Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1813
Views
0
Helpful
1
Replies

VPLS: What are my options for loop prevention on a QinQ access ring using CSR1000v's as N-PE's?

Garrett.Ivy
Level 1
Level 1

‎07-15-2017 08:54 AM

So I'm trying to emulate a Metro network in GNS3 using pairs of CSR 1000v's bridging access rings consisting of VIRL L2 switches; everything has been going (somewhat) well up to this point, but I've hit a road block... or really, several. The problem I'm having is that as soon as I configure l2protocol forwarding on the VFI, the pseudowire connecting the two CSRs fails.

Well, maybe "fails" isn't the right word, because it doesn't go down; but traffic stops being bridged from the attachment circuit to the pseudowire. So this post represents me trying to figure out whether or not its me or the CSR that is fucking up. Any advice would be appreciated!!

Here are the configurations:

Configuration: N-PE #1

 version 16.4
 service timestamps debug datetime msec
 service timestamps log datetime msec
 no platform punt-keepalive disable-kernel-core
 platform console serial
 !
 hostname SP_A_Metro1_Agg01
 !
 boot-start-marker
 boot-end-marker
 !
 !
 no logging console
 !
 no aaa new-model
 !
 no ip domain lookup
 !
 !
 subscriber templating
 !
 !
 ! 
 multilink bundle-name authenticated
 l2vpn
 !
 !
 !
 crypto pki trustpoint TP-self-signed-3086195011
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3086195011
 revocation-check none
 rsakeypair TP-self-signed-3086195011
 !
 !
 
 !
 license udi pid CSR1000V sn 98A8HL8T1VD
 diagnostic bootup level minimal
 !
 !
 spanning-tree mode mst
 spanning-tree extend system-id
 !
 spanning-tree mst configuration
 name CCNP
 instance 1 vlan 100
 instance 2 vlan 101
 !
 spanning-tree mst 0-1 priority 24576
 !
 !
 ! 
 redundancy
 bridge-domain 1 
 member GigabitEthernet6 service-instance 1
 !
 !
 cdp run
 !
 l2 vfi VPLS-1 manual 
 vpn id 1
 bridge-domain 1
 forward permit l2protocol all
 neighbor 100.1.0.2 encapsulation mpls
 !
 ! 
 !
 interface Loopback0
 description Area 0 Loopback
 no ip address
 !
 interface Loopback1
 description Area 1 Loopback
 ip address 100.1.0.1 255.255.255.255
 ip ospf 1 area 1
 !
 interface GigabitEthernet1
 mtu 9000
 no ip address
 negotiation auto
 cdp enable
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet2
 mtu 9000
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet3
 mtu 9000
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet4
 mtu 9000
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet5
 mtu 9000
 ip address 100.1.1.1 255.255.255.252
 ip ospf 1 area 1
 negotiation auto
 mpls ip
 cdp enable
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet6
 mtu 9000
 no ip address
 negotiation auto
 cdp enable
 no mop enabled
 no mop sysid
 service instance 1 ethernet
 encapsulation untagged
 l2protocol forward
 snmp ifindex persist
 !
 !
 interface GigabitEthernet7
 mtu 9000
 no ip address
 negotiation auto
 cdp enable
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet8
 mtu 9000
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
 !
 router ospf 1
 mpls ldp autoconfig
 !
 !
 virtual-service csr_mgmt
 !
 ip forward-protocol nd
 ip http server
 ip http authentication local
 ip http secure-server
 !
 !
 !
 control-plane
 !
 !
 line con 0
 stopbits 1
 line vty 0 4
 login
 !
 !
 !
 !
 !
 !
 end

Configuration: N-PE #2

 version 16.4
 service timestamps debug datetime msec
 service timestamps log datetime msec
 no platform punt-keepalive disable-kernel-core
 platform console serial
 !
 hostname SP_A_Metro1_Agg02
 !
 boot-start-marker
 boot-end-marker
 !
 !
 no logging console
 !
 no aaa new-model
 !
 !
 !
 ! 
 !
 !
 !
 !
 !
 
 
 
 !
 !
 !
 !
 !
 !
 !
 !
 !
 !
 subscriber templating
 !
 !
 !
 multilink bundle-name authenticated
 !
 !
 !
 !
 !
 crypto pki trustpoint TP-self-signed-2661514926
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2661514926
 revocation-check none
 rsakeypair TP-self-signed-2661514926
 !
 !
 crypto pki certificate chain TP-self-signed-2661514926
 certificate self-signed 01
 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
 69666963 6174652D 32363631 35313439 3236301E 170D3137 30373132 30323136 
 30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36363135 
 31343932 36308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 
 0A028201 0100DD4B 10F5CAAC 93B98DE7 AB981328 A53BFCF6 CAD1F7FD FE3C8890 
 A9CCA61F D969D753 28B922F5 72046D47 06BBBDA5 63884FD5 7343F4E2 D4DFD7D5 
 BA7B2F02 656B8BEF 43BEC3B9 3533336F 1622307D C0D1B787 E8DCF95F 40DD6590 
 E56DFB86 ECE1107D 288CCEF4 FD4E5A36 7F50331C B85E850D B5490C7B FED84B6F 
 F5BE7DF2 283ED345 11880C06 2D596668 B735753A 76B66E0B 869C9406 58895F13 
 FA9D4032 2886412B 491DB45D 5D7EB692 67D3C847 418E04F5 2F8297D3 10A732B6 
 7CFA6BFA 7F49CD0A AE474BF3 80859E44 CF4C5582 F2ED3376 A6B6298B 7FF06DDA 
 1EC017EA 2C3138BF E5D65DCA 6C78F5E3 F0918A9F 634D7B26 7637F655 0A9138AC 
 DCD8D7A3 1EF50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 
 301F0603 551D2304 18301680 145B12E4 1540321C D2754E3D B1FE5A64 020D7120 
 4A301D06 03551D0E 04160414 5B12E415 40321CD2 754E3DB1 FE5A6402 0D71204A 
 300D0609 2A864886 F70D0101 05050003 82010100 7C715EF8 9CB8A9F5 A29F5576 
 2A4CFD25 CD020F90 24B7ED90 F4E53F6C 914C18F0 792C6EB1 B4FB9405 D157F158 
 01FE0776 33F5BE48 EB6F7360 A8F7B4B2 D42C244C ACE550B9 59925547 76496E69 
 164E2933 FE20BC8B 2628FC4F 1F325F29 4AB05BAA F72A98A4 AA51C5F7 2C2C4FAA 
 C2637480 247D8E18 2E09AF92 36B4D66E 2B190B75 E0ABDDA8 28CB4E25 61576B81 
 07EE3043 9EE0F618 BDF05AF8 EF28FBF3 AAA73A6D 44A8BF23 DDE6DEEA 4A8159B6 
 DFAB5A59 551B59E8 A89B8923 27E5CEA8 0C119B26 161881B3 805925AF DE83796C 
 A7506645 D788703B 2BB8D63C 2C9B655E B0C078D7 7A29F5DE 511DF1AF 59237A64 
 BDC6F414 4E59882A 3CED2F3B B01A9B3F A21F7CF1
 quit
 
 
 !
 !
 ! 
 !
 !
 !
 !
 license udi pid CSR1000V sn 9UFJQIPRR94
 diagnostic bootup level minimal
 !
 !
 spanning-tree mode mst
 spanning-tree extend system-id
 !
 spanning-tree mst configuration
 name CCNP
 instance 1 vlan 100
 instance 2 vlan 101
 !
 spanning-tree mst 2 priority 28672
 !
 !
 !
 redundancy
 bridge-domain 1 
 member GigabitEthernet6 service-instance 1
 !
 !
 !
 !
 !
 !
 cdp run
 !
 l2 vfi VPLS-1 manual 
 vpn id 1
 bridge-domain 1
 forward permit l2protocol all
 neighbor 100.1.0.1 encapsulation mpls
 !
 ! 
 !
 !
 !
 !
 !
 !
 !
 ! 
 !
 !
 !
 !
 ! 
 ! 
 ! 
 ! 
 ! 
 ! 
 !
 !
 interface Loopback1
 ip address 100.1.0.2 255.255.255.255
 ip ospf 1 area 1
 !
 interface GigabitEthernet1
 mtu 9000
 no ip address
 negotiation auto
 cdp enable
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet2
 mtu 9000
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet3
 mtu 9000
 no ip address
 negotiation auto
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet4
 mtu 9000
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet5
 mtu 9000
 ip address 100.1.1.2 255.255.255.252
 ip ospf 1 area 1
 negotiation auto
 mpls ip
 cdp enable
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet6
 mtu 9000
 no ip address
 negotiation auto
 cdp enable
 no mop enabled
 no mop sysid
 service instance 1 ethernet
 encapsulation untagged
 l2protocol forward
 !
 ! 
 interface GigabitEthernet7
 mtu 9000
 no ip address
 negotiation auto
 cdp enable
 no mop enabled
 no mop sysid
 !
 interface GigabitEthernet8
 mtu 9000
 no ip address
 shutdown
 negotiation auto
 no mop enabled
 no mop sysid
 !
 router ospf 1
 mpls ldp autoconfig
 !
 !
 virtual-service csr_mgmt
 !
 ip forward-protocol nd
 ip http server
 ip http authentication local
 ip http secure-server
 !
 !
 !
 !
 !
 !
 !
 control-plane
 !
 !
 !
 !
 !
 !
 !
 !
 !
 !
 line con 0
 stopbits 1
 line vty 0 4
 login
 !
 !
 !
 !
 !
 !
 end

What I thought would happen, would be that the CSR1000v's would participate in the spanning-tree process and the switches would see one of htem as root bridge... this isn't happening (they aren't forwarding BPDU's out their attachment circuits)


If it IS indeed the CSR1000v that's messing up here, what are my options to keep the L2 domain of the access rings intact and have loop prevention?

1 person had this problem
Labels:
0 Helpful
1 Reply 1

rrd
Level 1
Level 1

‎08-08-2019 08:17 PM

I just want to ask if this problem already solved?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents