Vlan translation doubts : networking


today at my work we had a new case scenario in which we perform a vlan translation on traffic we pick up from an OLO, this is what the usual configuration we use:

On the interface we pick up traffic from:

service instance 415 ethernet

encapsulation dot1q 2101 second-dot1q 415

rewrite ingress tag pop 2 symmetric

On the interface we deliver the traffic to:

service instance 415 ethernet

description DIM-BIAEA

encapsulation dot1q 655

rewrite ingress tag pop 1 symmetric

So, we strip both vlan tags on the interface the traffic enters our network, then forward it to the interface were the traffic leaves our network and on that interface we have a new encapsulation that matches the vlan the operator that picks up the traffic from us expects (655 in this case). When the two routers are in geographically separate locations, we use mpls pseudowire and xconnects to forward the traffic.

However today, we had a vlan translation case were the destination router was in the same site as the one we picked up traffic from and, connected to that one with a L2 interlink. The l2 interlink interface is always a member of Port-channel48 so when that happens, I recreate the service instance under the Port-channel on both routers. and then connect each end through the physical interface with a bridge-domain.

In this case what struck me is that the standard configuration wouldn’t work, if we strip both tags at the entrance and leave the frame with the cvlan alone, I think it would get to the port-channel interface of its own router just fine (after all the router has a bridge domain that tells him what to do) but, once it reaches the other end, the other router wouldn’t know what to do with the frame as it has no tags for him to understand what it should do with it.

We could re-encapsulate the frame on the first port-channel interface (the one on the router that picks up the traffic) but seems extra work to have the router strip both tags at the entrance just to add it again once the traffic gets to the port-channel interface.

A colleague told me just to use a mpls pseudowire to get around it, but it got me thinking. If we strip just the outer vlan tag at the entrance and then strip the svlan tag at the port-channel interface on the delivery router with:

rewrite ingress tag pop 1 symmetric

Wouldn’t that mean that the traffic will flow from the pickup router to the delivery router with a svlan tag, get that stripped once it gets to the port-channel on the other router then the router moves it to the delivery interface where it will add the vlan tag the operator we deliver to expects, would that work?

Additionally, if we do end up stripping just one tag thus leaving only the svlan tag, on the local port-channel is enough to just create the service instance that we then add to the bridge domain, without needing to add again the encapsulation dot1q since that wasn’t stripped upon entering right?

I have been reading this document:

And Honestly I can’t see why we are not just using the command:

rewrite ingress tag translate 2-to-1 dot1q

Which seems to me would fix the issue

Thanks a lot in advance for the help

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
%d bloggers like this:

Adblock Detected

Please consider supporting us by disabling your ad blocker