ASR9k Mapping Behavior for “translate 1-to-1 dot1q”

0

Topology

vpls-pvid-01
天蓝色属于一个bridge-domain vplstest1000;而红色属于bridge-domain vplstest6002
本文只讨论红色的bridge-domain!

测试目的

验证下ASR9k上的mapping行为 “translate 1-to-1 dot1q”

测试过程

对于ASR9k 的mapping行为,我们用红色bridge-domain来做测试
为了方便,dot1q2222 的mapping行为是1-to-1;而dot1q3333的mapping行为是pop
测试仪地址为10.1.1.5,asr1k的地址为10.1.1.4

简单配置信息如下:

7609-S:

interface GigabitEthernet9/6.1
 vrf forwarding b
 encapsulation dot1Q 2222
 ip address 10.1.1.2 255.255.255.0
!
interface GigabitEthernet9/7.1
 vrf forwarding c
 encapsulation dot1Q 3333
 ip address 10.1.1.3 255.255.255.0

7609-S#sh ip vrf int
Interface              IP-Address      VRF                              Protocol
Gi9/6.1                10.1.1.2        b                                up      
Gi9/7.1                10.1.1.3        c                                up

ASR9k:

interface GigabitEthernet0/2/0/1.1 l2transport
 encapsulation dot1q 2222
 rewrite ingress tag translate 1-to-1 dot1q 2222 symmetric
!
interface GigabitEthernet0/2/0/2.1 l2transport
 encapsulation dot1q 3333
 rewrite ingress tag pop 1 symmetric

RP/0/RSP0/CPU0:ASR9010-1#sh run l2vpn bridge group test bridge-domain vplstest6002
Thu Feb 13 07:28:11.076 UTC
l2vpn
 bridge group test
  bridge-domain vplstest6002
   mtu 9000
   interface GigabitEthernet0/2/0/1.1
   !
   interface GigabitEthernet0/2/0/2.1
   !
   vfi vplstest6002
    neighbor 2.2.2.2 pw-id 6002
    !
   !
  !
 !
!

GSR:

l2 vfi vplstest6002 manual
 vpn id 6002
 bridge-domain 101
 neighbor 1.1.1.1 encapsulation mpls
!
interface GigabitEthernet5/0/5.1
 encapsulation dot1Q 200
 no ip directed-broadcast
 bridge-domain 101
!
interface GigabitEthernet5/0/7.1
 encapsulation dot1Q 100
 no ip directed-broadcast
 bridge-domain 101

VPLS及MPLS信息如下:

ASR9k:

RP/0/RSP0/CPU0:ASR9010-1#show l2vpn bridge-domain bd-name vplstest6002 br 
Thu Feb 13 07:36:52.783 UTC
Legend: pp = Partially Programmed.
Bridge Group:Bridge-Domain Name  ID    State          Num ACs/up   Num PWs/up
-------------------------------- ----- -------------- ------------ -------------
test:vplstest6002                 2     up             2/2          1/1     

RP/0/RSP0/CPU0:ASR9010-1#show l2vpn bridge-domain bd-name vplstest6002 detail | b List of VFIs:
Thu Feb 13 07:37:37.174 UTC
  List of VFIs:
    VFI vplstest6002 (up)
      PW: neighbor 2.2.2.2, PW ID 6002, state is up ( established )
        PW class not set, XC ID 0xc0000002
        Encapsulation MPLS, protocol LDP
        Source address 1.1.1.1
        PW type Ethernet, control word disabled, interworking none
        Sequencing not set

          MPLS         Local                          Remote                        
          ------------ ------------------------------ -------------------------
          Label        16006                          44                          
          Group ID     0x2                            0x0                           
          Interface    vplstest6002                   unknown                       
          MTU          9000                           9000                          
          Control word disabled                       disabled                      
          PW type      Ethernet                       Ethernet                      
          VCCV CV type 0x2                            0x2                           
                       (LSP ping verification)        (LSP ping verification)       
          VCCV CC type 0x6                            0x2                           
                       (router alert label)           (router alert label)          
                       (TTL expiry)                                                 
          ------------ ------------------------------ -------------------------

RP/0/RSP0/CPU0:ASR9010-1#sh mpls for
Thu Feb 13 07:39:26.182 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------      
16003  Pop         2.2.2.2/32         Gi0/2/0/3    123.1.1.2       4196156           
16006  Pop         PW(2.2.2.2:6002)   BD=2         point2point     7484070

GSR:

GSR-12816-1#sh mpls for
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop    
tag    tag or VC   or Tunnel Id      switched   interface               
42     Pop tag     1.1.1.1/32        0          Gi5/0/6    123.1.1.1    
44     Untagged    l2ckt(6002)       4158       none       point2point 

GSR-12816-1#sh mpls l2transport binding 6002
  Destination Address: 1.1.1.1,  VC ID: 6002
    Local Label:  44
        Cbit: 0,    VC Type: Ethernet,    GroupID: 0
        MTU: 9000,   Interface Desc: n/a
        VCCV: CC Type: RA [2]
              CV Type: LSPV [2]
    Remote Label: 16006
        Cbit: 0,    VC Type: Ethernet,    GroupID: 2
        MTU: 9000,   Interface Desc: vplstest6002
        VCCV: CC Type: RA [2], TTL [3]
              CV Type: LSPV [2]

GSR-12816-1#sh mpls l2transport vc 6002 

Local intf     Local circuit              Dest address    VC ID      Status    
-------------  -------------------------- --------------- ---------- ----------
VFI vplstest6002 VFI                        1.1.1.1         6002     UP

测试结果:

7609:

7609-S#ping vrf b 10.1.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
7609-S#ping vrf b 10.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

7609-S#ping vrf c 10.1.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
7609-S#ping vrf c 10.1.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

7609-S#sh arp vrf b
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.1.2                -   001b.0de6.f0c1  ARPA   GigabitEthernet9/6.1
7609-S#sh arp vrf c
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.1.3                -   001b.0de6.f0c2  ARPA   GigabitEthernet9/7.1
Internet  10.1.1.4               79   0027.0d1b.6104  ARPA   GigabitEthernet9/7.1
Internet  10.1.1.5                3   0010.9400.0001  ARPA   GigabitEthernet9/7.1

ASR9k:

RP/0/RSP0/CPU0:ASR9010-1#show l2vpn forwarding bridge-domain test:vplstest6002 mac-address location 0/2/cpu0
Thu Feb 13 07:51:16.636 UTC
 To Resynchronize MAC table from the Network Processors, use the command...
    l2vpn resynchronize forwarding mac-address-table location 

Mac Address    Type    Learned from/Filtered on    LC learned Resync Age         Mapped to     
--------------------------------------------------------------------------------
001b.0de6.f0c1 dynamic Gi0/2/0/1.1                 0/2/CPU0   0d 0h 0m 9s        N/A           
001b.0de6.f0c2 dynamic Gi0/2/0/2.1                 0/2/CPU0   0d 0h 0m 7s        N/A           
0010.9400.0001 dynamic (2.2.2.2, 6002)             0/2/CPU0   0d 0h 0m 2s        N/A     <<< sprient    
0012.4306.6381 dynamic (2.2.2.2, 6002)             0/2/CPU0   0d 0h 0m 9s        N/A     <<< switch between GSR and ASR1k      
0027.0d1b.6104 dynamic (2.2.2.2, 6002)             0/2/CPU0   0d 0h 0m 2s        N/A     <<< asr1k

GSR:

GSR-12816-1#sh mac address-table bridge-domain 101
Mac Address Table: 1  Bridge domain id: 101
==========================================
aging time : 300 sec
max size : 5000
total number of addresses : 5
slots: 5, 7

 Mac Address      Learned from     LC learned
--------------  ----------------   ----------
0010.9400.0001  Gi5/0/5.1           5
001b.0de6.f0c1  VC Label:44         5
001b.0de6.f0c2  VC Label:44         5
0027.0d1b.6104  Gi5/0/7.1           5
0012.4306.6381  Gi5/0/7.1           5

Total Mac Addresses displayed : 5

结论:

根据上面信息,PW,AC都是好的,两个PE也能学到CE的MAC,为什么1-to-1的ping不通?如果熟悉这个mapping行为的童鞋很容易理解这个问题,因为此mapping是直接转换1层标签,所以当76发来的ARP带着dot1q的标记到达ASR9k后,走PW前会把顶层标签弹出并换上配置的标签。根据配置“rewrite ingress tag translate 1-to-1 dot1q 2222 symmetric”,ARP会带着 dot1q 2222在PW内传送,当从GSR出去时,会再打上GSR的dot1q 200,此时的GSR的行为相当于QinQ,由于不能解析QinQ包,所以无法返回正确的ARP信息

Ok,在Sprient上抓包看下,就一目了然了:
注:我是为了方便,才用的测试仪,如果在GSR和ASR1k之间的SWITCH上SPAN抓包,必须对网卡做调整
网卡默认不能抓vlan tag,在win下需要进入注册表设置下才可以,如下链接:
http://ask.wireshark.org/questions/15524/vlan-tagging-intel-82579lm-and-wireshark-183
vpls-pvid-02

本文出自 Frank's Blog

版权声明:


本文链接:ASR9k Mapping Behavior for “translate 1-to-1 dot1q”
版权声明:本文为原创文章,仅代表个人观点,版权归 Frank Zhao 所有,转载时请注明本文出处及文章链接
你可以留言,或者trackback 从你的网站

留言哦

blonde teen swallows load.xxx videos