Академический Документы
Профессиональный Документы
Культура Документы
50467565
1
Agenda
Day4
Module 4
o L2 VPN
Module 5
o VPLS
L2 VPN
3
Traditional L2 VPN
• Leased Line
– Main shortcoming:provisioning is time consuming,
expensive and difficult to manage it
• Virtual Circuit
– Comparing with LL,lower time consuming, lower price
– Providing service on ATM or FR network,while the
network need to be set up and maintained separately
– Low speed
– Complicated configuration
Page 4
Network Learning Centre
4
4
Proprietary & Confidential
Leased line is the earliest "First Mile" technology employed for broadband access.
Seldom used for residential broadband access due to their high monthly rental cost,
leased lines are most commonly used by medium and large businesses and
organizations to provide broadband access to their employees over a Local Area
Network.
Traditional VPNs are based on Asynchronous Transfer Mode (ATM) or Frame Relay
(FR), where different VPNs can share the network structure of carriers. However,
traditional VPNs have the following disadvantages.
4
What is MPLS L2 VPN
• MPLS L3 VPN
Tunnel Label Inner Label Layer3 Header Data
• MPLS L2 VPN
Tunnel Label VC Label Layer2 Header Data
Page 5
Network Learning Centre
5
5
Proprietary & Confidential
Compare with L3 VPN , L2 VPN have many advantages, later we will introduce it.
5
MPLS L2 VPN Network Structure
Customer Customer
Site Site
Tunnel
Pseudo Wires
PE PE
Customer
Customer
Site
Site
From this figure we know that L2 VPN network structure is same like L3 VPN
network structure, and the definition of PE, P, CE is the same. The public network
tunnel also is MPLS LSP tunnel. While there have some differences, usually MPLS
L2 VPN packets also have two labels but CCC, CCC only have the tunnel label, the
others have a inner label means VC label. As we know, in MPLS L3 VPN, inner
label used to identify different route, while in L2 VPN, inner label used to identify
the CE.
6
MPLS L2 VPN Characters
Page 7
Network Learning Centre
7
7
Proprietary & Confidential
From the network structure we know that CE connect to PE, as for CE to CE,
provider network provide layer 2 connection service, it seems that CEs are
connected directly or connected through layer 2 switch networks.
As provider network works like a layer 2 switch network, it will not participate
customer’s routing exchange, so routing occurs between CE routers. This is
different with MPLS L3 VPN.
When PE sending VPN traffic across provider’s network, it use the MPLS LSP
tunnel, same as MPLS L3 VPN.
7
Advantages of MPLS L2 VPN
• High Scalability
• Ease of Configuration
• Signaling Flexibility
•Proprietary
Page 8 Cost-efficient
Network Learning Centre
& Confidential
Migration from Traditional Layer
8 2 VPN 8
High Scalability
The Service Provider is responsible for Layer 2 connectivity, and the customer
is responsible for Layer 3 connectivity. This separation of responsibility also
isolates customer-generated faults from provider network.
As the routing information of the user is not imported, PE cannot obtain and
process the users’ VPN routing information
Ease of Configuration
Page 9
Network Learning Centre
9
9
Proprietary & Confidential
VLL is used to replace the expensive LL and provide the same LL service.
From now on the main technologies implement VLL including CCC, Martini, SVC
and Kompella, Later we will introduce separately.
9
L2 VPN Common Packet Structure
>VC Label
demultiplexer
−Identify different VC in the same tunnel
Field
Page 10
Network Learning Centre
10
10
Proprietary & Confidential
• the "tunnel header", which contains the information needed to transport the PDU
across the MPLS network; this is header belongs to the tunneling protocol, e.g.,
MPLS, GRE, L2TP.
•the "emulated VC encapsulation", which contains the information about the enclosed
layer 2 PDU which is necessary in order to properly emulate the corresponding layer 2
protocol.
10
PDU Structure
0 7 15 23 31
Tunnel Label(LDP or RSVP) EXP 0 TTL
Layer-2 PDU
Control Word
In most cases, it is not necessary to transport the layer 2 encapsulation across the
network; rather, the layer 2 header can be stripped at ingress PE, and reproduced at
egress PE. This is done using information carried in the control word, as well as
information that may already have been signaled from ingress PE to egress PE.
There are three requirements that may need to be satisfied when transporting layer 2
protocols over an MPLS backbone:
1. Sequentiality may need to be preserved.
2. Small packets may need to be padded in order to be transmitted on a
medium where the minimum transport unit is larger than the actual packet
size.
3. Control bits carried in the header of the layer 2 frame may need to be
transported.
The control word defined here addresses all three of these requirements. For
some protocols this word is REQUIRED, and for others OPTIONAL. For
protocols where the control word is OPTIONAL implementations MUST
support sending no control word, and MAY support sending a control
word.
In the control word the first 4 bits are reserved for future use. They MUST be set to 0
when transmitting, and MUST be ignored upon receipt.
The next 4 bits provide space for carrying protocol specific flags. These are defined
in the protocol-specific.
The next 2 bits MUST be set to 0 when transmitting. The next 6 bits provide a 11
length field, which is used as follows: If the packet's length (defined as the length
1 CCC
2 Martini
3 SVC
4 Kompella
Page 12
Network Learning Centre
12
12
Proprietary & Confidential
12
CCC (Circuit Cross Connect)
Branch Office A
PE
MPLS Network
Remote
Headquarter A
Connection
PE
Branch Office A Branch Office A
Local Connection
Page 13
Network Learning Centre
13
13
Proprietary & Confidential
CCC is different with other MPLS L2 VPN, CCC only have one level label and
with this label to execute label switching, so CCC occupy the static LSP
monopolistic, and as we know LSP is one way, so we need to configure two
LSPs. Because the LSP is monopolistic, it can not be used to other service such
as other MPLS L2 VPN connection or BGP/MPLS VPN or IP packet
forwarding and so on. CCC VPN only need the provider network to support
MPLS is OK
CCC is apt for mini and simple topology MPLS network, all the LSP need to be
configured manually. And it does not need signaling protocol. So the resource
cost is low, easy to understand but maintain is difficult.
CCC provide transparent layer 2 connection with two CEs, when transmitting
the packets only the layer 2 address is changed without other changes.
13
CCC h t ti t
1 CCC
2 Martini
3 SVC
4 Kompella
Page 14
Network Learning Centre
14
14
Proprietary & Confidential
14
Martini Network Structure
Branch Office A
Headquarter A
P)
(LS
nel
Headquarter B
Page 15
Network Learning Centre
15
15
Proprietary & Confidential
Martini MPLS L2VPN adopts VC-type plus VC-ID to identify a VC between two
CEs.
VC-type: indicates the type of the VC, such as ATM, VLAN and PPP.
VC-ID: VC-ID of each VC in the same VC-type must be unique in the whole
PE.
PEs connecting two CEs exchange VC labels through LDP, and bind the
corresponding CE by VC-ID.
Martini supports inter-AS L2VPN in multi-hop mode. But it does not support local
connection.
15
Draft for Martini
Page 16
Network Learning Centre
16
16
Proprietary & Confidential
draft-martini-l2circuit-trans-mpls :
This document describes methods for transporting the Protocol Data Units (PDUs)
of layer 2 protocols such as Frame Relay, ATM AAL5, Ethernet, and providing a
circuit emulation service across an MPLS network.
draft-martini-l2circuit-encap-mpls :
This document describes methods for encapsulating the Protocol Data Units
(PDUs) of layer 2 protocols such as Frame Relay, ATM, or Ethernet for transport
across an MPLS network. Although different layer 2 protocols require different
information to be carried in this encapsulation, an attempt has been made to make
the encapsulation as common as possible for all layer 2 protocols.
16
Martini Characters
Page 17
Network Learning Centre
17
17
Proprietary & Confidential
•VC-Type: indicates the type of the VC. For example, ATM, VLAN or
PPP.
PEs connecting two CEs exchange VC labels through LDP, and bind the
corresponding CE by VC-ID.
After the LSP connecting the two PEs is successfully created, and the label
exchange and the binding with CE are finished, a VC is set up.
In order to exchange VC labels between PEs, Martini has extended LDP by adding
the FEC type in the VC FEC. Moreover, because the two PEs exchanging VC
labels may not be connected directly, a remote LDP session must be set up to
transfer the VC FEC and VC labels.
Martini supports inter-AS L2VPN in multi-hop mode. But it does not support local
connection. Why? Because VC type + VC ID is unique, one PE can’t connect two
CEs with the same VC type and VC ID. 17
VC FEC Format
0 15 31
0 Label Message(0x0400) Message Length
Message ID
Group ID
VC ID
Interface Parameters
Label
Optional Parameters
Page 18
Network Learning Centre
18
18
Proprietary & Confidential
As we know, LDP generate label for FEC, while In Martini, PE set up the remote
LDP session and exchange VC information. In order to support such VC type, we
extended another FEC type means VC FEC, and the TVL value is 0x80, equal
decimal 128 . The FEC structure as the light blue part.
•VC TVL : value 0x80,equal as decimal 128.
•C : used to flag the presence of a control word, 1 means control
word present on this VC. 0 means no control word present on this VC
•VC Type : layer 2 encapsulation type, include FR,ATM,VLAN,
Ethernet, PPP and HDLC and so on
VC Type Description
0x0001 Frame Relay DLCI
0x0002 ATM AAL5 VCC transport
0x0003 ATM transparent cell transport
0x0004 Ethernet VLAN
0x0005 Ethernet
0x0006 HDLC
0x0007 PPP
0x8008 CEM [8]
0x0009 ATM VCC cell transport
0x000A ATM VPC cell transport
•VC information length:
Length of the VC ID field and the interface parameters field in octets. If 18
this value is 0 then it references all VCs using the specified group ID and
VC Status
Page 19
Network Learning Centre
19
19
Proprietary & Confidential
When the VC status will be UP, there should be local LDP VC is configured and
local state and interface is UP, LDP session is established and a mapping message
from remote peer is received with matching VC ID、 encapsulation type and
parameters, both sides do the same works, then the VC status will be UP.
19
Label Mapping
Page 20
Network Learning Centre
20
20
Proprietary & Confidential
2. PE1 checks whether there have the LDP remote session with the other PE like
PE2, if not, sets up the remote session with PE2.
3. PE1 allocates a VC label for the new interface and bind it to the configured VC
ID.
4. PE1 sends out the label mapping message to the remote peer PE2.
5. PE2 receive the message and check matches of VC ID, if matched, keep the
mapping label. And also PE2 repeat the steps 1-5.
20
Label Withdrawing
CE1 CE2
CE port/VC failure
triggers Label
withdraw Msg
Page 21
Network Learning Centre
21
21
Proprietary & Confidential
As mentioned before the Group ID field can be used to withdraw all VC labels
associated with a particular group ID. This procedure is OPTIONAL, and if it is
implemented the LDP label withdraw message should be as follows: the VC
information length field is set to 0, the VC ID field is not present, and the interface
paramenters field is not present. All LSRs implementing this design are
REQUIRED to accept such a withdraw message, but are not required to send it.
The interface parameters field must not be present in any LDP VC label withdrawal
message or release message. A wildcard release message must include only the
group ID.A Label Release message initiated from the imposition router must
always include the VC ID.
21
Questions
• Martini provide local connection or not? Why?
• As we know, two CEs which can set up the VPN connection need to be
the same encapsulation type and CE ID, then on PE the in and out VC
label is the same?
Page 22
Network Learning Centre
22
22
Proprietary & Confidential
22
1 CCC
2 Martini
3 SVC
4 Kompella
Page 23
Network Learning Centre
23
23
Proprietary & Confidential
23
SVC (Static Virtual Circuit)
Page 24
Network Learning Centre
24
24
Proprietary & Confidential
While creating the static L2VC connection of SVC, you can specify the tunnel type
(LDP LSP, CR LDP or GRE) to be used and load balancing through tunnel
policies.
SVC supports inter-AS L2VPN in multi-hop mode but does not support local
connection.
Note:
The labels used by CCC and SVC range from 16 to 1023, that is, they are in the
same label space with those reserved for static LSP.
24
1 CCC
2 Martini
3 SVC
4 Kompella
Page 25
Network Learning Centre
25
25
Proprietary & Confidential
25
Kompella Network Structure
Brach Office A
Outer Label VC Label Layer2 Header Data
PE
Headquarter A Headquarter B
P)
(LS
nel
Brach Office B
l2VPN Instance info distributed by BGP Brach Office B
Page 26
Network Learning Centre
26
26
Proprietary & Confidential
The Kompella mode realizes MPLS L2VPN by means of end-to-end (CE to CE) in
the MPLS network. It takes BGP as the signaling protocol to transfer Layer 2
information and VC labels.
Kompella MPLS L2VPN is different from Martini in that it does not operate on the
connection between the CEs directly. It allocates different VPNs in the whole SP
network and encodes each CE in the VPN. Similar to BGP/MPLS VPN, Kompella
MPLS L2VPN also uses VPN targets to identify different VPNs that make the VPN
networking more flexible.
To connect two CEs, you need to configure local CE ID and remote CE ID on the
PE.
26
Draft for Kompella
Page 27
Network Learning Centre
27
27
Proprietary & Confidential
This document offers a solution that preserves the advantages of a Layer 2 VPN
while allowing the Service Provider to maintain and manage a single network for
IP, IP VPNs and Layer 2 VPNs, and reducing the provisioning problem
significantly. In particular, adding a site to an existing VPN in most cases requires
configuring just the Provider Edge router connected to the new site.
To ease the restriction that all sites within a single VPN connect via the same layer
2 technology, this document proposes a limited form of layer 2 interworking,
restricted to IP only as the layer 3 protocol.
27
Kompella Control Plane
CE1
CE2
Page 28
Network Learning Centre
28
28
Proprietary & Confidential
1. BGP version 4 is used as the auto-discovery and signaling protocol for Layer 2
VPNs. In BGP, the Multiprotocol Extensions (MP-BGP) are used to carry L2-
VPN signaling information. MP-BGP defines the format of two BGP attributes
(MP_REACH_NLRI and MP_UNREACH_NLRI) that can be used to
announce and withdraw the announcement of reachability information. We
introduce a new address family identifier (AFI) for L2-VPN [to be assigned by
IANA, because it is a draft], a new subsequent address family identifier (SAFI)
[to be assigned by IANA], and also a new NLRI format for carrying the
individual L2-VPN label-block information. One or more NLRIs will be carried
in the above-mentioned BGP attributes. L2VPN NLRIs must be accompanied
by one or more extended communities. the reuse of ROUTE TARGET
extended community. Its usage is exactly the same as in the case of MPLS L3
VPN, also RD.
2. Different site within the same VPN is identified by using CE ID, in the same
VPN, CE ID should be unique.
28
VPN Information-Label Block
1. Kompella MPLS L2VPN adopts the label block to allocate labels. Through it,
labels can be allocated to connections at the same time.
2. Users can specify the local CE range that indicates how many CEs can be
connected with this CE. PE assigns a label block for this CE. The size of the
label block equals the CE range. In this way, users can reserve some extra
labels for the VPN for future use. It is a waste of label resources in a short term,
but it can reduce the workload of VPN deployment and configuration in
expansion.
3. Suppose an enterprise VPN has 10 CEs and the number may increase to 20
concerning its service expansion in future. The CE range of each CE can be set
to 20 to meet future expansion. In this way, it is only necessary to modify the
configuration of the PE that is attached with the newly added CE, without
modifying other PEs when the VPN adds nodes in the future.
29
Label Block Structure
0 7 15 23 31
Length
Route Distingguisher
CE ID
Label Base
Variable TLVs
Page 30
Network Learning Centre
30
30
Proprietary & Confidential
Length :
The Length field indicates the length in octets of the L2-VPN address information.
Route Distinguisher :
CE ID, Label Base and Label offset please refer to previous slide.
Variable-TLVs:
L2VPN TLVs can be added to extend the information carried in the L2 VPN NLRI.
In L2VPN TLVs, type is 1 octet, length is 2 octets and represents the size of the
value field in bits.
A new sub-TLV (CSV) is introduced to carry the status of an L2VPN PVC between
a pair of PEs. This sub-TLV is a mandatory part of MP_REACH_NLRI.
The value field of this TLV is a bit-vector, each bit of which indicates the status of
the VC associated with the corresponding label in the label-block. Bit value 0 30
i di h h l l i i d h l LSP h PE i hil
Layer2-Info Extended Community
0 7 15 23 31
Extended Community type Encaps Type Control Flags
Encapsulation Type Identifies the layer 2 encapsulation, e.g., ATM, Frame Relay
etc. The following encapsulation types are defined:
Value Encapsulation
0 Reserved
1 Frame Relay
4 Ethernet VLAN
5 Ethernet
6 Cisco-HDLC
7 PPP
8 CEM [8]
CE m
CE k
Page 32
Network Learning Centre
32
32
Proprietary & Confidential
Advertised PE1
VPN A
CE m
label-block Lm
label-base as LBm
label-range as LRm
the configured CE ID is k.
label-block Lk.
label-base as LBk
32
label range as LRk
VC Label Calculation-2
• Check the encapsulation type for VPN A, if does not match stop.
(Note that for IP-only layer 2 interworking a separate encapsulation
type is defined).
• Check if k = m. If so, issue an error: Stop.
• Search among all the label-blocks from m for one which satisfies
LOm <= k < LOm + LRm. If none found, stop. Otherwise let Lm be
the label-block found.
• Search among all the label-blocks of k for one which satisfies LOk
<= m < LOk + LRk. If none found, stop. Otherwise let Lk be the
label-block found.
• The Interface bound with remote CE-m is identified based on the
configuration in remote CE. Then VC label for sending packets to
CE-m is (LBm + k - LOm) and The VC label on which to expect
packets from CE-m is (LBk + m - LOk).
Page 33
Network Learning Centre
33
33
Proprietary & Confidential
As for the incoming VC label and out going VC label calculation. Remember
that the incoming VC label is that local label base + remote CE ID - local label
offset, the outgoing VC label is remote label base + local CE ID – remote label
offset
Question:
As for VPNA, is PE1’s incoming VC label same with PE2’s outgoing label ?
Vice versa.
33
VC Calculation Example
II have:
have:
VPN CE2
VPN :: red
red
CE-id:
CE-id: 22
Label
Label Base:
Base: 2000
2000
Label
Label Range:
Range: 10
10 201 203
PE2
Tunnel 1002 Payload
Tunnel 3002 Payload
102 302
CE3
CE1
103
PE1 301
PE3
II have: II have:
have:
have:
VPN VPN
VPN :: red
red
VPN :: red
red
CE-id: CE-id:
CE-id: 33
CE-id: 11
Label Label
Label Base:
Base: 3000
3000
Label Base:
Base: 1000
1000
Label Label
Label Range:
Range: 10
10
Label Range:
Range: 10
10
Page 34
Network Learning Centre
34
34
Proprietary & Confidential
3.Find a label block. [Local block offset <= remote CE ID < local block offset +
local block CE range ?] and [remote block offset<=local CE ID < remote block
offset + remote block CE range] Default offset is 0.
As for CE2 the incoming VC label is local label base + remote CE ID – local
offset equals 1000+2-0=1002, the outgoing label is remote label base + local CE
ID – remote offset equals 2000 + 1 -0 = 2001.
34
Kompella Summary
Page 35
Network Learning Centre
35
35
Proprietary & Confidential
35
L2VPN Types
Page 36
Network Learning Centre
36
36
Proprietary & Confidential
36
Layer 2 Interworking
• As defined so far, all CE-PE connections for a given Layer 2 VPN must
use the same layer 2 encapsulation, e.g., they must all be Frame
Relay. This is often a burdensome restriction.
CE1 FR Link
ATM Link CE2
PE1 PE2
Page 37
Network Learning Centre
37
37
Proprietary & Confidential
For Layer 2 interworking as defined here, when an IP packet arrives at a PE, its
Layer 2 address is noted, then all Layer 2 overhead is stripped, leaving just the
IP packet. Then, a VPN label is added, and the packet is encapsulated in the PE-
PE tunnel (as required by the tunnel technology). Finally, the packet is
forwarded. Note that the forwarding decision is made on the basis of the Layer 2
information, not the IP header. At the egress, the VPN label determines to which
CE the packet must be sent, and over which virtual circuit; from this, the egress
PE can also determine the Layer 2 encapsulation to place on the packet once the
VPN label is stripped.
Notes:
Note that, 37
Module 5
VPLS
38
Basic concept of VPLS
VPLS Overview
• VPLS is also known as Transparent LAN Service (TLS) and Virtual
Private Switched Network service
• VPLS provides L2 VPN service. By function, L2 VPN and L3 VPN are
different in whether L2 forwarding or L3 forwarding functions are
simulated on the public network
• In VPLS, users are connected through a point-to-multipoint network,
rather than the point-to-point connection service provided on the
traditional L2 VPN.
• VPLS, in fact, is about creating a series of virtual switches on the PE to
be leased to users. Such virtual switches can be networked in the
same way as traditional switches. This way, the users can implement
their own LAN connections through the WAN
Page 39
Network Learning Centre
39
39
Proprietary & Confidential
39
Basic concept of VPLS
VPLS Structure
Emulated Service
Pseudo-wire A branch 1
CE
Attachment Attachment
Circuit PE Circuit S
Virtual B headquarters
CE Switch
Instance
R
S
MPLS LSP
PE CE
S SP
P LS L
MP M
A headquarters R LS
LSP IP/MPLS network A branch 2
PE Virtual CE
Switch
Instance S
S PE
B branch 1
CE
R B branch 2
S
CE
Page 40
Network Learning Centre
40
40
Proprietary & Confidential
Pseudo Wire (PW): It is a virtual connection used to transmit frames between two
PEs in VPLS. PE establishes and maintains PWs through the use of signaling, and
the two PEs at two ends of a PW maintain PW state information.
Virtual Switch Instance (VSI): Every VSI can offer separate VPLS service. The
VSI implements Ethernet bridge function and terminates Pseudo Wire (PW). In
Cisco it is called as VFI (Virtual Forwarding Instance)
Virtual Circuit (VC): a logic single directional circuit between two nodes. A PW is
constitutes by two opposite directional VCs. A VC can be used as a single
directional PW.
Attachment Circuit (AC): In L2VPN, CE accesses PE through AC. AC can be
either a physical link or a logical link. AC transmits frames between CE and PE.
40
Basic concept of VPLS
Page 42
Network Learning Centre
42
42
Proprietary & Confidential
Working process of VPLS
Control Plane
Page 43
Network Learning Centre
43
43
Proprietary & Confidential
Working process of VPLS
Data Plane
Page 44
Network Learning Centre
44
44
Proprietary & Confidential
Working process of VPLS
PE implements VPLS forwarding through the use of VSIs. Ethernet frames can be
forwarded between two PEs through the fully-connected Ethernet emulated circuit
or PW.
PEs in a VPLS must be fully connected, that is, there is a PW between any two
PEs. Then packets can be directly transmitted from ingress PE to egress PE,
without forwarded by intermediate PEs. Therefore, loop is free between PEs, and
Spanning Tree Protocol (STP) is unnecessary to run.
45
Working process of VPLS
PE S
R
User PDU
CE MAC Lable VC ID User PDU When the PE forwards
the packets from the
MPLS LSP
PE
S SP remote PE, it selects
P LS L
MP M the home VPNs of the
A headquarters R LS
LSP IP/MPLS network PDUs of the users
according to the VC
The VPLS tunnel, for label, and it looks for
According to the VPNs of the users, the
the CE equipment, is the egress interfaces of
PE encapsulates the PDUs with the VC PE
like a L2 switch that the packets according
Labels to distinguish different users in CE
to the destination
has no protocol the MPLS network. According to the R addressesAof
started, as it destination MACs of the users, the branchusers,
the 2
transparently removing the VC Label
PSTN labels are encapsulated for
transmitted the and sending the original
transmission to the destination PE:
packets of the users PDUs ofSthe users to
Obviously, the PE in the VPLS network
the CE
must have the ability to learn the MAC
addresses of the users
Page 46
Network Learning Centre
46
46
Proprietary & Confidential
Martini VPLS
Overview
Page 47
Network Learning Centre
47
47
Proprietary & Confidential
Martini VPLS: LDP used for signaling, and needing manual designation of various
peers of the PE. Since full connections must be established between various PEs in
the same VPLS, whenever a new PE joins, all related PEs modify the
configuration, which causes poor expandability. Since the PW is actually a point-
to-point link, the LDP is more effective to be used for establishing, maintaining and
removing the PW.
47
Martini VPLS
Signaling process
Configuring VSI, and
PE1 designating PE2
the PE2 as Peer Configuring VSI, and
Mapping Message designating
the PE1 as Peer
Mapping Message
Interface parameters Interface parameters
match . PW UP match . PW UP
Withdraw Message
Removing PW
Release Message PW Down
Recycle label
PW Down
Page 48
Network Learning Centre
48
48
Proprietary & Confidential
This slide shows a typical process where the LDP is used as the signaling for the
establishment and removal of the PW. When the PE1 is configured with one VSI
(Virtual Switch Instance) and the PE2 has been designated as its peer, a label will
be assigned and the mapping message will be sent to PE2 if the LDP session has
already been established between PE1 and PE2. After PE2 receives the mapping
message, it checks if the same VSI has been configured locally. If the same VSI
has been configured, and the VSI ID and encapsulation type are both the same, it
means that the VSIs on these two PEs are within the same VPN. If the interface
parameters are the same between them, the PW on the PE2 end has been
established. After PE1 receives the mapping message from PE2, it performs the
same check and processing.When PE1 no longer wants to forward the packets of
PE2 (for example, the user cancels the designation of the PE2 as peer), it sends the
withdraw message to the PE2. After PE2 receives the withdraw message, it
removes the PW and responds with the release message. After PE1 receives the
release message, it releases the label and removes the PW.
48
Martini VPLS
Setup PW
VC
VC:111 in VLAN 10 VC:111 in VLAN 10
VC:222 in VLAN 20 VC:222 in VLAN 20
.
.
. VC:555 in VLAN 50
VC:555 in VLAN 50
1.1.1.1 2.2.2.2
LSP
IP MPLS Network
R R
Trunk PE PE Trunk
VLAN 10-50 1.1.1.1 Remote Session 2.2.2.2 VLAN 10-50
S CE CE S
Vlan:1020 50 Vlan:1020 50
Page 49
Network Learning Centre
49
49
Proprietary & Confidential
Common LDP Neighbor still needs to be established between PE and P for the
allocation of the MPLS labels of the public network.
Neighborhood relationship is established between PEs through the expanded LDP,
and the TCP connection is directly used to send LDP messages to maintain the
Remote LDP Session.
Through this LDP Session, the VPN control information is interacted, including the
allocation of the PW labels (equivalent to the private labels in the L3VPN)PE
creates one VSI (Virtual Switch Instance) for each VPN. Each VSI has one ID.
When the LDP negotiates for PW, the ID works as the tag of VPN
49
Martini VPLS
Label allocation
z To establish one VC, PE needs to allocate two layers of labels for it.
z The outer layer label is the MPLS LSP label of the public network, as
allocated by the LDP. Only with the outer layer label, packets can be
transmitted on the public network.
z The inner layer label is the VC label, as allocated through the negotiation of
the remote LDP Session. PE allocates one label for each VC. PE
determines the VC to which the packets belong according to the inner layer
label, and then sends the packets to the right CE.
z The VC can be up and the VPLS can start to work only when two layer
labels have been correctly allocated.
Page 50
Network Learning Centre
50
50
Proprietary & Confidential
PW label allocation: PE allocates labels for the PW in the incoming direction, and
identifies it as Local-Labels. That of the PW in the outgoing direction is allocated
by the other party, and is identified as Remote-Label locally.
To establish one VC, PE needs to allocate two layers of labels for it.
The outer layer label is the MPLS LSP label of the public network, as allocated by
the LDP. Only with the outer layer label can packets be transmitted on the public
network.
The inner layer label is the VC label, as allocated through the negotiation of the
remote LDP Session established on the Loopback interface. PE allocates one label
for each VC. How this is allocated is determined in advance by the PEs on both
ends. PE determines the VC to which the packets belong according to the inner
layer label, and then sends the packets to the right CE.
The VC can be up and the VPLS can start to work only when two layer labels have
been correctly allocated.
50
Martini VPLS
Packet forwarding
Public LabelPrivate Label
MPLS VC label Tag Payload
Private Label
IP MPLS Network
R R
PE PE Trunk
Tag Payload VLAN 10-50
S CE CE S
Vlan:1020 50 Vlan:1020 50
Page 51
Network Learning Centre
51
51
Proprietary & Confidential
Start PE:
Each VSI is bound with a L3 vlan virtual interface connected to CE.
In packet forwarding, after a user packet is received, the VSI of the packet is
selected according to the vlan of the physical port on the PE. Then, the ID of the
remote PE of the packet is found in the MAC table in the VSI according to the
destination MAC in the user packet, and label A of direction PW is found
according to the remote PE ID, and the label is encapsulated on the user packet.
If the MAC table of the VSI does not have the destination mac entry of the user, the
packet is sent as a broadcast packet. In other words, the packet is sent to all the PE-
Peers of the VPN (in the VPN, the multicast packets of the user are processed in
the same way)
MPLS of the public network is looked up according to the ID of the remote PE,
next the public network label is encapsulated, and then the Mac header of the
public network is encapsulated
On the P equipment: SWAP,
When the packet is propagated in the MPLS backbone network, all the P
equipments perform SWAP of the common public network label or perform PHP
according to the LSP table.
End PE:
After a packet is forwarded to the end PE, the end PE views the label of the packet
and finds the right VSI for the packet in the label table, and then the physical egress
of the MAC is found in the MAC table of the VSI, and the label of the packet is
POPed. Finally the packet is forwarded from the appropriate physical port
51
Key Technology
Page 52
Network Learning Centre
52
52
Proprietary & Confidential
Key Technology
PW2
S R R S
PW
1 2 VSI MAC PORT
PW
MAC A IP 1.1.1.2 VPN1 A PW2
One feature of the Ethernet network is that for broadcast packets, multicast packets
or unicast packets with unknown destination MAC addresses, the Ethernet network
sends them to all the other ports on the same Ethernet segment.
In VPLS, the service provider network stimulates network bridge devices and PE
performs MAC address learning. PE must associate destination MAC address with
PW to forward packets. PE learns remote MAC addresses through PW and directly-
connected MAC addresses through AC.
There are two modes of MAC address learning:
Qualify: PE learns MAC addresses according to MAC addresses of Ethernet
packets and VLAN tags, that is, based on every VLAN of every VSI. In this mode,
every VLAN forms its own broadcast domain and has its own independent MAC
address range.
Unqualify: PE learns MAC addresses according to MAC addresses of Ethernet
packets, that is, based on every VSI. In this mode, all VLANs share a broadcast
domain and a MAC address range. The MAC address of a VLAN must be unique,
and no overlapped address exists.
54
Key Technology
Page 55
Network Learning Centre
55
55
Proprietary & Confidential
55
Key Technology
Packet Encapsulation on AC
Page 56
Network Learning Centre
56
56
Proprietary & Confidential
ThankYou