| Feature Name | Release | Description |
|---|---|---|
| Two-pass Forwarding over BVI | Release 7.9.1 | With this release, Integrated Routing and Bridging/Bridge-group Virtual Interface (IRB/BVI) supports Layer 2 ACL, QoS, and statistics on BVI-routed packets, using a two-pass forwarding model for packets over BVI. This feature introduces the following changes:
|
The IRB/BVI implementation was originally based on single-pass or collapsed forwarding model in which each packet is processed only once. This forwarding model has some restrictions in supporting Layer 2 accounting and QoS over BVI. With this release, you have the flexibility to choose either the default single-pass model or two-pass forwarding model for packets over BVI. In the two-pass forwarding model L2 and L3 forwarding is split across two paths and packet processing happens in two cycles. This model supports Layer 2 ACL, QoS, and statistics accounting on BVI-routed packets. The earlier implementation with single-pass forwarding did not support these. You can enable the two-pass forwarding using the CLI command hw-module irb .
The two-pass forwarding model supports the following features:
-
Layer 2 Access Control List (ACL)
-
Layer 2 QoS on the BVI-routed packets
-
Ingress statistics support for BVI in L2 to L3 packet flow
-
Egress statistics support for BVI in L3 to L2 packet flow
The following table shows the configuration commands for different forwarding flows in BVI interfaces.
| Flow | Forwarding Model | CLI Command |
|---|---|---|
| IRB L2 to L3 | Two-Pass | hw-module irb l2-l3 2-pass |
| IRB L3 to L2 | Two-Pass | hw-module irb l3-l2 2-pass |
By default, single-pass forwarding is enabled in both IRB L2 to L3 and IRB L3 to L2 flows.
L2 to L3 Packet Flow
When a packet arrives at the ingress port, the forwarding lookup on ingress line card (LC) points to the egress BVI interface. Based on this egress BVI interface, the packet is queued to the receiving LC. The egress interface is mapped to a physical port.
When the egress BVI bandwidth is available, the receiving LC ports that are ready to receive the packets (based on the packet marking and distribution model) send grants to the ingress ports via the connectors. The ingress ports respond to this permission by transmitting the packets to the receiving LC ports. Then, according to the policy maps (PMs) the packet is queued to the appropriate egress interface. If there is no PM configured, the packet is queued to the main egress interface.
The following support is available:
-
Ingress policy map (PM) is supported on both L2 access control (AC) and BVI simultaneously.
-
Ingress PM on L2 AC applies to traffic on L2 to L2 direction.
-
Ingress PM on BVI interface applies to the traffic on L2 to L3 direction.
-
Ingress policer applied on L2 AC can check both L2 to L2 and L2 to L3 flows.
-
Ingress policer applied on the BVI interface polices only L2 to L3 flow.
-
Setting QoS-group, traffic-class, and discard-class are supported at ingress policy-map.
L3 to L2 Packet Flow
When a Layer 3 packet arrives at the ingress port, the destination IP address is resolved to find the corresponding Layer 2 MAC address of the destination device. Once the MAC address is obtained, a new Layer 2 Ethernet header for the packet is created with the source as the MAC address of the BVI, and the destination as the MAC address of the destination device. The packet is then transmitted over the local network and delivered to the destination device.
The following support is available:
-
Egress marking and egress queuing PM are supported on L2 AC.
-
No egress policy map is supported on BVI interface.
-
Match on QoS-group is supported at egress marking policy-map.
-
Match on discard-class is supported only for value 0 at egress marking policy-map.
-
Egress queuing policy-map traffic class-based match is supported only for class default.
The two-pass model is supported on routers that have the following Cisco NCS 5700 line cards in native mode:
-
NC57-18DD-SE
-
NC57-36H-SE
IRB Recycle Performance
The throughput of the BVI IRB recycle port is increased from 400 to 600 Gbps in native mode. The 600 Gbps throughput mode is activated using the hw-module profile qos irb-recycle-bandwidth 600 .
Router(config)#hw-module profile qos irb-recycle-bandwidth 600 Router(config)#![Interface and Hardware Component Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 7.9.x - Configuring Integrated Routing and Bridging [Cisco Network Convergence System 5500 Series] (1)](https://i0.wp.com/www.cisco.com/content/dam/en/us/td/i/templates/note.gif "Interface and Hardware Component Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 7.9.x - Configuring Integrated Routing and Bridging [Cisco Network Convergence System 5500 Series] (1)") Note |
|
Configuration
To enable the two-pass forwarding capability, use the following sample configuration.
The example shows how to enable the two-pass forwarding of packets from layer 2 to layer 3:
Router#configure terminalMon Mar 27 05:17:23.887 UTCRouter(config)#hw-module irb L2-L3 2-pass Mon Mar 27 05:17:31.421 UTCIn order to activate this new IRB model, you must manually reload the chassis/all line cardsThe example shows how to enable the two-pass forwarding of packets from layer 3 to layer 2:
Router#configure terminalMon Mar 27 05:17:43.887 UTCRouter(config)#hw-module irb L3-L2 2-pass Mon Mar 27 05:17:41.751 UTCIn order to activate this new IRB model, you must manually reload the chassis/all line cardsRouter(config)#After enabling the two-pass model, apply the ingress PM on both L2 AC and BVI interface. Use the following sample command:
Router(config)#/*Apply ingress PM on both L2 AC and BVI interface*/Router(config)#int fourHundredGigE 0/5/0/23.601 Router(config-subif)#service-policy input L2AC Router(config-subif)#commitRouter(config-subif)#exitRouter(config)#int bvi 97Router(config-if)#service-policy input BVIRouter(config-if)#commitRouter(config-if)#endVerification
Verify the ingress policy map on BVI interface using the show qos interface bvi command.
To display the BVI show qos output, location keyword is mandatory.
Router#show qos interface bvi 97 input location 0/5/CPU0 NOTE:- Configured values are displayed within parenthesesInterface BVI97 ifh 0x20008034 -- input policyNPU Id: 0Total number of classes: 2Interface Bandwidth: 104857600 kbpsPolicy Name: BVISPI Id: 0x0Accounting Type: Layer2 (Include Layer 2 encapsulation and above)------------------------------------------------------------------------------Level1 Class = DSCPAF33New qos group = 3New traffic class = 2Policer Bucket ID = 0x21Policer Stats Handle = 0x0Policer committed rate = 150390 kbps (150 mbits/sec)Policer peak rate = 200195 kbps (200 mbits/sec)Policer conform burst = 186624 bytes (default)Policer exceed burst = 436096 bytes (default)Level1 Class = class-defaultDefault Policer Bucket ID = 0x20Default Policer Stats Handle = 0x0Policer not configured for this classInterface BVI97 ifh 0x20008034 -- input policyNPU Id: 1Total number of classes: 2Interface Bandwidth: 104857600 kbpsPolicy Name: BVISPI Id: 0x0Accounting Type: Layer2 (Include Layer 2 encapsulation and above)------------------------------------------------------------------------------Level1 Class = DSCPAF33New qos group = 3New traffic class = 2Policer Bucket ID = 0x21Policer Stats Handle = 0x0Policer committed rate = 150390 kbps (150 mbits/sec)Policer peak rate = 200195 kbps (200 mbits/sec)Policer conform burst = 186624 bytes (default)Policer exceed burst = 436096 bytes (default)Level1 Class = class-defaultDefault Policer Bucket ID = 0x20Default Policer Stats Handle = 0x0Policer not configured for this classTo verify the ingress policy map on L2 AC using the show qos int interface name input command.
Router#show qos int fourHundredGigE 0/5/0/23.601 input NOTE:- Configured values are displayed within parenthesesInterface FourHundredGigE0/5/0/23.601 ifh 0xa00883a -- input policyNPU Id: 1Total number of classes: 2Interface Bandwidth: 400000000 kbpsPolicy Name: L2ACSPI Id: 0x0Accounting Type: Layer2 (Include Layer 2 encapsulation and above)------------------------------------------------------------------------------Level1 Class = DSCPAF43New qos group = 2New traffic class = 1Policer Bucket ID = 0x9Policer Stats Handle = 0x0Policer committed rate = 99609 kbps (100 mbits/sec)Policer conform burst = 124672 bytes (default)Level1 Class = class-defaultDefault Policer Bucket ID = 0x8Default Policer Stats Handle = 0x0Policer not configured for this classRouter#![Interface and Hardware Component Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 7.9.x - Configuring
Integrated Routing and Bridging [Cisco Network Convergence System 5500 Series] (2024)](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII=)