cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

2797
Views
0
Helpful
21
Replies
Beginner

Hello,

Hello,

You might be correct in that statement. I just tested it out with just single-tagged VLANs and it worked without a problem.

The way it's connected now is

End-nodes -> Cat 2970G -> Cat 3560 -> Cat 3750 -> ASR920* -> 4500X -> ASR9k

* = Double-tagging happens here;
service instance 4 ethernet
encapsulation dot1q 50,64
bridge-domain 400

Any ideas?

Beginner

Hello again, Alexander.

Hello again, Alexander.

After further investigations it would appear that the root to the problem is that, the same mac-address "appears" in the same VLAN (Or well, in this case, outer VLAN) in multiplie places at once (First where it's actually connected but then also in the 9k where it's bridged).

Now, I don't want to be causing any loops in our network, so i'm coming here for some guidance how to overcome this dilemma, how do others handle this?

Cisco Employee

hi christer, the a9k in a

hi christer, the a9k in a bridged mode would maintain a bridge/mac table per bridge domain. If the mac would change from one EFP to another, it would constitute a mac move which is perfectly fine.

What I think is happening is that because of the way you are doing vlan imposition on the attached switch, that switch only has a mac table per outer vlan and therefore thinks there is a mac flip going on eventhough there are different inner vlans. It is like a 1 vs 2 dimensional table so to speak.

Since you only want to connect 2 circuits together few possibilities/suggestions are:

- use p2p on the a9k, there will be no MAC learning whatsoever, packet in will be packet out, simple switching like that.

- on the switch, see if you can create a service intsance that binds the 2 circuits directly there without the need for a backhaul to the a9k and associated p2p connection.

- use single stack, but unique vlan's for the 2 circuits, and haul the single tags to EFP's on the a9k to link them together with a p2p xcon.

cheers

xander

Beginner

Hello Alexander, thank you

Hello Alexander, thank you for your reply and assistance in the matter.

What you said is what I also concluded, the asr9k has nothing to do with it, it was obvious when checking the mac address table for the 4500X really, that's what you get for focusing your efforts on the wrong thing

In the described scenario I only tried to attach 2 circuits, later on in there's actually quite a few more which rules out any p2p solutions, unfortunately. Most of our use cases will also need a bvi attached.

Any suggestions for that or are we just left with using single-tagged vlans for those cases?

Thanks

Cisco Employee

ah you know christer in that

ah you know christer in that case it is always a good learning experience right :)

if you have the "vlan room" on your c4k5, I would just leave it single tagged, haul them over to the a9k in their designated EFP's (l2transport subinterfaces) and then pull them in a p2p xcon (if only 2 intfs) or BD (when 3 or more are sharing the same L3 subnet)

in teh BD you can pull in your BVI no problem.

Only stipulation is that with BVI, you have to pop the tags (so it is plain untagged ether inside the BD)

since you have different vlan tags for the different circuits, you'd would wanna pop (and rewrite) them any case so cool on that.

cheers!

xander

Enthusiast

Re: ah you know christer in that

what is the difference in functionality between "MAC withdraw sent on: bridge port up" (default) and "MAC withdraw sent on: bridge port down" (configuring mac withdraw optimize)
regards
Thank you

 

 

RP/0/RSP0/CPU0#show l2vpn bridge-domain detail
Wed Feb 21 10:58:29.062 ARG
Legend: pp = Partially Programmed.
Bridge group: HSI, bridge-domain: HSI_B4G, id: 0, state: up, ShgId: 0, MSTi: 0
Coupled state: disabled
VINE state: Default
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on: bridge port up ---------------------------Default
MAC withdraw relaying (access to access): disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: enabled, Logging: enabled, Action: restrict
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 Snooping: disabled
DHCPv4 Snooping profile: none
IGMP Snooping: disabled
IGMP Snooping profile: none
MLD Snooping profile: none
Storm Control: disabled
Bridge MTU: 1500
MIB cvplsConfigIndex: 1
Filter MAC addresses:
Load Balance Hashing: src-dst-ip
P2MP PW: disabled
Create time: 19/01/2018 00:55:21 (4w5d ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 1 (1 up), PBBs: 0 (0 up), VNIs: 0 (0 up)
List of ACs:
AC: TenGigE0/0/0/4.346, state is up
Type VLAN; Num Ranges: 1
Outer Tag: 346
VLAN ranges: [4096, 4096]
MTU 9206; XC ID 0x801ad; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: enabled, Logging: enabled, Action: restrict
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 Snooping: disabled
DHCPv4 Snooping profile: none
IGMP Snooping: disabled
IGMP Snooping profile: none
MLD Snooping profile: none
Storm Control: bridge-domain policer
Static MAC addresses:
Statistics:
packets: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 0
bytes: received 0 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 0
MAC move: 0
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI HSI-B4G (up)
PW: neighbor 190.225.250.51, PW ID 114346, state is up ( established )
PW class not set, XC ID 0xc0000308
Encapsulation MPLS, protocol LDP
Source address 190.225.250.50
PW type Ethernet, control word disabled, interworking none
Sequencing not set
Load Balance Hashing: src-dst-ip

PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -------------------------
Label 24716 31267
Group ID 0x0 0x0
Interface HSI-B4G HSI-B4G
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221226248
Create time: 19/01/2018 00:55:22 (4w5d ago)
Last time status changed: 19/01/2018 00:59:22 (4w5d ago)
MAC withdraw messages: sent 9, received 8
Forward-class: 0
Static MAC addresses:
Statistics:
packets: received 0 (unicast 0), sent 0
bytes: received 0 (unicast 0), sent 0
MAC move: 0
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
DHCPv4 snooping: disabled
IGMP Snooping profile: none
MLD Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0

Highlighted
Beginner

Hello,

Hello,

Yes, i've checked IP configuration, it's just a dummy 10.0.0.0/24 net with an IP each in the net, once in a blue moon a ping comes through, very odd behaviour...

And they show up in eachother ARP tables... sometimes, again, very odd behaviour.

I get matches on the suggested ACL..

ethernet-services access-list mupp
10 permit any any 0806 (95 hw matches)
20 permit any any (15 hw matches)

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here