L2 / L3 on CISCO ASR

Question

I am new to CISCO and have the following problem: I have 3 routers. Between these only one physical connection. The VLAN 100 is connected to R1 and R2. The VLAN 200 is connected to R1, R2 and R3.

The connection between R2 and R3 is a port-channel (two physical interface).

In particular Router 2 interests me....

All routers are running Cisco IOS XE Software, Version 16.06.04.

Router 1
Interface GE 0/0/0
- VLAN-ID 100, IP 192.168.1.1/24
- VLAN-ID 200, IP 192.168.2.1/24

Router 2
Interface GE 0/0/0
- VLAN-ID 100, IP 192.168.1.2/24
- VLAN-ID 200, IP --

Interface GE 0/0/1
- VLAN-ID 200, IP --

Router 3
Interface GE 0/0/0
- VLAN-ID 200, IP 192.168.2.2/24

Thank you!

Paul

Here the config of R2:

bridge-domain 100
bridge-domain 200
!
interface Port-channel2
 description "to_R3"
 no ip address
 no negotiation auto
 service instance 200 ethernet
  encapsulation dot1q 200
  rewrite ingress tag pop 1 symmetric
  bridge-domain 200
 !
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
 service instance 200 ethernet
  encapsulation dot1q 200
  rewrite ingress tag pop 1 symmetric
  bridge-domain 200
 !
 service instance 100 ethernet
  encapsulation dot1q 100
  rewrite ingress tag pop 1 symmetric
  bridge-domain 100
 !
!
interface GigabitEthernet0/0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 negotiation auto
 no mop enabled
 channel-group 2
!
interface GigabitEthernet0/0/2
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 negotiation auto
 no mop enabled
 channel-group 2
!
interface BDI100
 ip address 192.168.1.2 255.255.255.0
 encapsulation dot1Q 100
!

Answer 1

So here is the working solution... First of all - bridge-domains are not supported under sub-interfaces!

Test stand looks like this

I've created two logical systems on vMX to simulate two different routers. ls1 contains interfaces ge-0/0/0.200 (tagged, VLAN 200, 192.168.200.1/24) and ge-0/0/0.100 (tagged, VLAN 100, 192.168.100.1/24); ls2 - interface ge-0/0/1.200 (tagged, VLAN 200, 192.168.200.2/24).

• vMX software - 14.1R
• CSRv software - 3.17.01

vMX config

logical-systems {
    ls1 {
        interfaces {
            ge-0/0/0 {
                unit 100 {
                    vlan-id 100;
                    family inet {
                        address 192.168.100.1/24;
                    }
                }
                unit 200 {
                    vlan-id 200;
                    family inet {
                        address 192.168.200.1/24;
                    }
                }
            }
        }
    }
    ls2 {
        interfaces {
            ge-0/0/1 {
                unit 200 {
                    vlan-id 200;
                    family inet {
                        address 192.168.200.2/24;
                    }
                }
            }
        }
    }
}
interfaces {
    ge-0/0/0 {
        flexible-vlan-tagging;
    }
    ge-0/0/1 {
        flexible-vlan-tagging;
    }
}

CSRv config

bridge-domain 100
bridge-domain 200
!
interface GigabitEthernet1
 no ip address
 negotiation auto
 service instance 100 ethernet
  encapsulation dot1q 100
  rewrite ingress tag pop 1 symmetric
  bridge-domain 100
 !
 service instance 200 ethernet
  encapsulation dot1q 200
  bridge-domain 200
 !
!
interface GigabitEthernet2
 no ip address
 negotiation auto
 service instance 200 ethernet
  encapsulation dot1q 200
  bridge-domain 200
 !
!
interface BDI100
 ip address 192.168.100.2 255.255.255.0

RESULT

CSRv#sh bridge-domain
Bridge-domain 100 (2 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
    BDI100  (up)
    GigabitEthernet1 service instance 100
   AED MAC address    Policy  Tag       Age  Pseudoport
   0   0005.8671.C400 forward dynamic   299  GigabitEthernet1.EFP100
   -   001E.BDDB.CABF to_bdi  static    0    BDI100

Bridge-domain 200 (2 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
    GigabitEthernet1 service instance 200
    GigabitEthernet2 service instance 200
   AED MAC address    Policy  Tag       Age  Pseudoport
   0   0005.8671.C401 forward dynamic   293  GigabitEthernet2.EFP200
   0   0005.8671.C400 forward dynamic   293  GigabitEthernet1.EFP200

root@vMX> ping logical-system ls1 192.168.200.2 count 5 size 1500
PING 192.168.200.2 (192.168.200.2): 1500 data bytes
1508 bytes from 192.168.200.2: icmp_seq=0 ttl=64 time=78.265 ms
1508 bytes from 192.168.200.2: icmp_seq=1 ttl=64 time=78.816 ms
1508 bytes from 192.168.200.2: icmp_seq=2 ttl=64 time=78.931 ms
1508 bytes from 192.168.200.2: icmp_seq=3 ttl=64 time=80.690 ms
1508 bytes from 192.168.200.2: icmp_seq=4 ttl=64 time=84.244 ms

--- 192.168.200.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 78.265/80.189/84.244/2.185 ms

root@vMX> ping logical-system ls1 192.168.100.2 size 1500 count 5
PING 192.168.100.2 (192.168.100.2): 1500 data bytes
1508 bytes from 192.168.100.2: icmp_seq=0 ttl=255 time=6.769 ms
1508 bytes from 192.168.100.2: icmp_seq=1 ttl=255 time=1.886 ms
1508 bytes from 192.168.100.2: icmp_seq=2 ttl=255 time=2.698 ms
1508 bytes from 192.168.100.2: icmp_seq=3 ttl=255 time=2.229 ms
1508 bytes from 192.168.100.2: icmp_seq=4 ttl=255 time=2.940 ms

--- 192.168.100.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.886/3.304/6.769/1.770 ms

You can create multiple service instances under single interface to interconnect more devices via bridge-domains.

Hope that will help!

Answer 2

As @andreyprokhorov mentions, you can create a bridge group. On IOS-XE, it's called a bridge domain. Cisco has a full explanation, but here is a sample:

interface GigabitEthernet0/0/0.1
no ip address
negotiation auto
cdp enable
service instance 100 ethernet
encapsulation dot1q 200
bridge-domain 100
!
interface GigabitEthernet0/0/0.2
no ip address
negotiation auto
cdp enable
service instance 100 ethernet
encapsulation dot1q 200
bridge-domain 100