Configuring spanning tree for a BDI on ASR.

stevecox · ‎03-28-2014

We are migrating from a Cisco 7304 to a ASR 1002-X for our Internet router. Previously in the 7304 we used a BVI with our primary and redundant physical interfaces that connected to our service provider. Spanning tree was used on the physical interfaces to control the traffic flow for these redundant connections. The attached diagram shows the topology. I have not found a method like spanning tree to control traffic when using the bridge domain. We are not running any routing protocol for our Internet connection between ourselves and our service provider. We only use a static route pointing to their address on the other side of the /30 network for all Internet traffic. I currently have one of the interfaces shutdown to make sure I don't have a loop present. Has anyone had experience with a similar situation that might be able to provide some insight? My current configuration is:

bridge-domain 100

!

interface GigabitEthernet0/0/0 ip address 67.xxx.xxx.254 255.255.255.0 negotiation auto

!

interface GigabitEthernet0/0/1

description Primary connection

no ip address

negotiation auto

service instance 100 ethernet

encapsulation untagged

bridge-domain 100

!

interface GigabitEthernet0/0/2

description Backup connection

no ip address

negotiation auto

service instance 100 ethernet

encapsulation untagged

bridge-domain 100

!

interface BDI100

ip address 24.xxx.xxx.xxx 255.255.255.252

Ruben Cocheno · ‎04-04-2014

Hi

Look This

http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-2/interfaces/configuration/guide/hc42asr9kbook/hc42irb.html#wp1016819

Rate if you liked

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

ppalmerjr · ‎09-13-2016

I'm curious, did you ever get this figured out. I have a similar scenario and have some funky behavior so far.

stevecox · ‎09-20-2016

We have since moved away from this configuration with a new service provider but I had the service provider at that time tag a vlan 100 on their side and configured our side as shown below.

bridge-domain 100

!

bridge irb

!

interface TenGigabitEthernet0/2/0

no ip address

shutdown

service instance 100 ethernet

encapsulation dot1q 100

bridge-domain 100

!

interface TenGigabitEthernet0/3/0

no ip address

service instance 100 ethernet

encapsulation dot1q 100

bridge-domain 100

!

interface BDI100

ip address 24.xxx.xxx.xxx 255.255.255.252

encapsulation dot1Q 100

rhirano81 · ‎11-22-2016

I implemented the same and it worked for me without any performance issue complained so far but we're facing a lot of retransmission, duplicated packets received in the other end, packets being sent to both interfaces even if the destination is a known mac-address listed in show bridge-domain table, excessive amount of multicast. Did you experienced the same? In my case I have redundant Checkpoint firewalls in the other end and couldn't find the reason of this behavior.

I'll list below some shows I think it'd help you to understand.

!## members of bridge-domain ##

Bridge-domain 100 (3 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
BDI100 (up)
GigabitEthernet0/0/3 service instance 100
GigabitEthernet0/0/4 service instance 100

!## show interfaces ##

GigabitEthernet0/0/3 is up, line protocol is up
Hardware is 6XGE-BUILT-IN, address is <mac-address>
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 14/255, rxload 21/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is force-up, media type is T
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 3d18h, output 00:05:20, output hang never
Last clearing of "show interface" counters 2d05h
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 85563000 bits/sec, 20818 packets/sec
5 minute output rate 56228000 bits/sec, 19891 packets/sec
2349572630 packets input, 1387111196441 bytes, 0 no buffer
Received 3188 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1453078 multicast, 0 pause input
2133773997 packets output, 1035365749547 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

GigabitEthernet0/0/4 is up, line protocol is up
Hardware is 6XGE-BUILT-IN, address is <mac-address>
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 10/255, rxload 30/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is T
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 3d19h, output 00:05:21, output hang never
Last clearing of "show interface" counters 2d05h
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 117701000 bits/sec, 18131 packets/sec
5 minute output rate 40887000 bits/sec, 14102 packets/sec
1686231805 packets input, 1248717736692 bytes, 0 no buffer
Received 7 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1480020 multicast, 0 pause input
1547107873 packets output, 799906960922 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

!## sh int sum ## - There are much more bits/packets sent/received in the physical interfaces than in the BDI, is it an expected behavior?

IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count

Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
-----------------------------------------------------------------------------------------------------------------
* GigabitEthernet0/0/3 0 0 0 0 85435000 20962 54889000 19862 0
* GigabitEthernet0/0/4 0 0 0 0 115482000 17832 39649000 14087 0
* BDI100 0 0 0 0 159956000 24672 54757000 19790 0

stevecox · ‎11-23-2016

We never saw any of these issues when this was implemented for our Internet connections. Spanning tree always had one interface forwarding and the other blocked. We never had any retran or multicast issue.