over MPLS, using MDT like a GRE tunnel:
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a0080242aa8.shtml
2. Multicast over VPLS istance (treated like a broadcast):
http://www.cisco.com/en/US/tech/tk436/tk891/technologies_q_and_a_item09186a00801ed3bf.shtml
Today multicast is not label switched (last Farinacci draft is dated 2003).
HTH
Andrea -
Levels appear fine in STP, but over-modulated when imported back to FCP
Hello,
Trying to figure out how to work STP and FCP. Sent FCP to STP just fine. Worked the sound. Saved in STP and Exported to the original FTP file. The sound that appeared perfectly balanced in STP was over-modulated in FCP.
Explanations, help, ideas.
Thanks.
DGhey there rosebud,
try posting in the Soundtrack Pro Discussion.
good luck.
Maybe you are looking for
-
Report Engine crashing on Solaris when report with graph is given.
Hi, We are using following environment: Solaris 8 Oracle 9i Report Sevices. When we try to execute reports having graphs then the report engine crashes with the following exception: REP-0177: Error while running in remote server REP-56048: Engine rwE
-
anysimple example program for using custom controller
-
Hi, I have an application developed using Forms 4.5 and Reports 2.5.I have upgraded the same to 9i and deployed it using Application server 9.0.2. Now if i want to use a different application server 10g (9.0.4)do i have to migrate my forms and report
-
How do you properly propagate permissions on an xserv 10.6.8?
I finished setting up my school computer lab with xserv 10.6.8. The client macs were logging in to the servers into their groups, all sharepoints were fine except that the users weren't able to save anything to tthe server, getting an error saying th
-
What is JCAActivationAgent?
when i create a File Adapater or JMS adapter, i notice below entry in bpel.xml. <activationAgent className="oracle.tip.adapter.fw.agent.jca.JCAActivationAgent" partnerLink="JMSService"> <property name="portType">Consume_Message_ptt</property> </activ