Hi all,
Hopefully someone can shed a bit of light on a dilemma I am having. Investigating how viable it is to use a Cisco ASR-920-24SZ-M in lieu of a more complex device like an ASR9901. We currently working to build a metro ethernet style product suite including Internet services, E-Line, E-LAN and E-Tree style connectivity. For all of these services, an NTU (usually an NCS520, however we're still in transition from ME3400's) is used at the customer premise. The NTU is physically traditionally plugged into an ASR9901 or similar. In this scenario we simply create sub interfaces on the ASR9901 for each service with the correct encapsulation configured, and if l3vpn or internet services are required we configure those on the sub interface, if l2vpn services are required we configure the sub interface to be a member of a VPWS for example.
Each NTU also contains a BDI or VLAN interface that's standard across the entire network for in-band NTU management. It uses nothing more than a VRF and a /31 point to point configuration as a sub interface on the ASR9901 currently for reachability. We utilise import/export policies to allow our corporate network to reach this NTU management network.
So for example:
We may allocate vlan 100 for an internet service handed off on a per-port basis (EPL type service) on the customer site NTU (utilising encapsulation default so they customer does not need to tag traffic) and vlan 500 for management for the NTU. We carry the traffic layer 2 back to the ASR9901, where there might be a sub interface like this, with a sub interface for NTU management also. Note that the config below is just a quick snippet and example only.
interface Gi0/0/0/0.100
description ---Customer A internet---
ip address 169.254.0.0/31
service-policy input
service-policy output
encapsulation dot1q 100
!
interface Gi0/0/0/0.500
description ---NTU Management---
ip address 10.0.0.0/31
vrf forwarding 500
encapsulation dot1q 500
So from a config standpoint, they're simply nothing more than a sub interface, for l2vpn services we'd do the same except with the appropriate l2 config on the sub interface and the appropriate l2vpn configuration applied. The above also may have additional BGP config etc which isn't overly relevant to the discussion.
So what's the issue? Well on an ASR920, you can't simply create sub interfaces. The nice part about using sub interfaces is that we can utilise the same sub interface for every customer service, standardising .100 for internet .500 for NTU management .400 for voice .300 etc. So at a glance if i want to see every internet service on a router I can do a show int descr | in .100 etc. It also makes automating it a bit nicer.
My understanding is we need to utilise the bridge-domain functionality, however this means we need to create a BDI for each NTU management + internet service or any other l3vpn type service instead. In doing so, we can no longer just use a standard like BDI500 for all NTU's, because BDI's cannot overlap on the same router. So we'd need to have BDI500 for NTU-A, BDI501 for NTU-B, BDI502 for NTU-C etc. Is this correct? Is my only option to essentially go down this path if we want to utilise an ASR920 that relies upon service instance/EFP configuration rather than standard sub interfaces?
Happy to answer any questions as I'm sure I've missed some details that may help answer my question.
No comments:
Post a Comment