Regarding Bridge domain and L2 vpn

bridgelayer2layer3

I am trying to understand the usage of bridge group command.Please refer the following config(on switch ASR9k):

l2vpn

!

bridge group TEST1

 bridge-domain BD1

  interface Bundle-Ether1.500

  interface Bundle-Ether2.500

 bridge-domain BD2

  interface Bundle-Ether1.600

  interface Bundle-Ether2.600

The configs for subinterfaces are as:

interface Bundle-Ether1.500 l2transport

encapsulation dot1q 500

rewrite ingress tag pop 1 symmetric

 interface Bundle-Ether2.500 l2transport

    encapsulation dot1q 500

    rewrite ingress tag pop 1 symmetric

Similarly for 600(only the dot1q tag would be 600)

There is a router connected to the above ASR9k switch on the other end that has the IP addresses as below:

interface Bundle-Ether1.500

ipv4 address <ipv4 address>

interface Bundle-Ether2.500

ipv4 address <ipv4 address>

Similary for X.600 part.

Q1:What exactly is the bridge group part used for?What if i remove it?

Q2:I understand that any frame coming to the switch with a tag of 500, will be put onto interface Bundle-Ether1.500 and also onto interface Bundle-Ether2.500.
This tag will be stripped(at ingress ) and pushed back at egress(when the frame exits these interfaces(because of symmetric command). Is that correct understanding?

Q3:Bridge-domains represent ONE broadcast domain.So all the interfaces under one bridge domain are part of SAME broadcast domain?
As for above, the Bundle-Ether1.500 and Bundle-Ether2.500 are part of SAME broadcast domain BD1. Is that CORRECT understanding?

Q4:Why at all do we need to group these Bridge-domains? What advantage am i getting?Why are we tying all the Bridge-domains under a single bridge group?

Q5:What role is l2vpn command playing in above?

Best Answer

So there's likely a whole lot of other things going on with this configuration so the amount of depth that can be provided is going to be limited.

To answer your questions specifically-

A1: (from CCO) The Bridge Group (BG) is a non-functional configuration hierarchy that ties several BDs together in part of the same functional group.

If you remove it you'll delete everything that's contained within it (...which is to say the two BD's in your example).

A2: There's more configuration below your sample but you can think of the Bundle-Ether interfaces as being roughly analogous to PortChannel interfaces in IOS/NXOS. You're creating subinterfaces within each bundle corresponding to VLAN ID's 500 and 600. When you send packets back out these interfaces a corresponding 802.1q VLAN ID will be applied.

A3: Yes - each bridge-domain is its own broadcast domain. Put another way a broadcast coming in Bundle-Ether1.500 will (solely) be flooded out Bundle-Ether2.500.

A4: We can't say why you have these Bridge-Domains because we don't know what you're trying to accomplish. If the goal is separately tying together VLAN's 500 and 600 that exist on separate switches connected to Bundle-Ether1 and Bundle-Ether2 then the configuration makes sense. That said, the configuration of the second ASR is kind of bizarre as it hooks up to VLAN500 at two points with different IP's. This doesn't serve any obvious purpose that I can see.

A5: L2VPN is the global stanza where the various L2 cross-connect functions (...like BD's, etc) are defined.

Related Topic