Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1222
Views
0
Helpful
2
Replies

Using EVC & BDI on an ASR1001X like an SVI on a switch

David Dobbs
Level 1
Level 1

‎04-29-2022 02:38 PM

So I have two ASR routers that I need to connect to two HA paired ASA's, routed mode.  The ASA and ASRs are running EIGRP to pass routing info between them.  A trunked interface on the ASA is connected to an ASR router interface, so it's L3 over L2.  The ASA has multiple sub-interfaces each with a separate vlan #.  These ASA's are in an HA pair so the other ASR router is connected in similar fashion.

 

The problem is I don't want to have a switch between the routers and HA pair of ASA's to do L2 for the HA pair heartbeat.  If the routers were L3 switches like a pair of Nexus 9504's connected together, I could configure an SVI on the switches and trunk the interfaces to the ASA's and be done.

 

Can I use EVC and BDI to do the same thing (i.e. the BDI acts like an L3 SVI)? 

 

The 10G interfaces on the ASR's connect to the ASA's.  Then I would connect a 1G cable between the ASR's on port G0/0/0 and use the following code to configure the 10G interfaces for L3 over L2, and the 1G interfaces to pass the L2 information so the HA ASA pair can see each other over their vlans/sub-interfaces, just like a switch.  The 1G interfaces would be passive EIGRP interfaces so no L3 routing goes between them, just the L2 heart beat.  This would be similar to using sub-interfaces on the ASR except I need the 10G interfaces and the 1G interfaces to be in the same vlan or broadcast domain.  Let me know if this would work?  I'm very new to EVC's:

 

ASR1

interface TE0/0/0
service instance 1 ethernet
  encap dot1q 1802
  rewrite ingress tag pop 1 sysmmetric
  bridge-domain 1802 split-horizon
service instance 2 ethernet
  encap dot1q 1804
  rewrite ingress tag pop 2 sysmmetric
  bridge-domain 1804 split-horizon
no shut

 

interface g0/0/0
  service instance 1 ethernet
  encap dot1q 1802
  rewrite ingress tag pop 1 sysmmetric
  bridge-domain 1802 split-horizon
service instance 2 ethernet
  encap dot1q 1804
  rewrite ingress tag pop 2 sysmmetric
  bridge-domain 1804 split-horizon
no shut


interface vlan 1802
ip address 172.30.199.89 255.255.255.248

interface vlan 1804
ip address 172.30.199.97 255.255.255.248

 

ASR2

interface TE0/0/0
service instance 1 ethernet
  encap dot1q 1802
  rewrite ingress tag pop 1 sysmmetric
  bridge-domain 1802 split-horizon
service instance 2 ethernet
  encap dot1q 1804
  rewrite ingress tag pop 2 sysmmetric
  bridge-domain 1804 split-horizon
no shut

 

interface g0/0/0
  service instance 1 ethernet
  encap dot1q 1802
  rewrite ingress tag pop 1 sysmmetric
  bridge-domain 1802 split-horizon
service instance 2 ethernet
  encap dot1q 1804
  rewrite ingress tag pop 2 sysmmetric
  bridge-domain 1804 split-horizon
no shut


interface vlan 1802
ip address 172.30.199.90 255.255.255.248

interface vlan 1804
ip address 172.30.199.98 255.255.255.248

 

Labels:
0 Helpful
2 Replies 2

alexlindner
Level 1
Level 1

‎04-30-2022 05:53 AM

Hi David,

 

We have a similar config in use that may answer your questions.

In this config dot1q 11 is bridged from Te0/0/0 to Te0/0/1 on an ASR1001-X.

To use an IP-address in your bridge-domain you have to create a BDI instead of the "int vlan xxx" and bind that to your service-instance in the bridge-domain (BDI1 -> bridge-domain 1 -> Te0/0/1 service-instance 1).

I didn`t need rewrite-commands in my scenario, but they are supported just like on ASR920 or similar platforms.

 

 

bridge-domain 1
member TenGigabitEthernet0/0/1 service-instance 1
!
bridge-domain 11
member TenGigabitEthernet0/0/0 service-instance 11
member TenGigabitEthernet0/0/1 service-instance 11
!
interface TenGigabitEthernet0/0/0
description to_mpls
no ip address
load-interval 30
service instance 11 ethernet
description bridge_vlan11_to_mpls
encapsulation dot1q 11
!
!
interface TenGigabitEthernet0/0/1
description to_exchange
no ip address
load-interval 30
service instance 1 ethernet
description to_peering_lan
encapsulation untagged
!
service instance 11 ethernet
description bridge_vlan11_to_mpls
encapsulation dot1q 11
!
interface BDI1
description exchange_peering
mac-address xxxx.yyyy.zzzz
bandwidth 10000000
ip flow monitor default-v4 input
ip address X.X.X.X 255.255.248.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group extern-in in
load-interval 30
ntp disable
ipv6 flow monitor default-v6 input
ipv6 address X:X::X/64
ipv6 enable
ipv6 nd ra suppress
no ipv6 mld router
no ipv6 pim
no ipv6 mfib forwarding input
ipv6 traffic-filter extern-v6-in in
no snmp trap link-status

 

Best regards,

Alex

0 Helpful

David Dobbs
Level 1
Level 1
In response to alexlindner

‎05-02-2022 06:21 AM

Thank you for your very helpful reply!  I knew something was missing in my example config..  I'll give it a try.

0 Helpful
Customers Also Viewed These Support Documents