Text only | Text with Images

Networking-Forums.com

Professional Discussions => Routing and Switching => Topic started by: netspork on September 29, 2017, 01:22:24 AM

Title: Getting around global VLANs - ASR1K
Post by: netspork on September 29, 2017, 01:22:24 AM
Bear with me - I do more sysadmin and web dev work these days.  My IOS heyday was like IOS 10 and 11.

So I'm probably missing an easy workaround to this problem.  I have an ASR-1002-X and multiple NNIs to some metro-ethernet providers. So far I've been able to specify VLANs when we order, so for example, provider 1, VLANs 100-200, provider 2, VLANs 201-300, etc. Now I have an NNI coming from another provider that does not allow me to specify the range of VLANs and they will overlap with the others.

From playing around with this, I see on the ASR that the VLANs are "global" to the router.  If I create a subint and vlan on one physical interface and then on another different physical interface, they see each other's traffic as if I've created a bridge.  I imagine there's a way to avoid that.  Pointers?
Title: Re: Getting around global VLANs - ASR1K
Post by: wintermute000 on September 29, 2017, 05:27:32 AM
Some ASR can do bridge domain interfaces to join the provider external vlan to your unique internal vlan. But as always caveats arise re bridge domain interfaces vs subs. Also complex logically

Metro Ethernet switchea like the old ME3400 range etc can also do vlan tag rewrites. This is probably simpler and straightforward (ie NAT the VLAN basically)
Title: Re: Getting around global VLANs - ASR1K
Post by: netspork on September 29, 2017, 09:30:25 PM
Fudge.  I was hoping I was just mistaken...

Is there any sort of "virtualization" hack?  Like a layer-2 VRF for VLANs?
Title: Re: Getting around global VLANs - ASR1K
Post by: wintermute000 on October 01, 2017, 06:12:08 AM
Are you sure routed interfaces bridge locally?
Title: Re: Getting around global VLANs - ASR1K
Post by: netspork on October 17, 2017, 01:43:00 PM
Yo, Szechuan Rick - what are you saying, maybe they don't? :)

I can setup a test case without breaking anyone, I'll check it out.
Title: Re: Getting around global VLANs - ASR1K
Post by: deanwebb on October 17, 2017, 01:57:55 PM
Quote from: netspork on October 17, 2017, 01:43:00 PM
Yo, Szechuan Rick - what are you saying, maybe they don't? :)

I can setup a test case without breaking anyone, I'll check it out.

:showme:
Title: Re: Getting around global VLANs - ASR1K
Post by: wintermute000 on October 17, 2017, 05:56:08 PM
I've done sub interfaces before with the same tag send they're all routing nicely and definitely not switching
Title: Re: Getting around global VLANs - ASR1K
Post by: RoDDy on October 25, 2017, 11:21:46 AM
Hey, how about trying bridge domains (not sure)? If you have them connected to different physical interfaces and have EFPs/Service instances defined then i believe that would work (example below).

Interface Gi0/0/1
service instance 1 ethernet
  description **Provider 1**
  encapsulation dot1q 100-200
  rewrite ingress tag pop 1 symmetric
  bridge-domain 1

Interface Gi0/0/2
service instance 2 ethernet
  description **Provider 2**
  encapsulation dot1q 201-300
  rewrite ingress tag pop 1 symmetric
  bridge-domain 2

Interface Gi0/0/3
service instance 3 ethernet
  description **Provider 3**
  encapsulation dot1q 201-300
  rewrite ingress tag pop 1 symmetric
  bridge-domain 3

So basically anything arriving on those interfaces with dot1q tags as defined will be placed in the bridge domain listed under the interface. From there you can do L2 / L3 to where ever.
Text only | Text with Images