Re: Improving configuration of EVC (service instances, dot1q, & bridge domains)

Odys (CSC) · ‎10-25-2018

Hi everybody,

Let me first tell more about our network:

I've got hundreds of subscribers connected to my catalyst me3800 (their last resort / gateway) through a layer 2 cloud (no idea what technology they use, l2vpn, mpls, metro, etc..)

I usually get an "access id" from the layer 2 party which needs to be configured in my catalyst. Here is a part of the config:

!!! vlans 300X are what the layer 2 party calls "access id"

!!! vlans 40X are the subscribers data vlans

!!! vlan 44 is the CPE's management vlan

interface GigabitEthernet0/0/9

description 3rd_PARTY_LAYER2

no ip address

service instance 401 ethernet

description Subs1

encapsulation dot1q 3001 second-dot1q 401

rewrite ingress tag pop 2 symmetric

bridge-domain 401

!

service instance 402 ethernet

description Subs2

encapsulation dot1q 3002 second-dot1q 402

rewrite ingress tag pop 2 symmetric

bridge-domain 402

!

service instance 403 ethernet

description Subs3

encapsulation dot1q 3003 second-dot1q 403

rewrite ingress tag pop 2 symmetric

bridge-domain 403

!

service instance 3001 ethernet

description MGMT_Subs1

encapsulation dot1q 3001 second-dot1q 44

rewrite ingress tag pop 2 symmetric

bridge-domain 44

!

service instance 3002 ethernet

description MGMT_Subs2

encapsulation dot1q 3002 second-dot1q 44

rewrite ingress tag pop 2 symmetric

bridge-domain 44

!

service instance 3003 ethernet

description MGMT_Subs3

encapsulation dot1q 3003 second-dot1q 44

rewrite ingress tag pop 2 symmetric

bridge-domain 44

!

ME3800X# show mac address-table | include Gi0/0/9

   44    0076.86b7.c63d DYNAMIC Gi0/0/9.Efp3001

   44    08cc.6848.519a DYNAMIC Gi0/0/9.Efp3002

   44    189c.5df4.73ae DYNAMIC Gi0/0/9.Efp3003

   401   404a.036d.568c DYNAMIC Gi0/0/9.Efp401

   402   0007.3bbe.1e60 DYNAMIC Gi0/0/9.Efp402

   403   64c3.549c.b083 DYNAMIC Gi0/0/9.Efp403

I'm looking for a smarter config idea that would eliminate these issues:

1- configuring service instances twice. 1 for mgmt and another for data.

2- configuring additional data vlan for the same subscriber (what should i call the service instance ?!)

thanks !

Odys

ilirnako1 · ‎12-01-2018

Hi Odus

for the management you can use one service instance

service instance 44 ethernet
encapsulation dot1q any second-dot1q 44

rewrite ingress tag pop 2 symmetric

bridge-domain 44

Regards

Ilir

Odys (CSC) · ‎12-01-2018

Hi ilir,

I tried that before. It caused performance issues and a lot of "hiccups" at management level.

We have every month a couple of new subscribers. Once the new switch is installed, I'd -for example- ssh it and the snmp manager would try to poll it.

These are all "egress" traffic from the 3800 perspective (requests --> through the access switch 3800 --> the subscriber's switch)

If the mac table hasn't learned any address yet, the 3800 will flood the request to hundred of subscribers !

I hope you've got my point.

ilirnako1 · ‎12-01-2018

HI Odys

why you use different vlan300X for every customer ? --You may have one or two S-Vlan where to group all the customers

At the customer side you can use Vlan1 for Data-Internet and the vlan 44 for management .

this topology is more scalable .

You will have only two service instances in ME3800 :

for management -- encapsulation dot1q 3001 second dot1q 44

For Data --encap dot1q 3001

Ilir

Odys (CSC) · ‎12-02-2018

Hi Ilir,

I appreciate your attention for my question :)

Why do i use different data vlans for every customer ? because each customer has its own public subnet (a specific subnet-8 or 16 per customer)

interface vlan 401

description customer1_outerTAG3001

ip address hh.mm.rr.8 255.255.255.248

interface vlan 402

description customer2_outerTAG3002

ip address hh.mm.rr.16 255.255.255.248

and so on...

So, the customers don't share the same net-id.

If yet it can better in your opinion, then please let me know.

ilirnako1 · ‎12-02-2018

You can use CPE routers ,Mikrotik or Cisco at every customer .The CPE router can be managed from you for QOS .

For routing you can use static routes or OSPF .This is stable topology . the Vlan 44 is not necessary mbecause you can use ACL for management filters at your ME3800

Or use the customer switches as router .The uplink interface can be L3 ,not trunk ,

Regards

Ilir

Odys (CSC) · ‎12-03-2018

Hi Ilir,

Changing from bridging to routing at customer side, is a huge step we aren't ready for.

I thought there were more efficient EVC configuration than what i mentioned above.

Have a good day..

Henry

ilirnako1 · ‎12-04-2018

Hi Henry

there is one another option:

Use only one S-Vlan ,for example vlan 3002 .

Use different vlans for every customer ,for example vlan 401 ,402 ,403 etc

vlan 44 for management .

Speak with Provider to remove the S-vlan tag at your connection

In your Me 3800 you will have different service instances for DATA (401 ,402 ,403 )

and only one service instance 44 for ,managememt .

This can be good solution for you

Ilir

Odys (CSC) · ‎12-11-2018

Good day Ilir,

As far as i know, the isp has to tag/label every certain evc. Otherwise how would the isp identify the different re-sellers ?