IOS-XR has a structure that is very different than standard IOS. I would recomend checking the different documentation at Cisco.com this post is not going to explain things like having to commit a config before it is applied… etc, but rather I am going to assume you have read the getting started guide.
The project that lead to me being exposed to an ASR9000 is a network migration that is replacing a pair of 7200 routers and a 3750 switch (which is only being used for layer2 features) with a single ASR9000 with Redundant RSPs. The ASR has a 40 port gig module and a 4 port 10 gig module. To replace the switch I need to add ports to a “vlan” and trunk those vlans to downstream switches at other pops. After digging around I found that unlike a stanards IOS Router or multi-layer switch you do not associate ports with a “vlan” rather you set the the control-plane and data-plane features seperatly. In the following config port GigabitEthernet0/1/0/0 is set to use subinterface .1 as untagged and tag on subinterfaces 2 and 3. Port GigabitEthernet0/1/0/2 is configured to tag subinterfaces 1 and 3 and not tag subinterface .2. Last port GigabitEthernet0/1/0/3 is configured to use subinterface 3 untagged. On the Tagged ports notice that we are rewriting one tag, you have many other options available including pushing different tags on with outbound traffic and popping off other inbound tags, you also have options to manipulate double-tagging. You can find more information in the Interface Configuration Guide and L2VPN and Ethernet Services Configuration Guide
!
interface GigabitEthernet0/1/0/0
negotiation auto
!
interface GigabitEthernet0/1/0/0.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/0.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/1/0/0.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/1/0/1
negotiation auto
!
interface GigabitEthernet0/1/0/1.1 l2transport
encapsulation dot1q 1
encapsulation untagged
!
interface GigabitEthernet0/1/0/1.2 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/1.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/1/0/3
negotiation auto
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation untagged
!
To create a vlan-like bridging enviroment you need to add a “bride group” to the l2vpn configure section. I will show an example of setting up a “bridge group” to simulate vlan 2.
!
l2vpn
bridge group 2
bridge-domain BD_2
interface GigabitEthernet0/1/0/0.2
!
interface GigabitEthernet0/1/0/1.2
!
!
!
!
Note that you add the ports to the brige group not at the port level, but in a different configuration section. Again note how IOS-XR keeps the data-plane and control-plane information sepperate, which give you some very powerful options. What if we need not only to simulate a vlan, but also a vlan interface. To simulate a vlan interface where you can add an ip you create a BVI (bridge-group virtual interface) interface. below is how you create a BVI interface and associate it with a bridge-group.
!
interface BVI1
description Internal LAN
ipv4 address 192.0.2.1 255.255.255.0
!
Last you need to add the BVI to a bridge group
!
l2vpn
bridge group 1
bridge-domain BD_1
interface GigabitEthernet0/1/0/0.1
!
interface GigabitEthernet0/1/0/1.1
!
routed interface BVI1
!
!
Below is the complete config for this post.
!
interface GigabitEthernet0/1/0/0
negotiation auto
!
interface GigabitEthernet0/1/0/0.1 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/0.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/1/0/0.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/1/0/2
negotiation auto
!
interface GigabitEthernet0/1/0/2.1 l2transport
encapsulation dot1q 1
encapsulation untagged
!
interface GigabitEthernet0/1/0/2.2 l2transport
encapsulation untagged
!
interface GigabitEthernet0/1/0/2.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/1/0/3
negotiation auto
!
interface GigabitEthernet0/1/0/3.3 l2transport
encapsulation untagged
!
interface BVI1
description Internal LAN
ipv4 address 192.0.2.1 255.255.255.0
!
interface BVI3
description PE-Switches
ipv4 address 198.51.100.0 255.255.255.0
!
l2vpn
bridge group 1
bridge-domain BD_1
interface GigabitEthernet0/1/0/0.1
!
interface GigabitEthernet0/1/0/1.1
!
routed interface BVI1
!
!
bridge group 2
bridge-domain BD_2
interface GigabitEthernet0/1/0/0.2
!
interface GigabitEthernet0/1/0/1.2
!
!
bridge group 3
bridge-domain BD_3
interface GigabitEthernet0/1/0/0.3
!
interface GigabitEthernet0/1/0/1.3
!
interface GigabitEthernet0/1/0/2.3
!
routed interface BVI3
!
!
!
Very intersting that a 9000 was used to replace a 7200.
Thanks a lot for this post.
I’ve not ready any blog on the 9000s to this day.
Very informative. Thanks
how the model of it’s redundancy? active -standby or active-active?
and is it same with vrrp/hsrp?
This particular install involved using a single ASR 9000 chassis to replace the 7200 pair. As the bandwidth needs exceeded the abilities of the 7200’s there was not really a change in redundancy. They have a redundant RSP in the ASR as well as redundant power. While the single chassis is a single point of failure, their 8 hour replacement time smartnet contract was reasonable for business purposes.
i was wondering if the same setup can be achieved between two ASR9000 acting like 2 switches to terminate dual-homed devices on L2
meaning that there’s a bundle ethernet between ASR, i configured a sub-interface on the bundle-ether as a L2transport link with dot1q 10 and put it under a bridge domain. also the physical interfaces from DHD is put under the same bridge domain and i have a BVI interface on both routers as a routed interface on both bridge domains. the problem is that i can’t ping between those two BVI interfaces. the bundle subinterface is supposed to act as an “allowed vlan” but obviously it doesn’t work. do you know how can i get it to work using only native L2 bridging? meaning without PW configurations, just as if they’re both switches
(ASR1)—Bundle-ether 10.10 l2transport dot1q 10 –(ASR2)
| l2transport | l2transport
|_______________________DHD_______________________|
thanks in advance
Can you paste an example of your config that is not working, That may help me understand how things are set up better. That said I am migrating away from using a Layer 2 infrastructure for that ASR9000 since unlike a 7600 which is largely a routing switch the ASR is pretty much designed to function as a router. They customer with the infrastructure in this example ran into some limitations and issues with using an ASR9000 for switching. Basic switching functions involving spanning-tree and other switching function are cumbersome at best and basically unsupported. I am working on migrating this customer to an MPLS based infrastructure that will allow them to service Q-in-Q encapsulated customer traffic among other things. I will be trying to write a few post about MPLS as well as Multicast when I get some time.
Thank you! This worked exactly how I hoped it would. Was a bit skeptical at first, as I have had issues with similar configs on the lower end ASR 1000 series many moons ago. Thanks again.-P