Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1072
Views
0
Helpful
5
Replies

Cisco gurus! help! Bridging and HSRP help! confusing scenario.

Go to solution
chanukavitanachy
Level 1
Level 1

‎07-15-2010 02:54 AM - edited ‎03-06-2019 12:02 PM

Hi Cisco Gurus,

I have to accommodate a core device, lets call it "bob" with two 7609 routers equipped with ES+ cards.

bob has two links towards each of the 7609's.  I need to associate the bob interfaces on a vrf called bob_vrf.

Here is the tricky part:

Bob has a default to an HSRP address which i need to facilitate on the routers since there is no connectivity between the two links coming from bob.  The 7609's also have a static route pointing to bob's vip address (vrrp).

I need to facilitate a link between the 7609's which will allow both the HSRP messages between the routers and VRRP messages from bob to be transported.

How would i do this?  Im working with a single vlan 10.  i need to somehow add a layer 2 inter router link between the 7609's to bridge traffic on this same vlan so gi1/1 from 7609 router 1 can reach gi1/1 on 7609 router 2.  This bridge also needs to be associated with the bob vrf.

Any ideas?

I have attached a diagram to highlight the issue and im hoping you might be able to help with a novel solution for this perhaps using service-instances and bridge domains.

problem.jpg

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Laurent Aubert
Cisco Employee
Cisco Employee
In response to chanukavitanachy

‎07-16-2010 05:50 AM

HI,

ES card implements EVC (Ethernet Virtual Circuit) framework based on Metro Ethernet Forum specification. Now your VLAN id scope is limited to your port and there is no more default VLAN manipulation like you have with classical LAN LC. That's why you have to explicitly pop your VLAN ID before sending the packet to Layer 3 engine. The symmetrical keyword will add the VLAN ID back to the packet before sending it to the wire.

HTH

Laurent.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Laurent Aubert
Cisco Employee
Cisco Employee

‎07-15-2010 06:20 AM

Hi,

you need to move your L3 config to a SVI interface:

interface vlan 10

ip address 10.1.1.x 255.255.255.248

ip vrf forwarding bob-vrf

standby 1 ip ..

...

!

interface Gig1/1

switchport access vlan 10

!

interface Gig1/2

switchport access vlan 10

!

This way you are able both route and bridge traffic for VLAN 10.

HTH

Laurent.

0 Helpful

Go to solution
chanukavitanachy
Level 1
Level 1
In response to Laurent Aubert

‎07-15-2010 08:50 PM

Hi Laurent,

Thanks for getting back to me.  I was not aware that we could run HSRP over a VLAN interface.  But i still have a few complications.

The link between the routers is a 2x10g bundled port channel interface which also has multiple IP subinterfaces. How would i solve this?

Im trying the following.


##7609-R1##

!
interface Vlan10
ip vrf forwarding BOB
ip address 10.1.1.2 255.255.255.248
standby 1 ip 10.1.1.1
standby 1 priority 110
standby 1 preempt
end
!
interface Port-channel1
no ip address
service instance 10 ethernet
  encapsulation dot1q 10
  bridge-domain 10
!

##7609-R2##

!
interface Vlan10
ip vrf forwarding BOB
ip address 10.1.1.3 255.255.255.248
standby 1 ip 10.1.1.1
end
!
interface Port-channel1
no ip address
service instance 10 ethernet
  encapsulation dot1q 10
  bridge-domain 10
!

Cant get this to work so far, any suggestions?

BR//

Chanuka

0 Helpful

Go to solution
chanukavitanachy
Level 1
Level 1
In response to chanukavitanachy

‎07-16-2010 01:46 AM

Ok, think i worked it out. i was missing the:

"rewrite ingress tag pop 1 symmetric" command within the service instance.  Seems to be working fine now.

Im wondering if someone can explain to me what "rewrite ingress tag pop 1 symmetric" actually does?  is it remarking the incoming vlan id to the bridge domain? and why would i need it if this encapsulation and the bridge domain are the same?


##7609-R1##

!
interface Vlan10
ip vrf forwarding BOB
ip address 10.1.1.2 255.255.255.248
standby 1 ip 10.1.1.1
standby 1 priority 110
standby 1 preempt
end
!
interface Port-channel1
no ip address
service instance 10 ethernet
  encapsulation dot1q 10

  rewrite ingress tag pop 1 symmetric
  bridge-domain 10
!

##7609-R2##

!
interface Vlan10
ip vrf forwarding BOB
ip address 10.1.1.3 255.255.255.248
standby 1 ip 10.1.1.1
end
!
interface Port-channel1
no ip address
service instance 10 ethernet
  encapsulation dot1q 10

  rewrite ingress tag pop 1 symmetric
  bridge-domain 10
!

0 Helpful

Go to solution
Laurent Aubert
Cisco Employee
Cisco Employee
In response to chanukavitanachy

‎07-16-2010 05:50 AM

HI,

ES card implements EVC (Ethernet Virtual Circuit) framework based on Metro Ethernet Forum specification. Now your VLAN id scope is limited to your port and there is no more default VLAN manipulation like you have with classical LAN LC. That's why you have to explicitly pop your VLAN ID before sending the packet to Layer 3 engine. The symmetrical keyword will add the VLAN ID back to the packet before sending it to the wire.

HTH

Laurent.

0 Helpful

Go to solution
chanukavitanachy
Level 1
Level 1
In response to Laurent Aubert

‎07-18-2010 06:56 PM

Perfect!

Thanks Laurent,  Its all starting to make sence now.

Best Regards,

Chanuka

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card