L2TPv3 (Layer 2 Tunnel Protocol Version 3)

Hi,

What devices and under What conditions support this feature? Does the isr4000, catalyst 6500, catalyst 6800?
Is there any alternative to do sonething similar between 6500 and 6840?

Thanks
Regards

Hello Ignacio

L2TPv3 is typically supported by most platforms that are capable of routing. You will have to verify that the IOS version being used also supports the feature. Take a look at Cisco’s Feature Navigator to verify which platform and IOS combinations will support what you need.

The 6500 and 6840 platforms definitely support the feature, as long as they have the right IOS. Check the feature navigator to verify.

I hope this has been helpful!

Laz

Sorry Lazaros,

but I am not able to find it for 6800 in Cisco website, platforms support are mainly ro

uters but no switches
Additionally none of the commands are available in the switch

thanks in advance

Hello Ignacio

You are absolutely correct. After a little more digging I see that the feature is primarily a router feature as you mention and is not found on Layer 3 switches.

Laz

Hi Rene,

is there any way to verify learned MAC addresses in the router via xconnect just like in the switches when using show mac address-table command.

Hello Hussein

L2TPv3 doesn’t keep track of the MAC addresses that exist on the other side of the pseudowire. Any frames that arrive at the interface of the router configured with L2TPv3 are simply sent over the tunnel. If a destination MAC used exists at the remote side of the link, the local switch will not have it in its MAC table and will thus broadcast it out of all its ports. This will reach the L2TPv3 configured port on the router, and will simply be sent over the tunnel. Once it arrives on the remote site, the MAC will be read and sent to the appropriate host.

So in short, there is no learning of the remote MAC addresses, as the MAC addresses will only be found only within the CAM tables of the local switches.

I hope this has been helpful!

Laz

1 Like

Hi @lagapidis

Thanks for your replay, but I disagree with you regarding the learning of remote MAC addresses via pseudowire regardless the technology that was used (l2tpv3, AToM, VPLS, etc), please see this picture that show the learning of remote MAC addresses via pseudowire :-

Also I disagree with you about the broadcasting behavior of the switch when it’s receive the traffic and the destination MAC used exists at the remote side of the link because even the switch will learn the remote MAC address from the interface that facing the router that have the xconnect configuration and no need for broadcasting, please see this picture that show the learning of remote MAC addresses in the switch :-

So I will paraphrase my question as follow :-
Is there any way to verify remote learned MAC addresses in the router via xconnect just like in the bridge domain when bridging the vfi to Ethernet service instance ?

Also the purpose of this question is to know if the router learned MAC address or not in case that it’s the edge of the network and the service is hand over from it and we do not have access to the switch that this router is connected to, so we can know the learning of the MAC address in that switch.

Hi everyone,

I’ll answer my self to give benefit of my thinking to everyone who might have the same quires in his mind.

After deep thinking about this, it’s seems that there is no need for mac learning in xconnect which is always point to point connection so the traffic always send to same destination in the other end of the circuit, in opposite to bridge domain which there are indeed a need for mac learning which it’s design to be group of multipoint-to-multipoint l2 connection via vfi, even if it’s use for point to point scenario.

And the only way to verifying the connectivity to other end of this circuit in case of multiple Carrier Ethernet Service Provider (they are called OVC or operator CENs), is by breaking this circuit by remove the xconnect config and put an IP in the interface and ping the other end of this circuit.

For information about operator CENs related to this subject, see this officially wiki from MEF :-
https://wiki.mef.net/pages/viewpage.action?pageId=54762782

Kind Regard,
Hussein Sameer

Hello Hussein

My apologies for not responding to this one, it seems to have fallen through the cracks. Once again, I am sorry, but thank you for sharing your findings and your thoughts. They are useful to all of us!

Laz

1 Like

Hi Laz

Please do not be sorry, such these thing are normal and happened from time to time, also I’m happy that what I shared is useful to you.

1 Like

Hello,
Is it possible to create a L2VPN with only two routers? I am trying to configure L2VPN, a very basic tunnel, between two routers and using loopback address as my source. Just want to make sure I can do this? I am getting xconnect circuit is incomplete… My setup should look like this:
(loopback as source) router L2VPN router (loopback as source)

Hello Shannon

Take a look at this lesson that will take you through the step by step process of creating an L2 tunnel:
https://networklessons.com/cisco/ccie-routing-switching-written/l2tpv3-layer-2-tunnel-protocol-version-3

Now you should be able to create a tunnel using only two routers, as in the lesson. However, I’m not sure if it is possible to create your topology using loopback addresses. At first glance, I don’t see why not, because the loopbacks would simply be the same as the physical interfaces configured in this lesson.

If you are getting an error stating that the xconnect circuit is incomplete, compare your config with that of the lesson and see if there is any config error that you need correcting. Let us know how you get along…

I hope this has been helpful!

Laz

Thanks Laz! I used this lesson as my guide and I still get the same error. I am thinking it is because I am using 3900 series routers. I am not sure just my guess. I will keep at it! I guess it would be good to know that I do not have any end devices that I can use. Someone suggest I use L3 vlan interfaces as my end points. Do you think that will work?

Hello Shannon

Some platforms may indeed require a slight difference in configuration. I don’t believe that the problem in your case is the use of loopbacks. The same thing would happen if you used L3 VLAN interfaces or if you used actual hosts. The problem is with the config of the tunnel itself, which does not directly involve the “hosts”. One suggestion would be to use the interworking ethernet command in the pseudowire class configuration mode as described in Cisco documentation.

Also, take a look at this Cisco doc that further describes some restrictions and differences in how the feature behaves for various platforms:

I hope this has been helpful!

Laz

What is the best method to extend a provider subnet (/29) from the edge CE router (ISR4331), to another layer 3 device when the two nodes are separated by a layer 2 switch? I.e. I want the edge router, the second layer 3 node and the provider’s PE edge device to all be part of the same public IP subnet. Is BDI or EVC the answer?

If I just want to extend the provider’s PE to CE subnet (a /21) down to other layer 3 nodes within my network at a single branch (i.e. from the wan router (ISR 4331) down through a pair of Nexus cores and then onto my SDWAN edge, are you saying BDI on the ISR and a corresponding transit vlan on the cores) is not the way to go, but rather I should use L2TPv3? I thought that this was more for layer 2 tunneling between geographic sites.

Hello Chad

If I understand correctly, you want the following:

(ISP Network) --- (PE) --- (CE) --- (SW) --- (R1)

And you want the /29 subnet provided at the customer-facing interface of PE to be assigned to an interface on the CE as well as on an interface on R1, correct?

Well, the simplest way to achieve this would probably be to change the topology and have the SW connect directly to the PE, and then have the CE and R1 connect to the switch, on the same VLAN. I’m assuming however that you want to avoid such a scenario.

Well, one way to do it is to use a BVI in the CE so that the two ports on the CE will essentially act as two switchports, and the BVI will act as an SVI for those two ports. You can find out more about that at the following Cisco documentation:

Another option would be to use L2TPv3, but that would give you a layer 2 tunnel through the CE device without allowing it to actually obtain an IP address in the subnet you want.

This is a protocol that allows you to tunnel L2 over an L3 network regardless of whether you do it within your own network, or across two geographically remote sites, the concept is the same. But it really depends upon your topology and what you actually want to achieve.

In any case, such a scenario would be a little cumbersome to implement. Can you share with us what it is that you are trying to achieve so that we can see if there is another way of accomplishing it?

I hope this has been helpful!

Laz

1 Like

Hi can you help on interworking? I have ISR router serial interface configured PPP and other end ethernet .


will it work?

Hello Shashank

If you have a serial interface on R4 for example, that must connect to a serial interface on R3. You cannot connect a serial interface to an Ethernet interface. They are two different technologies that are not compatible.

I hope this has been helpful!

Laz

Hi Rene,

I tried to do the lab in GNS with cisco routers with IOS 15, it did not support the command, could you please advise a link so that i can download a IOS that supports this command?

thanks in adavnce