Ethernet flow point(EFP) or also called “Service instance” is widely used and well known feature for implement bridging on ASR devices. In service provider domain it is very important to assign tags to traffics and the most easiest way to do it is with the help of VLAN tags. In asr900 devices sub-interface are not supported and hence EFP becomes the only way to tag traffic with 802.1q headers.
In upcoming three posts I will be covering various methods of configuring EFP on Cisco routers. In this blog I will provide a simple bridging configuration with one vlan between ASR903 and ASR920 routers.
For people who are not aware of EFP/service instances, you just need to know that bridge-domain is similar to a vlan(broadcast domain). Just like the broadcast is contained in a vlan, here also the broadcast doesn’t cross one bridge domain/service instance. As it happens in vlan that we need to create one SVI (vlan interface) to have layer3 protocols in vlan domain, here also we have BDI(bridge domain interface) for the same purpose.
Following is the network topology:
In order to configure bridge domain we need to configure three important elements.
- Enable service instances on physical interfaces.
- Enable dot1q tagging under service instance.
- Specify actions(rewrite/pop/push) 3 s
Following are the configurations:
ASR903 configuration :
ASR903#sh run int gigabitEthernet 0/1/0 Building configuration... Current configuration : 186 bytes ! interface GigabitEthernet0/1/0 service instance 20 ethernet encapsulation dot1q 20 rewrite ingress tag pop 1 symmetric bridge-domain 20 ! end ASR903#sh run int bdi 20 Building configuration... Current configuration : 62 bytes ! interface BDI20 ip address 20.20.20.1 255.255.255.252 end
ASR 920 configuration:
ASR920#sh run interface gigabitEthernet 0/0/1 Building configuration... Current configuration : 186 bytes ! interface GigabitEthernet0/0/1 no ip address negotiation auto service instance 20 ethernet encapsulation dot1q 20 rewrite ingress tag pop 1 symmetric bridge-domain 20 ! end ASR920#show run interface bdi 20 Building configuration... Current configuration : 62 bytes ! interface BDI20 ip address 20.20.20.2 255.255.255.252 end
Verification:
ASR903#show bridge-domain 20 Bridge-domain 20 (2 ports in all) State: UP Mac learning: Enabled Aging-Timer: 300 second(s) Maximum address limit: 65534 BDI20 (up) GigabitEthernet0/1/0 service instance 20 Nile Mac Address Entries BD mac addr type ports ---------------------------------------------------------------------------------------------- 20 70e4.229e.513f DYNAMIC Gi0/1/0.Efp20 ASR903#ping 20.20.20.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.20.20.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
In the above command we can see that we have learnt one mac address in the bridge-domain 20. Also we are able to ping other end IP address.
Some people get confused with rewrite command in the above configuration.This command is pretty simple to understand for example in our case we needed any packet going out of “service instance 20 or EFP 20” to be tagged with VLAN 20 when packets gets out of the interface. “rewrite” command ensures the removal and rewriting of the tag on the packet. In our case we need to remove(pop) the outermost( option 1 ) tag while packet is coming in and putting the same back(symmetric option) when the packet is going out.
I will have more blogs on these configuration options.