Guest

Cisco ASR 9000 Series Aggregation Services Routers

L2 Switching Configuration to XR L2VPN Configuration Conversion Process

Document ID: 116500

Updated: Feb 14, 2014

Contributed by Manuel Irizarry, David Powers, and Samuel Milstead, Cisco TAC Engineers.

   Print

Introduction

This document describes how to convert a Cisco IOS® Layer 2 switching configuration to a Cisco IOS XR Layer 2 Virtual Private Network (L2VPN) configuration.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software but is restricted to 9000 Series Aggregated Service Router (ASR)-related hardware versions that use the Ethernet Virtual Circuit (EVC) model in order to configure L2VPN. ASR 9000 Series routers use the EVC model while Carrier Routing System (CRS) routers that run Cisco IOS XR do not.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background Information

The ASR 9000 Series router does not follow the IEEE model of Layer 2 (L2) configuration, most notably 802.1Q and 802.1AD. Instead it uses the EVC model. The EVC model allows Cisco IOS XR to leverage the current 802.1Q VLAN tags in a new way. Traditionally, the VLAN tag defines the classification, the VLAN, the forwarding, and which Content Addressable Memory (CAM) table to use in order to perform a MAC address lookup. With the EVC model, this concept is decoupled in order to allow more flexibility and higher scale. The EVC model eliminates the Cisco IOS restriction of 4,096 VLANs maximum.

EVC uses these building blocks:

  • Ethernet Flow Point (EFP) - EFP is an L2 logical subinterface that is used in order to classify traffic under a physical or a bundle interface.

  • EVC - EVC is an end-to-end representation of a single instance of L2. An EFP is defined as an end-point of an EVC within a node. Because multiple EVCs can pass through one physical interface, the main purpose of an EFP configuration is to recognize the traffic that belongs to a specific EVC on that interface and to apply the forwarding behavior and features specific to that EVC.

  • Bridge Domain (BD) - A BD is an Ethernet broadcast domain internal to the device. The BD enables you to decouple the VLAN from the broadcast domain. The BD has one-to-many mappings with EFPs: all of the EFPs in a node for a specific EVC are grouped with use of the BD. If EFPs belong to the same BD and have the same BD number, then the EFPs receive traffic even if they have different VLAN numbers.

Problem

Cisco IOS XR on ASR 9000 Series routers uses the Ethernet Virtual Circuit (EVC) model. The EVC model does not have the concept of trunks, VLAN interfaces, or a Switch Virtual Interface (SVI). Trunks, VLAN Interfaces, and SVIs from Cisco IOS must be converted to Cisco IOS XR configurations via sub-interfaces, L2VPN BDs, and Bridge Virtual Interfaces (BVIs). The EVC model might be new to some Cisco IOS users when they first migrate to Cisco IOS XR.

Solution

The configuration on Cisco IOS XR consists of three steps:

  1. Create the EFP via configuration of an interface or sub-interface with the l2transport option, which represents a VLAN.

  2. Create a BD in order to group the EFPs.

  3. When Layer 3 (L3) SVIs are needed, configure via interface BVI in Cisco IOS XR, instead of interface vlan in Cisco IOS, in order to provide basic L3 functions for the L2 interfaces that belong to the BD.

Note: BVI interfaces do not support VLAN tags; so in order for the BVI to handle the ingress traffic on the EFP, the VLAN tag must be popped on ingress and added on egress. This is completed with the rewrite command.

Convert a Configuration

This example illustrates how to convert a configuration from Cisco IOS to Cisco IOS XR.

IOS Configuration

interface GigabitEthernet3/13
switchport
switchport access vlan 4
speed 1000
duplex full
!
interface GigabitEthernet3/14
switchport
switchport access vlan 130
speed 1000
duplex full
!
interface GigabitEthernet3/15
switchport
switchport access vlan 133
speed 1000
duplex full
!
interface TenGigabitEthernet13/3
description IOS Trunk
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1*,4,130,133
switchport mode trunk
no ip address
!
interface Vlan 4
ip address 10.10.4.1 255.255.255.0

interface Vlan 130
ip address 10.10.130.1 255.255.255.0
!

*Vlan 1 is the native vlan

Create an EFP interface. Cisco IOS XR implements a structured CLI for EFP and EVC configuration. In order to configure an EFP, use these interface configuration commands:

  • l2transport command - This command identifies a subinterface, a physical port, or a bundle-port parent interface as an EFP.

  • encapsulation command - This command is used in order to specify VLAN-matching criteria.

  • rewrite command - This command is used in order to specify the VLAN tag rewrite criteria.

ASR 9000 Configuration for Interfate TenGigabitEhternet 13/3 (Trunk Port)

interface GigabitEthernet 0/0/0/1
!
interface GigabitEthernet 0/0/0/1.1 l2transport
encapsulation dot1q untagged **
!

interface GigabitEthernet 0/0/0/1.4 l2transport
encapsulation dot1q 4
rewrite ingress tag pop 1 symmetric

interface GigabitEthernet 0/0/0/2
!
interface GigabitEthernet 0/0/0/2.130 l2transport
encapsulation dot1q 130
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet 0/0/0/3
!
interface GigabitEthernet 0/0/0/3.133 l2transport
encapsulation dot1q 133
rewrite ingress tag pop 1 symmetric
!
interface tengig0/0/0/0
!
interface tengig0/0/0/0.4 l2transport
no ip address
encapsulation dot1q 4
rewrite ingress tag pop 1 symmetric
!
interface tengig0/0/0/0.130 l2transport
no ip address
encapsulation dot1q 130
rewrite ingress tag pop 1 symmetric
!
interface tengig0/0/0/0.133 l2transport
no ip address
encapsulation dot1q 133
rewrite ingress tag pop 1 symmetric
!

In order to add the native VLAN 1, untag traffic, and create a l2transport sub-interface with dot1q untagged encapsulation. Use the encapsulation dot1q untagged command under a l2transport interface or a sub-interface if the port is connected to a port configure for switchport access in the IOS device.

Here is an example:

IOS:

interface Gigabitethernet 1/1
switchport
switchport access vlan 3

IOSXR:

interfage GigabitEthernet 0/1/1/1.1 l2transport
encapsulation dot1q untagged

After the EFP is created, a BVI interface can be created and added to the BD. The BVI interface is used in order to accommodate the interface VLAN in Cisco IOS.

interface BVI4
ipv4 address 10.10.4.1 255.255.0.0
!
interface BVI130
ipv4 address 10.130.1.1 255.255.0.0
!

The BVI interface number does not necessarily need to match the VLAN identifier. The same is true for the subinterface number of the L2 transport interfaces. However, for clarity in this example, the BVI number matches the dot1q tag as well as the EFP subinterface number.

In this example, an l2-VPN BD is created in order to bridge the EFPs and BVIs together:

l2vpn
bridge group VLAN4
bridge-domain VLAN4
interface ten0/0/0/0.4
!
interface GigabitEthernet 0/0/0/1.4
!
routed interface bvi4
!
!
bridge-domain VLAN130
interface ten0/0/0/0.130
!
interface GigabitEthernet 0/0/0/2.130
!
routed interface bvi130
!
!
bridge-domain VLAN133
interface ten0/0/0/0.133
!
interface GigabitEthernet 0/0/0/3.133
!
!
!
!

The Bridge Group (BG) is a non-functional configuration hierarchy that ties several BDs together in part of the same functional group. It functions just as the creation of multiple individual groups with their domains does, as opposed to one group with multiple domains.

Equivalent Commands

This table lists other commands available in Cisco IOS, and the equivalent commands in Cisco IOS XR configured under the BD:

IOSIOS XR
switchport block unicast}flooding unknown-unicast disable
switchport port-security maximummac limit maximum (range 5-512000)
switchport port-security violationmac limit action (flood, no-flood, shutdown) mac limit notification (both, none, trap)
mac address-table notification mac-moveNeed to configure the following: mac secure action none mac secure logging
switchport port-security mac-addressinterface x mac limit max y static-mac-address H.H.H

Related Information

Updated: Feb 14, 2014
Document ID: 116500