Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Anders Löwinger]

On 2016-09-19 22:48, Peter Rathlev wrote:

Just to be crystal clear: Sup2T hardware and software fully supports
using same VLAN ID on different interfaces, and you can mix it with a
SVI for good measure. Nick Cutting posted a configuration snippet that
shows what can be done.


Ok missed that, and its great news!


The Sup2T certainly has shortcomings but this is not one of them.


Agree.

Anyone tried the sup6t? Any feedback?

/Anders

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Peter Rathlev]

On Mon, 2016-09-19 at 11:39 +0200, Anders Löwinger wrote:
> Sup2t has support in HW for using same VLAN-id on different L3 
> interfaces. Cisco has no SW to support it :(

Just to be crystal clear: Sup2T hardware and software fully supports
using same VLAN ID on different interfaces, and you can mix it with a
SVI for good measure. Nick Cutting posted a configuration snippet that
shows what can be done.

The Sup2T certainly has shortcomings but this is not one of them.

-- 
Peter

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Pavel Skovajsa]

It's a switch!
-pavel

On Mon, Sep 19, 2016 at 11:39 AM, Anders Löwinger  wrote:

> On 2016-09-19 10:19, Gert Doering wrote:
>
>> Things like that makes one wonder if Sup2T is intentionally trying to
>> kill the platform...  "too late, too limited, too stupid design decisions"
>> (like, the new netflow implementation "with MAC addresses").
>>
>
> Sup2t has support in HW for using same VLAN-id on different L3 interfaces.
> Cisco has no SW to support it :(
>
>
> /Anders
>
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Anders Löwinger]

On 2016-09-19 10:19, Gert Doering wrote:

Things like that makes one wonder if Sup2T is intentionally trying to
kill the platform...  "too late, too limited, too stupid design decisions"
(like, the new netflow implementation "with MAC addresses").


Sup2t has support in HW for using same VLAN-id on different L3 
interfaces. Cisco has no SW to support it :(



/Anders

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Gert Doering]

Hi,

On Mon, Sep 19, 2016 at 09:52:33AM +0200, Peter Rathlev wrote:
> I haven't played with it, but the implementation on Sup2T seems quite
> limited. As a start you need to globally enable provider-bridge dot1ad
> mode, which is incompatible with using LACP.

Things like that makes one wonder if Sup2T is intentionally trying to 
kill the platform...  "too late, too limited, too stupid design decisions"
(like, the new netflow implementation "with MAC addresses").

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Patrick M. Hausen]

Good morning,

> Am 19.09.2016 um 09:52 schrieb Peter Rathlev :
> 
> On Sat, 2016-09-17 at 14:24 +0200, Łukasz Bromirski wrote:
>>> On 16 Sep 2016, at 17:32, Nick Cutting wrote:
>>> Depends on supervisor - With sup 2t - you could reuse vlans on
>>> subinterfaces, here is 2 subinterfaces on different ports, and an
>>> SVI all on vlan 281
>>> 
>>> !
>>> interface Vlan281
>>> no ip address
>>> shutdown
>>> end
>>> !
>>> interface TenGigabitEthernet2/5/9.281
>>> encapsulation dot1Q 281
>>> end
>>> !
>>> interface TenGigabitEthernet2/5/8.281
>>> encapsulation dot1Q 281
>>> end
>>  
>> That’s actually config that will work with all Supervisors, wrong
>> example :)
> 
> Nick is right, the config he showed would not work on Sup720 or
> earlier. And it wouldn't matter if VTP was enabled or not. If the VLAN
> exists "switched" then the first "encapsulation dot1q" command will be
> rejected with "Command rejected: VLAN  already in use by interface
> Vlan". Trying to create more than two subinterfaces using the same
> VLAN (on different interfaces of course) is rejected with "Command
> rejected: VLAN  not available".

Correct. My problem is that I have a new peering partner and his VLANs
are already in use on my side. On the "toy" platforms like 1812 or a FreeBSD
or Linux host it's straightforward to just create a subinterface with the 
appropriate
tags attached to the packets. So I thought I could do the same on my Cat6500.

I just found out about VLAN mapping:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/vlans.html#wp1044990

This *would* do the trick for me, if it wasn't for the fact that the mapping
is applied to all 12 ports in a port group. And since the VLAN is in use there
are of course ports where I don't want to map it ...

*argh* Can't they implement a single advanced feature in an unsurprising manner?

Thanks for all your help
Patrick
-- 
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
i...@punkt.de   http://www.punkt.de
Gf: Jürgen Egeling  AG Mannheim 108285

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Peter Rathlev]

On Sat, 2016-09-17 at 14:24 +0200, Łukasz Bromirski wrote:
> > On 16 Sep 2016, at 17:32, Nick Cutting wrote:
> > Depends on supervisor - With sup 2t - you could reuse vlans on
> > subinterfaces, here is 2 subinterfaces on different ports, and an
> > SVI all on vlan 281
> > 
> > !
> > interface Vlan281
> > no ip address
> > shutdown
> > end
> > !
> > interface TenGigabitEthernet2/5/9.281
> > encapsulation dot1Q 281
> > end
> > !
> > interface TenGigabitEthernet2/5/8.281
> > encapsulation dot1Q 281
> > end
> 
> That’s actually config that will work with all Supervisors, wrong
> example :)

Nick is right, the config he showed would not work on Sup720 or
earlier. And it wouldn't matter if VTP was enabled or not. If the VLAN
exists "switched" then the first "encapsulation dot1q" command will be
rejected with "Command rejected: VLAN  already in use by interface
Vlan". Trying to create more than two subinterfaces using the same
VLAN (on different interfaces of course) is rejected with "Command
rejected: VLAN  not available".

Sup2T doesn't have these problems.

> I understand Patrick is looking for a way to distinguish switched
> VLANs from routed VLANs, and indeed VLANs can be reused to forward
> different traffic with VLAN local significance on 6500/7600 starting
> from Sup2T.
> 
> For that (Patrick) needs bridge domains, so EVC infra - which is
> available on Sup2T with all ports, even with classical “LAN” cards -
> no SIPs needed.

I haven't played with it, but the implementation on Sup2T seems quite
limited. As a start you need to globally enable provider-bridge dot1ad
mode, which is incompatible with using LACP.

-- 
Peter

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Łukasz Bromirski]

> On 16 Sep 2016, at 17:32, Nick Cutting  > wrote:
> 
> Depends on supervisor - With sup 2t - you could reuse vlans on subinterfaces, 
> here is 2 subinterfaces on different ports, and an SVI all on vlan 281
> 
> !
> interface Vlan281
> no ip address
> shutdown
> end
> !
> interface TenGigabitEthernet2/5/9.281
> encapsulation dot1Q 281
> end
> !
> interface TenGigabitEthernet2/5/8.281
> encapsulation dot1Q 281
> end

That’s actually config that will work with all Supervisors, wrong example :)

I understand Patrick is looking for a way to distinguish switched VLANs from
routed VLANs, and indeed VLANs can be reused to forward different traffic with
VLAN local significance on 6500/7600 starting from Sup2T.

For that (Patrick) needs bridge domains, so EVC infra - which is available
on Sup2T with all ports, even with classical “LAN” cards - no SIPs needed.

Config examples for different scenarios - google found it:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-2SY/config_guide/sup2T/15_2_sy_swcg_2T/ethernet_virtual_connection.pdf
 


-- 
Łukasz Bromirski
CCIE R/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Nick Cutting]

And FYI - only the SVI gets used in "internal vlan usage"

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick 
Cutting
Sent: Friday, September 16, 2016 11:33 AM
To: Marco van den Bovenkamp <ma...@linuxgoeroe.dhs.org>; Cisco Network Service 
Providers <cisco-nsp@puck.nether.net>
Subject: Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

Depends on supervisor - With sup 2t - you could reuse vlans on subinterfaces, 
here is 2 subinterfaces on different ports, and an SVI all on vlan 281

!
interface Vlan281
 no ip address
 shutdown
end
!
interface TenGigabitEthernet2/5/9.281
 encapsulation dot1Q 281
end
!
interface TenGigabitEthernet2/5/8.281
 encapsulation dot1Q 281
end



-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Marco 
van den Bovenkamp
Sent: Friday, September 16, 2016 7:43 AM
To: Cisco Network Service Providers <cisco-nsp@puck.nether.net>
Subject: Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?


On 16/09/2016 13:36, Curtis Piehler wrote:
> Exactly!   On the 6500/7600 platforms you can't have your cake and eat 
> it
> :)

Indeed :-). And 'routed ports' are actally SVIs on a VLAN you don't see, but 
does get taken from the global pool (try 'show vlan internal usage' 
sometime).

A 6500 is a switch, even when it calls itself a 7600 :-)


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Nick Cutting]

Depends on supervisor - With sup 2t - you could reuse vlans on subinterfaces, 
here is 2 subinterfaces on different ports, and an SVI all on vlan 281

!
interface Vlan281
 no ip address
 shutdown
end
!
interface TenGigabitEthernet2/5/9.281
 encapsulation dot1Q 281
end
!
interface TenGigabitEthernet2/5/8.281
 encapsulation dot1Q 281
end



-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Marco 
van den Bovenkamp
Sent: Friday, September 16, 2016 7:43 AM
To: Cisco Network Service Providers <cisco-nsp@puck.nether.net>
Subject: Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?


On 16/09/2016 13:36, Curtis Piehler wrote:
> Exactly!   On the 6500/7600 platforms you can't have your cake and eat 
> it
> :)

Indeed :-). And 'routed ports' are actally SVIs on a VLAN you don't see, but 
does get taken from the global pool (try 'show vlan internal usage' 
sometime).

A 6500 is a switch, even when it calls itself a 7600 :-)


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Phil Mayers]

On 16/09/16 12:06, Gert Doering wrote:


use a different tag :-) - and yes, this is one of the big drawbacks of
the 6500 architecture (or, depending how you use it, one of the strong
sides) - it's a switch, with routing.  So vlan space is "switchy".


It's not clear to me if they fixed this in the EARL8/sup2T hardware. 
AFAICT there's no way in software to use a vlan tag more than once, but 
IIRC they changed the hardware to support bridge domains, so...

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Marco van den Bovenkamp]

On 16/09/2016 13:36, Curtis Piehler wrote:
Exactly!   On the 6500/7600 platforms you can't have your cake and eat 
it

:)


Indeed :-). And 'routed ports' are actally SVIs on a VLAN you don't see, 
but does get taken from the global pool (try 'show vlan internal usage' 
sometime).


A 6500 is a switch, even when it calls itself a 7600 :-)


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Curtis Piehler]

Exactly!   On the 6500/7600 platforms you can't have your cake and eat it
:)

On Sep 16, 2016 7:32 AM, "Gert Doering"  wrote:

> Hi,
>
> On Fri, Sep 16, 2016 at 01:13:54PM +0200, Patrick M. Hausen wrote:
> > I expected the SP and the RP to be orthogonal to each other ...
>
> Well, they are - but the RP needs the SP to get the packet out :-)
>
> (On the WAN interface cards, you actually have "real routed" interfaces,
> but these have deficiencies on the switching side :) )
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>//
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025g...@net.informatik.tu-
> muenchen.de
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Gert Doering]

Hi,

On Fri, Sep 16, 2016 at 01:13:54PM +0200, Patrick M. Hausen wrote:
> I expected the SP and the RP to be orthogonal to each other ...

Well, they are - but the RP needs the SP to get the packet out :-)

(On the WAN interface cards, you actually have "real routed" interfaces,
but these have deficiencies on the switching side :) )

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Patrick M. Hausen]

Hi!

> Am 16.09.2016 um 13:08 schrieb Curtis Piehler :
> 
> If the card is switching type card then yes it does care and draws from the 
> internal VLAN database.   The true routed cards (SPA) are not part of the 
> internal VLAN database.   I ran into this on 7600 routers with WS line cards. 
>  However the SPA cards in the chassis did not draw from the internal VLAN 
> pool.

I get it, thanks.
I expected the SP and the RP to be orthogonal to each other ...

Possibly my partner on the other end can do something with VLAN rewriting ... 
*sigh*

Patrick
-- 
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
i...@punkt.de   http://www.punkt.de
Gf: Jürgen Egeling  AG Mannheim 108285

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Curtis Piehler]

If the card is switching type card then yes it does care and draws from the
internal VLAN database.   The true routed cards (SPA) are not part of the
internal VLAN database.   I ran into this on 7600 routers with WS line
cards.  However the SPA cards in the chassis did not draw from the internal
VLAN pool.

On Sep 16, 2016 6:57 AM, "Patrick M. Hausen"  wrote:

> Hi, all,
>
> I just stumbled into a minor POLA violation here:
> (at least I'm astonished ;-)
>
>
> Core1(config-subif)#int gi4/9.100
> Core1(config-subif)#encapsulation dot1Q 100
> Command rejected: VLAN 100 cannot be allocated. VLANs 1-1005 are VTP VLANs
> VTP mode is client or server and must be changed to Transparent/Off to use
> VLANs 1-1005
>
> Yes, of course. I do have VTP. And a VTP database. Including VLAN 100.
> But this is for *switched* ports like so:
>
> int gi4/...
> switchport
> switchport access VLAN 100
>
> int VLAN100
> ip address ...
>
>
> But *router* ports on the same platform should (IMHO) not care
> about all of this. I mean, just create the sub-if and attach a tag to
> every packet, will ya?
>
>
> Is there any way to accomplish what I'm trying? Other than moving
> the connection in question to a completely different chassis?
>
> Any hints greatly appreciated. Thanks.
> Patrick
> --
> punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
> Tel. 0721 9109 0 * Fax 0721 9109 100
> i...@punkt.de   http://www.punkt.de
> Gf: Jürgen Egeling  AG Mannheim 108285
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cat6500 VLAN cannot be assigned to a routed port sub-if?

[Gert Doering]

Hi,

On Fri, Sep 16, 2016 at 12:56:46PM +0200, Patrick M. Hausen wrote:
> Core1(config-subif)#int gi4/9.100
> Core1(config-subif)#encapsulation dot1Q 100
> Command rejected: VLAN 100 cannot be allocated. VLANs 1-1005 are VTP VLANs
> VTP mode is client or server and must be changed to Transparent/Off to use 
> VLANs 1-1005
> 
> Yes, of course. I do have VTP. And a VTP database. Including VLAN 100.
> But this is for *switched* ports like so:

There are no "non-switched" ports on a 6500.  VLAN space is global, so
"tag 100" on one port is "the global vlan 100"

(Unless you add vlan translation, which is not as flexible as it could be)

[..]
> Is there any way to accomplish what I'm trying? Other than moving
> the connection in question to a completely different chassis?

use a different tag :-) - and yes, this is one of the big drawbacks of
the 6500 architecture (or, depending how you use it, one of the strong
sides) - it's a switch, with routing.  So vlan space is "switchy".

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/