 Feedback
|
Table Of Contents
Configuring Ethernet Virtual Connections on the Cisco ASR 1000 Series Router
Restrictions for Configuring EVCs on the Cisco ASR 1000 Series Router
Information About Configuring EVCs on the Cisco ASR 1000 Series Router
Encapsulation (Flexible Service Mapping)
Layer 3 and Layer 4 ACL Support
Flooding of Layer 2 Frames for Unknown MAC, Multicast, and Broadcast Addresses
Layer 2 Destination MAC Address-Based Forwarding
EFP, Bridge Domain, and BDI Support Based on the Cisco ASR 1000 Series Router Forwarding Processors
How to Configure EVCs on the Cisco ASR 1000 Series Router
Configuring an EFP and a Bridge Domain on the Cisco ASR 1000 Series Router
Configuration Examples for EVCs on the Cisco ASR 1000 Series Router
Example: Configuring EFPs on a Gigabit Ethernet Interface
Feature Information for Configuring EVCs on the Cisco ASR 1000 Series Router
Configuring Ethernet Virtual Connections on the Cisco ASR 1000 Series Router
First Published: November 24, 2010Last Updated: March 28, 2011Ethernet virtual circuit (EVC) infrastructure is a Layer 2 platform-independent bridging architecture that supports Ethernet services. This document describes the infrastructure and the features it supports on the Cisco ASR 1000 Series Aggregation Services Router.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Configuring EVCs on the Cisco ASR 1000 Series Router" section.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Restrictions for Configuring EVCs on the Cisco ASR 1000 Series Router
•
•
•
Restrictions for Configuring EVCs on the Cisco ASR 1000 Series Router
•
•
–
–
–
–
–
Information About Configuring EVCs on the Cisco ASR 1000 Series Router
The following topics are described in this section and provide background information for configuring EVCs on the Cisco ASR 1000 Series Router:
•
In Cisco IOS XE Release 3.2S and later releases, the following features are supported in the EVC infrastructure:
•
In Cisco IOS XE Release 3.3S, Layer 3 and Layer 4 protocol support was added. This support is described in the "Layer 3 and Layer 4 ACL Support" section.
EVCs
An EVC is defined by the Metro-Ethernet Forum (MEF) as an association between two or more user network interfaces that identifies a point-to-point or multipoint-to-multipoint path within the service provider network. An EVC is a conceptual service pipe within the service provider network. A bridge domain is a local broadcast domain that is VLAN-ID-agnostic. An Ethernet flow point (EFP) service instance is a logical interface that connects a bridge domain to a physical port.
An EVC broadcast domain is determined by a bridge domain and the EFPs that are connected to it. You can connect multiple EFPs to the same bridge domain on the same physical interface, and each EFP can have its own matching criteria and rewrite operation. An incoming frame is matched against EFP matching criteria on the interface, learned on the matching EFP, and forwarded to one or more EFPs in the bridge domain. If there are no matching EFPs, the frame is dropped.
You can use EFPs to configure VLAN translation. For example, if there are two EFPs egressing the same interface, each EFP can have a different VLAN rewrite operation, which is more flexible than the traditional switch port VLAN translation model.
Service Instances and EFPs
Configuring a service instance on a Layer 2 port creates a pseudoport or EFP on which you configure EVC features. Each service instance has a unique number per interface, but you can use the same number on different interfaces because service instances on different ports are not related.
An EFP classifies frames from the same physical port to one of the multiple service instances associated with that port, based on user-defined criteria. Each EFP can be associated with different forwarding actions and behavior.
When an EFP is created, the initial state is UP. The state changes to DOWN under the following circumstances:
•
•
•
•
Use the service instance ethernet interface configuration command to create an EFP on a Layer 2 interface and to enter service instance configuration mode. Service instance configuration mode is used to configure all management and control data plane attributes and parameters that apply to the service instance on a per-interface basis. On the Cisco ASR 1000 Series Router, the service instance number is the EFP identifier, an integer from 1 to 8000.
When you enter service instance configuration mode, you can configure these options:
•
•
•
•
•
•
Encapsulation (Flexible Service Mapping)
Encapsulation defines the matching criteria that map a VLAN, a range of VLANs, class of service (CoS) bits, Ethertype, or a combination of these to a service instance. VLAN tags and CoS can be a single value, a range, or a list. Ethertype can be a single type or a list of types.
Different types of encapsulations are default, dot1ad, dot1q, priority-tagged, and untagged. On the Cisco ASR 1000 Series Router, priority-tagged frames are always single-tagged. Valid Ethertypes (type) are ipv4, ipv6, pppoe-all, pppoe-discovery, and pppoe-session.
Encapsulation classification options also include:
•
•
•
•
•
•
When you configure an encapsulation method, you enable flexible service mapping, which allows you to map an incoming packet to an EFP based on the configured encapsulation.
The default behavior for flexible service mapping based on outer 802.1q and 802.1ad VLAN tag values is nonexact, meaning that when the EFP encapsulation configuration does not explicitly specify an inner (second) VLAN tag matching criterion, the software maps both single-tagged and double-tagged frames to the EFP as long as the frames fulfill the criteria of outer VLAN tag values. The command-line interface (CLI) does allow you to specify exact mapping with the exact keyword. If this keyword is specified, the EFP is designated as single-tagged-frame-only and double-tagged frames are not classified to that EFP.
Using the CLI encapsulation command in service-instance configuration mode, you can set encapsulation criteria. You must configure one encapsulation command per EFP (service instance). After you have configured an encapsulation method, these commands are available in service instance configuration mode:
•
•
Table 1 shows the supported encapsulation types.
If a packet entering or leaving a port does not match any of the encapsulations on that port, the packet is dropped, resulting in filtering on both ingress and egress. The encapsulation must match the packet on the wire to determine filtering criteria. On the wire refers to packets ingressing the router before any rewrites and to packets egressing the router after all rewrites.
Layer 3 and Layer 4 ACL Support
Beginning in Cisco IOS XE Release 3.3S, support was added for configuring IPv4 Layer 3 and Layer 4 ACLs on EFPs. Configuring an ACL on an EFP is the same as configuring an ACL on other types of interfaces; for example, Ethernet or asynchronous transfer mode (ATM). One exception is that ACLs are not supported for packets prefixed with a Multiprotocol Label Switching (MPLS) header, including when an MPLS packet contains either Layer 3 or Layer 4 headers of supported protocols.
An ACL configured on a main interface containing EFPs does not affect traffic through the EFPs.
To configure an IPv4 Layer 3 and Layer 4 ACL on an EFP, use the ip access-group command. An ACL configuration is shown in the "Configuring an ACL on an EFP" section.
Advanced Frame Manipulation
The Advanced Frame Manipulation feature allows you to specify the VLAN tag manipulation needed on both the incoming and outgoing frames of an EFP. These manipulations include PUSH, POP, and TRANSLATION of one or both VLAN tags.
The PUSH, POP, and TRANSLATION manipulations are as follows:
•
–
–
•
–
–
•
–
–
–
–
When a VLAN tag exists and a new one is added, the CoS field of the new tag is set to the same value as the CoS field of the existing VLAN tag; otherwise, the CoS field is set to a default of 0. Using QoS marking configuration commands, you can change the CoS marking.
EFPs and Layer 2 Protocols
On the Cisco ASR 1000 Series Router, EFPs treat the protocol data units (PDUs) of Layer 2 protocols as data frames. PDUs are forwarded as data frames.
Layer 2 protocols include Cisco Discovery Protocol, Dynamic Trunking Protocol (DTP), Link Aggregation Control Protocol (LACP), Link Layer Discovery Protocol (LLDP), Multiple Spanning Tree Protocol (MSTP), Port Aggregation Protocol (PAgP), Unidirectional Link Detection (UDLD), and VLAN Trunk Protocol (VTP).
Egress Frame Filtering
Egress frame filtering is performed to ensure that frames exiting an EFP contain a Layer 2 header that matches the encapsulation characteristics associated with the EFP. This filtering is done primarily to prevent unintended frame leaks and is always enabled on EFPs.
Bridge Domains
A bridge domain defines a broadcast domain internal to a platform and allows the decoupling of a broadcast domain from a VLAN. This decoupling enables per-port VLAN significance, thus removing the scalability limitations associated with a single per-device VLAN ID space. You can configure a maximum of 4096 EFPs per bridge domain.
A bridge domain interface (BDI) is used to support frame forwarding in a bridge domain at Layer 3. The BDI is a virtual interface that supports Layer 3 features. Each bridge domain can have only one BDI configuration.
If the destination MAC address in a frame received from one of the EFPs participating in a bridge domain matches the BDI MAC address, the frame is routed; otherwise, the frame is bridged. When the egress interface for a routed packet is the BDI interface, the frame is bridged using the destination MAC address.
Frames with broadcast and well-known multicast MAC addresses are also forwarded to the BDI.
The following sections describe support for bridge domains:
•
•
•
EFP, bridge domain, and BDI support based on the Cisco ASR 1000 Series Router forwarding processors are shown in Table 2 in the "EFP, Bridge Domain, and BDI Support Based on the Cisco ASR 1000 Series Router Forwarding Processors" section.
Ethernet MAC Address Learning
MAC address learning is always enabled and cannot be disabled.
Flooding of Layer 2 Frames for Unknown MAC, Multicast, and Broadcast Addresses
A Layer 2 frame with an unknown unicast or broadcast destination MAC address is flooded to all the EFPs in the bridge domain except to the originating EFP. A frame with a multicast MAC address is flooded to all the EFPs in the bridge domain. If the destination MAC address is a multicast MAC address, the frame is treated like a broadcast frame and sent to all the EFPs in the bridge domain.
When a frame with either a multicast or broadcast MAC address is flooded and a BDI is associated with the bridge domain, the frame is also flooded to the BDI.
Replication of frames involves recycling the frame several times. This recycling may have a negative effect on forwarding performance and reduce the packet forwarding rate for all features.
Layer 2 Destination MAC Address-Based Forwarding
When bridging is configured, a unicast frame received from an EFP is forwarded based on the destination Layer 2 MAC address. If the destination address is known, the frame is forwarded only to the EFP associated with the destination address.
Because bridge and EFP configurations are interrelated, bridging is supported only on EFPs. To support multiple bridge domains, MAC address entries are associated with the bridge domain of the EFP. Only unicast MAC addresses need to be dynamically learned.
EVC infrastructure does not modify frame contents. Each bridge domain can learn 1000 MAC addresses per second. The Layer 2 frame forwarding rate is 8 million packets per second (MPPS) if flooding is not involved.
MAC Address Aging
The dynamically learned MAC address entries in the MAC table are periodically aged out and entries that are inactive for longer than the configured time period are removed from the table. The supported range of aging-time values, in seconds, is 30 to 600 with a granularity of 1. The default is 5 minutes.
The aging-time parameter can be configured per bridge domain and is a relative value. The value is the aging time relative to the time a frame was received with that MAC address.
MAC Address Move
As stations (systems connected to the Cisco ASR 1000 Series Router through the EFP interface) move from one network to another, the interface associated with a MAC address changes.
MAC Address Table
The MAC address table is used to forward frames based on Layer 2 destination MAC addresses. The table consists of static MAC addresses downloaded from the route processor (RP) and the MAC addresses dynamically learned by the data path.
While the MAC Learning feature is enabled, an entry is added to the MAC table when a new unique MAC address is learned on the data path and an entry is deleted from the table when it is aged out.
Split Horizon Group
The split-horizon feature allows service instances in a bridge domain to join groups. Service instances in the same bridge domain and split-horizon group cannot pass data to each other but can forward data to other service instances that are in the same bridge domain and not in the same split-horizon group.
A service instance cannot join more than one split-horizon group. A service instance does not have to be in a split-horizon group. When a service instance does not belong to a group, it can send and receive data from all ports within the bridge domain.
One or more EFPs in a bridge domain may be configured for the same split horizon group, but when a frame is replicated to EFPs, that frame cannot be replicated to EFPs that are within the same split horizon group as the input interface. This restriction applies to MAC address frames that are either known or unknown unicast, broadcast, and multicast frames.
Two split horizon groups per bridge domain are supported on the Cisco ASR 1000 Series Router. You can configure a split horizon group using the bridge-domain CLI command with the split-horizon and group keywords. The group ID can be either 0 or 1.
All members of the bridge-domain that are configured with the same group ID are part of the same split-horizon group. EFPs that are not configured with an explicit group ID do not belong to any group.
EFP, Bridge Domain, and BDI Support Based on the Cisco ASR 1000 Series Router Forwarding Processors
Table 2 shows EFP, bridge domain, and BDI support based on the Cisco ASR 1000 Series Router forwarding processors.
How to Configure EVCs on the Cisco ASR 1000 Series Router
•
Configuring an EFP and a Bridge Domain on the Cisco ASR 1000 Series Router
Configuring a service instance on a Layer 2 port creates an EFP on which you can configure EVC features. Perform this task to configure an EFP.
Summary Steps
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Configuring an ACL on an EFP
Perform this task to configure an ACL on an EFP.
Summary Steps
1.
2.
3.
4.
5.
DETAILED STEPS
Configuration Examples for EVCs on the Cisco ASR 1000 Series Router
•
Example: Configuring EFPs on a Gigabit Ethernet Interface
interface GigabitEthernet0/0/1no ip addressnegotiation autoservice instance 1 ethernetencapsulation dot1q 201rewrite ingress tag translate 1-to-1 dot1q 300 symmetricbridge-domain 1!service instance 2 ethernetencapsulation defaultbridge-domain 1!service instance 3 ethernetencapsulation priority-taggedbridge-domain 2!Additional References
Related Documents
Standards
MIBs
CISCO-EVC-MIB
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:
Technical Assistance
Feature Information for Configuring EVCs on the Cisco ASR 1000 Series Router
Table 3 lists the features in this module and provides links to specific configuration information.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Table 3 Feature Information for Configuring EVCs on the Cisco ASR 1000 Series Router
ASR1000 EVC Infrastructure
Cisco IOS XE Release 3.2S Cisco IOS XE Release 3.3S
EVC infrastructure is a Layer 2 platform-independent bridging architecture that supports Ethernet services.
In Cisco IOS XE Release 3.2S, this feature was introduced on the Cisco ASR 1000 Series Router.
The following sections provide information about this feature:
•
•
The following commands are introduced or modified:
rewrite egress tag, rewrite ingress tag, and shutdown (bdomain).ASR1000 BD Infrastructure
Cisco IOS XE Release 3.2S
Bridge domain infrastructure is a Layer 2 platform-independent architecture that enables bridging.
In Cisco IOS XE Release 3.2S this feature was introduced on the Cisco ASR 1000 Series Router. The following sections provide information about support for this feature:
•
•
•
•
The following commands are introduced or modified:
bridge- domain (service instance), mac aging-time.ACL and QoS Enhancements to EVC Infrastructure in Cisco IOS XE Software
Cisco IOS XE Release 3.3S
Support for configuring Layer 3 and Layer 4 ACLs on EFPs was added in Cisco IOS XE Release 3.3S.
The following sections provide information about this feature:
•
The following commands are introduced or modified:
ip access-group.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2010-2011 Cisco Systems, Inc. All rights reserved.
