L2 Abilities

ARP Table

An ARP table is a database of received ARP messages. It contains a group of mappings between IP addresses and MAC addresses.|br| Each ARP entry has four fields: L3 Address``( IP Address), ``L2 Address``( MAC Address), ``Interface, and State.

Entry States are:

Permanent: This entry never expires and doesn’t need verification.
Noarp: Normally expires but doesn’t need verification.
Reachable: Verified and will normally expire.
Stale: Still usable but needs verification.
Delay: ARP request is scheduled.
Probe: ARP request is sending.
Incomplete: First ARP request sent.

show ip arp [IFNAME]

Show current system ARP table, possibly only for IFNAME interface.

Example:

clear ip arp [IFNAME A.B.C.D]: Clear all ARP table entries or just the given IP address from the given interface.

VLAN

VLAN allows user to segment a LAN into different broadcast domains.

Subinterfaces

To create a VLAN, first we need a subinterface

interface IFNAME.(0-4095): Creates a subinterface on interface IFNAME.

Example :

soodar(config)# interface ge1.100

encapsulation dot1q (1-4094) [exact] [second-dot1q (1-4094)]: Encapsulate packets with one( or two, if specified) VLAN tags. Drop the input packets that do not have the same tag. If exact is specified, input packets must have the same number of VLAN tags as the configuration.

Note

Although we can add two tags, it’s a good practice to use dot1ad encapsulation for this purpose since dot1q was designed for one tag, and adding two tags, heavily depends on router implementation and its configuration.

Note

A subinterface before this command is not ready to use and can’t be added to bridges.

encapsulation dot1ad (1-4094) dot1q (1-4094): Use Q-in-Q encapsulation mode to add two tags.

encapsulation default: All packets with VLAN IDs not matched to other subinterfaces are sent to this subinterface

Example :

soodar(config)# interface ge1.100
soodar(config-if)# encapsulation dot1q 100
soodar(config-if)# ip address 200.1.2.20/24
soodar(config-if)# interface ge1.200
soodar(config-if)# encapsulation default

Tag rewrite

An interface can be set up to add or remove( and in the future, translate) VLAN tags.

[no] rewrite tag push <1|2> <dot1q|dot1ad> (0-4095) [(0-4095)]: Push 1 or 2 tags to ingress traffic. The no form negates all changes caused by this command.

Note

if dot1ad is used, only the first tag is dot1ad and the second tag is dot1q

[no] rewrite tag pop <1|2>: Pop 1 or 2 tags from ingress traffic. The no form negates all changes caused by this command.

Example :

soodar(config)# int ge2
soodar(config-if)# rewrite tag push 1 dot1q 300

Bridge

A bridge is a tool for connecting two segments of LAN.

Add an interface to a bridge

bridge-group (1-65535) [split-horizon group (0-255)]: Add an interface to a bridge-group. The bridge-group is identified by a number. When a new packet arrives at the interface, if the destination MAC address is not available in the bridge-group MAC table, the packet is flooded to all interfaces in the same bridge-group( except the one from which it was received and the ones who share the same split-horizon group with interface).
A split-horizon group of 0 means the interface is not in any split-horizon group and is the default value for SHG.

Example : .. code-block:: frr

n1(config-if)# bridge-group 600 split-horizon group 2

Debugging bridge

show bridge (1-65535)

Example :

n1(config)# do sh bridge 600
 |--------------------------------------------------|
 | Domain | Interface   | Split-Horizon Group | BVI |
 |--------+-------------+---------------------+-----|
 | 600    | loopback4   | 0                   | *   |
 |--------+-------------+---------------------+-----|
 |        | ge1         | 0                   | -   |
 |--------------------------------------------------|

SPAN

Port monitoring tool. It mirrors source interfaces input to the destination interface.

Configuration

Each monitor session can have multiple source interfaces. But only one destination interface.

[no] monitor session (1-66) source interface INTERFACE [both|rx|tx]: Add interface INTERFACE to session. By default, both traffics are mirrored. But one can change the behavior by implying RX, TX, or both.
The no form removes an interface from the monitor session.

Note

A session is not established unless a valid destination is available.

monitor session (1-66) destination interface INTERFACE

Add interface INTERFACE as session’s destination port

Example :

soodar(config)# monitor session 12 source interface ge0
soodar(config)# monitor session 12 destination interface ge3
soodar(config)# interface ge3
soodar(config-if)# no shutdown

Note

Since the exact packet is mirrored on port( without changing anything), it’s crucial that the interface in the receiver side is in promiscuous mode

Logging

Debugging logs can be set in case of need.

[no] debug vlan event: log data plane installation processes and results

[no] debug bridge event: log data plane installation processes and results

[no] debug span event: log data plane installation processes and results

LACP

Link Aggregation Control Protocol is an L2-layer protocol to aggregate two or more interfaces traffic. It also introduces link redundancy.

Bundle interface

As the name suggests, it’s an interface resulting from bonding interfaces.

interface bundle-ether (1-65535): Create a bundle-ether interface with the given bundle id

set mode <rr|xor|active-backup|broadcast|lacp> <l2|l23|l34>

Set bundle-ether interface action mode. The first input determines the bonding algorithm, and the second is the load-balancing algorithm. LB is available on LACP and XOR bonding algorithms.

rr is round-robin. Packets are sent through slave interfaces in a round-robin manner.

In active-backup mode, all packets are sent through the first available interface and reserved.

boradcast mode sends all packets through all slave interfaces.

xor and lacp mode are the same. Packets are sent via different slaves based on determined flows.

l2 load balancing, classify packet to flows by their source and destination MAC addresses.

l23 load balancing, classify packet to flows by source and destination MAC addresses and source and destination IP addresses.

l34 load balancing, classify packet to flows by their source and destination IP addresses, protocol and if available, TCP/UDP source and destination port number.

Default values are LACP using Layer3-Layer4 load balancing.

Enslave an interface

[no] bundle id (1-65535)

Enslave an interface to the bundle interface with the given ID. The no form detaches an interface from the bundle.

Note

Slave interface should be up.

Note

Slave interfaces should not have any valid IPs any subinterface and should not be in a bridge group.

Note

Subinterfaces should be created on bundle-ether interfaces.

Example :

soodar(config)# interface ge0
soodar(config-if)# bridge-group 100
soodar(config-if)# quit
soodar(config)# interface ge1
soodar(config-if)# ip address 10.0.0.1/16
soodar(config-if)# quit
soodar(config)# interface bundle-ether 55
soodar(config-if)# set mode lacp l23
soodar(config-if)# ip address 192.168.1.22/24
soodar(config-if)# quit
soodar(config)# interface ge0
soodar(config-if)# no shutdown
soodar(config-if)# no bridge-group 100
soodar(config-if)# bundle id 55
soodar(config-if)# quit
soodar(config)# interface ge0
soodar(config-if)# no ip address 10.0.0.1/16
soodar(config-if)# bundle id 55

Logging

Debugging logs can be set in case of need.

[no] debug bond event: log data plane installation processes and results