03-22-2017 11:57 AM
We are looking at relocating our data center which is presenting a few interesting situations. Not all of the systems can be moved at the same time which brings up the need to extend at least one and maybe more VLANS across the data centers until all the systems have been moved. Both data centers will have a VPLS connection to the main office during the transition. The connections on the VPLS circuits are routed using a /31 for the physical interfaces and another /31 for the tunnels interfaces. The routers on the both ends of the VPLS circuits are ASR1001-X routers.
I was hoping to utilize the two VPLS connections to route the VLAN(s) through the main office between the two data centers using VRF's and MP-BGP but not clear on a few things. That mainly being the IP addressing used on the various routers between the two data centers. Most articles I have found only show examples using layer 3 switches. That works fine since you can use an SVI. But, since you can't configure a subnet on more than one interface on the same router within the same VRF, what do you do when you can't use an SVI?
Solved! Go to Solution.
03-22-2017 08:38 PM
I've done this lots of times (not with ASR's mind you, only on smaller kit like 1941's and 2900's). I use L2TPv3. I've done it over Internet links, VPNS and WANs.
L2TPv3 will create what looks like a long Ethernet patch lead. Any frame that goes in one end comes out the other. Simple huh? Plug one port in each router directly to the switch, and dedicate this to layer 2 processing (makes config much easier!). Just remember, whatever comes in that port pops out the port on the other end.
Configure a switch at each site with the same VLANs. Enable 802.1q trunking on your switch port. Whatever tagged frames that go from the switch port into the L2TPv3 port on your router will go over any IP transport in between to the router at the moment end, out of its L2TPv3 port and into the remote switch. It will look like a long patch lead to the switches.
A sample config for one end (this example was for a link between two cities, Hamilton and Auckland - you can use any names you want):
l2tp-class hamliton
hostname l2tp
password <some password>
pseudowire-class pw-ak-hn
encapsulation l2tpv3
protocol l2tpv3 hamliton
ip local interface <Your VPLS interface>
interface GigabitEthernet0/1 <--- Plug this interface into your switch
no ip address
duplex auto
xconnect <remote VPLS interface IP> 1 encapsulation l2tpv3 pw-class pw-ak-hn
*** The "1" above in bold is the virtual circuit number. It must be the same on each end. You can have lots of L2TPv3 circuits between routers, and this is how you tell them apart ***
03-22-2017 08:38 PM
I've done this lots of times (not with ASR's mind you, only on smaller kit like 1941's and 2900's). I use L2TPv3. I've done it over Internet links, VPNS and WANs.
L2TPv3 will create what looks like a long Ethernet patch lead. Any frame that goes in one end comes out the other. Simple huh? Plug one port in each router directly to the switch, and dedicate this to layer 2 processing (makes config much easier!). Just remember, whatever comes in that port pops out the port on the other end.
Configure a switch at each site with the same VLANs. Enable 802.1q trunking on your switch port. Whatever tagged frames that go from the switch port into the L2TPv3 port on your router will go over any IP transport in between to the router at the moment end, out of its L2TPv3 port and into the remote switch. It will look like a long patch lead to the switches.
A sample config for one end (this example was for a link between two cities, Hamilton and Auckland - you can use any names you want):
l2tp-class hamliton
hostname l2tp
password <some password>
pseudowire-class pw-ak-hn
encapsulation l2tpv3
protocol l2tpv3 hamliton
ip local interface <Your VPLS interface>
interface GigabitEthernet0/1 <--- Plug this interface into your switch
no ip address
duplex auto
xconnect <remote VPLS interface IP> 1 encapsulation l2tpv3 pw-class pw-ak-hn
*** The "1" above in bold is the virtual circuit number. It must be the same on each end. You can have lots of L2TPv3 circuits between routers, and this is how you tell them apart ***
03-22-2017 08:41 PM
You could also go cutting edge and use Cisco LISP.
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/5-0/LISPmobility/DCI_LISP_Host_Mobility/LISPmobile_5.html
You could also use OTV:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/wan_otv/configuration/xe-16/wan-otv-xe-16-book.html
But L2TPv3 is so simple ...
03-24-2017 02:09 PM
Can this be used If I have an existing tunnel that's using the VPLS interface as a tunnel end point?
I've been exploring the use of VRF's to achieve some of what I'm thinking of doing but with a tunnel already in place it complicates things. If I create a new tunnel that is part of a VRF I can specify a tunnel destination that exist in a different VRF using the tunnel vrf vrf-name command but what if the tunnel destination is in the general routing table instead?
03-25-2017 01:23 AM
VRFs and tunnels will not resolve your issue.
As long as the two sites can ping each other you can use L2TPv3.
04-18-2017 01:03 PM
I have configured the tunnel and xconnect is showing that it is up on both ends but I'm unable to ping across it. The layer 2 connection to the end devices are configured as access ports. Do they need to be configured as trunks? Should the router interfaces configured with xconnect be sub-interfaces configured as the native VLAN? Here is how I have it configured:
Router:
l2tp-class L2TP-CLASS
password 0 password
pseudowire-class PSEUDOWIRE-CLASS
encapsulation l2tpv3
protocol l2tpv3 L2TP-CLASS
ip local interface Loopback0
interface GigabitEthernet0/0/4
no ip address
negotiation auto
xconnect 1xx.xxx.xxx.xx9 1 encapsulation l2tpv3 pw-class PW-CLASS
interface Gi0/2
switchport mode access
switchport access vlan 200
sw nonegotiate
spanning-tree-portfast
spanning-tree bpduguard enable
Interface vlan 200
ip address XX2.XXX.XXX.75 255.255.255.0
#sh xconnect all
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP pri ac Gi0/0/4:14(Ethernet) UP l2tp 1XX.XXX.XXX.XX9:1 UP
04-18-2017 01:53 PM
Is GigabitEthernet0/0/4 a "routed" interface, or an interface on a switch module?
You can use access ports on a switch. You should configure the switch like it was a long piece of ire joining them together.
04-18-2017 01:58 PM
It is a routed interface. The router is an ASR 1001-X.
That's pretty much what I thought. Don't know why I can't ping across though. When I'm looking at the switchport interfaces on the switches I'm not seeing a MAC address learned on that interface.
04-18-2017 02:33 PM
Just thinking; you have specified "spanning-tree bpduguard enable" but are plugging two switch interfaces together. Are you sure one of the interfaces has not gone "errdisable" ?
You should probably use bpdu filtering if you want to go that way.
04-20-2017 01:39 PM
Just don't connect the router into a Nexus 2K, or unhappy things happen. Been there, Done that, still remember the hours spent saying WTH?
11-01-2017 01:38 PM
Is this tunnel then encrypted ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide