L2 Abilities

VLAN

VLAN allows user to segment a LAN into different broadcast domains.

Subinterfaces

To create a VLAN, first we need a subinterface

interface IFNAME.(0-4095): Creates a subinterface on interface IFNAME.

Example :

soodar(config)# interface ge1.100

encapsulation dot1q (1-4094) [exact] [second-dot1q (1-4094)]: Encapsulate packets with one( or two, if specified) VLAN tags. Drop the input packets that does not have the same tag. If exact is specified, input packets must have the same number of VLAN tags as the configuration.

Note

Although we can add two tags, but it’s a good practice to use dot1ad encapsulation for this purpose since dot1q was designed for one tag and adding two tags, heavily depends on router implementation and its configuration.

Note

A subinterface before this command, is not ready to use and can’t be added to bridges.

encapsulation dot1ad (1-4094) dot1q (1-4094): Use Q-in-Q encapsulation mode to add two tags.

encapsulation default: All packets with VLAN IDs not matched to other subinterfaces are sent to this subinterface

Example :

soodar(config)# interface ge1.100
soodar(config-if)# encapsulation dot1q 100
soodar(config-if)# ip address 200.1.2.20/24
soodar(config-if)# interface ge1.200
soodar(config-if)# encapsulation default

Tag rewrite

An interface can be set up in a way to add or remove( and in future, translate) VLAN tags.

[no] rewrite tag push <1|2> <dot1q|dot1ad> (0-4095) [(0-4095)]: Push 1 or 2 tags to ingress traffic. The no form, negate all changes caused by this command.

Note

if dot1ad is used, only the first tag is dot1ad and second tag is dot1q

[no] rewrite tag pop <1|2>: Pop 1 or 2 tags from ingress traffic. The no form, negate all changes caused by this command.

Example :

soodar(config)# int ge2
soodar(config-if)# rewrite tag push 1 dot1q 300

Bridge

Bridge is a tool for connecting two segment of LAN to each other.

Add an interface to a bridge

bridge-group (1-65535) [split-horizon group (0-255)]: Add an interface to a bridge-group. The bridge-group is identified by a number. When a new packet arrives to interface, if destination MAC address is not available in bridge-group MAC table, the packet is flooded to all interfaces in same bridge-group( except the one from which it was received and the ones who share the same split-horizon group with interface).
A split-horizon group of 0 means interface is not in any split-horizon group and is default value for SHG.

Example : .. code-block:: frr

n1(config-if)# bridge-group 600 split-horizon group 2

Debugging bridge

show bridge (1-65535)

Example :

n1(config)# do sh bridge 600
 |--------------------------------------------------|
 | Domain | Interface   | Split-Horizon Group | BVI |
 |--------+-------------+---------------------+-----|
 | 600    | loopback4   | 0                   | *   |
 |--------+-------------+---------------------+-----|
 |        | ge1         | 0                   | -   |
 |--------------------------------------------------|

SPAN

Port monitoring tool. It mirrors source interfaces input, to destination interface.

Configuration

Each monitor session can have multiple source interfaces. But only one one destination interface.

[no] monitor session (1-66) source interface INTERFACE [both|rx|tx]: Add interface INTERFACE to session. By default, both traffics are mirrored. But one can change the behaviour by implying rx,tx or both.
The no form, remove an interface from monitor session.

Note

A session is not established unless a valid destionation is available.

monitor session (1-66) destination interface INTERFACE

Add interface INTERFACE as session’s destination port

Example :

soodar(config)# monitor session 12 source interface ge0
soodar(config)# monitor session 12 destination interface ge3
soodar(config)# interface ge3
soodar(config-if)# no shutdown

Note

Since the exact packet is mirrored on port( without changing anything), it’s important the interface in receiver side be in promiscuous mode

Logging

Debugging logs can be set in case of need.

[no] debug vlan event: log data plane installation processes and results

[no] debug bridge event: log data plane installation processes and results

[no] debug span event: log data plane installation processes and results

LACP

Link Aggregation Control Protocol is a L2-layer protocol to aggregate two or more interfaces traffic. It also introduces link redundancy.

Bundle interface

As the name suggests, it’s an interface that is the result of bonding interfaces.

interface bundle-ether (1-65535): Create a bundle-ether interface with given bundle id

set mode <rr|xor|active-backup|broadcast|lacp> <l2|l23|l34>

Set bundle-ether interface action mode. First input determines bonding algorithm and second one, is load-balancing algorithm. LB is available on LACP and XOR bonding algorithms.

rr is round-robin. Packets are sent through slave interfaces, in a round-robin manner.

in active-backup mode, all packets are sent through first available interface and the others are reserved.

boradcast mode sends all packets through all slave interfaces.

xor and lacp mode are the same. Packets are sent via different slaves based on determined flows.

l2 load balancing, classify packet to flows by their source and destination MAC addresses.

l23 load balancing, classify packet to flows by their source and destination MAC addresses and source and destinaion IP addresses.

l34 load balancing, classify packet to flows by their ssource and destinaion IP addresses, protocol and if available, TCP/UDP source and destination port number.

Default values are LACP using Layer3-Layer4 load balancing.

Enslave an interface

[no] bundle id (1-65535)

Enslave an interface to the bundle interface with given ID. The no form, detach an interface from bundle.

Note

Slave interface should be up.

Note

Slave interfaces should not have any valid IPs, any subinterface, and should not be in a bridge group.

Note

Subinterfaces should be created on bundle-ether interfaces.

Example :

soodar(config)# interface ge0
soodar(config-if)# bridge-group 100
soodar(config-if)# quit
soodar(config)# interface ge1
soodar(config-if)# ip address 10.0.0.1/16
soodar(config-if)# quit
soodar(config)# interface bundle-ether 55
soodar(config-if)# set mode lacp l23
soodar(config-if)# ip address 192.168.1.22/24
soodar(config-if)# quit
soodar(config)# interface ge0
soodar(config-if)# no shutdown
soodar(config-if)# no bridge-group 100
soodar(config-if)# bundle id 55
soodar(config-if)# quit
soodar(config)# interface ge0
soodar(config-if)# no ip address 10.0.0.1/16
soodar(config-if)# bundle id 55

Logging

Debugging logs can be set in case of need.

[no] debug bond event: log data plane installation processes and results