Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
5
Helpful
3
Replies

Mixed Layer 2 & Layer 3 Interface

Dumpster Eightyeight
Level 1
Level 1

‎05-22-2013 05:34 AM

Hi Guys,

We are working on a design for 2 data centres, we are using the ASR9K's as the PE's for both DC's (there will be 2 at each DC but they will be clustered so will logically be one), the 2 DC's are connected with 2 circuits for resiliency and running MPLS.

We will have a 'service interface' on the 9k at DC1 that will be in a public /24 and there will be firewalls for different customers that have external interfaces in that network that will use the 9k's IP address as their default GW.

Let's say the VLAN is VLAN 19

Let's say the subnet is 19.1.1.0/24

DC1 ASR 9K: 19.1.1.1

DC2 ASR 9K: 19.1.1.2

So this network and all the customers on it exist in DC1, their firewalls are using 19.1.1.1 as their GW.

If a handful of customers (or just 1) need to DR and move their Firewall (and the VM's behind it) to DC2 then we will now have some of that /24 existing at DC2, inherently we will need a subinterface (service interface) on that 9k which is 19.1.1.2 so I can change the GW for the migrated firewalls to 19.1.1.2, this can be a manual thing.

My concern is that now VLAN 19 exists at both DC's but hasn't been stretched at layer 2, is there a way that I can configure the layer 3 stuff (IP address) and a xconnect/pseudo wire on the same interface so that when traffic is destined for the something on that subnet, lets say 19.1.1.100 the ASR at DC1 will ARP out of its local interface AND over the pseudo wire to reach the firewalls at DC2.

Hope this makes sense, if not I can upload a diagram on request, or please just ask any questions for me to try and clarify

Thank you all

Labels:
0 Helpful
3 Replies 3

xthuijs
Cisco Employee
Cisco Employee

‎05-22-2013 11:22 AM

yeah diagram may help indeed, but as an attempt for a response: how about you create the L3 endpoints as BVI

a bridge domain for your vlans and extend/conenct the bridge domains with a PW.

cheers!

xander

0 Helpful

Dumpster Eightyeight
Level 1
Level 1
In response to xthuijs

‎05-22-2013 02:58 PM

I haveattached a diagram but judging from your answer I think you get what I am trying to do.

I am not familiar with this configuration so do you have a link to a doc or any config examples?

I am guessing you put the bridge group on the interface g0/0/1.19 + the xconnect, and then put the ip address on the BVI interface???

Like I said any docs on this would be brilliant, thanks for your reply.

Preview file
67 KB
0 Helpful

xthuijs
Cisco Employee
Cisco Employee
In response to Dumpster Eightyeight

‎05-22-2013 06:01 PM

that is pretty straight forward, thanks for the visual!

here are some config examples:

https://supportforums.cisco.com/docs/DOC-15556

and this one: https://supportforums.cisco.com/docs/DOC-22848

trick is you move your gig interface that currently has that ip address and convert it to:

int g0/0/0/10.20 l2trans

encap dot1q 20

rewrite ingress tag pop 1 sym !important!!

interface bvi 20

ipv4 addr (your 19.1.1.1)

l2vpn

bridge group something

bridge domain vlan20

interface g0/0/0/10.20

routed interface bvi 20

vfi X

neighor

you can also pull in a vlan/attachment circuit directly to your peer if you dont want to enable mpls/ldp

and use a pw. either way works.

regards

xander

Customers Also Viewed These Support Documents