Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1410
Views
0
Helpful
1
Replies

NCS 5500 running 7.0.1 and BVI

Go to solution
Mister Cartwright
Level 1
Level 1

‎11-06-2019 08:36 AM

Trying to get BVI working on a pair of Cisco NCS 5500 running version 7.0.1 but cannot ping the other end. There is a single link between the routers in a bundle. I can ping the far-end router using the directly-assigned IP on the BE, but cannot ping the far-end BVI IP. Each router can ping it's own BVI. Output packets are not incrementing on the BE sub-int that is part of the bridge-group.

 

I am following this guide (which has some typos and the output examples don't match the configuration section):

https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/ip-addresses/70x/b-ip-addresses-cg-ncs5500-70x/b-ip-addresses-cg-ncs5500-70x_chapter_01010.html

Section: Configure VRRP over BVI

 

Here is config for NCS01:

!
hw-module vrrpscale enable
!
# port to firewall
interface GigabitEthernet0/0/0/10
 description firewall01
!
interface GigabitEthernet0/0/0/10.9 l2transport
 encapsulation dot1q 9
!
# bundle between NCS
interface Bundle-Ether10
 description NCS-5501-01.lab:BE10
 ipv4 address 192.168.1.7 255.255.255.254
!
interface Bundle-Ether10.9 l2transport
 encapsulation dot1q 9
!
# BVI interface
interface BVI9
 ipv4 address 10.20.30.2 255.255.255.0
!
l2vpn
 bridge group 9
  bridge-domain 9
   interface Bundle-Ether10.9
   !
   interface GigabitEthernet0/0/0/10.9
   !
   routed interface BVI9
   !
  !
 !
!

Here is config for NCS02:

!
hw-module vrrpscale enable
!
# port to firewall
interface GigabitEthernet0/0/0/10
 description firewall02
!
interface GigabitEthernet0/0/0/10.9 l2transport
 encapsulation dot1q 9
!
# bundle between NCS
interface Bundle-Ether10
 description NCS-5501-02.lab:BE10
 ipv4 address 192.168.1.6 255.255.255.254
!
interface Bundle-Ether10.9 l2transport
 encapsulation dot1q 9
!
# bvi
interface BVI9
 ipv4 address 10.20.30.3 255.255.255.0
!
l2vpn
 bridge group 9
  bridge-domain 9
   interface Bundle-Ether10.9
   !
   interface GigabitEthernet0/0/0/10.9
   !
   routed interface BVI9
   !
  !
 !
!

Here is show output from NCS01:

# show l2vpn bridge-domain group 9 detail
Wed Nov  6 01:36:58.475 UTC
Legend: pp = Partially Programmed.
Bridge group: 9, bridge-domain: 9, id: 0, state: up, ShgId: 0, MSTi: 0
  Coupled state: disabled
  VINE state: BVI Resolved
  MAC learning: enabled
  MAC withdraw: enabled
    MAC withdraw for Access PW: enabled
    MAC withdraw sent on: bridge port up
    MAC withdraw relaying (access to access): disabled
  Flooding:
    Broadcast & Multicast: enabled
    Unknown unicast: enabled
  MAC aging time: 300 s, Type: inactivity
  MAC limit: 64000, Action: none, Notification: syslog
  MAC limit reached: no, threshold: 75%
  MAC port down flush: enabled
  MAC Secure: disabled, Logging: disabled
  Split Horizon Group: none
  Dynamic ARP Inspection: disabled, Logging: disabled
  IP Source Guard: disabled, Logging: disabled
  DHCPv4 Snooping: disabled
  DHCPv4 Snooping profile: none
  IGMP Snooping: disabled
  IGMP Snooping profile: none
  MLD Snooping profile: none
  Storm Control: disabled
  Bridge MTU: 1500
  MIB cvplsConfigIndex: 1
  Filter MAC addresses:
  P2MP PW: disabled
  Multicast Source: Not Set
  Create time: 06/11/2019 00:55:31 (00:41:26 ago)
  No status change since creation
  ACs: 3 (3 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up), VNIs: 0 (0 up)
  List of ACs:
    AC: BVI9, state is up
      Type Routed-Interface
      MTU 1514; XC ID 0x80000005; interworking none
      BVI MAC address:
        008a.9621.18da
      Split Horizon Group: Access
      PD System Data: AF-LIF-IPv4: 0x00000000  AF-LIF-IPv6: 0x00000000

    AC: Bundle-Ether10.9, state is up
      Type VLAN; Num Ranges: 1
      Rewrite Tags: []
      VLAN ranges: [9, 9]
      MTU 9104; XC ID 0xa0000004; interworking none
      MAC learning: enabled
      Flooding:
        Broadcast & Multicast: enabled
        Unknown unicast: enabled
      MAC aging time: 300 s, Type: inactivity
      MAC limit: 64000, Action: none, Notification: syslog
      MAC limit reached: no, threshold: 75%
      MAC port down flush: enabled
      MAC Secure: disabled, Logging: disabled
      Split Horizon Group: none
      E-Tree: Root
      Dynamic ARP Inspection: disabled, Logging: disabled
      IP Source Guard: disabled, Logging: disabled
      DHCPv4 Snooping: disabled
      DHCPv4 Snooping profile: none
      IGMP Snooping: disabled
      IGMP Snooping profile: none
      MLD Snooping profile: none
      Storm Control: bridge-domain policer
      Static MAC addresses:
      Statistics:
        packets: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 0
        bytes: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 0
        MAC move: 0
      Storm control drop counters:
        packets: broadcast 0, multicast 0, unknown unicast 0
        bytes: broadcast 0, multicast 0, unknown unicast 0
      Dynamic ARP inspection drop counters:
        packets: 0, bytes: 0
      IP source guard drop counters:
        packets: 0, bytes: 0
      PD System Data: AF-LIF-IPv4: 0x00013826  AF-LIF-IPv6: 0x00013827

    AC: GigabitEthernet0/0/0/10.9, state is up
      Type VLAN; Num Ranges: 1
      Rewrite Tags: []
      VLAN ranges: [9, 9]
      MTU 1504; XC ID 0x4; interworking none
      MAC learning: enabled
      Flooding:
        Broadcast & Multicast: enabled
        Unknown unicast: enabled
      MAC aging time: 300 s, Type: inactivity
      MAC limit: 64000, Action: none, Notification: syslog
      MAC limit reached: no, threshold: 75%
      MAC port down flush: enabled
      MAC Secure: disabled, Logging: disabled
      Split Horizon Group: none
      E-Tree: Root
      Dynamic ARP Inspection: disabled, Logging: disabled
      IP Source Guard: disabled, Logging: disabled
      DHCPv4 Snooping: disabled
      DHCPv4 Snooping profile: none
      IGMP Snooping: disabled
      IGMP Snooping profile: none
      MLD Snooping profile: none
      Storm Control: bridge-domain policer
      Static MAC addresses:
      Statistics:
        packets: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 1607
        bytes: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 85626
        MAC move: 0
      Storm control drop counters:
        packets: broadcast 0, multicast 0, unknown unicast 0
        bytes: broadcast 0, multicast 0, unknown unicast 0
      Dynamic ARP inspection drop counters:
        packets: 0, bytes: 0
      IP source guard drop counters:
        packets: 0, bytes: 0
      PD System Data: AF-LIF-IPv4: 0x0001380a  AF-LIF-IPv6: 0x0001380b

  List of Access PWs:
  List of VFIs:
  List of Access VFIs:

And here is show output from NCS02:

# sh l2vpn bridge-domain group 9 detail
Wed Nov  6 01:47:27.019 UTC
Legend: pp = Partially Programmed.
Bridge group: 9, bridge-domain: 9, id: 0, state: up, ShgId: 0, MSTi: 0
  Coupled state: disabled
  VINE state: BVI Resolved
  MAC learning: enabled
  MAC withdraw: enabled
    MAC withdraw for Access PW: enabled
    MAC withdraw sent on: bridge port up
    MAC withdraw relaying (access to access): disabled
  Flooding:
    Broadcast & Multicast: enabled
    Unknown unicast: enabled
  MAC aging time: 300 s, Type: inactivity
  MAC limit: 64000, Action: none, Notification: syslog
  MAC limit reached: no, threshold: 75%
  MAC port down flush: enabled
  MAC Secure: disabled, Logging: disabled
  Split Horizon Group: none
  Dynamic ARP Inspection: disabled, Logging: disabled
  IP Source Guard: disabled, Logging: disabled
  DHCPv4 Snooping: disabled
  DHCPv4 Snooping profile: none
  IGMP Snooping: disabled
  IGMP Snooping profile: none
  MLD Snooping profile: none
  Storm Control: disabled
  Bridge MTU: 1500
  MIB cvplsConfigIndex: 1
  Filter MAC addresses:
  P2MP PW: disabled
  Multicast Source: Not Set
  Create time: 06/11/2019 00:58:07 (00:49:19 ago)
  No status change since creation
  ACs: 3 (3 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up), VNIs: 0 (0 up)
  List of ACs:
    AC: BVI9, state is up
      Type Routed-Interface
      MTU 1514; XC ID 0x80000004; interworking none
      BVI MAC address:
        008a.9621.14e0
      Split Horizon Group: Access
      PD System Data: AF-LIF-IPv4: 0x00000000  AF-LIF-IPv6: 0x00000000

    AC: Bundle-Ether10.9, state is up
      Type VLAN; Num Ranges: 1
      Rewrite Tags: []
      VLAN ranges: [9, 9]
      MTU 9104; XC ID 0xa0000005; interworking none
      MAC learning: enabled
      Flooding:
        Broadcast & Multicast: enabled
        Unknown unicast: enabled
      MAC aging time: 300 s, Type: inactivity
      MAC limit: 64000, Action: none, Notification: syslog
      MAC limit reached: no, threshold: 75%
      MAC port down flush: enabled
      MAC Secure: disabled, Logging: disabled
      Split Horizon Group: none
      E-Tree: Root
      Dynamic ARP Inspection: disabled, Logging: disabled
      IP Source Guard: disabled, Logging: disabled
      DHCPv4 Snooping: disabled
      DHCPv4 Snooping profile: none
      IGMP Snooping: disabled
      IGMP Snooping profile: none
      MLD Snooping profile: none
      Storm Control: bridge-domain policer
      Static MAC addresses:
      Statistics:
        packets: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 0
        bytes: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 0
        MAC move: 0
      Storm control drop counters:
        packets: broadcast 0, multicast 0, unknown unicast 0
        bytes: broadcast 0, multicast 0, unknown unicast 0
      Dynamic ARP inspection drop counters:
        packets: 0, bytes: 0
      IP source guard drop counters:
        packets: 0, bytes: 0
      PD System Data: AF-LIF-IPv4: 0x0001380b  AF-LIF-IPv6: 0x0001380c

    AC: GigabitEthernet0/0/0/10.9, state is up
      Type VLAN; Num Ranges: 1
      Rewrite Tags: []
      VLAN ranges: [9, 9]
      MTU 1504; XC ID 0x4; interworking none
      MAC learning: enabled
      Flooding:
        Broadcast & Multicast: enabled
        Unknown unicast: enabled
      MAC aging time: 300 s, Type: inactivity
      MAC limit: 64000, Action: none, Notification: syslog
      MAC limit reached: no, threshold: 75%
      MAC port down flush: enabled
      MAC Secure: disabled, Logging: disabled
      Split Horizon Group: none
      E-Tree: Root
      Dynamic ARP Inspection: disabled, Logging: disabled
      IP Source Guard: disabled, Logging: disabled
      DHCPv4 Snooping: disabled
      DHCPv4 Snooping profile: none
      IGMP Snooping: disabled
      IGMP Snooping profile: none
      MLD Snooping profile: none
      Storm Control: bridge-domain policer
      Static MAC addresses:
      Statistics:
        packets: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 2097
        bytes: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 112530
        MAC move: 0
      Storm control drop counters:
        packets: broadcast 0, multicast 0, unknown unicast 0
        bytes: broadcast 0, multicast 0, unknown unicast 0
      Dynamic ARP inspection drop counters:
        packets: 0, bytes: 0
      IP source guard drop counters:
        packets: 0, bytes: 0
      PD System Data: AF-LIF-IPv4: 0x0001380d  AF-LIF-IPv6: 0x0001380e

  List of Access PWs:
  List of VFIs:
  List of Access VFIs:

....

One of the issues with the configuration guide is their show output references a bundle sub-int with a VLAN. But their configurations don't reflect using a bundle at all, or configuring VLAN encap.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mister Cartwright
Level 1
Level 1

‎11-06-2019 10:27 AM - edited ‎11-06-2019 10:28 AM

I got this working. The catch is that BVI can't handle VLAN tags, and I don't see a way to strip them inside the bridge group configuration. So you have to pop the VLAN tag on every sub-interface that is part of the BVI.

 

To solve you can add this command to every sub-interface that is part of the BVI:

rewrite ingress tag pop 1 symmetric

 

Amendment to the previous configuration:

# customer-facing port
interface GigabitEthernet0/0/0/10.9 l2transport
 encapsulation dot1q 9
 rewrite ingress tag pop 1 symmetric
!
# bundle between NCS
interface Bundle-Ether10.9 l2transport
 encapsulation dot1q 9
 rewrite ingress tag pop 1 symmetric
!

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Mister Cartwright
Level 1
Level 1

‎11-06-2019 10:27 AM - edited ‎11-06-2019 10:28 AM

I got this working. The catch is that BVI can't handle VLAN tags, and I don't see a way to strip them inside the bridge group configuration. So you have to pop the VLAN tag on every sub-interface that is part of the BVI.

 

To solve you can add this command to every sub-interface that is part of the BVI:

rewrite ingress tag pop 1 symmetric

 

Amendment to the previous configuration:

# customer-facing port
interface GigabitEthernet0/0/0/10.9 l2transport
 encapsulation dot1q 9
 rewrite ingress tag pop 1 symmetric
!
# bundle between NCS
interface Bundle-Ether10.9 l2transport
 encapsulation dot1q 9
 rewrite ingress tag pop 1 symmetric
!

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card