Tuesday, July 22, 2008

Integrated Routing and Bridging Example

Here follows an example of IRB, that will probably make our understanding about this topic a bit easier. This scenario  was based in the Video on Demand from IPExpert CCIE R&S Blended Learning Solutions. A full video dedicated just to it is available in there, and I recommend you to check it out! It rocks! :)

Take a look at the topology:

Bridging

Those VLANs (VLAN2 and VLAN3) will be bridged through our serial link.

In order to do that, we need to:

  1. Create the Bridge-Group;
  2. Assign this Bridge-Group to our Interfaces;
  3. Create the BVI Interface and assigns an IP Address to it;
  4. Create our rules (specifically tell this particular Bridge- Group to Route IP) .

First... what is the function of a "Bridge-Group" ?! Well "Bridge-Group" job is to take  packets to an unknow destination and flood them out any available ports, or more important, to learn were those available ports are for each them.

The catch is, the router can do routing,  can do bridging, but in other to do both, like some interfaces to route, some interfaces to bridge we need to use IRB (Integrated Routing and Bridging).

Take a look in the configuration for all devices involved, interfaces FastEthernet0/0 and Serial1/1 in our routers R2 and R3 were assigned to Bridge-Group 1, all interfaces between the origin and destination will be "bridged", the IP Address will be assigned to the BVI Interface, take a look:

R2:

int f0/0
bridge-group 1
no shut
!
int s1/1
 bridge-group 1
no shut
!
bridge irb
bridge 1 protocol ieee
bridge 1 route ip

!
int bvi 1
ip address 111.111.111.2 255.255.255.0
no shut

R3:

int f0/0
bridge-group 1
no shut
!
int s1/1
bridge-group 1
no shut
!
bridge irb
bridge 1 protocol ieee
bridge 1 route ip

!
int bvi 1
ip address 111.111.111.3 255.255.255.0
no shut

SW2

int f1/2
switchport access vlan 2
no shut
!
int vlan 2
ip address 111.111.111.22 255.255.255.0
no shut
exit

SW3

int f1/3
switchport access vlan 3
no shut
!
int vlan 3
ip address 111.111.111.33 255.255.255.0
no shut
exit

To make double-sure about our IP assignment, we can use the show ip int brief command:

R2#sh ip int brief
Interface       IP-Address    OK? Method Status      Protocol
FastEthernet0/0 unassigned    YES unset  up          up
Serial1/0       unassigned    YES unset administrat. down down
Serial1/1       unassigned    YES manual up          up
BVI1            111.111.111.2 YES manual up          up

R3#sh ip int brief
Interface       IP-Address    OK? Method Status      Protocol
FastEthernet0/0 unassigned    YES unset  up          up
Serial1/0       unassigned    YES unset  administrat. down down
Serial1/1       unassigned    YES manual up          up
BVI1            111.111.111.3 YES manual up          up

Everything looks good, BVI interface has it´s IP Addresses, and both FastEthernet and Serial interfaces don´t!

Using the command show bridge 1 verbose we can check which interfaces belongs to this specific Bridge-Group:

R2#sh bridge 1 verbose

Flood ports (BG 1)           RX count    TX count
FastEthernet0/0                     0           0
Serial1/1                           0           0

Seens fine too! So, what next?! Testing! How?! Ping!!!

R2#ping 111.111.111.22

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/68/128 ms


R2#ping 111.111.111.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/58/136 ms


R2#ping 111.111.111.33

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/83/140 ms

---------------

R3#ping 111.111.111.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/65/128 ms


R3#ping 111.111.111.22

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/88/144 ms


R3#ping 111.111.111.33

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/58/120 ms

---------------

SW2#ping 111.111.111.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/64/136 ms


SW2#ping 111.111.111.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/95/184 ms


SW2#ping 111.111.111.33

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/127/200 ms

---------------

SW3#ping 111.111.111.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/72/124 ms

SW3#ping 111.111.111.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/105/164 ms

SW3#ping 111.111.111.22

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/145/224 ms


Now we have reachability between the two vlans! We can use the command show bridge 1 verbose again to check  the counters and the interfaces involved in this particular bridge group:

R2#sh bridge 1 verbose

Total of 300 station blocks, 297 free
Codes: P - permanent, S - self

BG Hash  Address     Action Interface  VC Age  RX count TX count
1 00/0   cc02.09c0.0000 forward  Serial1/1       -  3  10   9
1 00/1   cc05.0f10.0000 forward  Serial1/1       -  1  25  24
1 00/2   cc04.0f10.0000 forward  FastEthernet0/0 -  1  30  28

Flood ports (BG 1)           RX count    TX count
FastEthernet0/0                     7           0
Serial1/1                           0           7

R3#sh bridge 1 verbose

Total of 300 station blocks, 297 free
Codes: P - permanent, S - self

BG Hash  Address     Action Interface  VC Age  RX count TX count
1 00/0   cc04.0f10.0000 forward  Serial1/1       -  2  20   19
1 00/1   cc01.09c0.0000 forward  Serial1/1       -  0  15   14
1 00/2   cc05.0f10.0000 forward  FastEthernet0/0 -  0  35   33

Flood ports (BG 1)           RX count    TX count
FastEthernet0/0                     6           0
Serial1/1                           0           0

Just for curiosity, show arp at R3...

R3#sh arp
Protocol  Address     Age (min)  Hardware Addr   Type   Interface
Internet  111.111.111.33        5   cc05.0f10.0000  ARPA   BVI1
Internet  111.111.111.3         -   cc02.09c0.0000  ARPA   BVI1
Internet  111.111.111.2         5   cc01.09c0.0000  ARPA   BVI1
Internet  111.111.111.22        5   cc04.0f10.0000  ARPA   BVI1

...and show arp at SW2:

SW2#sh arp
Protocol  Address     Age (min)  Hardware Addr   Type   Interface
Internet  111.111.111.33        6   cc05.0f10.0000  ARPA   Vlan2
Internet  111.111.111.3         6   cc02.09c0.0000  ARPA   Vlan2
Internet  111.111.111.2         7   cc01.09c0.0000  ARPA   Vlan2
Internet  111.111.111.22        -   cc04.0f10.0000  ARPA   Vlan2

As you can see, everything is working fine! I do recommend you to check IPExpert Bridging Videos, and also Cisco DocCD for more information!

Follows some usefull links:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_tech_note09186a0080094663.shtml

http://www.cisco.com/en/US/docs/ios/bridging/configuration/guide/br_transprnt_brdg_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1003018

3 comments:

Anonymous said...

Excellent Caue !
You work in networking what could be some practical reasons to use
this conf in the real world ?
Giorgio

Caue said...

Hey buddy...

Caue said...

Hey buddy! how are you?!

Actually I´ve never used this feature in a live network... a couple scenarios I can think about is to spread a VLAN across a Router connection, or maybe to use it with protocols other than IP...

But really, it´s very interesting and not that difficult to achieve! Off course, nowadays I don´t see much use for that!

In the Video they give a "tip" telling if you see, for example, two routers with their ethernet interfaces connected to the same network (like 111.111.111.0/24) but you know for sure that both router´s interfaces are connected to different VLANs, that´s a good point to use IRB and make the communication through the serial link! Off course, it´ll depend on what the question is asking! But at least, is one more advice to my "notebook" :)

How about your studies sir?! Everything ok?!

Cheers!