cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
499
Views
5
Helpful
3
Replies
pstebner10
Beginner

XR 4.3.4 ABF on l2transport interfaces, ethernet line cards

I understand that ABF is not supported on BVI interfaces using the older Ethernet linecards. However the doc states that you can apply ABFv4 to l2transport interfaces. I have tried this, and though I see hits, the ACL does not appear to be doing anything. Is there any doc that explicitly shows how this works, or is it an error and it actually doesn't work?

 

Here's the relevant config, on a A9K-40GE-L linecard:

ipv4 access-list TEST
 5 permit tcp 10.0.96.0 0.0.7.255 any eq www nexthop1 ipv4 172.20.60.52
 10 permit tcp 10.0.96.0 0.0.7.255 any eq 554 nexthop1 ipv4 172.20.60.52
  20 permit ipv4 any any

 

interface GigabitEthernet0/1/0/9.124 l2transport
 encapsulation dot1q 124
 rewrite ingress tag pop 1 symmetric
 ipv4 access-group TEST ingress

 

interface BVI124
 ipv4 address 172.20.55.177 255.255.255.248

 

l2vpn

bridge group 124
  bridge-domain 124
   interface GigabitEthernet0/1/0/9.124
   !
   routed interface BVI124

 

 

 

Thanks,

Paul

1 ACCEPTED SOLUTION

Accepted Solutions
Aleksandar Vidakovic
Cisco Employee

Hi Paul,

I'm afraid this is not supported.

The documentation states that "For ASR 9000 Ethernet linecards, ACL can be applied on the EFP level (IPv4 L3 ACL can be applied on an L2 interface)". Applying ABF is a different thing. L3 forwarding decision can not be made on L2 transport interfaces. The interface type (L2 vs L3) dictates the type of lookup that will be applied by the Network Processor. In your configuration ABF can only be applied on the BVI, but you would need an Enhanced Ethernet (aka Typhoon or Tomahawk) line card for that.

In general we strongly recommend deploying an Enhanced Ethernet line card in complex scenarios with BVI (e.g. if you have MPLS also enabled on the router) and at minimum SW release 5.1.x (5.1.3 being the generic recommendation as it's an Extended Maintenance Release).

Regards,

Aleksandar

View solution in original post

3 REPLIES 3
Aleksandar Vidakovic
Cisco Employee

Hi Paul,

I'm afraid this is not supported.

The documentation states that "For ASR 9000 Ethernet linecards, ACL can be applied on the EFP level (IPv4 L3 ACL can be applied on an L2 interface)". Applying ABF is a different thing. L3 forwarding decision can not be made on L2 transport interfaces. The interface type (L2 vs L3) dictates the type of lookup that will be applied by the Network Processor. In your configuration ABF can only be applied on the BVI, but you would need an Enhanced Ethernet (aka Typhoon or Tomahawk) line card for that.

In general we strongly recommend deploying an Enhanced Ethernet line card in complex scenarios with BVI (e.g. if you have MPLS also enabled on the router) and at minimum SW release 5.1.x (5.1.3 being the generic recommendation as it's an Extended Maintenance Release).

Regards,

Aleksandar

Thank you for clarifying that, Aleksandar. The documentation is really confusing on this. I don't know why it would be noted that the ACL could be applied to a L2 interface if it isn't going to do anything!

 

 

thank you,

Paul

Hi Paul,

you can still use the IPv4 ACL on L2 interface to control the admission of the traffic (permit/deny). It's the "ACL Based Forwarding" that can't be applied to L2 interfaces.

Regards,

Aleksandar