L2 MPLS VPN interworking

Unanswered Question
Mar 2nd, 2007

According to Cisco document. I'm wondering why Cisco GSR series couldn't support ATM VP and port mode interworking. Is it a limitation of the technology/standard itself or simply the s/w or h/w issue of GSR router ?

http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1829/products_feature_guide09186a00801b2407.html

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Rahul Kachalia Thu, 05/24/2007 - 08:51

I assume you are referring to following statement:

"Cisco 12000 series Engine 5 line cards do not support L2VPN interworking on ATM. On other line cards and platforms, only ATM AAL5 VC mode is supported; ATM VP and port mode are not supported."

L2VPN supports 2 types of Interworking, Ethernet and IP. If there is an ATM link type between PE and CE, only bridged or routed AAL5 is supported for all the platforms.

In ATMoMPLS VP traffic is transported over pw when matching VPI in an ATM header is seen from CE regardless of VCI values (excluding reserved VCI's) Similarly in ATMoMPLS Port mode ATM traffic is transported over pw regardless VPI and VCI value set by CE.

Neither in ATMoMPLS VP or Port Mode PE peeks into beyond ATM header so it has no knowledge of upper layer, hence no Ethernet or IP Interworking is not possible. It remains true in Local Switching Interworking scenarios too...

thanks,

rahul.

senthil1976 Tue, 06/05/2007 - 07:18

I think, it is the limitation of ATM line cards in GSR. Ip interworking is possible with ATM to transport over MPLS.

Sen...

Rahul Kachalia Tue, 06/05/2007 - 12:43

Sen,

Yes, Ethernet and IP Interworking in ATM is supported on GSR Linecards but only when ATM VC is configured AAL5 mode. It is not supported in VP or Port Mode, which I believe the original question is...

thanks,

rahul.

atif-siddiqui Wed, 06/13/2007 - 16:09

Hi,

I am trying to configure local ethernet switching, it is not working, is it supported, not enough documentation is avaliable on the cisco website.

connect cust GigabitEthernet1/1/0.3600 GigabitEthernet1/1/2.3700

Router1 is a GSR, E5 Card.

router1#sh connection

ID Name Segment 1 Segment 2 State Description

============================================================================================

1 cut Gi1/1/0.3600 Gi1/1/2.3700 UP

the other side routers cannot ping across.

router1#sh run interface gig

router1#sh run interface gigabitEthernet 1/1/2.3700

Building configuration...

Current configuration : 95 bytes

!

interface GigabitEthernet1/1/2.3700

encapsulation dot1Q 3700

no ip directed-broadcast

end

interface GigabitEthernet1/1/0.3600

encapsulation dot1Q 3610

no ip directed-broadcast

end

What else is required. Other routers connected have IP addresses on each side.

Ce1 and Ce2 are 7606.

CE1#sh run interface gigabitEthernet 6/2.3600

interface GigabitEthernet6/2.3600

encapsulation dot1Q 3610

ip address 10.1.1.2 255.255.255.252

end

CE2:

interface GigabitEthernet6/2.3700

encapsulation dot1Q 3700

ip address 10.1.1.1 255.255.255.252

end

Here is some infomration:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00801ea88d.html#wp1132065

Harold Ritter Wed, 06/13/2007 - 18:19

Atif,

L2 Local Switching is supported on the Engine 5 starting with 12.0(32)S.

What level of code do you use?

Hope this helps,

atif-siddiqui Wed, 06/13/2007 - 18:36

Hi Harold,

Is it supported on 7606? running 12.0(33)SRB

and GSR have E5 cards gige, with 12.0(32)SY.

I just don't know what I m missing. It would not ping across.

appereciate your help here.

Atif

swaroop.potdar Wed, 06/13/2007 - 20:33

7600: Only Vlan based local Layer 2 switching is supported with the restriction that you configure the Eompls on an SVI, for which you will need an Enhanced FlexWan or OSM interface facing the core. (This support is there in 12.2SX and SR)

12000: As Harold pointed it is supported from 12.0 (32)S. With Engine 5 interfaces facing the customer.

You configuration looks clean, although one thought, have you tried the VLAN same-port switching as well.

Is the result same for that too.

HTH-Cheers,

Swaroop

atif-siddiqui Thu, 06/14/2007 - 06:01

Hi Swaroop,

so what is meant by EoMPLS on an SVI, beacuse this is a local switching. can you clarify more. Here is a diagram for this setup:

CE----PE------CE, we want to switch locally so that CE can ping other CE.

7606 CE's are using this card:

Ce1#sh module 6

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

6 9 Supervisor Engine 32 8GE (Hot) WS-SUP32-GE-3B SAL1110JPYB

Mod MAC addresses Hw Fw Sw Status

--- ---------------------------------- ------ ------------ ------------ -------

6 0019.aa5a.3b06 to 0019.aa5a.3b11 4.5 12.2(18r)SX2 12.2(33)SRB Ok

Mod Sub-Module Model Serial Hw Status

---- --------------------------- ------------------ ----------- ------- -------

6 Policy Feature Card 3 WS-F6K-PFC3B SAL1109JGHM 2.3 Ok

6 Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A SAL1107H4PN 4.0 Ok

Mod Online Diag Status

---- -------------------

6 Pass

PE using this card:

L3 Engine: 5 - ISE 10 Gbps

Harold Ritter Thu, 06/14/2007 - 06:06

In the scenario you are testing, the 7600 do not need to support L2 Local Switching at all as they just act as CEs. The GSR does everything.

Regards,

atif-siddiqui Thu, 06/14/2007 - 06:22

ok agreed. previously I used the 7600 as a local switching point, and it did not work either. So was wondering the HW I have on 7600 will support or not.

tx

Atif

atif-siddiqui Thu, 06/14/2007 - 06:39

here is another setup: where 7606 is switching ethernet locally.

CE(3550)f0/12 <-----> gig1/36 (PE2)7606 6/2.3600 <----> 1/1/0.3600(GW) GSR

CE2#sh ver

Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)

CE2#sh run interface fastEthernet 0/12

Building configuration...

Current configuration : 104 bytes

!

interface FastEthernet0/12

no switchport

ip address 192.168.200.2 255.255.255.252

duplex full

end

PE:

PE2#sh ver

Cisco IOS Software, c7600s3223_rp Software (c7600s3223_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRB, RELEASE SOFTWARE (fc6)

cisco CISCO7606 (R7000) processor (revision 1.0) with 458752K/65536K bytes of memory.

Processor board ID FOX11040T3D

R7000 CPU at 300Mhz, Implementation 0x27, Rev 3.3, 256KB L2, 1024KB L3 Cache

Last reset from power-on

1 SIP-400 controller (2 GigabitEthernet).

5 Virtual Ethernet interfaces

76 Gigabit Ethernet interfaces

1915K bytes of non-volatile configuration memory.

PE2#sh connection

ID Name Segment 1 Segment 2 State

================================================================================

9 eth_vlan_sw Gi1/36 Gi6/2.3600 UP

PE2#sh run interface gigabitEthernet 1/36

Building configuration...

Current configuration : 76 bytes

!

interface GigabitEthernet1/36

no ip address

speed 100

duplex full

end

PE2#sh run interface gigabitEthernet 6/2.3600

Building configuration...

Current configuration : 67 bytes

!

interface GigabitEthernet6/2.3600

encapsulation dot1Q 3700

end

GW:

GW#sh run int GigabitEthernet1/1/0.3600

Building configuration...

Current configuration : 146 bytes

!

interface GigabitEthernet1/1/0.3600

encapsulation dot1Q 3700

ip address 192.168.200.1 255.255.255.252

no ip directed-broadcast

end

GW#ping 192.168.200.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.200.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

.

atif-siddiqui Thu, 06/14/2007 - 07:35

If I use Feature Navigator to look for:

Layer 2 Local Switching: Ethernet to VLAN feature.

These platforms shows up:

3845

7200

IAD2801

IOS:

12.4XJ

12.4T

is this output from feature navigator valid? on the other side documentation do mention 7606 and GSR.

Comments?

Harold Ritter Thu, 06/14/2007 - 12:56

Atif,

L2 Local switching is not supported natively on the PFC3b and requires extra hardware such as the SIP-400 or the ES20.

Hope this helps,

atif-siddiqui Thu, 06/14/2007 - 17:54

Yes. this explains alot.

ok what about GSR, I know that only E5 cards will support, and we have that still did not work.

Thanks a million !

atif-siddiqui Thu, 06/14/2007 - 18:16

can you suggest any other options that we can use, instead of local ethernet switching.

Tx

atif-siddiqui Sun, 06/24/2007 - 20:06

Yes I tried with SIP-400's on 7606 and it works good.

Thanks for your help here.

Atif.

atif-siddiqui Thu, 06/14/2007 - 05:54

Here it is:

I changed both interfaces to same VLAN. Still not able to ping.

interface GigabitEthernet1/1/2.3700

encapsulation dot1Q 3700

no ip directed-broadcast

end

router1#sh run interface gig 1/1/0.3600

interface GigabitEthernet1/1/0.3600

encapsulation dot1Q 3700

no ip directed-broadcast

end

VLAN trunk interfaces for VLAN ID 3700:

GigabitEthernet1/1/0.3600 (3700)

Total 39 packets, 1424 bytes input

Total 16 packets, 2914 bytes output

GigabitEthernet1/1/2.3700 (3700)

Total 240 packets, 16166 bytes input

Total 817 packets, 291688 bytes output

CE1:

sh run interface gi6/2.3600

interface GigabitEthernet6/2.3600

encapsulation dot1Q 3700

ip address 10.1.1.2 255.255.255.252

end

Ce2:

sh run interface gi6/2.3600

interface GigabitEthernet6/2.3600

encapsulation dot1Q 3700

ip address 10.1.1.1 255.255.255.252

end

Ce1 --ping -- ce2:

Ce1#ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

PE2#

Rahul Kachalia Thu, 06/21/2007 - 12:55

Will you be able to collect following logs, after clearing counters and then sending 50 ping pkts

- exec slot s controller event clear

- exec slot s controller event

- s int g1/1/0

- s int g1/1/2

- s connect

I assume you are running 12.0(32)SY code on GSR...

thanks,

rahul.

atif-siddiqui Sun, 06/24/2007 - 20:08

I will soon post the results here.

I am running 12.0(32)SY3 code on the GSR with E5 Gige cards.

It worked on 7606 with SIP-400 as Harold suggested.

Atif.

atif-siddiqui Mon, 06/25/2007 - 12:39

Configuration:

PE2 <--> GW <--> PE3

PE2#sh run interface gigabitEthernet 6/2.3600

interface GigabitEthernet6/2.3600

description Local Ethernet Switch Test

encapsulation dot1Q 3700

ip address 172.16.10.1 255.255.255.252

GW#sh ru interface Gi1/1/0.3600

interface GigabitEthernet1/1/0.3600

description **Local eth switch test** connect to PE2 g6/2.3600

encapsulation dot1Q 3700

no ip directed-broadcast

GW#sh ru interface Gi1/1/2.3700

interface GigabitEthernet1/1/2.3700

description **Local eth switch test** connect to PE3 g6/2

encapsulation dot1Q 3750

no ip directed-broadcast

PE3#sh run interface gigabitEthernet 6/2.3700

interface GigabitEthernet6/2.3700

description description Local Ethernet Switch Test ** conn. to P4 g1/1/2.3700

encapsulation dot1Q 3750

ip address 176.16.10.2 255.255.255.252

atif-siddiqui Mon, 06/25/2007 - 12:40

RESULTS:

PE2#ping

Protocol [ip]:

Target IP address: 172.16.10.2

Repeat count [5]: 50

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 50, 100-byte ICMP Echos to 172.16.10.2, timeout is 2 seconds:

..................................................

Success rate is 0 percent (0/50)

PE2#

GW: (P GSR )

GW#exec slot 1 s controller event

========= Line Card (Slot 1) =========

Switching Stats

Packets punt to RP: 42

HW engine punt: 2

HW engine reject: 40

RX HW Engine Reject Counters

Unrecognized Protocol ID: 32

IP TTL Expired: 8

GW#

GW#sh in

GW#sh int

GW#sh interfaces gi

GW#sh interfaces gigabitEthernet 1/1/0

GigabitEthernet1/1/0 is up, line protocol is up

Hardware is GigabitEthernet, address is 001a.e390.b076 (bia 001a.e390.b076)

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, rely 255/255, load 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full Duplex, 1000Mbps, link type is force-up, media type is LX

output flow-control is on, input flow-control is on

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:09, output 00:00:09, output hang never

Last clearing of "show interface" counters 00:03:46

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

Available Bandwidth 1000000 kilobits/sec

30 second input rate 0 bits/sec, 0 packets/sec

30 second output rate 0 bits/sec, 0 packets/sec

68 packets input, 12364 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 16 multicast, 0 pause input

14 packets output, 4636 bytes, 0 underruns

Transmitted 0 broadcasts

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 pause output

0 output buffer failures, 0 output buffers swapped out

GW#s

% Type "show ?" for a list of subcommands

GW#

GW#

GW#

GW#sh int

GW#sh interfaces gi

GW#sh interfaces gigabitEthernet 1/1/2

GigabitEthernet1/1/2 is up, line protocol is up

Hardware is GigabitEthernet, address is 001a.e390.b078 (bia 001a.e390.b078)

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, rely 255/255, load 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full Duplex, 1000Mbps, link type is force-up, media type is SX

output flow-control is on, input flow-control is on

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:01, output 00:00:01, output hang never

Last clearing of "show interface" counters 00:03:57

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

Available Bandwidth 1000000 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

8 packets input, 3056 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 8 multicast, 0 pause input

59 packets output, 10040 bytes, 0 underruns

Transmitted 0 broadcasts

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 pause output

0 output buffer failures, 0 output buffers swapped out

GW#

GW#

GW#sho con

GW#sho connect

ID Name Segment 1 Segment 2 State Description

============================================================================================

5 eth_sw Gi1/1/0.3600 Gi1/1/2.3700 UP

Rahul Kachalia Mon, 06/25/2007 - 14:08

Stats are bit confusing. On GSR I see pkts coming in from G1/1/0 and going out G1/1/2 intf, now was that an ICMP pkts I m not sure because traffic was also dropped by LC.

There are couple of things you can try to identify the problem:

Step1:

- Bypass GSR, connect PE2 and PE3 back to back with same VLAN id and ping each other and that should work. If not then resolve the problem.

Step2:

- Turn on "debug ip icmp" on both PE routers. Hookup GSR between PE2 and PE3, ping again and see if it works. Ping from each side of PE and see one-way traffic works. If it still fails try step3.

Step3:

Change VLAN ID to anything below 1000 ID on all 3 boxes. (keep the icmp debugs on)

And if it still fails clear the intf counters and recollect stats from intf and LC. This time if you can also collect following show cmd would be bit helpful

s control tof wahoo phb 0 0 0

Ethernet Local switching is supported on GSR/E5 LC, definitely some basic stuff is broken...

thanks,

rahul.

Actions

This Discussion