CCIE SPv5.1 Labs
  • Page
  • Intro
    • Setup
  • MVPN
    • Start
    • Topology
    • Profile 0
    • Profile 0 with data MDTs
    • Profile 1
    • Profile 1 w/ Redundant Roots
    • Profile 1 with data MDTs
    • Profile 6
    • Profile 7
    • Profile 3
    • Profile 3 with S-PMSI
    • Profile 11
    • Profile 11 with S-PMSI
    • Profile 11 w/ Receiver-only Sites
    • Profile 9 with S-PMSI
    • Profile 12
    • Profile 13
    • UMH (Upstream Multicast Hop) Challenge
    • Profile 13 w/ Configuration Knobs
    • Profile 13 w/ PE RP
    • Profile 12 w/ PE Anycast RP
    • Profile 14 (Partitioned MDT)
    • Profile 14 with Extranet option #1
    • Profile 14 with Extranet option #2
    • Profile 14 w/ IPv6
    • Profile 17
    • Profile 19
    • Profile 21
  • MVPN SR
    • Start
    • Topology
    • Profile 27
    • Profile 27 w/ Constraints
    • Profile 27 w/ FRR
    • Profile 28
    • Profile 28 w/ Constraints and FRR
    • Profile 28 w/ Data MDTs
    • Profile 29
  • Segment Routing
    • Start
    • Topology
    • Basic SR with ISIS
    • Basic SR with OSPF
    • SRGB Modifcation
    • SR with ExpNull
    • SR Anycast SID
    • SR Adjacency SID
    • SR LAN Adjacency SID (Walkthrough)
    • SR and RSVP-TE interaction
    • SR basic inter-area with ISIS
    • SR basic inter-area with OSPF
    • SR basic inter-IGP (redistribution)
    • SR basic inter-AS using BGP
    • SR BGP Data Center (eBGP)
    • SR BGP Data Center (iBGP)
    • LFA
    • LFA Tiebreakers (ISIS)
    • LFA Tiebreakers (OSPF)
    • Remote LFA
    • RLFA Tiebreakers?
    • TI-LFA
    • Remote LFA or TILFA?
    • TI-LFA Node Protection
    • TI-LFA SRLG Protection
    • TI-LFA Protection Priorities (ISIS)
    • TI-LFA Protection Priorities (OSPF)
    • Microloop Avoidance
    • SR/LDP Interworking
    • SR/LDP SRMS OSPF Inter-Area
    • SR/LDP Design Challenge #1
    • SR/LDP Design Challenge #2
    • Migrate LDP to SR (ISIS)
    • OAM with SR
    • SR-MPLS using IPv6
    • Basic SR-TE with AS
    • Basic SR-TE with AS and ODN
    • SR-TE with AS Primary/Secondary Paths
    • SR-TE Dynamic Policies
    • SR-TE Dynamic Policy with Margin
    • SR-TE Explicit Paths
    • SR-TE Disjoint Planes using Anycast SIDs
    • SR-TE Flex-Algo w/ Latency
    • SR-TE Flex-Algo w/ Affinity
    • SR-TE Disjoint Planes using Flex-Algo
    • SR-TE BSIDs
    • SR-TE RSVP-TE Stitching
    • SR-TE Autoroute Include
    • SR inter-IGP using PCE
    • SR-TE PCC Features
    • SR-TE PCE Instantiated Policy
    • SR-TE PCE Redundancy
    • SR-TE PCE Redundancy w/ Sync
    • SR-TE Basic BGP EPE
    • SR-TE BGP EPE for Unified MPLS
    • SR-TE Disjoint Paths
    • SR Converged SDN Transport Challenge
    • SR OAM DPM
    • SR OAM Tools
    • Performance-Measurement (Interface Delay)
  • EVPN
    • Start
    • Topology
    • EVPN VPWS
    • EVPN VPWS Multihomed
    • EVPN VPWS Multihomed Single-Active
    • Basic Single-homed EVPN E-LAN
    • EVPN E-LAN Service Label Allocation
    • EVPN E-LAN Ethernet Tag
    • EVPN E-LAN Multihomed
    • EVPN E-LAN on XRv
    • EVPN IRB
    • EVPN-VPWS Multihomed IOS-XR (All-Active)
    • EVPN-VPWS Multihomed IOS-XR (Port-Active)
    • EVPN-VPWS Multihomed IOS-XR (Single-Active)
    • EVPN-VPWS Multihomed IOS-XR (Non-Bundle)
    • PBB-EVPN (Informational)
  • VPWS
    • Start
    • Topology
    • Basic VPWS
    • VPWS with Tag Manipulation
    • Redundant VPWS
    • Redundant VPWS (IOS-XR)
    • VPWS with PW interfaces
    • Manual VPWS
    • VPWS with Sequencing
    • Pseudowire Logging
    • VPWS with FAT-PW
    • MS-PS (Pseudowire stitching)
    • VPWS with BGP AD
  • VPLS
    • Start
    • Topology
    • Basic VPLS with LDP
    • VPLS with LDP and BGP
    • VPLS with BGP only
    • Hub and Spoke VPLS
    • Tunnel L2 Protocols over VPLS
    • Basic H-VPLS
    • H-VPLS with BGP
    • H-VPLS with QinQ
    • H-VPLS with Redundancy
    • VPLS with Routing
    • VPLS MAC Protection
    • Basic E-TREE
    • VPLS with LDP/BGP-AD and XRv RR
    • VPLS with BGP and XRv RR
    • VPLS with Storm Control
  • BGP Multi-Homing (XE)
    • Start
    • Topology
    • Lab1 ECMP
    • Lab2 UCMP
    • Lab3 Backup Path
    • Lab4 Shadow Session
    • Lab5 Shadow RR
    • Lab6 RR with Add-Path
    • Lab7 MPLS + Add Path ECMP
    • Lab8 MPLS + Shadow RR
    • Lab9 MPLS + RDs + UCMP
  • BGP Multi-Homing (XR)
    • Start
    • Topology
    • Lab1 ECMP
    • Lab2 UCMP
    • Lab3 Backup Path
    • Lab4 “Shadow Session”
    • Lab5 “Shadow RR”
    • Lab6 RR with Add-Path
    • Lab7 MPLS + Add Path ECMP
    • Lab8 MPLS + “Shadow RR”
    • Lab9 MPLS + RDs + UCMP
    • Lab10 MPLS + Same RD + Add-Path + UCMP
    • Lab11 MPLS + Same RD + Add-Path + Repair Path
  • BGP
    • Start
    • Conditional Advertisement
    • Aggregation and Deaggregation
    • Local AS
    • BGP QoS Policy Propagation
    • Non-Optimal eBGP Routing
    • Multihomed Enterprise Challenge
    • Provider Communities
    • Destination-Based RTBH
    • Destination-Based RTBH (Community-Based)
    • Source-Based RTBH
    • Source-Based RTBH (Community-Based)
    • Multihomed Enterprise Challenge (XRv)
    • Provider Communities (XRv)
Powered by GitBook
On this page
  • Answer
  • Explanation
  • Verification
  1. VPLS

VPLS MAC Protection

Load vpls.ldp.basic.complete.cfg. You may need to replace with flash:blank.cfg first.

#IOS-XE (R1-R6, CE1-3)
config replace flash:vpls.ldp.basic.complete.cfg

VPLS is already pre-configured in the core.

Configure MAC address resource protection by setting the limit for the BD to 100 MAC addresses. Set the MAC aging timer for half the default value. The router should disable flooding of unknown MACs for all BDs when the MAC limit has been reached.

Answer

#R1, R3, R5
ethernet mac limit action flooding disable
!
bridge-domain 100
 mac aging-time 150
 mac limit maximum addresses 100

Explanation

The SP should set a limit to the MAC addresses in a BD to protect itself from resource exhaustion. Each MAC address the customer adds to the VPLS domain takes up resources on the SP core routers.

By default, when the limit is reached, the router will stop learning additional MAC addresses but will flood unknown unicast traffic so that there is no outage. However, this would result in a waste of bandwidth, so we set the global action to disable unknown unicast flooding when the limit is reached. Because this is set globally, this will apply to all BDs. We can set MAC address maximums on an individual BD basis.

The MAC aging time can be set on a per-BD basis as well. We set half the default value which is 300 seconds, or 5 minutes.

Not shown in this lab is that MAC address learning can be completely disabled on a BD. This turns the BD into hub behaviour, in which traffic is flooded out all other ports besides the port it arrived on.

bridge-domain 100
 no mac learning

Verification

Verify the MAC aging time and max MAC address limit. All MACs should never have an aging time higher than 150 seconds.

To test that unknown unicast flooding is disabled once the limit is reached, we can set the max address limit down to 2 on one PE. This should prevent the attached CE from being reachable via unicast from one other CE.

#R1
bridge-domain 100
 mac limit max address 2

We see the following log message on R1:

On CE3 see see that the EIGRP neighborship with R1 has a very high SRTT and RTO value. We also see that we cannot ping CE1.

The EIGRP neighborship stays up because multicast traffic is allowed to flood as normal. However, unicast traffic cannot work. Traffic from CE3 destined for CE1 has CE1’s unicast MAC as the destination which can be forwarded to CE1. But the return reply from CE1 has CE3’s MAC as the destination which is not learned. R1 does not flood this.

Remove the global MAC limit action and verify that unicast traffic works again.

#R1
no ethernet mac limit action flooding disable

Even though R1 can still only hold 2 MACs in the CAM table, unicast traffic still works because the default unknown unicast flooding action is taking place.

PreviousVPLS with RoutingNextBasic E-TREE

Last updated 8 days ago