ASR9k Mapping Behavior for “translate 1-to-1 dot1q”
13 2 月, 2014,由 frank撰写
Topology
天蓝色属于一个bridge-domain vplstest1000;而红色属于bridge-domain vplstest6002
本文只讨论红色的bridge-domain!
测试目的
验证下ASR9k上的mapping行为 “translate 1-to-1 dot1q”
测试过程
对于ASR9k 的mapping行为,我们用红色bridge-domain来做测试
为了方便,dot1q2222 的mapping行为是1-to-1;而dot1q3333的mapping行为是pop
测试仪地址为10.1.1.5,asr1k的地址为10.1.1.4
简单配置信息如下:
7609-S:
interface GigabitEthernet9/6.1 vrf forwarding b encapsulation dot1Q 2222 ip address 10.1.1.2 255.255.255.0 ! interface GigabitEthernet9/7.1 vrf forwarding c encapsulation dot1Q 3333 ip address 10.1.1.3 255.255.255.0 7609-S#sh ip vrf int Interface IP-Address VRF Protocol Gi9/6.1 10.1.1.2 b up Gi9/7.1 10.1.1.3 c up
ASR9k:
interface GigabitEthernet0/2/0/1.1 l2transport
encapsulation dot1q 2222
rewrite ingress tag translate 1-to-1 dot1q 2222 symmetric
!
interface GigabitEthernet0/2/0/2.1 l2transport
encapsulation dot1q 3333
rewrite ingress tag pop 1 symmetric
RP/0/RSP0/CPU0:ASR9010-1#sh run l2vpn bridge group test bridge-domain vplstest6002
Thu Feb 13 07:28:11.076 UTC
l2vpn
bridge group test
bridge-domain vplstest6002
mtu 9000
interface GigabitEthernet0/2/0/1.1
!
interface GigabitEthernet0/2/0/2.1
!
vfi vplstest6002
neighbor 2.2.2.2 pw-id 6002
!
!
!
!
!
GSR:
l2 vfi vplstest6002 manual vpn id 6002 bridge-domain 101 neighbor 1.1.1.1 encapsulation mpls ! interface GigabitEthernet5/0/5.1 encapsulation dot1Q 200 no ip directed-broadcast bridge-domain 101 ! interface GigabitEthernet5/0/7.1 encapsulation dot1Q 100 no ip directed-broadcast bridge-domain 101
VPLS及MPLS信息如下:
ASR9k:
RP/0/RSP0/CPU0:ASR9010-1#show l2vpn bridge-domain bd-name vplstest6002 br
Thu Feb 13 07:36:52.783 UTC
Legend: pp = Partially Programmed.
Bridge Group:Bridge-Domain Name ID State Num ACs/up Num PWs/up
-------------------------------- ----- -------------- ------------ -------------
test:vplstest6002 2 up 2/2 1/1
RP/0/RSP0/CPU0:ASR9010-1#show l2vpn bridge-domain bd-name vplstest6002 detail | b List of VFIs:
Thu Feb 13 07:37:37.174 UTC
List of VFIs:
VFI vplstest6002 (up)
PW: neighbor 2.2.2.2, PW ID 6002, state is up ( established )
PW class not set, XC ID 0xc0000002
Encapsulation MPLS, protocol LDP
Source address 1.1.1.1
PW type Ethernet, control word disabled, interworking none
Sequencing not set
MPLS Local Remote
------------ ------------------------------ -------------------------
Label 16006 44
Group ID 0x2 0x0
Interface vplstest6002 unknown
MTU 9000 9000
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x2
(router alert label) (router alert label)
(TTL expiry)
------------ ------------------------------ -------------------------
RP/0/RSP0/CPU0:ASR9010-1#sh mpls for
Thu Feb 13 07:39:26.182 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16003 Pop 2.2.2.2/32 Gi0/2/0/3 123.1.1.2 4196156
16006 Pop PW(2.2.2.2:6002) BD=2 point2point 7484070
GSR:
GSR-12816-1#sh mpls for
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
42 Pop tag 1.1.1.1/32 0 Gi5/0/6 123.1.1.1
44 Untagged l2ckt(6002) 4158 none point2point
GSR-12816-1#sh mpls l2transport binding 6002
Destination Address: 1.1.1.1, VC ID: 6002
Local Label: 44
Cbit: 0, VC Type: Ethernet, GroupID: 0
MTU: 9000, Interface Desc: n/a
VCCV: CC Type: RA [2]
CV Type: LSPV [2]
Remote Label: 16006
Cbit: 0, VC Type: Ethernet, GroupID: 2
MTU: 9000, Interface Desc: vplstest6002
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2]
GSR-12816-1#sh mpls l2transport vc 6002
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI vplstest6002 VFI 1.1.1.1 6002 UP
测试结果:
7609:
7609-S#ping vrf b 10.1.1.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) 7609-S#ping vrf b 10.1.1.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) 7609-S#ping vrf c 10.1.1.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms 7609-S#ping vrf c 10.1.1.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms 7609-S#sh arp vrf b Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.1.2 - 001b.0de6.f0c1 ARPA GigabitEthernet9/6.1 7609-S#sh arp vrf c Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.1.3 - 001b.0de6.f0c2 ARPA GigabitEthernet9/7.1 Internet 10.1.1.4 79 0027.0d1b.6104 ARPA GigabitEthernet9/7.1 Internet 10.1.1.5 3 0010.9400.0001 ARPA GigabitEthernet9/7.1
ASR9k:
RP/0/RSP0/CPU0:ASR9010-1#show l2vpn forwarding bridge-domain test:vplstest6002 mac-address location 0/2/cpu0
Thu Feb 13 07:51:16.636 UTC
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location
Mac Address Type Learned from/Filtered on LC learned Resync Age Mapped to
--------------------------------------------------------------------------------
001b.0de6.f0c1 dynamic Gi0/2/0/1.1 0/2/CPU0 0d 0h 0m 9s N/A
001b.0de6.f0c2 dynamic Gi0/2/0/2.1 0/2/CPU0 0d 0h 0m 7s N/A
0010.9400.0001 dynamic (2.2.2.2, 6002) 0/2/CPU0 0d 0h 0m 2s N/A <<< sprient
0012.4306.6381 dynamic (2.2.2.2, 6002) 0/2/CPU0 0d 0h 0m 9s N/A <<< switch between GSR and ASR1k
0027.0d1b.6104 dynamic (2.2.2.2, 6002) 0/2/CPU0 0d 0h 0m 2s N/A <<< asr1k
GSR:
GSR-12816-1#sh mac address-table bridge-domain 101 Mac Address Table: 1 Bridge domain id: 101 ========================================== aging time : 300 sec max size : 5000 total number of addresses : 5 slots: 5, 7 Mac Address Learned from LC learned -------------- ---------------- ---------- 0010.9400.0001 Gi5/0/5.1 5 001b.0de6.f0c1 VC Label:44 5 001b.0de6.f0c2 VC Label:44 5 0027.0d1b.6104 Gi5/0/7.1 5 0012.4306.6381 Gi5/0/7.1 5 Total Mac Addresses displayed : 5
结论:
根据上面信息,PW,AC都是好的,两个PE也能学到CE的MAC,为什么1-to-1的ping不通?如果熟悉这个mapping行为的童鞋很容易理解这个问题,因为此mapping是直接转换1层标签,所以当76发来的ARP带着dot1q的标记到达ASR9k后,走PW前会把顶层标签弹出并换上配置的标签。根据配置“rewrite ingress tag translate 1-to-1 dot1q 2222 symmetric”,ARP会带着 dot1q 2222在PW内传送,当从GSR出去时,会再打上GSR的dot1q 200,此时的GSR的行为相当于QinQ,由于不能解析QinQ包,所以无法返回正确的ARP信息
Ok,在Sprient上抓包看下,就一目了然了:
注:我是为了方便,才用的测试仪,如果在GSR和ASR1k之间的SWITCH上SPAN抓包,必须对网卡做调整
网卡默认不能抓vlan tag,在win下需要进入注册表设置下才可以,如下链接:
http://ask.wireshark.org/questions/15524/vlan-tagging-intel-82579lm-and-wireshark-183
版权声明:
本文链接:ASR9k Mapping Behavior for “translate 1-to-1 dot1q”
版权声明:本文为原创文章,仅代表个人观点,版权归 Frank Zhao 所有,转载时请注明本文出处及文章链接