Solved: ASR1000 - Bridge Domain Interface

Bob_Rock · ‎02-16-2021

Hi all ,

I'm a litle bit lost regarding bridging vlan on my router ASR1111 (IOS-XE, no more IRB support).

I have read about BDI, and i'm trying the get a grasp of it.

The point is I would like to bridge vlan through my router on specific interfaces for example :

R1 : 
interface GigabitEthernet0/0/0
 no ip address
 load-interval 30
 negotiation auto
 service instance 10 ethernet
  encapsulation dot1q 100
  rewrite ingress tag pop 1 symmetric
  bridge-domain 100
interface BDI100
 ip address dhcp
interface GigabitEthernet0/1/0
  switchport trunk allowed vlan 100
  switchport mode trunk

Interface BDI100 gets IP address from DHCP server, now I would like that R2 also gets IP from the same DHCP server.

So the question is relation between bdi100 and vlan 100

Thank you in advance

Bob_Rock · ‎02-18-2021

Hi,

l2 vfi does not exist on C1111 (Cisco IOS XE Software, Version 16.12.05).

I think I have found out what the problem was ... it looks like it was a firmware bug. (I should have upgraded FW first.....)

My original firmware was Cisco IOS XE Software, Version 16.09.02, now I have upgraded the router with Cisco IOS XE Software, Version 16.12.05 and everything works as expected.

The configuration looks like this now :

DHCP is the router where I have dhcp configured.

R1 should bridge vlan 100 to R2.

Configuration on R1

interface GigabitEthernet0/0/0
 description UPLINK-to-DHCP
 no ip address
 negotiation auto
 service instance 100 ethernet
  encapsulation dot1q 100
  bridge-domain 100
 !
interface BDI100
 description Get-IP-from-DHCP
 ip address dhcp
 encapsulation dot1Q 100
!
interface GigabitEthernet0/1/0
 description to-R2
 switchport trunk allowed vlan 100
 switchport mode trunk
!
interface Vlan100
 no ip address
 service instance 100 ethernet
  encapsulation dot1q 100
  bridge-domain 100
!

Bridge-domain 100 on R1

R1#show bridge-domain 100
Bridge-domain 100 (3 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
    BDI100  (up)
    GigabitEthernet0/0/0 service instance 100
    Vlan100 service instance 100
   AED MAC address    Policy  Tag       Age  Pseudoport
   -   4CE1.75B3.2673 to_bdi  static    0    BDI100
   0   6C31.0E4C.1800 forward dynamic   300  Vlan100.EFP100

Configuration on R2

interface GigabitEthernet0/0/0.100
 description UPLINK-to-R1
 encapsulation dot1Q 100
 ip address dhcp

Now finally R2 gets IP from the DHCP server, thank you guys for your help.

View solution in original post

MHM Cisco World · ‎02-16-2021

in R1 both interface must have same config, then join then with BDI.

DHCP is send as broadcast and R1 will flood from one port to other port since they are same broadcast domain.

balaji.bandi · ‎02-16-2021

Post the full configuration of all the routers to understand why R2 not able to get the DHCP From DHCP Server.

or follow the below simple configuration.

https://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/200650-Understanding-Bridge-Virtual-Interface.html#anc5

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎02-16-2021

Hello,

the BDI interface on R1 is the layer 3 interface. You need to configure an ip helper-address on that interface in order for the DHCP broadcasts to be forwarded to the DHCP server:

interface BDI100
ip address dhcp

ip helper-address x.x.x.x <-- IP address of the DHCP server

Giuseppe Larosa · ‎02-16-2021

Hello @Bob_Rock ,

as noted by @balaji.bandi and @MHM Cisco World both physical interfaces need to be configured in the same way as members of bridge domain 100.

This is why R2 is not able to get an IP address with current configuration

Hope to help

Giuseppe

Georg Pauwen · ‎02-16-2021

Just out of curiosity, would the BDI not block DHCP requests from R2 anyway ?

Giuseppe Larosa · ‎02-16-2021

Hello @Georg Pauwen ,

>> would the BDI not block DHCP requests from R2 anyway ?

it is still a single broadcast domain when configured correctly and the BDI as an SVI should be just a virtual host attached to it.

It comes into play if the server would be in another IP subnet

Hope to help

Giuseppe

Bob_Rock · ‎02-18-2021

Hi,

thank you for your answers and effort regarding this problem (well I guess it's me and my lack of knowledge and not the device).

I get it that if I configure both routed interfaces as memeber of the same bridge-domain they are in the same broadcast domain and everything works, just fine.

For example :

interface GigabitEthernet0/0/0
 description UPLINK-to-DHCP
 no ip address
 negotiation auto
 service instance 100 ethernet
  encapsulation dot1q 100
  bridge-domain 100
 !
interface GigabitEthernet0/0/1
 description to-R2
 no ip address
 negotiation auto
 service instance 100 ethernet
  encapsulation dot1q 100
  bridge-domain 100
 !
interface BDI100
description IP-on-R1
ip address dhcp
encapsulation dot1Q 100

But lets presume that you have C1116 that has only one routed interface Gi0/0/0 ? What would be the solution for bridging in that case ?

So how do you connect l2 vlans and bridge-domains ? Is it possible ?

Far fetched attempt was to make l3 vlan interface 100 and put it as a part of the bridge-domain 100, but it didnt work ,like it was not in the same broadcast domain, although it was seen :

show bridge-domain 100
Bridge-domain 100 (4 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
BDI100 (up)
GigabitEthernet0/0/0 service instance 100
GigabitEthernet0/0/1 service instance 100
Vlan100 service instance 100

For example you could do this wih IRB on Cisco 881 :

interface Fa4.100
 description BRIDGE-DHCP
 encapsulation dot1Q 100
 bridge-group 6
 no shut
exit
 
vlan 100
 name BRIDGE-DHCP
exit

interface Vlan100
 description BRIDGE-DHCP
 no ip address
 bridge-group 6
 no shut
exit

bridge irb

bridge 6 protocol ieee
bridge 6 route ip

int Bvi6
 description BRIDGE-DHCP
 ip add dhcp
 no shut
exit

interface Fa1
 description BRIDGE-DHCP
 switchport mode access
 switchport access vlan 100
 no shut
exit

balaji.bandi · ‎02-18-2021

Thank you for the input and glad all working as expected - we mark this as resolved now.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎02-18-2021

...

Bob_Rock · ‎02-18-2021

Hi,

l2 vfi does not exist on C1111 (Cisco IOS XE Software, Version 16.12.05).

I think I have found out what the problem was ... it looks like it was a firmware bug. (I should have upgraded FW first.....)

My original firmware was Cisco IOS XE Software, Version 16.09.02, now I have upgraded the router with Cisco IOS XE Software, Version 16.12.05 and everything works as expected.

The configuration looks like this now :

DHCP is the router where I have dhcp configured.

R1 should bridge vlan 100 to R2.

Configuration on R1

interface GigabitEthernet0/0/0
 description UPLINK-to-DHCP
 no ip address
 negotiation auto
 service instance 100 ethernet
  encapsulation dot1q 100
  bridge-domain 100
 !
interface BDI100
 description Get-IP-from-DHCP
 ip address dhcp
 encapsulation dot1Q 100
!
interface GigabitEthernet0/1/0
 description to-R2
 switchport trunk allowed vlan 100
 switchport mode trunk
!
interface Vlan100
 no ip address
 service instance 100 ethernet
  encapsulation dot1q 100
  bridge-domain 100
!

Bridge-domain 100 on R1

R1#show bridge-domain 100
Bridge-domain 100 (3 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
    BDI100  (up)
    GigabitEthernet0/0/0 service instance 100
    Vlan100 service instance 100
   AED MAC address    Policy  Tag       Age  Pseudoport
   -   4CE1.75B3.2673 to_bdi  static    0    BDI100
   0   6C31.0E4C.1800 forward dynamic   300  Vlan100.EFP100

Configuration on R2

interface GigabitEthernet0/0/0.100
 description UPLINK-to-R1
 encapsulation dot1Q 100
 ip address dhcp

Now finally R2 gets IP from the DHCP server, thank you guys for your help.

MHM Cisco World · ‎02-18-2021

one Q. why you don't apply service instance directly to link but you apply it under VLAN 100?

Bob_Rock · ‎02-18-2021

Sorry, what do you mean with "directly to link" ?

MHM Cisco World · ‎02-18-2021

you have two
g0/0/0<-service instance under the interface

g0/1/0<-service instance under the vlan

why you choose this config ?

Bob_Rock · ‎02-18-2021

For example if I would like to aggregate 2 interfaces on C1000, this could only be done on routed interfaces Gi0/0/0 and Gi0/0/1.

Switched interfaces don't have command channel-group.(Cisco IOS XE Software, Version 16.09.02 - could be because of the version, currently i'm at home so I cannot test it on new version). So this forces me to use routed interfaces for port aggregation.

And than if I want to bridge one of vlans in this Port-channel toward the next router, I would have to use switched interfaces (range Gi0/1/0-Gi0/1/3), because Gi0/0/0 and Gi0/0/1 are already used for Po.

Example :

interface GigabitEthernet0/0/0
 description Po10
 no ip address
 negotiation auto
 channel-group 10 mode active
!
interface GigabitEthernet0/0/1
 description Po10
 no ip address
 negotiation auto
 channel-group 10 mode active
!
interface Port-channel10
 description UPLINK
 no ip address
 no negotiation auto
 service instance 10 ethernet
  encapsulation dot1q 10
  bridge-domain 10
 !
 service instance 100 ethernet
  encapsulation dot1q 100
  bridge-domain 100
!
interface BDI10
 ip address dhcp
 encapsulation dot1Q 10
!
interface BDI100
 ip address dhcp
 encapsulation dot1Q 100
!
interface vlan 100
 no ip address
 no shut
 service instance 100 ethernet
  encapsulation dot1q 100
  bridge-domain 100
!
interface GigabitEthernet0/1/0
 description to-R2
 switchport trunk allowed vlan 100
 switchport mode trunk