Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Layer 2 VPN ( MPLS, EVC) questions


Hi everybody

We have a customer for whom  we provide layer 2 transit between its two locations using mpls as shown below

( I am omiiting a lot of details, just focusing on the main question that i have )

CE1( sanjose)-----gig 0/1-router1---Mpls cloud--------router2------CE2 ( LA)

There is packet loss going on , I am trying to isolate the portion causing all this loss. This is layer2 vpn so we can not use ping.

Focusing on router 1, that is how the traffic from CE1  flows:

Traffic from CE1 is received with vlan tag 449, on service instance 449, where we strip the tag on ingress, and sends it over PW across MPLS core to router 2 as shown below


int gig 0/1

service instance 449 ethernet
 encapsulation dot1q 449
 rewrite ingress tag pop 1 symmetric
xconnect  456  encapsulation mpls

I am going to run following test

CE1 is assigned


On my router1

I first verify there is no bridge-domain 22 exist, verify no vlan 22 exist

Then i configure the following:

vlan 22

bridge-domain 22

int vlan 22
ip address

int gig 0/1

service instance 449 ethernet
encapsulation dot1q 449
rewrite ingress tag pop 1 symmetric
bridge-domain 22

xconnect  456  encapsulation mpls


My understanding is that is how traffic from CE1 to  flows now:

 CE1 issues ping destined to, Frames with vlan 449  from CE1 ,accepted on service instance 449 on gig 0/1, tag is removed, then mac-table of bridge domain 22 is looked up, since the destination mac is mac address of int vlan 22, the frame is then forwarded to int vlan 22 , router1 will simply  send the ping reply back to CE1. Xconnect encapsulation mpls will not cause any issue as the mac-address in pings from CE1 points to int vlan 22 not to xconnect 456 encapsulation mpls when the mac-table of bridge domain 22 is looked up.

Am i correct ?or do i have to remove xconnect 456 encapsulation 456 command in order for pings from CE1 to Router1 work ?




Order of operations:


Below I am trying to understand the order of operation . Please consider the following example


Router 1:


service instance 2020 etherne
  encapsulation dot1q 222
  rewrite ingress tag pop 1 symmetric
 bridge-domain 123

  xconnect  234 encapsulation mpls
   mtu 1500

Let say router1 receives a packet with vlan tag 222,router1 removes the tag, what will Router1 do next ?  Will router 1 first check tha mac-table of bridge-domain 222  to match destination mac in the packet? OR will router 1 simply send the packet over PW to ?




CreatePlease to create content