Solved: Using L2TP xconnect on 7600/ES20

Peter Paluch · ‎08-11-2010

Dear friends,

A colleague has asked me to assist him with establishing a L2TP pseudowire between two 7600 series routers. At first I thought it to be an easy task but it unexpectedly turned into an issue we both could not solve.

The goal was to provide a plain L2TP pseudowire between two ports on different 7600 routers (no interworking, just a simple pseudowire). This pseudowire was configured in a straightforward way using a simple pseudowire-class and an xconnect command on the respective Ethernet interfaces:

pseudowire-class PW-Class
 encapsulation l2tpv3
 ip local interface Loopback0
!
interface GigabitEthernet3/0/0
 no ip address
 speed 1000
 no mls qos trust
 xconnect A.B.C.D 1234 encapsulation l2tpv3 pw-class PW-Class

The problem is that while the L2TP control connection is successfully established, this tunnel does not carry any data whatsoever:

7604-First# show l2tp

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocTunID   RemTunID   Remote Name   State Remote Address Sessn L2TP Class/
                                                           Count VPDN Group
2978780432 1598333693 7604-Second   est    A.B.C.D         1     l2tp_default_cl

LocID      RemID      TunID      Username, Intf/      State Last Chg Uniq ID
                                 Vcid, Circuit
9560       21227      2978780432 1234, Gi3/0/0        est    00:36:55 20

7604-First# show l2tp session packets

L2TP Session Information Total tunnels 1 sessions 1

LocID RemID TunID Pkts-In Pkts-Out Bytes-In Bytes-Out
9560 21227 2978780432 0 0 0 0

We have tried several ways of configuring the pseudowire, both by using the xconnect directly on the physical interface and by creating a "service instance" and using the xconnect inside the service instance configuration. Nothing had a positive effect. The L2TP control connection gets established readily but the frames received by the GI3/0/0 do not even seem to be forwarded into the pseudowire. The problem is identical on both ends of the pseudowire.

The question is - is there a problem in the configuration or does the 7600 with the ES20 line card lack the proper support for establishing L2TP pseudowires?

Information about the hardware equipment and software versions:

IOS Version: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRD4, RELEASE SOFTWARE (fc2)

Extract from "show inventory":

NAME: "CISCO7604", DESCR: "Cisco Systems Cisco 7600 4-slot Chassis System"
NAME: "CLK-7600 1", DESCR: "OSR-7600 Clock FRU 1"
NAME: "CLK-7600 2", DESCR: "OSR-7600 Clock FRU 2"
NAME: "module 1", DESCR: "RSP720-3C-GE 2 ports Route Switch Processor 720 Rev. 5.9"
NAME: "msfc sub-module of 1", DESCR: "7600-MSFC4 C7600 MSFC4 Daughterboard Rev. 1.5"
NAME: "switching engine sub-module of 1", DESCR: "7600-PFC3C Policy Feature Card 3 Rev. 1.2"
NAME: "module 3", DESCR: "7600-ES20-GE3C ESM20G Rev. 1.5"
NAME: "LINK sub-module of 3", DESCR: "7600-ES20-20GE Link Daugher Card Rev. 1.1"
NAME: "subslot 3/0 transceiver 0", DESCR: "GE T"
NAME: "subslot 3/0 transceiver 1", DESCR: "GE T"
NAME: "subslot 3/0 transceiver 2", DESCR: "GE T"
NAME: "subslot 3/0 transceiver 3", DESCR: "GE T"
NAME: "subslot 3/0 transceiver 4", DESCR: "GE T"
NAME: "subslot 3/0 transceiver 5", DESCR: "GE T"
NAME: "subslot 3/0 transceiver 18", DESCR: "GE T"
NAME: "subslot 3/0 transceiver 19", DESCR: "GE T"
NAME: "CPU sub-module of 3", DESCR: "7600-ES20-PROC FRU type (0x6005, 0x6A5(1701)) Rev. 1.4"
NAME: "switching engine sub-module of 3", DESCR: "7600-ES20-D3C ESM20G/PFC3C Distributed Forwarding Card Rev. 1.2"
NAME: "FAN-MOD-4HS 1", DESCR: "High Speed Fan Module for CISCO7604 1"
NAME: "PS 1 PWR-2700-AC/4", DESCR: "2700W AC power supply for CISCO7604 1"
NAME: "PS 2 PWR-2700-AC/4", DESCR: "2700W AC power supply for CISCO7604 2"

Any help or guidance is very much appreciated!

Best regards,

Peter

Atif Awan · ‎08-18-2010

Have you looked at the L2TPv3 restrictions as they pertain to 7600? You need a SIP-400 or ES+ linecard access facing. ES-20 as access facing is not supported. Core facing can be any linecard.

View solution in original post

Pavol Golis · ‎08-20-2010

Atif is right, Jude's config "3/0/1" suggests SIP series LC, and Randy has ES+ series LC, 
thats why it works for them on 7600.

Would just add snip from doc:

"On the Cisco 7600 series routers, L2TPv3 is a line card feature that was traditionally
implemented only on the 7600-SIP-400 line card. In Cisco IOS Release 12.2(33)SRD, L2TPv3
is supported on the 7600-ES+20/40 line cards in the hardware, with the same capabilities
(excluding the non-Ethernet interface support) and restrictions as in the 7600-SIP-400
line card. The minimum hardware requirement for enabling the L2TPv3 service on a Cisco
7600 router are an L2TPv3-aware line card (such as the 7600-SIP-400/ES+) at the Layer 2
CE-facing side and an IP interface on any line card at the IP core-facing side. A service
card is not required for L2TPv3."

http://www.cisco.com/en/US/docs/ios/wan/configuration/guide/wan_l2_tun_pro_v3.html

View solution in original post

Randy Fajardo · ‎08-12-2010

Hey peter,

I tried that exact same setup. I upgraded from SRD2a to SRD4 and it worked. Give it a try.

Rod

Peter Paluch · ‎08-13-2010

Hi Randy,

Thank you very much for your answer!

Nevertheless, I already have the SRD4 IOS. Have a look at my original post: the IOS version is

Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRD4, RELEASE SOFTWARE (fc2)

So, unfortunately, having the SRD4 alone does not solve this problem. Do you have the same hardware equipment, i.e. the RSP, MSFC, and ES20 line card? Is there perhaps a global setting about the entire card I should have before I even start configuring it with L2TP pseudowires?

Thank you very much again!

Best regards,

Peter

Randy Fajardo · ‎08-14-2010

sorry didn't notice your IOS. I'm using RSP720-3C-GE (MSFC4) and 7600-ES+20G3C. Also used xconnect on the interface and not on a service instance. And didn't use both encapsulation and pw-class under the xconnect line. Just used pw-class. What module were you using on the CE facing interface? I used ES interfaces both CE facing and network facing.

Here are a few restrictions with 7600 L2TPv3. I just avoided them:

General Restrictions

L2TPv3 imposes the following general restrictions:

•The layer 2-facing line card must be an L2TPv3-supporting line card.

•There must be at least one distinct L2TPv3 tunnel per Layer 2-facing line card.

•Only IPv4 tunneling is supported for Layer 2 frames (configurations such as EoL2TPv3oMPLS (on the encapsulating provider edge (PE) device are not supported).

EVC/EFP Restrictions

L2TPv3 is not supported in conjunction with EVC features. L2TPv3 can coexist with EVC on the same port, meaning that while one subinterface is used to tunnel dot1q-tagged traffic over L2TP, another subinterface can be used to perform EVC features.

SVI VLAN Interfaces Restrictions

L2TPv3 is not supported on SVI VLAN interfaces

Peter Paluch · ‎08-16-2010

Hello Randy,

Thank you a lot for your continued support. We will try some of the things you have suggested and will come back with the results. Unfortunately, that won't probably be sooner than in a day but I will certainly keep you posted.

Thanks again!

Best regards,

Peter

judebryant · ‎08-16-2010

Hello to all.

Just wanted to share my thoughts and configuration for this type of application.

12.2(33r)SRB4

Router 1

interface gig3/0/1

service instance 200

encapsulation default (tagged or untagged traffic)

xconnect a.b.c.d(ip of router 2) 200 encapsulation mpls

Router 2

interface gig3/0/1

service instance 200

encapsulation default (tagged or untagged traffic)

xconnect a.b.c.d(ip of router 1) 200 encapsulation mpls

make sure the mtu size of the ports supports the frames comming in.

This is a Any over MPLS configuration. Straight point to point with out mac learning.

Regards

Jude Bryant

Network Admin

Pioneer Telephone

Peter Paluch · ‎08-16-2010

Hello Jude,

Thank you very much for sharing your thoughts with us. You are using the MPLS pseudowire which is unfortunately not an option for us. We must stick with the L2TP for now.

However, I have been testing a very similar configuration to yours, just the encapsulation was l2tpv3 instead of MPLS. I've done it under service instance just as you did, and I've done it on the bare interface, and haven't had any luck so far.

We'll see if there is anything new if we use the ES20 card for both input and output. I'm just waiting for the colleague to have the opportunity to make changes in the physical cabling.

Best regards,

Peter

Atif Awan · ‎08-18-2010

Have you looked at the L2TPv3 restrictions as they pertain to 7600? You need a SIP-400 or ES+ linecard access facing. ES-20 as access facing is not supported. Core facing can be any linecard.

Pavol Golis · ‎08-20-2010

Atif is right, Jude's config "3/0/1" suggests SIP series LC, and Randy has ES+ series LC, 
thats why it works for them on 7600.

Would just add snip from doc:

"On the Cisco 7600 series routers, L2TPv3 is a line card feature that was traditionally
implemented only on the 7600-SIP-400 line card. In Cisco IOS Release 12.2(33)SRD, L2TPv3
is supported on the 7600-ES+20/40 line cards in the hardware, with the same capabilities
(excluding the non-Ethernet interface support) and restrictions as in the 7600-SIP-400
line card. The minimum hardware requirement for enabling the L2TPv3 service on a Cisco
7600 router are an L2TPv3-aware line card (such as the 7600-SIP-400/ES+) at the Layer 2
CE-facing side and an IP interface on any line card at the IP core-facing side. A service
card is not required for L2TPv3."

http://www.cisco.com/en/US/docs/ios/wan/configuration/guide/wan_l2_tun_pro_v3.html

Peter Paluch · ‎08-20-2010

Hello Pavol,

Thanks a lot for answering. I guess you're right (as always).

It's quite annoying to find out that the IOS will allow you to configure everything and then just fail silently. Having a quick check "Is that an ES+ type card? No? Then don't accept the L2TP config" would be helpful, and I don't think it is such a complicated issue to implement.

Nevertheless, thank you very much again for replying! It's nice to hear from you again after quite a while

Best regards,

Peter

Pavol Golis · ‎08-20-2010

Hi Peter,

Thanks for the feedback, I'll check with out development if we could implement reject & warning message for L2TPv3 feature on ES20.

There might be a trick how to do this with ES20, however I haven't tried this configuration before. AToMoGRE is also not supported on ES20, so we would have to implement this in two steps inside global routing table and VRF which would be networked via port-to-port connection. In global table we can do EoMPLS (AToM) and inside VRF do MPLSoGRE. For MPLSoGRE we would need global command "mls mpls tunnel-recir" on c7600. Configuration might be tricky, but it should work, something like:

interface PORT1

xconnect <- EoMPLS

interface PORT2 (connected to PORT3)

mpls ip

ip address A.B.C.D

interface PORT3 (connected to PORT2)

mpls ip

ip address A.B.C.D2

(ip) vrf forwarding VRF1

PORT2 & PORT3 will bridge VRF with global routing, and tie EoMPLS with MPLSoGRE.

Frames will leave PORT2 as EoMPLS, enter PORT3 and then gets encapsulated into MPLSoGRE.

interface TUNNEL1 <- MPLSoGRE

tunnel destination C.D.E.F

(ip) vrf forwarding VRF1

mpls ip

+static routes etc. to tie it all together