Lets talk L2VPN with VIRL

OK so lets talk what is passing and failing at the moment in VIRL, here is the topology:

https://i.imgur.com/FWtyRxY.jpg

the original idea was to see if on VIRL version 1.0 any l2vpn data-plane worked on IOS-XRv.  I had read that local bridging was supposed to work and I was excited to test that as well.  Before any of this lets talk about the SP core.  the 4 devices run ISIS and MPLS LDP, very vanilla very easy.   My first test was to get connectivity to the "ACCESS" for mgmt, this did work via an normal Ethernet trunk but failed with an l2transport style trunk.

1a. PASS via normal trunk style sub-if config, MGMT works:

interface GigabitEthernet0/0/0/2
 description TO+ACCESS-2+GE0/1
!
interface GigabitEthernet0/0/0/2.2
 description CUSTOMER-RED
 encapsulation dot1q 2
!
interface GigabitEthernet0/0/0/2.3
 description CUSTOMER-BLUE
 encapsulation dot1q 3
!
interface GigabitEthernet0/0/0/2.99
 description ACCESS-2-MGMT
 ipv4 address 10.10.20.1 255.255.255.0
 encapsulation dot1q 99
!

RP/0/0/CPU0:PE-2#ping 10.10.20.10
Tue Jan 26 18:32:32.096 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.20.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
RP/0/0/CPU0:PE-2#


1b. FAIL via l2transport style trunk(MGMT does not work, no L2VPN config works):

interface GigabitEthernet0/0/0/2
 description TO+ACCESS-1+GE0/1
!
interface GigabitEthernet0/0/0/2.2 l2transport
 description CUSTOMER-RED
 encapsulation dot1q 2
 rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/2.3 l2transport
 description CUSTOMER-BLUE
 encapsulation dot1q 3
 rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/2.99 l2transport
 description ACCESS-1-MGMT
 encapsulation dot1q 99
 rewrite ingress tag pop 1 symmetric
!

interface BVI99
 ipv4 address 10.10.10.1 255.255.255.0

!

l2vpn
 bridge group MGMT
  bridge-domain MGMT
   interface GigabitEthernet0/0/0/2.99
   !
   routed interface BVI99
  !

RP/0/0/CPU0:PE-1#ping 10.10.10.10
Tue Jan 26 18:33:45.800 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)


With the above results I moved to test 3 scenarios for connectivity, I tested each scenario via a normal trunk first and then via the l2transport style trunk second, the output for each one below shows the l2transport style trunk, which is almost identical to the normal trunk.


2a. AC is QnQ on the ACCESS switch BUT the device is not sending any tags, so its more of an EP-LINE (I think?).

CUSTOMER-RED's CE's are setup like this:

interface GigabitEthernet0/1
 ip address 10.10.10.X 255.255.255.252
 duplex auto
 speed auto
 media-type rj45


THE ACCESS switches are setup like this (in VTP transparent with the VLAN created, just a note I was not able to change the switch system mtu to 1504):

interface GigabitEthernet0/2
 description TO+CE-RED-1
 switchport access vlan 2
 switchport mode dot1q-tunnel
 media-type rj45
 negotiation auto
 l2protocol-tunnel cdp
 no cdp enable
!

THE PE is setup like this:

interface GigabitEthernet0/0/0/2.2 l2transport
 description CUSTOMER-RED
 encapsulation dot1q 2
 rewrite ingress tag pop 1 symmetric

!

l2vpn
 bridge group CUSTOMERS
  bridge-domain CUSTOMER-RED
   interface GigabitEthernet0/0/0/2.2
   !
   vfi CUSTOMER-RED
    neighbor 192.168.1.2 pw-id 2
    !

Result: FAIL for data-plane, PASS for control plane


2b. AC is an normal vlan setup on the ACCESS switch BUT the device is not sending any tags, again more of an EP-LINE (I think?).

CUSTOMER-BLUE's CE's are setup like this:

interface GigabitEthernet0/1
 ip address 10.10.10.X 255.255.255.252
 duplex auto
 speed auto
 media-type rj45


THE ACCESS switches are setup like this (in VTP transparent with the VLAN created):

interface GigabitEthernet0/3
 description TO+CE-BLUE-1
 switchport access vlan 3
 media-type rj45
 negotiation auto
 no cdp enable
!

THE PE is setup like this:

interface GigabitEthernet0/0/0/2.3 l2transport
 description CUSTOMER-BLUE
 encapsulation dot1q 3
 rewrite ingress tag pop 1 symmetric

!

l2vpn
 bridge group CUSTOMERS
  bridge-domain CUSTOMER-BLUE
   interface GigabitEthernet0/0/0/2.3
   !
   vfi CUSTOMER-BLUE
    neighbor 192.168.1.2 pw-id 3
    !

Result: FAIL for data-plane, PASS for control plane

2c. AC's are attached to PE-2 directly in hopes that local bridging does work.  This was going to be more of an EP-LAN (as the 3rd CE sits on PE-1) but again when the local bridging died I didn't bother to add the VFI into the bridge-group.

CUSTOMER-ORANGES's CE's are setup like this:

interface GigabitEthernet0/1
 ip address 10.10.10.X 255.255.255.0
 duplex auto
 speed auto
 media-type rj45


THE PE is setup like this:

interface GigabitEthernet0/0/0/3
 description CUSTOMER-ORANGE
 l2transport
 !
!
interface GigabitEthernet0/0/0/4
 description CUSTOMER-ORANGE
 l2transport

!

l2vpn
 bridge group CUSTOMERS
  bridge-domain CUSTOMER-ORANGE
   interface GigabitEthernet0/0/0/3
   !
   interface GigabitEthernet0/0/0/4
    !

Result: FAIL for data-plane, PASS for control plane

The commands/output that were used to test are:

RP/0/0/CPU0:PE-2#show l2vpn bridge-domain brief
Tue Jan 26 19:07:02.554 UTC
Legend: pp = Partially Programmed.
Bridge Group:Bridge-Domain Name  ID    State          Num ACs/up   Num PWs/up
-------------------------------- ----- -------------- ------------ -------------
MGMT:MGMT                        3     up             2/2          0/0          
CUSTOMERS:CUSTOMER-RED           0     up             1/1          1/1          
CUSTOMERS:CUSTOMER-BLUE          1     up             1/1          1/1          
CUSTOMERS:CUSTOMER-ORANGE        2     up             2/2          0/0   

RP/0/0/CPU0:PE-2#show l2vpn bridge-domain hardware location 0/0/CPU0
Tue Jan 26 19:07:27.932 UTC
Bridge group: MGMT, bridge-domain name: MGMT, id:3
  No FGID information
Bridge group: CUSTOMERS, bridge-domain name: CUSTOMER-RED, id:0
  No FGID information
Bridge group: CUSTOMERS, bridge-domain name: CUSTOMER-BLUE, id:1
  No FGID information
Bridge group: CUSTOMERS, bridge-domain name: CUSTOMER-ORANGE, id:2
  No FGID information


SO in short, VIRL will be little to no help still for your CCIE-SP L2VPN.  The reason I am putting this out there is in hopes that people can review my configurations and verify I am not missing anything.  The large gap in terminology from the CCIE-SP v3 (things were much more cut and dry, ie VPLS, Pseudowire etc) vs CCIE-SP v4 things are much more MEF related.  I am having trouble getting my head around the MEF naming (E-LINE, EP-LINE, EVP-LINE, E-LAN, EV-LAN, EVP-LAN etc) since I cant practice them non stop to drill it into my head. I am also newer to the idea of Ethernet AC's via an ACCESS switch.  In the future when the local bridging works I will test g8032 between a PE and 2 ACCESS switches.

Just a note, I have tested the pseudowire configs on VIRL in the past and I can confirm they do work control plane (as expected) but of course no data-plane.  I have not retested them since.


I hope this helps people who are having some issues with L2VPN and what currently works/doesn't work.

Comments

  • my first and only question is:

    is there a difference in the trunk style on the PE of a normal dot1q using sub-interfaces  VS the "l2transport" with sub interfaces?

  • UPDATE(some progress on local p2p style x-connects): THEY WORK!

    on PE2:

    interface GigabitEthernet0/0/0/3
     description CUSTOMER-ORANGE
     l2transport
     !
    !
    interface GigabitEthernet0/0/0/4
     description CUSTOMER-ORANGE
     l2transport
     !

    l2vpn
     xconnect group CUSTOMERS
      p2p CUSTOMER-ORANGE
       interface GigabitEthernet0/0/0/3
       interface GigabitEthernet0/0/0/4
      !

     

    on the CE:

     

    interface GigabitEthernet0/1
     ip address 10.10.10.2 255.255.255.0
     duplex auto
     speed auto
     media-type rj45
    end

    CE-ORANGE-2#ping 10.10.10.3
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.10.10.3, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
    CE-ORANGE-2#show cdp nei
    Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                      S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                      D - Remote, C - CVTA, M - Two-port Mac Relay

    Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
    CE-ORANGE-3      Gig 0/1           126              R B             Gig 0/1

    Total cdp entries displayed : 1

     

    oh my.

Sign In or Register to comment.