Wednesday, December 5, 2012

Concept of Cisco Bridge Domain Interfaces (BDI)

Today, I came across a strange configuration on a Cisco ASR router. It's called "Bridge Domain Interfaces (BDI)". I did a search on Cisco website and the configuration looked simple. But it was short on concept explanation, which simply mentioned

"Bridge domain interface is a logical interface that allows bidirectional flow of traffic between a Layer 2 bridged network and a Layer 3 routed network traffic. Bridge domain interfaces are identified by the same index as the bridge domain. Each bridge domain represents a Layer 2 broadcast domain."

What is it used for? Why do we need it? After some thoughts and experiment, it seems to me that BDI is used to "bundle" one or more physical L2 interfaces and link it to a L3 logical interface for routing. And this L3 logical interface is the BDI. As Cisco routers won't allow you to configure IP address belonging to the same L2 subnet/domain on more than one routed interfaces, BDI is probably a workaround to overcome that limitation. It also reminds me of a routed port-channel. 

Consider the following diagram:

Both physical ports (Gi0/0/0 and Gi0/0/1) are linked to the same L2 domain (e.g. VLAN 100). 

According to Cisco, 
"An Ethernet Virtual Circuit (EVC) is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered. In the Cisco EVC Framework, the bridge domains are made up of one or more Layer 2 interfaces known as service instances. A service instance is the instantiation of an EVC on a given port on a given router. Service instance is associated with a bridge domain based on the configuration."

I would interpret that a service instance is used to represent one L2 domain. More than 1 ports can belong to the same service instance.

Config mode:
interface range Gi0/0/0-1
  service instance 100 ethernet
    encapsulation dot1q 100 # get VLAN 100 tagged traffic
    rewrite ingress tag pop 1 symmetric #pop out all ingress VLAN 100 tags from switch
    bridge-domain 100 # identified as interface BDI 100 in below example config

Above config would create a service instance 100 that is linked to VLAN 100 L2 domain. Standard L3 config can be performed on interface BDI 100 for routing.

interface BDI100
  vrf forwarding VPNA
  ip address 1.1.1.1 255.255.255.0
  ip ospf 1 area 0

The physical interface can even join more than 1 bridge domain (up to 4096 per router). For example, connecting to VLAN 200 (also Bridge Domain 200) as well:

interface range Gi0/0/0-1
  service instance 100 ethernet
    encapsulation dot1q 100
    rewrite ingress tag pop 1 symmetric #pop out all ingress VLAN 100 tags from switch
    bridge-domain 100 # identify as BDI 100 in below example config
!
 service instance 200 ethernet
    encapsulation dot1q 200
    bridge-domain 200 # identified as BDI 200 

11 comments:

  1. I was not aware of this feature. Good to know and thanks for the info!

    ReplyDelete
  2. hey shutting down one interface will cause outage ?

    ReplyDelete
    Replies
    1. Today I m facing this issue..6 sites are down due to one BDI IP not pinging

      Delete
  3. Yes, shutting down the physical interface will cause an outage to all service instances (EVC/EFP) attached to that physical interface.

    ReplyDelete
  4. Really great work to explain it to that simple. Isnt it like creating sub-interfaces and furthermore why we would need to connect a single VLAN with multiple interfaces of same router.

    ReplyDelete
    Replies
    1. In our case we have an Isolated network that we are using to migrate systems from one Data Center to the other. Below is the connection.

      (Circuit) <------> ASR <---VLAN/TRUNK---> 3750 Data Migration Switch
      <---VLAN/TRUNK---> Production Switch

      As you can see, we have the ASR connected to two different switches on the same VLAN. One 3750 switch is acting as the data migration switch. The other switch is the production core switch. The data migration switch is being used to offload the data traffic from the core. However, the production switch still needs to be connected for device management of both the ASR and the 3750 switch.

      These could be /30 layer-3 links instead of layer-2 links but we wanted the flexibility to be able to connect a device to the core for the data transfer if we need to.

      Delete
  5. Interesting...A bridge of a Pysical dot1q Trunk whereas each Tag can beome a routed BDI.
    I guess that's only needed in ASR's as on Catalysts and ME's this feature work via Channel-Interfaces (Port-Groups)?

    ReplyDelete
  6. Late to the game but great information and explanation. Saved in my bookmarks

    ReplyDelete
  7. I guess this is similar to creating a standby interface or not?

    ReplyDelete