Hi,
i'm relativly new to cisco when it comes to bdi interfaces, port channeling and high availability.
we have problems with our cisco asr configuration and need some advise how to fix that.
How do we prevent the customers from creating loops / blocking the second port?
here is an example of how our infrastructure looks like:
We can not get spanning tree / BPDU running.
if a customer is bridging the 2 interfaces which we provide them we get loops and that brings down both Ciscos and we lose the BGP Session to our provider.
Here is a config snipped of our ASRs:
version 15.6 no service pad service timestamps debug datetime msec service timestamps log datetime msec localtime service password-encryption no platform punt-keepalive disable-kernel-core platform bfd-debug-trace 1 platform xconnect load-balance-hash-algo mac-ip-instanceid platform tcam-parity-error enable platform tcam-threshold alarm-frequency 1 ! hostname Router-RZ01 ! boot-start-marker boot system bootflash:asr920-universalk9_npe.03.18.08a.SP.156-2.SP8A-ext.bin boot system flash asr920-universalk9_npe.03.18.08a.SP.156-2.SP8A-ext.bin boot-end-marker ! ! vrf definition Mgmt-intf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! logging buffered 32768 ! no aaa new-model clock timezone MET 1 0 clock summer-time MST recurring last Sun Mar 2:00 last Sun Oct 3:00 facility-alarm critical exceed-action shutdown port-channel load-balance-hash-algo src-dst-ip ! ! ! multilink bundle-name authenticated ! ! license boot level advancedmetroipaccess ! ! spanning-tree mode mst spanning-tree portfast default spanning-tree portfast bpduguard default spanning-tree portfast bpdufilter default spanning-tree mst 0 priority 0 sdm prefer default ! redundancy bridge-domain 1 bridge-domain 100 bridge-domain 101 ! transceiver type all monitoring cdp run ! ! ! bridge irb ! ! interface Loopback0 ip address XXX.XXX.XXX.XXX 255.255.255.255 ! interface Port-channel1 no ip address spanning-tree portfast service instance 100 ethernet encapsulation dot1q 100 rewrite ingress tag pop 1 symmetric bridge-domain 100 ! service instance 101 ethernet encapsulation dot1q 101 rewrite ingress tag pop 1 symmetric bridge-domain 101 ! ! interface GigabitEthernet0/0/0 no ip address load-interval 30 shutdown negotiation auto ! ! interface GigabitEthernet0/0/19 description Customer1 no ip address load-interval 30 negotiation auto cdp enable service instance 100 ethernet encapsulation untagged bridge-domain 100 ! ! interface GigabitEthernet0/0/22 description Customer2 no ip address load-interval 30 negotiation auto cdp enable service instance 101 ethernet encapsulation untagged bridge-domain 101 ! ! interface TenGigabitEthernet0/0/24 description PortChannel1 no ip address spanning-tree portfast channel-group 1 mode active ! interface TenGigabitEthernet0/0/25 description PortChannel1 no ip address no negotiation auto spanning-tree portfast channel-group 1 mode active ! interface TenGigabitEthernet0/0/26 no ip address shutdown ! interface TenGigabitEthernet0/0/27 description Uplink ip address XXX.XXX.XXX.XXX 255.255.255.252 ! interface GigabitEthernet0 vrf forwarding Mgmt-intf no ip address shutdown negotiation auto ! interface BDI100 description Customer1 ip address XXX.XXX.XXX.2 255.255.255.248 standby 0 ip XXX.XXX.XXX.1 standby 0 priority 250 standby 0 preempt standby 0 authentication md5 key-string 7 XXXXXXXXXXXXXXXXXXXXXXXXXX load-interval 30 ! interface BDI101 description Customer2 ip address XXX.XXX.XXX.114 255.255.255.248 standby 0 ip XXX.XXX.XXX113 standby 0 priority 250 standby 0 preempt standby 0 authentication md5 key-string 7 XXXXXXXXXXXXXXXXXXXXXXXXXX load-interval 30 ! ! router ospf 100 router-id XXX.XXX.XXX.254 auto-cost reference-bandwidth 100000 redistribute connected subnets redistribute static subnets network XXX.XXX.XXX.16 0.0.0.7 area 0 default-information originate ! router bgp XXXXX bgp log-neighbor-changes neighbor XXX.XXX.XXX.XXX remote-as XXXXX neighbor XXX.XXX.XXX.XXX description Link ! address-family ipv4 network XXX.XXX.XXX.0 neighbor XXX.XXX.XXX.XXX activate exit-address-family ! ip forward-protocol nd ! ip bgp-community new-format no ip ftp passive ! ! control-plane
No comments:
Post a Comment