Configuring Integrated Routing and Bridging

This module describes the configuration of Integrated Routing and Bridging (IRB) on the Cisco ASR 9000 Series Aggregation Services Routers. IRB provides the ability to exchange traffic between bridging services on the Cisco ASR 9000 Series Router and a routed interface using a Bridge-Group Virtual Interface (BVI).

Feature History for IRB

Release

Modification

Release \\4.0.1

This feature was introduced on the Cisco ASR 9000 Series Router for the following line cards:

  • 2-Port 10-Gigabit Ethernet, 20-Port Gigabit Ethernet Combination Line Cards (A9K-2T20GE-B and A9K-2T20GE-L)

  • 4-Port 10-Gigabit Ethernet Line Cards (A9K-4T-B, -E, -L)

  • 8-Port 10-Gigabit Ethernet DX Line Cards (A9K-8T/4-B, -E, -L)

  • 8-Port 10-Gigabit Ethernet Line Cards (A9K-8T-B, -E, -L)

  • 16-Port 10-Gigabit Ethernet Line Cards (A9K-16T/8-B, -E, -L)

  • 40-Port Gigabit Ethernet Line Cards (A9K-40GE-B, -E, -L)

Release \\4.1.0

  • Support for the following IRB environment using the Cisco ASR 9000 SIP-700 with any supported SPA as the core-facing interface was added:

    • Layer 3 routed traffic from the Cisco ASR 9000 SIP-700 to Layer 2 bridged interfaces on Gigabit Ethernet line cards supporting IRB.

    • IPv4 unicast traffic only.

  • Support for IRB/BVI was included on the 
Cisco ASR 9000 Enhanced Ethernet Line Card.

  • Support for IPv6 unicast addressing for IRB and 6PE/6VPE support with BVI interfaces was added for the following line cards:

    • 2-Port 10-Gigabit Ethernet, 20-Port Gigabit Ethernet Combination Line Cards (A9K-2T20GE-B and A9K-2T20GE-L)

    • 4-Port 10-Gigabit Ethernet Line Cards (A9K-4T-B, -E, -L)

    • 8-Port 10-Gigabit Ethernet DX Line Cards (A9K-8T/4-B, -E, -L)

    • 8-Port 10-Gigabit Ethernet Line Cards (A9K-8T-B, -E, -L)

    • 16-Port 10-Gigabit Ethernet Line Cards (A9K-16T/8-B, -E, -L)

    • 40-Port Gigabit Ethernet Line Cards (A9K-40GE-B, -E, -L)

Release 5.3.1

Support for IRB with 802.1ah BVI and Provider Backbone Bridge (PBB)


Note


Bridge-Group Virtual Interface (BVI) is not supported on ASR 9000 16-port 100GE QSFP TR (A9K-16X100GE-TR) , ASR 9900 16-port 100GE QSFP SE (A99-16X100GE-X-SE) and ASR 9900 32-port 100GE QSFP TR (A99-32X100GE-TR) line cards.


Prerequisites for Configuring IRB

You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Before configuring IRB, be sure that these tasks and conditions are met:

  • If you have a Cisco ASR 9000 SIP-700 installed on the core-facing side of the router, then you can support IRB for Layer 3 routed to Layer 2 bridged traffic flows for IPv4 unicast traffic, where the Layer 2 destination is one of the supported Gigabit Ethernet line cards for IRB.

  • Confirm that you are configuring only the following types of Gigabit Ethernet line cards where you plan to support IRB in support of both Layer 3 to Layer 2 traffic flows and Layer 2 to Layer 3 traffic flows:

    • 2-Port 10-Gigabit Ethernet, 20-Port Gigabit Ethernet Combination Line Cards (A9K-2T20GE-B and A9K-2T20GE-L)

    • 4-Port 10-Gigabit Ethernet Line Cards (A9K-4T-B, -E, -L)

    • 8-Port 10-Gigabit Ethernet DX Line Cards (A9K-8T/4-B, -E, -L)

    • 8-Port 10-Gigabit Ethernet Line Cards (A9K-8T-B, -E, -L)

    • 16-Port 10-Gigabit Ethernet Line Cards (A9K-16T/8-B, -E, -L)

    • 40-Port Gigabit Ethernet Line Cards (A9K-40GE-B, -E, -L)

  • Know the IP addressing and other Layer 3 information to be configured on the bridge virtual interface (BVI). For more information, see the “Restrictions for Configuring IRB” section on page 265.

  • Complete MAC address planning if you decide to override the common global MAC address for all BVIs.

  • Be sure that the BVI network address is being advertised by running static or dynamic routing on the BVI interface.

Guidelines and Restrictions for Configuring IRB

Before configuring IRB, consider these restrictions:

  • Only one BVI can be configured in any bridge domain.

  • The same BVI can not be configured in multiple bridge domains.


    Caution


    If you want to support IRB on a Cisco ASR 9000 Series Router that also has a Cisco ASR 9000 SIP-700 installed, ensure to set up your routing configuration to prevent loss of traffic between the SIP-700 and a BVI interface. See the restrictions below for more information.


  • The following areas are not supported on the BVI:

    • IP fast reroute (FRR)

    • MoFRR

    • Traffic mirroring

    • Unnumbered interface for BVI

    • Video monitoring (Vidmon)

  • Beginning in Cisco IOS XR Release 4.1, IRB can be implemented on supported Gigabit Ethernet line cards in a system where a Cisco ASR 9000 SIP-700 is also installed, with the following restrictions:

    • The Cisco ASR 9000 SIP-700 must be installed on the core-facing side of the router with a BVI interface configured with IPv4 addressing.

    • The Cisco ASR 9000 SIP-700 can support routing of IPv4 unicast traffic from Layer 3 to a bridged Layer 2 interface using IRB, where one of the following Gigabit Ethernet line cards is in the Layer 2 bridge domain:

    • 2-Port 10-Gigabit Ethernet, 20-Port Gigabit Ethernet Combination Line Cards (A9K-2T20GE-B and A9K-2T20GE-L)

    • — 4-Port 10-Gigabit Ethernet Line Cards (A9K-4T-B, -E, -L)

    • — 8-Port 10-Gigabit Ethernet DX Line Cards (A9K-8T/4-B, -E, -L)

    • — 8-Port 10-Gigabit Ethernet Line Cards (A9K-8T-B, -E, -L)

    • — 16-Port 10-Gigabit Ethernet Line Cards (A9K-16T/8-B, -E, -L)

    • — 40-Port Gigabit Ethernet Line Cards (A9K-40GE-B, -E, -L)


    Note


    The reverse direction of Layer 2 bridged traffic from these line cards to Layer 3 at the Cisco ASR 9000 SIP-700 is also supported.


  • IRB is supported on the following line cards:

    • Cisco ASR 9000 High Density 100GE Ethernet line cards

    • A9K-16X100GE-TR

    • A99-32X100GE-TR

    • A99-32X100GE-X-SE

    • A99-32X100GE-X-TR

    • A9K-8HG-FLEX-TR

    • A9K-4HG-FLEX-FC

    • A99-4HG-FLEX-FC

    • A9K-400GE-SE/-TR

    • A99-400GE-SE/-TR

    • A99-10X400GE-X-SE

    • A99-10X400GE-X-TR

  • Multi protocol Label Switching (MPLS) on BVI is supported on 
Cisco ASR 9000 Enhanced Ethernet Line Cards but not on Cisco ASR 9000 Ethernet Line Cards.

  • IRB with 802.1ah (BVI and Provider Backbone Bridge (PBB) should not be configured in the same bridge domain).

  • PIM snooping. (Need to use selective flood.)

  • VRF-aware DHCP relay is supported.

  • BVIs are supported only on bridge domains with the following characteristics:

    • The bridge domain supports single and double-tagged dot1q- and dot1ad-encapsulated EFPs with non-ambiguous or “exact match” EFP encapsulations. Single and double-tagged encapsulation can be specified as long as the rewrite ingress tag pop symmetric command is configured.

    • All Layer 2 tags must be removed. VLAN ranges are not supported.

    • Untagged EFPs are supported.

  • To use the sub-interface configurations encapsulation dot1ad (or encapsulation dot1q ) and encapsulation dot1ad second-dot1q any (or encapsulation dot1q second-dot1q any ) together on the same physical interface, use the exact keyword as shown below. Else, it results in traffic loss.

    Router(config)# interface hundredGigE 0/0/0/0.0 
    Router(config-subif)# encapsulation dot1ad 200 exact 
    
    Router(config)# interface hundredGigE 0/0/0/0.1 
    Router(config-subif)# encapsulation dot1ad 200 dot1q any 
    Router(config-subif)# commit 
    
  • These additional functionalities are not supported on BVI interfaces in an environment with the Cisco ASR 9000 SIP-700 at the core-facing side:

    • ARP

    • Frame Relay

    • IPv4 multicast traffic

    • IPv6 unicast and multicast traffic

    • Layer 2 traffic flows from the SIP-700 to any Layer 3 interface

    • Layer 2/Layer 3 features on BVI interfaces

    • Load intervals

    • MIBs

    • The show adjacency details command is not supported

Information About Configuring IRB

This section includes the following topics:

IRB Introduction

IRB provides the ability to route between a bridge group and a routed interface using a BVI. The BVI is a virtual interface within the router that acts like a normal routed interface. A BVI is associated with a single bridge domain and represents the link between the bridging and the routing domains on the router. To support receipt of packets from a bridged interface that are destined to a routed interface, the BVI must be configured with the appropriate IP addresses and relevant Layer 3 attributes.

In software releases before Cisco IOS XR 4.0.1 where IRB is not supported, you would need to implement a physical cabling solution to connect the egress Layer 2 bridge domain interface to a Layer 3 routing domain interface on the same Cisco ASR 9000 Series Router. In Cisco IOS XR Release 4.0.1, IRB accomplishes the same functionality using a BVI and its supporting interface and bridge group configuration shown in this figure.

Figure 1. IRB Functional View and Configuration Elements

Bridge-Group Virtual Interface

This section includes the following information:

Bridge-Group Virtual Interface

The BVI is a virtual interface within the router that acts like a normal routed interface. The BVI does not support bridging itself, but acts as a gateway for the corresponding bridge-domain to a routed interface within the router.

Aside from supporting a configurable MAC address, a BVI supports only Layer 3 attributes, and has the following characteristics:

  • Uses a MAC address taken from the local chassis MAC address pool, unless overridden at the BVI interface.

  • Is configured as an interface type using the interface BVI command and uses an IPv4 address that is in the same subnet as the hosts on the segments of the bridged domain. The BVI also supports secondary addresses.

  • The BVI identifier is independent of the bridge-domain identifier. These identifiers do not need to correlate like they do in Cisco IOS software.

  • Is associated to a bridge group using the routed interface BVI command.

  • BVI interfaces support a number range of 1 to 4294967295.

Supported Features on a BVI

The following are the supported features on BVI:

These interface commands are supported on a BVI:

  • arp purge-delay

  • arp timeout

  • bandwidth (The default is 10 Gbps and is used as the cost metric for routing protocols for the BVI)

  • ipv4

  • ipv6 (not supported in IRB environment with the Cisco ASR 9000 SIP-700)

  • mac-address

  • mtu (The default is 1500 bytes)

  • shutdown

  • The BVI supports IP helper addressing and secondary IP addressing.

BVI MAC Address

By default, the Cisco ASR 9000 Series Router uses one MAC address for all BVI interfaces on the router. However, this means that the MAC address is not unique globally. If you want to override the default and specify a unique MAC address at the BVI, then you can configure it at the BVI interface.

BVI Interface and Line Protocol States

Like typical interface states on the router, a BVI has both an Interface and Line Protocol state.

  • The BVI interface state is Up when the following occurs:

    • The BVI interface is created.

    • The bridge-domain that is configured with the routed interface bvi command has at least one available active bridge port (Attachment circuit [AC] or pseudowire [PW]).


      Note


      A BVI will be moved to the Down state if all of the bridge ports (Ethernet flow points [EFPs]) associated with the bridge domain for that BVI are down. However, the BVI will remain up if at least one pseudowire is up, even if all EFPs are down.


  • The following characteristics determine when the the BVI line protocol state is up:

    • The bridge-domain is in Up state.

    • The BVI IP address is not in conflict with any other IP address on another active interface in the router.

Packet Flows Using IRB

This figure shows a simplified functional diagram of an IRB implementation to describe different packet flows between Host A, B, and C. In this example, Host C is on a network with a connection to the same router. In reality, another router could be between Host C and the router shown.

Figure 2. IRB Packet Flows Between Hosts

When IRB is configured on a router, the following processing happens:

  • ARP requests are resolved between the hosts and BVI that are part of the bridge domain.

  • All packets from a host on a bridged interface go to the BVI if the destination MAC address matches the BVI MAC address. Otherwise, the packets are bridged.

  • For packets destined for a host on a routed network, the BVI forwards the packets to the routing engine before sending them out a routed interface.

  • All packets either from or destined to a host on a bridged interface go to the BVI first (unless the packet is destined for a host on the bridge domain).

  • For packets that are destined for a host on a segment in the bridge domain that come in to the router on a routed interface, the BVI forwards the packet to the bridging engine, which forwards it through the appropriate bridged interface.

Packet Flows When Host A Sends to Host B on the Bridge Domain

When Host A sends data to Host B in the bridge domain on the 10.10.0.0 network, no routing occurs. The hosts are on the same subnet and the packets are bridged between their segment interfaces on the router.

Packet Flows When Host A Sends to Host C From the Bridge Domain to a Routed Interface

Using host information from this figure, the following occurs when Host A sends data to Host C from the IRB bridging domain to the routing domain:

  • Host A sends the packet to the BVI (as long any ARP request the is resolved between the host and the BVI). The packet has the following information:

    • Source MAC address of host A.

    • Destination MAC address of the BVI.

  • Since Host C is on another network and needs to be routed, the BVI forwards the packet to the routed interface with the following information:

    • IP source MAC address of Host A (10.10.0.2) is changed to the MAC address of the BVI (10.10.0.4).

    • IP destination address is the IP address of Host C (10.20.0.3).

  • Interface 10.20.0.2 sees receipt of a packet from the routed BVI 10.10.0.4. The packet is then routed through interface 10.20.0.2 to Host C.

Packet Flows When Host C Sends to Host B From a Routed Interface to the Bridge Domain

Using host information from this figure, the following occurs when Host C sends data to Host B from the IRB routing domain to the bridging domain:

  • The packet comes into the routing domain with the following information:

    • MAC source address—MAC of Host C.

    • MAC destination address—MAC of the 10.20.0.2 ingress interface.

    • IP source address—IP address of Host C (10.20.0.3).

    • IP destination address—IP address of Host B (10.10.0.3).

  • When interface 10.20.0.2 receives the packet, it looks in the routing table and determines that the packet needs to be forwarded to the BVI at 10.10.0.4.

  • The routing engine captures the packet that is destined for the BVI and forwards it to the BVI’s corresponding bridge domain. The packet is then bridged through the appropriate interface if the destination MAC address for Host B appears in the bridging table, or is flooded on all interfaces in the bridge group if the address is not in the bridging table.

Supported Environments for IRB

These environments and configuration elements are supported with IRB on the Cisco ASR 9000 Series Router:

  • Configuration of one BVI per bridge domain.

  • Virtual Private LAN Service (VPLS) virtual forwarding instance (VFI) configuration associated with a bridge domain configured with a BVI.

  • BGP PIC edge for BVI-based prefixes.

  • Traffic forwarding for the BVI using Open Shortest Path First (OSPF), Intermediate System-to-Intermediate System (IS-IS), Routing Information Protocol Version 2 (RIPv2), and Border Gateway Protocol (BGP).

  • Internet Group Management Protocol (IGMP) static groups.

  • Dynamic Host Configuration Protocol (DHCP) relay agent. When DHCP relay is used from an aggregation node to obtain an IP address, the default gateway will be the IP address configured on the BVI. The BVI IP address should be in a common subnet as the DHCP pool that is being used by the aggregation node to assign IP addresses.

  • Virtual Router Redundancy Protocol (VRRP) configuration and priority.

  • Hot Standby Router Protocol (HSRP).

  • Up to 255 VRRF/HSRP VMAC per BVI interface.

  • Bridging of non-IP packets on a bridge domain configured with a BVI.

  • Parity with stateful protocol support as currently supported on Layer 3 subinterfaces on the Cisco ASR 9000 Series Router.

  • IP SLA support as currently supported on Layer 3 subinterfaces on the Cisco ASR 9000 Series Router.

  • Load balancing of BVIs as ECMP paths (up to 32 paths).

  • Interface-MIB.

  • Packet counters for BVI interfaces.

  • Multi-chassis link aggregation (LAG) on link bundles that are members of a bridge domain that uses a BVI.

The following sections document additional IPv4- and IPv6-specific environments supported for IRB:

Additional IPv4-Specific Environments Supported for IRB

  • Configuration of up to a maximum of 2000 BVIs.

  • Up to a maximum of128k IPv4 adjacencies.

  • Layer 3 IP multicast, with ability to take ingress IP multicast traffic and bridge it to multiple Layer 2 subinterfaces (Ethernet flow points) on a bridge domain that are part of multicast groups.


    Note


    Not supported when used with the Cisco ASR 9000 SIP-700 at core-facing side.


  • VRFs for IPv4 (Per-VPN label VRFs only—not per prefix).

Additional IPv6-Specific Environments Supported for IRB

  • Configuration of up to a maximum of 2000 BVIs, with up to 512 of these BVIs that can support IPv6 addressing.

  • Up to a maximum of 5k IPv6 adjacencies.

  • Cisco IPv6 Provider Edge Router over MPLS (6PE) and IPv6 VPN Provider Edge (6VPE) support with BVI interfaces at the customer edge (CE)-facing side of the Cisco ASR 9000 Series Router as the PE device with the following restrictions:

    • Supported by the following line cards on the PE devices:

      2-Port 10-Gigabit Ethernet, 20-Port Gigabit Ethernet Combination Line Cards (A9K-2T20GE-B and A9K-2T20GE-L)

      — 4-Port 10-Gigabit Ethernet Line Cards (A9K-4T-B, -E, -L)

      — 8-Port 10-Gigabit Ethernet DX Line Cards (A9K-8T/4-B, -E, -L)

      — 8-Port 10-Gigabit Ethernet Line Cards (A9K-8T-B, -E, -L)

      — 16-Port 10-Gigabit Ethernet Line Cards (A9K-16T/8-B, -E, -L)

      — 40-Port Gigabit Ethernet Line Cards (A9K-40GE-B, -E, -L)

      — A99-32X100GE-X-SE

      — A99-32X100GE-X-TR

      — A9K-8HG-FLEX-TR

      — A9K-4HG-FLEX-FC

      — A99-4HG-FLEX-FC

      — A9K-400GE-SE/-TR

      — A99-400GE-SE/-TR

      — A99-10X400GE-X-SE

      — A99-10X400GE-X-TR

    • Up to 512 BVIs with IPv6 addressing can be supported.

    • Only per-VRF label allocation is supported (using the label-allocation-mode per-vrf command).

      For a configuration example, see the “6PE/6VPE With BVI Configuration: Example” section on page 282.

How to Configure IRB

This section includes the following configuration tasks:

Configuring the Bridge Group Virtual Interface

To configure a BVI, complete the following steps.

Configuration Guidelines

Consider the following guidelines when configuring the BVI:

  • The BVI must be assigned an IPv4 or IPv6 address that is in the same subnet as the hosts in the bridged segments.

  • If the bridged network has multiple IP networks, then the BVI must be assigned secondary IP addresses for each network.

SUMMARY STEPS

  1. configure
  2. interface bvi identifier
  3. ipv4 address ipv4-address mask [secondary] ipv6 address ipv6-prefix /prefix-length [eui-64] [route-tag route-tag value]
  4. arp purge-delay seconds
  5. arp timeout seconds
  6. bandwidth rate
  7. mac-address value1 .value2 .value3
  8. mtu bytes
  9. end or commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:

RP/0/RSP0/CPU0:router# configure

Enters the global configuration mode.

Step 2

interface bvi identifier

Example:

RP/0/RSP0/CPU0:router(config)# interface bvi 1

Specifies or creates a BVI, where identifier is a number from 1 to 65535.

Step 3

ipv4 address ipv4-address mask [secondary] ipv6 address ipv6-prefix /prefix-length [eui-64] [route-tag route-tag value]

Example:

RP/0/RSP0/CPU0:router(config-if)# ipv4 address 10.10.0.4 255.255.255.0

Specifies a primary or secondary IPv4 address or an IPv6 address for an interface.

Step 4

arp purge-delay seconds

Example:

RP/0/RSP0/CPU0:router(config-if)#arp purge-delay 120

(Optional) Specifies the amount of time (in seconds ) to delay purging of Address Resolution Protocol (ARP) table entries when the interface goes down.

The range is 1 to 65535. By default purge delay is not configured.

Step 5

arp timeout seconds

Example:

RP/0/RSP0/CPU0:router(config-if)# arp timeout 12200

(Optional) Specifies how long dynamic entries learned on the interface remain in the ARP cache.

The range is 30 to 2144448000 seconds. The default is 14,400 seconds (4 hours).

Step 6

bandwidth rate

Example:

RP/0/RSP0/CPU0:router(config-if)# bandwidth 1000000

(Optional) Specifies the amount of bandwidth (in kilobits per second) to be allocated on the interface. This number is used as the cost metric in routing protocols for the BVI.

The range is 0 to 4294967295. The default is 10000000 (10 Gbps).

Step 7

mac-address value1 .value2 .value3

Example:

RP/0/RSP0/CPU0:router(config-if)# mac-address 1111.2222.3333

(Optional) Specifies the 48-bit MAC address for the BVI as three dotted-hexadecimal values, and overrides use of the default MAC address. The range for each value is 0000 to ffff. A MAC address of all 0s is not supported.

Step 8

mtu bytes

Example:

RP/0/RSP0/CPU0:router(config-if)# mtu 2000

(Optional) Specifies the maximum transmission unit (MTU) size for packets on the interface. The range is 64 to 65535. The default is 1514.

Step 9

end or commit

Example:

RP/0/RSP0/CPU0:router(config-if)# end

or


RP/0/RSP0/CPU0:router(config-if)# commit

Saves configuration changes.

  • When you issue the end command, the system prompts you to commit changes:

    
    Uncommitted changes found, commit them before exiting(yes/no/cancel)?
    [cancel]:
    

    Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

    Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

    Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

  • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring the Layer 2 AC Interfaces

To configure the Layer 2 AC interfaces for routing by a BVI, complete the following steps.

Before you begin

The interfaces to be configured as Layer 2 ACs in the bridge domain and routed by a BVI must be located on the following types of cards supporting IRB on the Cisco ASR 9000 Series Router:

  • 2-Port 10-Gigabit Ethernet, 20-Port Gigabit Ethernet Combination Line Cards (A9K-2T20GE-B and A9K-2T20GE-L)

  • 4-Port 10-Gigabit Ethernet Line Cards (A9K-4T-B, -E, -L)

  • 8-Port 10-Gigabit Ethernet DX Line Cards (A9K-8T/4-B, -E, -L)

  • 8-Port 10-Gigabit Ethernet Line Cards (A9K-8T-B, -E, -L)

  • 40-Port Gigabit Ethernet Line Cards (A9K-40GE-B, -E, -L)

SUMMARY STEPS

  1. configure
  2. interface [GigabitEthernet | TenGigE] interface-path-id[ .subinterface] l2transport
  3. encapsulation dot1q vlan-id [exact] orencapsulation dot1ad vlan-id dot1q vlan-id
  4. rewrite ingress tag pop {1 | 2} symmetric
  5. end or commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:


RP/0/RSP0/CPU0:router# configure

Enters global configuration mode.

Step 2

interface [GigabitEthernet | TenGigE] interface-path-id[ .subinterface] l2transport

Example:


RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/1/0/0.1 l2transport

Enables Layer 2 transport mode on a Gigabit Ethernet or 10-Gigabit Ethernet interface or subinterface and enters interface or subinterface configuration mode, where interface-path-id is specified as the rack/slot/module/port location of the interface and .subinterface is the optional subinterface number.

Step 3

encapsulation dot1q vlan-id [exact] orencapsulation dot1ad vlan-id dot1q vlan-id

Example:


RP/0/RSP0/CPU0:router(config-if)# encapsulation dot1q 1 exact

(Optional) Specifies IEEE 802.1q encapsulation on the specified VLAN only.

Step 4

rewrite ingress tag pop {1 | 2} symmetric

Example:


RP/0/RSP0/CPU0:router(config-if)# rewrite ingress tag pop 1 symmetric

(Required if VLAN tagging configured) Specifies that one or two tags (depending on the network configuration) should be removed from frames arriving at the ingress interface to the bridge domain.

Note

 
  • If configuring double tags using dot1ad and dot1q encapsulation, you need to use the rewrite ingress tag pop 2 symmetric command.

Step 5

end or commit

Example:


RP/0/RSP0/CPU0:router(config-if)# end

or


RP/0/RSP0/CPU0:router(config-if)# commit

Saves configuration changes.

  • When you issue the end command, the system prompts you to commit changes:

    
    Uncommitted changes found, commit them before exiting(yes/no/cancel)?
    [cancel]:
    
  • Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

  • Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

  • Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

  • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring a Bridge Group and Assigning Interfaces to a Bridge Domain

To configure a bridge group and assign interfaces to a bridge domain, complete the following steps.

SUMMARY STEPS

  1. configure
  2. l2vpn
  3. bridge group bridge-group-name
  4. bridge-domain bridge-domain-name
  5. interface [GigabitEthernet | TenGigE] interface-path-id[ .subinterface]
  6. end or commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:


RP/0/RSP0/CPU0:router# configure

Enters global configuration mode.

Step 2

l2vpn

Example:


RP/0/RSP0/CPU0:router(config)# l2vpn

Enters L2VPN configuration mode.

Step 3

bridge group bridge-group-name

Example:


RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group 10

Creates a bridge group and enters L2VPN bridge group configuration mode.

Step 4

bridge-domain bridge-domain-name

Example:


RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain BD_1

Creates a bridge domain and enters L2VPN bridge group bridge domain configuration mode.

Step 5

interface [GigabitEthernet | TenGigE] interface-path-id[ .subinterface]

Example:


RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet 0/1/0/0.1

Associates the Gigabit Ethernet and 10-Gigabit Ethernet interface with the specified bridge domain and enters L2VPN bridge group bridge domain attachment circuit configuration mode, where interface-path-id is specified as the rack/slot/module/port location of the interface and .subinterface is the optional subinterface number.

Repeat this step for as many interfaces as you want to associate with the bridge domain.

Step 6

end or commit

Example:


RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# end

or


RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)# commit

Saves configuration changes.

  • When you issue the end command, the system prompts you to commit changes:

    
    Uncommitted changes found, commit them before exiting(yes/no/cancel)?
    [cancel]:
    
  • Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

  • Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

  • Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

  • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Associating the BVI as the Routed Interface on a Bridge Domain

To associate the BVI as the routed interface on a bridge domain, complete the following steps.

SUMMARY STEPS

  1. configure
  2. l2vpn
  3. bridge group bridge-group-name
  4. bridge-domain bridge-domain-name
  5. routed interface bvi identifier
  6. end or commit

DETAILED STEPS

  Command or Action Purpose

Step 1

configure

Example:


RP/0/RSP0/CPU0:router# configure

Enters global configuration mode.

Step 2

l2vpn

Example:


RP/0/RSP0/CPU0:router(config)# l2vpn

Enters L2VPN configuration mode.

Step 3

bridge group bridge-group-name

Example:


RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group BG_test

Creates a bridge group and enters L2VPN bridge group configuration mode.

Step 4

bridge-domain bridge-domain-name

Example:


RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain 1

Creates a bridge domain and enters L2VPN bridge group bridge domain configuration mode.

Step 5

routed interface bvi identifier

Example:


RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# routed interface bvi 1

Associates the specified BVI as the routed interface for the interfaces assigned to the bridge domain.

Step 6

end or commit

Example:


RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# end

or


RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit

Saves configuration changes.

  • When you issue the end command, the system prompts you to commit changes:

    
    Uncommitted changes found, commit them before exiting(yes/no/cancel)?
    [cancel]:
    
  • Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

  • Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

  • Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

  • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Displaying Information About a BVI

To display information about BVI status and packet counters, use the following commands:

show interfaces bvi identifier [accounting | brief | description | detail ]

Displays interface status, line protocol state, and packet counters for the specified BVI.

show adjacency bvi identifier [detail | remote]

Displays packet and byte transmit counters per adjacency to the specified BVI.

show l2vpn bridge-domain detail

Displays the reason that a BVI is down.

Configuration Examples for IRB

This section provides the following configuration examples:

Basic IRB Configuration: Example

The following example shows how to perform the most basic IRB configuration:


! Configure the BVI and its IPv4 address
!
RP/0/RSP0/CPU0:router# configure 
RP/0/RSP0/CPU0:router(config)# interface bvi 1
RP/0/RSP0/CPU0:router(config-if))# ipv4 address 10.10.0.4 255.255.255.0
RP/0/RSP0/CPU0:router(config-if))# exit
!
! Configure the Layer 2 AC interface
!
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/1/0/0 l2transport
RP/0/RSP0/CPU0:router(config-if))# exit
!
! Configure the L2VPN bridge group and bridge domain and assign interfaces
!
RP/0/RSP0/CPU0:router(config)# l2vpn
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group 10
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain 1
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet 0/1/0/0
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-if)# exit
!
! Associate a BVI to the bridge domain
!
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# routed interface bvi 1
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit

IRB Using ACs With VLANs: Example

The following example shows how to configure IRB on a bridge domain with Layer 2 ACs using 802.1q-encapsulated VLANs:


! Configure the BVI and its IPv4 address
!
RP/0/RSP0/CPU0:router# configure 
RP/0/RSP0/CPU0:router(config)# interface bvi 1
RP/0/RSP0/CPU0:router(config-if))# ipv4 address 10.10.0.4 255.255.255.0
RP/0/RSP0/CPU0:router(config-if))# exit
!
! Configure the Layer 2 AC interfaces using dot1q encapsulation on a VLAN
!
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/1/0/0.1 l2transport
RP/0/RSP0/CPU0:router(config-if))# no ip address
RP/0/RSP0/CPU0:router(config-if))# encapsulation dot1q 1 exact
RP/0/RSP0/CPU0:router(config-if))# rewrite ingress tag pop 1 symmetric
RP/0/RSP0/CPU0:router(config-if))# exit
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/1/0/1.1 l2transport
RP/0/RSP0/CPU0:router(config-if))# no ip address
RP/0/RSP0/CPU0:router(config-if))# encapsulation dot1q 1 exact
RP/0/RSP0/CPU0:router(config-if))# rewrite ingress tag pop 1 symmetric
RP/0/RSP0/CPU0:router(config-if))# exit
!
! Configure the L2VPN bridge group and bridge domain and assign interfaces
!
RP/0/RSP0/CPU0:router(config)# l2vpn
RP/0/RSP0/CPU0:router(config-l2vpn)# bridge group 10
RP/0/RSP0/CPU0:router(config-l2vpn-bg)# bridge-domain 1
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet 0/1/0/0.1
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# interface GigabitEthernet 0/1/0/1.1
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-if)# exit
!
! Associate a BVI to the bridge domain
!
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# routed interface bvi 1
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)# commit

IPv4 Addressing on a BVI Supporting Multiple IP Networks: Example

The following example shows how to configure secondary IPv4 addresses on a BVI that supports bridge domains for the 10.10.10.0/24, 10.20.20.0/24, and 10.30.30.0/24 networks. In this example, the BVI must have an address on each of the bridge domain networks:


RP/0/RSP0/CPU0:router# configure 
RP/0/RSP0/CPU0:router(config)# interface bvi 1
RP/0/RSP0/CPU0:router(config-if))# ipv4 address 10.10.10.4 255.255.255.0
RP/0/RSP0/CPU0:router(config-if))# ipv4 address 10.20.20.4 255.255.255.0 secondary
RP/0/RSP0/CPU0:router(config-if))# ipv4 address 10.30.30.4 255.255.255.0 secondary
RP/0/RSP0/CPU0:router(config-if))# commit

Comprehensive IRB Configuration with BVI Bundle Interfaces and Multicast Configuration: Example

The following example shows a more comprehensive router configuration with IRB and BVI multicast support:


interface Bundle-Ether25
 ipv4 address 10.21.0.2 255.255.255.0
!
interface Loopback0
 ipv4 address 10.5.5.5 255.255.255.255
!
interface GigabitEthernet0/0/0/1
 negotiation auto
!
interface GigabitEthernet0/0/0/1.1 l2transport
 encapsulation dot1q 1
 rewrite ingress tag pop 1 symmetric
!
interface GigabitEthernet0/0/0/1.2 l2transport
 encapsulation dot1q 2
 rewrite ingress tag pop 1 symmetric
!

interface GigabitEthernet0/0/0/9
 bundle id 25 mode active
!
interface GigabitEthernet0/0/0/19
 bundle id 25 mode active
!
interface GigabitEthernet0/0/0/29
 bundle id 25 mode active
!

interface GigabitEthernet0/0/0/39
 bundle id 25 mode active

interface BVI1
 ipv4 address 10.1.1.1 255.255.255.0
!
interface BVI2
 ipv4 address 10.1.2.1 255.255.255.0

router ospf 100
 router-id 10.5.5.5
 area 0
  interface Bundle-Ether25
    interface Loopback0
    interface BVI1
   interface BVI2
  !
l2vpn
 bridge group IRB
  bridge-domain IRB1
   igmp snooping profile IRB_SNOOP
   interface GigabitEthernet0/0/0/1.1
   !
   routed interface BVI1
  !
  bridge-domain IRB2
   igmp snooping profile IRB_SNOOP
   interface GigabitEthernet0/0/0/1.2
   !
   routed interface BVI2

multicast-routing
 address-family ipv4
  interface all enable
igmp snooping profile IRB_SNOOP
 report-suppression disable
!
router pim
 address-family ipv4
  rp-address 10.10.10.10

IRB With BVI and VRRP Configuration: Example

This example shows a partial router configuration for the relevant configuration areas for IRB support of a BVI and VRRP:


Note


VRRPv6 is also supported.



l2vpn
 bridge group IRB
  bridge-domain IRB-EDGE
   interface GigabitEthernet0/0/0/8
!
   routed interface BVI 100
!
interface GigabitEthernet0/0/0/8
  l2transport
!
interface BVI 100
 ipv4 address 10.21.1.1 255.255.255.0
!
router vrrp
 interface BVI 100
  vrrp 1 ipv4 10.21.1.100
  vrrp 1 priority 100
 !

6PE/6VPE With BVI Configuration: Example

The following example shows how to configure an MPLS 6PE/6VPE environment using BVIs at the CE-facing sides of the Cisco ASR 9000 Series Router as the PE devices. For more information about Cisco  6PE/6VPE and its configuration, see the “Implementing IPv6 VPN Provider Edge Transport Over MPLS” chapter of the Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide.


Note


This environment is only supported using IRB with the supported Gigabit Ethernet line cards on the Cisco ASR 9000 Series Router. It is not supported with the Cisco ASR 9000 SIP-700 SPAs.


This figure shows the location of the BVI interfaces (green icons) on the Cisco ASR 9000 Series Routers as the PE1 and PE2 devices.

Figure 3. BVI Interfaces on the CE-Facing Sides in an MPLS 6PE/6VPE Network

This is a sample configuration only for the Cisco ASR 9000 Series Router (PE1) device with a BVI interface numbered 1 on the CE-facing side, and a non-BVI interface (Gigabit Ethernet 0/1/0/37) on the core-facing side. A similar configuration would apply to the PE2 device:


! Be sure to configure IPv6 unicast address families
!
vrf 1
address-family ipv6 unicast
  import route-target
   100:2
  export route-target
   100:2

interface Loopback0
 ipv4 address 10.11.11.11/32
!
! Configure the BVI interface to participate in the VRF
! and with an IPv6 address.
!
interface BVI1
 vrf 1
 ipv6 address 2001:DB8:1/32
!
! Assign the Gigabit Ethernet CE-facing interface to the
! L2VPn bridge domain where the routed BVI interface is also associated.
!
l2vpn
 bridge group 1
  bridge-domain 1
   interface Gigabit Ethernet 0/1/0/11
 routed interface BVI1
!
! Configure OSPF routing for the BVI interface for
! advertisement of its IPv6 address.
!
router ospfv3 1
 graceful-restart
 redistribute bgp 1
 area 1
  interface BVI1
  interface Loopback0
!
! Configure BGP routing and be sure to specify the
! IPv6 unicast address family.
! Note that the per-VRF label allocation mode is required
! and is the only supported label allocation mode.
!
router bgp 1
 bgp router-id 10.11.11.11
 bgp redistribute-internal
 bgp graceful-restart

 address-family ipv6 unicast
  redistribute ospfv3 1 match internal external
  label-allocation-mode per-vrf
  allocate-label all
 !
 address-family vpnv6 unicast
 !
 neighbor 10.11.12.12
  remote-as 1
  update-source Loopback0
  address-family ipv6 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
  address-family ipv6 labeled-unicast
  !
  address-family vpnv6 unicast
   route-policy pass-all in
   route-policy pass-all out
  !
 vrf 1
  rd 100:2
 label-allocation-mode per-vrf
  address-family ipv6 unicast
   redistribute connected

mpls ldp
 router-id 10.11.11.11
 graceful-restart
 interface Gigabit Ethernet 0/1/0/37