VPLS+MLAG+ISC

  • 0
  • 1
  • Problem
  • Updated 1 year ago
  • Solved
Hi all.
Config.
We have two X670 with MLAG and MPLS/VPLS enabled, some ports use MLAG.  We have shared group of 4 ports for ISC link between switches, also have customer vlan V100 on both switches, vlan V100 does not added to any MLAG ports, only to ISC link as tagged and one non-MLAG port on each switch as tagged. On each switch have vpls pw to same destination(cisco). This PW-res using V100 as service vlan. One VPLS on one switch have status UP, another VPLS on another switch have status STANDBY because they both connected to the same Cisco ME3600X with "xconnect" and "backup peer" config.
Problem:
In FDB we don't see any MACs on ISC link and traffic flooded to all ports belonging vlan V100 because switch don't have destination MAC in FDB. If we remove one of vpls pw-res  MACs appear in FDB as Software Controlled Deletion on ISC link and all work correctly on switch where not have vpls pw. Disabling vpls is not help only deletion. Version IMG: 16.2.2.4.

Please help.Thx.
Photo of Sergey Vekli

Sergey Vekli

  • 506 Points 500 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Sergey Vekli

Sergey Vekli

  • 506 Points 500 badge 2x thumb
(Edited)
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,346 Points 10k badge 2x thumb
if you are dual-homed, you need ESRP to manage an active/standby mechanism. You cannot be active/active.
Photo of Sergey Vekli

Sergey Vekli

  • 506 Points 500 badge 2x thumb
If we use ESRP traffic can't flow from  HOST3 to HOST2 because  slave ESRP will block it.
(Edited)
Photo of Loris Ricchetti

Loris Ricchetti

  • 60 Points
Hi Sergey,
I do not know if you've solved, I had similar problems in the past with Pe 670 with mpls / vpls and mlag configured at the same time, you need to use a dedicated link to vlan Isc, after you see that the fdb is populated correctly. And everything will work fine.
See the user manual in section of Mlag limitation and requirements. (ex. in xos16.1 page 293)
MPLS:VPLS VPLS must be configured for redundancy using ESRP. The ESRP master VLAN must include the ISC ports and the VPLS service VLAN ports as members.
Pseudowires cannot traverse an ISC link. You should not add the ISC port as a member to MPLS VLANs that can be used by LSPs that can carry Layer 2 VPN traffic terminating on MLAG peer switches.
Loris





 
Photo of Sergey Vekli

Sergey Vekli

  • 506 Points 500 badge 2x thumb
Thank you. We have solved it by creating different link between x670s for VPLS vlans. Now we have one ISC link and one "ISC for vpls".