Is there any way to terminate a pseudo-wire on a VLAN with IP forwarding enabled?
Consider a scenario where a provider network is L2 back to a routing core - a classic scenario might be an EAPS ring around a number of edge switches, with a pair of core switches somewhere in this ring.
These cores are the only devices doing L3, and customer connections come back over a protected VLAN to the cores to be routed. Now in reality, you might do some L3 routing around this edge ring as well; but let us assume that there are some customer connections - for example, a customer dual-homed to each core with a VLAN and BGP being used as the routing protocol between provider and customer - where the customer connection must have its L3 termination point on a core switch.
With the EAPS+VLAN solution, this works like a charm. The VLAN has a port on the edge switch facing the customer, and an IP address on the core switch and IP forwarding is enabled, great. This is VLAN switching 101.
However, say you replace your EAPS solution with MPLS, and use a pseudowire to get from the edge customer port to the core switch, you hit a problem. You cannot add a service VLAN to an l2vpn if it has IP forwarding enabled, and you cannot enable IP forwarding on a VLAN which is connected to an l2vpn.
Is this a hardware limitation, does anyone know (I'm testing this on X480s and X460s with 15.7 code)? Or is it just not implemented yet? It seems a glaring omission if it is not a hardware limitation.
How to reproduce (easy):
* core1.2 # create l2vpn vpws test_cust fec-id-type pseudo-wire 54321[/code]* core1.3 # config l2vpn vpws test_cust add peer 10.1.1.2[/code]* core1.4 # create vlan test_cust_1[/code]* core1.5 # dis igmp snoop test_cust_1[/code]* core1.6 # config vlan test_cust_1 ipa 10.1.3.1/30[/code]IP interface for VLAN test_cust_1 has been created.[/code]* core1.7 # enable ipf test_cust_1[/code]* core1.8 # config l2vpn vpws "test_cust" add service vlan test_cust_1[/code]Error: IP forwarding must be disabled on VLAN "test_cust_1" before adding L2VPN services[/code]* core1.9 # [/code]
I thought I'd ask here before opening a TAC case, as I'm expecting the TAC to say something like "The concepts guide says you cannot do this" which, whilst correct, isn't very helpful.