ASR9K & 7600 Interop for L2VPN

Unanswered Question
Mar 10th, 2010

Hi all,

appreciate some pointers here. This is with regards to metroE. Pls find attached the jpeg file with configs that i've included for an issue that i'm facing. Current setup is i have 1 x ASR9K as NPE and 1 x 7600 as NPE (with ES+ card connected to MPLS core, WS-X67xx card connected to ME3400 UPE switch running as .1Q trunk).

Both routers are running EPL (QinQ) pseudowire however, on ASR9K s-vlan is 100, on 7600 s-vlan is 101. I verified on the actual routers, 7600 & ASR9K establishes a VLAN mode pw and negotiates to vc-type 5 (default), thus on 7600, AFAIK s-vlan 101 is service-delimiter vlan and will be stripped prior to tunneling data into pw (traffic going from right to left). This would mean only c-vlan 10 + data is taken as payload before slapping on the mpls labels (igp label & vc label) and sending it off towards asr9K. As for ASR9K, AFAIK the service-delimiter vlan has to be manually "popped" with the cmd "rewrite ingress tag pop 1" (traffic going from left to right). For ensuring symmetric tag operations, (traffic right to left) "symmetric" keyword is used with the cmd "rewrite ingress tag pop 1". The way I look at it, it should work but it isn't.

So i've reconfigured on asr9k to use "rewrite ingress tag translate 1-to-1 dot1q 101 symmetric" and then traffic between two endpoints has reachability!!

assuming traffic direction is from left to right...what confuses me most is the fact that asr9k performs a translation of the s-vlan from 100 to 101 and then takes c-vlan, s-vlan (and data) as payload prior to tunneling it into pw towards 7600. When it reaches 7600, wouldn't it be triple tagged (9k_c-vlan=10 + 9k_c-vlan=101 + 76_c-vlan=101) and thus gets dropped when it finally sends out from upe to cpe?

and while traffic direction from right to left, 7600 strips s-vlan 101 since its service-delimiter, exposing c-vlan=10 + data and tunneling it into pw towards asr9k. when it reaches asr9k, it would rewrite c-vlan=10 to 100, no? totally confused, but with "translate 1-to-1" it works...

Thanks in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Laurent Aubert Wed, 03/10/2010 - 20:33

Hi,

I agree with you, it looks weird as the pop action is the right configuration. But I noticed the following:

- vc-id is not matching as you have 300 on one side and 100 on the other side.

- Also the interface number on the ASR9k is different (.300 vs .100) and the xconnect group is missing.

- uPE2 is not configured for Dot1Q tunneling

Could you double-check those points ? They may be only typo issues..so please update your drawing

Thanks

Laurent.

frenzeus Wed, 03/10/2010 - 22:27

Hi Laurent,

My apologies.. i was working on the diagram late night. But i can assure that the right configs were used. Pls find attached the updated diagram.. i'll post the configs & sh output in a while. Yes, AFAIK, it should be "pop" instead of "translate".

frenzeus Wed, 03/10/2010 - 23:11

hey laurent,

pls find the configs n show output. 2 files, "translate-working.txt" uses "rewrite ingress tag translate" which is working while "pop-not working.txt" uses "rewrite ingress tag pop" which is not working currently.

appreciate the tip.

Laurent Aubert Thu, 03/11/2010 - 07:45

Hi,

Thanks for the update. With the pop option, do you see the 7600 forwarding any packets on the AC ?

Packets capture on the AC will definitely help to find out who is not behaving as expected.

Thanks

Laurent.

frenzeus Mon, 03/15/2010 - 18:43

Hi Laurent,

Apparently the configs applied are working now. No changes made from my end though. Tx for the help.

judebryant Thu, 03/11/2010 - 13:05

Actually,

If you use 'switchport" on a 7600 router, the switching is done per software.

This taxes CPU and memory

I would use a service instance with bridge-domain.

example

instead of;

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

I would use

service instance 99 ethernet

encapsulation dot1q default

bridge-domain 99

this puts an stag of 99 on the ingress packets.  the dot1q default is similiar to dot1q tunnel you have on the other end.

your processing is hardware based thus not utilizing router resources.

Regards

Jude Bryant

Pioneer Telephone

Actions

This Discussion