Getting around global VLANs - ASR1K

Started by netspork, September 29, 2017, 01:22:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

netspork

September 29, 2017, 01:22:24 AM
Bear with me - I do more sysadmin and web dev work these days.  My IOS heyday was like IOS 10 and 11.

So I'm probably missing an easy workaround to this problem.  I have an ASR-1002-X and multiple NNIs to some metro-ethernet providers. So far I've been able to specify VLANs when we order, so for example, provider 1, VLANs 100-200, provider 2, VLANs 201-300, etc. Now I have an NNI coming from another provider that does not allow me to specify the range of VLANs and they will overlap with the others.

From playing around with this, I see on the ASR that the VLANs are "global" to the router.  If I create a subint and vlan on one physical interface and then on another different physical interface, they see each other's traffic as if I've created a bridge.  I imagine there's a way to avoid that.  Pointers?

wintermute000

#1
September 29, 2017, 05:27:32 AM
Some ASR can do bridge domain interfaces to join the provider external vlan to your unique internal vlan. But as always caveats arise re bridge domain interfaces vs subs. Also complex logically

Metro Ethernet switchea like the old ME3400 range etc can also do vlan tag rewrites. This is probably simpler and straightforward (ie NAT the VLAN basically)

netspork

#2
September 29, 2017, 09:30:25 PM
Fudge.  I was hoping I was just mistaken...

Is there any sort of "virtualization" hack?  Like a layer-2 VRF for VLANs?

wintermute000

#3
October 01, 2017, 06:12:08 AM
Are you sure routed interfaces bridge locally?

netspork

#4
October 17, 2017, 01:43:00 PM
Yo, Szechuan Rick - what are you saying, maybe they don't? :)

I can setup a test case without breaking anyone, I'll check it out.

deanwebb

#5
October 17, 2017, 01:57:55 PM
Quote from: netspork on October 17, 2017, 01:43:00 PM
Yo, Szechuan Rick - what are you saying, maybe they don't? :)

I can setup a test case without breaking anyone, I'll check it out.

:showme:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

wintermute000

#6
October 17, 2017, 05:56:08 PM
I've done sub interfaces before with the same tag send they're all routing nicely and definitely not switching

RoDDy

#7
October 25, 2017, 11:21:46 AM Last Edit: October 25, 2017, 11:23:27 AM by RoDDy
Hey, how about trying bridge domains (not sure)? If you have them connected to different physical interfaces and have EFPs/Service instances defined then i believe that would work (example below).

Interface Gi0/0/1
service instance 1 ethernet
  description **Provider 1**
  encapsulation dot1q 100-200
  rewrite ingress tag pop 1 symmetric
  bridge-domain 1

Interface Gi0/0/2
service instance 2 ethernet
  description **Provider 2**
  encapsulation dot1q 201-300
  rewrite ingress tag pop 1 symmetric
  bridge-domain 2

Interface Gi0/0/3
service instance 3 ethernet
  description **Provider 3**
  encapsulation dot1q 201-300
  rewrite ingress tag pop 1 symmetric
  bridge-domain 3

So basically anything arriving on those interfaces with dot1q tags as defined will be placed in the bridge domain listed under the interface. From there you can do L2 / L3 to where ever.
Print
Go Up Pages1
User actions