11-06-2019 08:36 AM
Trying to get BVI working on a pair of Cisco NCS 5500 running version 7.0.1 but cannot ping the other end. There is a single link between the routers in a bundle. I can ping the far-end router using the directly-assigned IP on the BE, but cannot ping the far-end BVI IP. Each router can ping it's own BVI. Output packets are not incrementing on the BE sub-int that is part of the bridge-group.
I am following this guide (which has some typos and the output examples don't match the configuration section):
Section: Configure VRRP over BVI
Here is config for NCS01:
! hw-module vrrpscale enable ! # port to firewall interface GigabitEthernet0/0/0/10 description firewall01 ! interface GigabitEthernet0/0/0/10.9 l2transport encapsulation dot1q 9 ! # bundle between NCS interface Bundle-Ether10 description NCS-5501-01.lab:BE10 ipv4 address 192.168.1.7 255.255.255.254 ! interface Bundle-Ether10.9 l2transport encapsulation dot1q 9 ! # BVI interface interface BVI9 ipv4 address 10.20.30.2 255.255.255.0 ! l2vpn bridge group 9 bridge-domain 9 interface Bundle-Ether10.9 ! interface GigabitEthernet0/0/0/10.9 ! routed interface BVI9 ! ! ! !
Here is config for NCS02:
! hw-module vrrpscale enable ! # port to firewall interface GigabitEthernet0/0/0/10 description firewall02 ! interface GigabitEthernet0/0/0/10.9 l2transport encapsulation dot1q 9 ! # bundle between NCS interface Bundle-Ether10 description NCS-5501-02.lab:BE10 ipv4 address 192.168.1.6 255.255.255.254 ! interface Bundle-Ether10.9 l2transport encapsulation dot1q 9 ! # bvi interface BVI9 ipv4 address 10.20.30.3 255.255.255.0 ! l2vpn bridge group 9 bridge-domain 9 interface Bundle-Ether10.9 ! interface GigabitEthernet0/0/0/10.9 ! routed interface BVI9 ! ! ! !
Here is show output from NCS01:
# show l2vpn bridge-domain group 9 detail Wed Nov 6 01:36:58.475 UTC Legend: pp = Partially Programmed. Bridge group: 9, bridge-domain: 9, id: 0, state: up, ShgId: 0, MSTi: 0 Coupled state: disabled VINE state: BVI Resolved MAC learning: enabled MAC withdraw: enabled MAC withdraw for Access PW: enabled MAC withdraw sent on: bridge port up MAC withdraw relaying (access to access): disabled Flooding: Broadcast & Multicast: enabled Unknown unicast: enabled MAC aging time: 300 s, Type: inactivity MAC limit: 64000, Action: none, Notification: syslog MAC limit reached: no, threshold: 75% MAC port down flush: enabled MAC Secure: disabled, Logging: disabled Split Horizon Group: none Dynamic ARP Inspection: disabled, Logging: disabled IP Source Guard: disabled, Logging: disabled DHCPv4 Snooping: disabled DHCPv4 Snooping profile: none IGMP Snooping: disabled IGMP Snooping profile: none MLD Snooping profile: none Storm Control: disabled Bridge MTU: 1500 MIB cvplsConfigIndex: 1 Filter MAC addresses: P2MP PW: disabled Multicast Source: Not Set Create time: 06/11/2019 00:55:31 (00:41:26 ago) No status change since creation ACs: 3 (3 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up), VNIs: 0 (0 up) List of ACs: AC: BVI9, state is up Type Routed-Interface MTU 1514; XC ID 0x80000005; interworking none BVI MAC address: 008a.9621.18da Split Horizon Group: Access PD System Data: AF-LIF-IPv4: 0x00000000 AF-LIF-IPv6: 0x00000000 AC: Bundle-Ether10.9, state is up Type VLAN; Num Ranges: 1 Rewrite Tags: [] VLAN ranges: [9, 9] MTU 9104; XC ID 0xa0000004; interworking none MAC learning: enabled Flooding: Broadcast & Multicast: enabled Unknown unicast: enabled MAC aging time: 300 s, Type: inactivity MAC limit: 64000, Action: none, Notification: syslog MAC limit reached: no, threshold: 75% MAC port down flush: enabled MAC Secure: disabled, Logging: disabled Split Horizon Group: none E-Tree: Root Dynamic ARP Inspection: disabled, Logging: disabled IP Source Guard: disabled, Logging: disabled DHCPv4 Snooping: disabled DHCPv4 Snooping profile: none IGMP Snooping: disabled IGMP Snooping profile: none MLD Snooping profile: none Storm Control: bridge-domain policer Static MAC addresses: Statistics: packets: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 0 bytes: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 0 MAC move: 0 Storm control drop counters: packets: broadcast 0, multicast 0, unknown unicast 0 bytes: broadcast 0, multicast 0, unknown unicast 0 Dynamic ARP inspection drop counters: packets: 0, bytes: 0 IP source guard drop counters: packets: 0, bytes: 0 PD System Data: AF-LIF-IPv4: 0x00013826 AF-LIF-IPv6: 0x00013827 AC: GigabitEthernet0/0/0/10.9, state is up Type VLAN; Num Ranges: 1 Rewrite Tags: [] VLAN ranges: [9, 9] MTU 1504; XC ID 0x4; interworking none MAC learning: enabled Flooding: Broadcast & Multicast: enabled Unknown unicast: enabled MAC aging time: 300 s, Type: inactivity MAC limit: 64000, Action: none, Notification: syslog MAC limit reached: no, threshold: 75% MAC port down flush: enabled MAC Secure: disabled, Logging: disabled Split Horizon Group: none E-Tree: Root Dynamic ARP Inspection: disabled, Logging: disabled IP Source Guard: disabled, Logging: disabled DHCPv4 Snooping: disabled DHCPv4 Snooping profile: none IGMP Snooping: disabled IGMP Snooping profile: none MLD Snooping profile: none Storm Control: bridge-domain policer Static MAC addresses: Statistics: packets: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 1607 bytes: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 85626 MAC move: 0 Storm control drop counters: packets: broadcast 0, multicast 0, unknown unicast 0 bytes: broadcast 0, multicast 0, unknown unicast 0 Dynamic ARP inspection drop counters: packets: 0, bytes: 0 IP source guard drop counters: packets: 0, bytes: 0 PD System Data: AF-LIF-IPv4: 0x0001380a AF-LIF-IPv6: 0x0001380b List of Access PWs: List of VFIs: List of Access VFIs:
And here is show output from NCS02:
# sh l2vpn bridge-domain group 9 detail Wed Nov 6 01:47:27.019 UTC Legend: pp = Partially Programmed. Bridge group: 9, bridge-domain: 9, id: 0, state: up, ShgId: 0, MSTi: 0 Coupled state: disabled VINE state: BVI Resolved MAC learning: enabled MAC withdraw: enabled MAC withdraw for Access PW: enabled MAC withdraw sent on: bridge port up MAC withdraw relaying (access to access): disabled Flooding: Broadcast & Multicast: enabled Unknown unicast: enabled MAC aging time: 300 s, Type: inactivity MAC limit: 64000, Action: none, Notification: syslog MAC limit reached: no, threshold: 75% MAC port down flush: enabled MAC Secure: disabled, Logging: disabled Split Horizon Group: none Dynamic ARP Inspection: disabled, Logging: disabled IP Source Guard: disabled, Logging: disabled DHCPv4 Snooping: disabled DHCPv4 Snooping profile: none IGMP Snooping: disabled IGMP Snooping profile: none MLD Snooping profile: none Storm Control: disabled Bridge MTU: 1500 MIB cvplsConfigIndex: 1 Filter MAC addresses: P2MP PW: disabled Multicast Source: Not Set Create time: 06/11/2019 00:58:07 (00:49:19 ago) No status change since creation ACs: 3 (3 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up), VNIs: 0 (0 up) List of ACs: AC: BVI9, state is up Type Routed-Interface MTU 1514; XC ID 0x80000004; interworking none BVI MAC address: 008a.9621.14e0 Split Horizon Group: Access PD System Data: AF-LIF-IPv4: 0x00000000 AF-LIF-IPv6: 0x00000000 AC: Bundle-Ether10.9, state is up Type VLAN; Num Ranges: 1 Rewrite Tags: [] VLAN ranges: [9, 9] MTU 9104; XC ID 0xa0000005; interworking none MAC learning: enabled Flooding: Broadcast & Multicast: enabled Unknown unicast: enabled MAC aging time: 300 s, Type: inactivity MAC limit: 64000, Action: none, Notification: syslog MAC limit reached: no, threshold: 75% MAC port down flush: enabled MAC Secure: disabled, Logging: disabled Split Horizon Group: none E-Tree: Root Dynamic ARP Inspection: disabled, Logging: disabled IP Source Guard: disabled, Logging: disabled DHCPv4 Snooping: disabled DHCPv4 Snooping profile: none IGMP Snooping: disabled IGMP Snooping profile: none MLD Snooping profile: none Storm Control: bridge-domain policer Static MAC addresses: Statistics: packets: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 0 bytes: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 0 MAC move: 0 Storm control drop counters: packets: broadcast 0, multicast 0, unknown unicast 0 bytes: broadcast 0, multicast 0, unknown unicast 0 Dynamic ARP inspection drop counters: packets: 0, bytes: 0 IP source guard drop counters: packets: 0, bytes: 0 PD System Data: AF-LIF-IPv4: 0x0001380b AF-LIF-IPv6: 0x0001380c AC: GigabitEthernet0/0/0/10.9, state is up Type VLAN; Num Ranges: 1 Rewrite Tags: [] VLAN ranges: [9, 9] MTU 1504; XC ID 0x4; interworking none MAC learning: enabled Flooding: Broadcast & Multicast: enabled Unknown unicast: enabled MAC aging time: 300 s, Type: inactivity MAC limit: 64000, Action: none, Notification: syslog MAC limit reached: no, threshold: 75% MAC port down flush: enabled MAC Secure: disabled, Logging: disabled Split Horizon Group: none E-Tree: Root Dynamic ARP Inspection: disabled, Logging: disabled IP Source Guard: disabled, Logging: disabled DHCPv4 Snooping: disabled DHCPv4 Snooping profile: none IGMP Snooping: disabled IGMP Snooping profile: none MLD Snooping profile: none Storm Control: bridge-domain policer Static MAC addresses: Statistics: packets: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 2097 bytes: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 112530 MAC move: 0 Storm control drop counters: packets: broadcast 0, multicast 0, unknown unicast 0 bytes: broadcast 0, multicast 0, unknown unicast 0 Dynamic ARP inspection drop counters: packets: 0, bytes: 0 IP source guard drop counters: packets: 0, bytes: 0 PD System Data: AF-LIF-IPv4: 0x0001380d AF-LIF-IPv6: 0x0001380e List of Access PWs: List of VFIs: List of Access VFIs:
....
One of the issues with the configuration guide is their show output references a bundle sub-int with a VLAN. But their configurations don't reflect using a bundle at all, or configuring VLAN encap.
Solved! Go to Solution.
11-06-2019 10:27 AM - edited 11-06-2019 10:28 AM
I got this working. The catch is that BVI can't handle VLAN tags, and I don't see a way to strip them inside the bridge group configuration. So you have to pop the VLAN tag on every sub-interface that is part of the BVI.
To solve you can add this command to every sub-interface that is part of the BVI:
rewrite ingress tag pop 1 symmetric
Amendment to the previous configuration:
# customer-facing port interface GigabitEthernet0/0/0/10.9 l2transport encapsulation dot1q 9 rewrite ingress tag pop 1 symmetric ! # bundle between NCS interface Bundle-Ether10.9 l2transport encapsulation dot1q 9 rewrite ingress tag pop 1 symmetric !
11-06-2019 10:27 AM - edited 11-06-2019 10:28 AM
I got this working. The catch is that BVI can't handle VLAN tags, and I don't see a way to strip them inside the bridge group configuration. So you have to pop the VLAN tag on every sub-interface that is part of the BVI.
To solve you can add this command to every sub-interface that is part of the BVI:
rewrite ingress tag pop 1 symmetric
Amendment to the previous configuration:
# customer-facing port interface GigabitEthernet0/0/0/10.9 l2transport encapsulation dot1q 9 rewrite ingress tag pop 1 symmetric ! # bundle between NCS interface Bundle-Ether10.9 l2transport encapsulation dot1q 9 rewrite ingress tag pop 1 symmetric !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide