Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
775
Views
0
Helpful
3
Replies

A9k Vlan Matching - BVI or Subinterface

Mark Pace Balzan
Level 1
Level 1

‎07-05-2016 04:59 AM

Hi

I need some help to clarify my understanding about two items on ASR9k.
Platform is ASR9904 RSP400 running 5.3.3

I have traffic on the interface below as vlan tagged or untagged for which I want to setup l2vpn xconnect to another port (G1/0/0/4)
Is there a difference between the following two config options for the interface to achieve this ?
interface GigabitEthernet1/0/0/0
!
interface GigabitEthernet1/0/0/0.1 l2transport
 encapsulation default

l2vpn
 xconnect group XC
 p2p XC
 interface GigabitEthernet1/0/0/0.1
 interface GigabitEthernet1/0/0/4

or

interface GigabitEthernet1/0/0/0
 l2transport

l2vpn
 xconnect group XC
 p2p XC
 interface GigabitEthernet1/0/0/0
 interface GigabitEthernet1/0/0/4

Second question is: I classify vlan tagged traffic ingress to GigabitEthernet100/0/0/2 on subinterfaces (see below) to be able to setup different services over the physical link connected to GigabitEthernet100/0/0/2 (typically coming from a customer)

One such service is internet access on vlan 10

To set this up, both of the below configs work, but Im trying to understand the best option to use. Im not sure if with option #2 (without bridge domain) I should be concerned about the other end of the link being connected to a large L2 domain with too many MAC addresses for the 9k to learn and the possibility of a broadcast storm etc.., as opposed to option #1 which is limited in terms of MACs and has storm control enabled.

option#1

interface GigabitEthernet100/0/0/2.10 l2transport
 encapsulation dot1q 10
 rewrite ingress tag pop 1 symmetric
 service-policy input 100M
 service-policy output 100M

l2vpn
 bridge group INTERNET
 bridge-domain INTERNET
 storm-control multicast kbps 1000
 storm-control broadcast kbps 1000
 interface GigabitEthernet100/0/0/2.10
 mac
 limit
 maximum 35
 action no-flood
 !
 secure
 logging
 !
 !
 split-horizon group
 !
 routed interface BVI10

interface BVI10
ipv4 address 192.168.0.1/28

or

option#2

interface GigabitEthernet100/0/0/2.10
 encapsulation dot1q 10
 ipv4 address 192.168.0.1/28
 service-policy input 100M
 service-policy output 100M

Thanks for your help

Mark

Labels:
0 Helpful
3 Replies 3

Aleksandar Vidakovic
Cisco Employee
Cisco Employee

‎07-05-2016 07:59 AM

Hi Mark,

encapsulation default, as explained in the command reference, "matches frames that are unmatched by non-default service instances (anything that does not meet the criteria of other services instances on the same physical interface falls into this service instance)". On the other hand, "interface GigabitEthernet1/0/0/4" matches only frames that arrive without any dot1q/dot1ad encapsulation.

On the 2nd question you are right that option #2 is preferred. It's much simpler and provides for better performance. On asr9k you can mix L3 and L2 sub-interfaces on the same physical interface. BVI should be used only when the bridge domain has multiple attachment circuits.

Hope this helps,

/Aleksandar

0 Helpful

Mark Pace Balzan
Level 1
Level 1
In response to Aleksandar Vidakovic

‎07-05-2016 09:23 AM

Hi Aleksander,

thanks for your fast reply.

So do I understand correctly that the following config matches only untagged frames, and tagged frames will be dropped ?

interface GigabitEthernet1/0/0/0
 l2transport

thanks

Mark

0 Helpful

Aleksandar Vidakovic
Cisco Employee
Cisco Employee
In response to Mark Pace Balzan

‎07-05-2016 09:25 AM

hi Mark,

that's correct, this config will catch only untagged frames. Tagged frames will be dropped if there are no sub-interfaces that match the encapsulation.

/Aleksandar

0 Helpful
Customers Also Viewed These Support Documents