MEN Part 2

MEN Part 2
50467565
Network Learning Centre 1

Proprietary & Confidential 1
1
Agenda
Day4
Module 4
o L2 VPN
Module 5
o VPLS

Module 4
L2 VPN

3
Traditional L2 VPN
• Leased Line
– Main shortcoming：provisioning is time consuming,
expensive and difficult to manage it
• Virtual Circuit
– Comparing with LL，lower time consuming, lower price
– Providing service on ATM or FR network，while the
network need to be set up and maintained separately
– Low speed
– Complicated configuration
Page 4
Network Learning Centre
4
4
Proprietary & Confidential
Leased line is the earliest "First Mile" technology employed for broadband access.
Seldom used for residential broadband access due to their high monthly rental cost,
leased lines are most commonly used by medium and large businesses and
organizations to provide broadband access to their employees over a Local Area
Network.
Traditional VPNs are based on Asynchronous Transfer Mode (ATM) or Frame Relay
(FR), where different VPNs can share the network structure of carriers. However,
traditional VPNs have the following disadvantages.
Dependence on special media (such as ATM or FR): for ATM-based or FR-based

VPNs, carriers must establish ATM networks or FR networks across the country,
which is a waste of network construction.
Complicated VPN structure: when a site is added to an existing VPN, it is required to

modify the configuration of all edge nodes that access the VPN site, the configuration
task is heavy and complicated.
4
What is MPLS L2 VPN
• MPLS L3 VPN
Tunnel Label Inner Label Layer3 Header Data
• MPLS L2 VPN
Tunnel Label VC Label Layer2 Header Data
Page 5
5
5
VPN as we know it is virtual private network, using some tunnel technology to

transmit customer data from one side to another side through the provider network.
MPLS L3 VPN we have learned that when customer data transmitted from one PE
to another PE, the data only covers layer 3 and above information, without the
information of layer 2.
We define a Layer 2 VPN as one where a Service Provider provides a layer 2

network to the customer. Within the Service Provider's network, the layer 2 packets
are transported within tunnels, which could be MPLS Label-Switched Paths (LSPs)
or GRE tunnels, if we choose MPLS, just means MPLS L2 VPN.
Compare with L3 VPN , L2 VPN have many advantages, later we will introduce it.
5
MPLS L2 VPN Network Structure
Customer Customer
Site Site
Tunnel
Pseudo Wires
PE PE
Customer
Customer
Site
Site
• The basic principle of all MPLS L2VPN modes,

except CCC, is the same as the above shown.
Page 6
6
6
From this figure we know that L2 VPN network structure is same like L3 VPN
network structure, and the definition of PE, P, CE is the same. The public network
tunnel also is MPLS LSP tunnel. While there have some differences, usually MPLS
L2 VPN packets also have two labels but CCC, CCC only have the tunnel label, the
others have a inner label means VC label. As we know, in MPLS L3 VPN, inner
label used to identify different route, while in L2 VPN, inner label used to identify
the CE.
6
MPLS L2 VPN Characters
• The service provider use MPLS network to provide Layer

2 services to the customer. It seems that CEs are
connected directly or connected through layer2 switch
networks, such as ATM, FR, Ethernet switch networks.
• Routing occurs between CE routers
• PE sends VPN traffic across the service provider’s

network to the PE router connected via LSP tunnels.
Page 7
7
7
From the network structure we know that CE connect to PE, as for CE to CE,
provider network provide layer 2 connection service, it seems that CEs are
connected directly or connected through layer 2 switch networks.
As provider network works like a layer 2 switch network, it will not participate
customer’s routing exchange, so routing occurs between CE routers. This is
different with MPLS L3 VPN.
When PE sending VPN traffic across provider’s network, it use the MPLS LSP
tunnel, same as MPLS L3 VPN.
7
Advantages of MPLS L2 VPN
• High Scalability
• Separation of Administrative Responsibilities
• Routing Privacy and Security
• Ease of Configuration
• Native Multi protocol Support
• Signaling Flexibility
•Proprietary
Page 8 Cost-efficient
& Confidential
Migration from Traditional Layer
8 2 VPN 8
High Scalability
PE routers share between themselves only a small amount of information about

each CE router. Therefore, each PE need only maintain a single entry from each
CE
Separation of Administrative Responsibilities
The Service Provider is responsible for Layer 2 connectivity, and the customer
is responsible for Layer 3 connectivity. This separation of responsibility also
isolates customer-generated faults from provider network.
Routing Privacy and Security
As the routing information of the user is not imported, PE cannot obtain and
process the users’ VPN routing information
Ease of Configuration
As for traditional layer 2 VPN, if CE is full-meshed, there have N2 problem, just

for each CE, need to configure N-1 PVCs to other CEs, even when add a new
CE, not only you need to configure the connected PE, the other PEs connected
with other CEs also need to be configured. While Kompella L2 VPN, by
configuring excessive CE range, when adding a new CE, only need to configure
the connected PE, spare more configuration task.
8
Native Multi protocol Support
VLL
• VLL=Virtual Leased Line

• VLL provides layer 2 P2P connection between
CEs.
• Implementation method includes:
– CCC
– Martini
– SVC
– Kompella
Page 9
9
9
VLL (Virtual Leased Line）：VLL is the simulation of traditional leased line

service, using IP network to simulate leased line service, provide dissymmetry and
low cost DDN service. This virtual leased line likes traditional leased line, it
provide layer 2 point to point connection.
VLL is used to replace the expensive LL and provide the same LL service.
From now on the main technologies implement VLL including CCC, Martini, SVC
and Kompella, Later we will introduce separately.
9
L2 VPN Common Packet Structure
Connection > LDP、BGP、STATIC-LSP and so on

Control − VC label’s negotiation, withdrawing and error notification
protocol
‘Emulated Circuits’—three layers encapsulation

>Tunnel Label
Tunnel −Ingress PE to Egress PE switching label
Header
>VC Label
demultiplexer
−Identify different VC in the same tunnel
Field
>Emulate VC Encapsulation (Control Word)

L2 PDU
− 32-bit Control Word
(Emulated)
Page 10
10
10
In an MPLS network, it is possible to use control protocols to set up "emulated virtual

circuits" that carry the Protocol Data Units of layer 2 protocols across the network. A
number of these emulated virtual circuits may be carried in a single tunnel. This
requires of course that the layer 2 PDUs be encapsulated. We can distinguish three
layers of this encapsulation:
• the "tunnel header", which contains the information needed to transport the PDU
across the MPLS network; this is header belongs to the tunneling protocol, e.g.,
MPLS, GRE, L2TP.
•the "demultiplexer field", which is used to distinguish individual emulated virtual

circuits within a single tunnel; this field must be understood by the tunneling protocol
as well; it may be, e.g., an MPLS label or a GRE key field.
•the "emulated VC encapsulation", which contains the information about the enclosed
layer 2 PDU which is necessary in order to properly emulate the corresponding layer 2
protocol.
-Although different layer 2 protocols require different information to be carried in this

encapsulation, an attempt has been made to make the encapsulation as common as
possible for all layer 2 protocols.
10
PDU Structure
0 7 15 23 31
Tunnel Label(LDP or RSVP) EXP 0 TTL
VC Label(VC) EXP 1 TTL(Set to 2)
Rsvd Flags 0 0 Length Sequence Number
Layer-2 PDU
Tunnel Label /VC Label
Control Word
Layer-2 Protocol Data Unit
Encap type Control Word

ATM（AAL5） Y
Ethernet N
Frame Relay Y
HDLC N
PPP N
Page 11
11
11
In most cases, it is not necessary to transport the layer 2 encapsulation across the
network; rather, the layer 2 header can be stripped at ingress PE, and reproduced at
egress PE. This is done using information carried in the control word, as well as
information that may already have been signaled from ingress PE to egress PE.
There are three requirements that may need to be satisfied when transporting layer 2
protocols over an MPLS backbone:
1. Sequentiality may need to be preserved.
2. Small packets may need to be padded in order to be transmitted on a
medium where the minimum transport unit is larger than the actual packet
size.
3. Control bits carried in the header of the layer 2 frame may need to be
transported.
The control word defined here addresses all three of these requirements. For
some protocols this word is REQUIRED, and for others OPTIONAL. For
protocols where the control word is OPTIONAL implementations MUST
support sending no control word, and MAY support sending a control
word.
In the control word the first 4 bits are reserved for future use. They MUST be set to 0
when transmitting, and MUST be ignored upon receipt.
The next 4 bits provide space for carrying protocol specific flags. These are defined
in the protocol-specific.
The next 2 bits MUST be set to 0 when transmitting. The next 6 bits provide a 11
length field, which is used as follows: If the packet's length (defined as the length
1 CCC
2 Martini
3 SVC
4 Kompella
Page 12
12
12
12
CCC (Circuit Cross Connect)
Tunnel Label Layer2 Header Data Branch Office B
Only one level PE

Headquarter B
Branch Office A
PE
MPLS Network
Remote
Headquarter A
Connection
PE
Branch Office A Branch Office A
Local Connection
Page 13
13
13
An important application of MPLS is the "convergence" of Layer 2 networks,

i.e., a means of transporting Layer 2 frames over an MPLS infrastructure. CCC
is the first instantiation of this technology that was deployed in production
networks.
CCC（Circuit Cross Connect）is a static VC connected VPN, according to the

configuration, PE map the received layer 2 packets to a static configured LSP,
and then the packet forwarded through the provider network by MPLS to the
other end, finally to the other CE.
CCC is different with other MPLS L2 VPN, CCC only have one level label and
with this label to execute label switching, so CCC occupy the static LSP
monopolistic, and as we know LSP is one way, so we need to configure two
LSPs. Because the LSP is monopolistic, it can not be used to other service such
as other MPLS L2 VPN connection or BGP/MPLS VPN or IP packet
forwarding and so on. CCC VPN only need the provider network to support
MPLS is OK
CCC is apt for mini and simple topology MPLS network, all the LSP need to be
configured manually. And it does not need signaling protocol. So the resource
cost is low, easy to understand but maintain is difficult.
CCC provide transparent layer 2 connection with two CEs, when transmitting
the packets only the layer 2 address is changed without other changes.
13
CCC h t ti t
1 CCC
2 Martini
3 SVC
4 Kompella
Page 14
14
14
14
Martini Network Structure
Branch Office A
Outer Label VC Label Layer2 Header Data

PE
Headquarter A
P)
(LS
nel
MPLS Tunnel (LSP)

S Tun Branch Office B
P L
M
MPLS Network
PE
MP Branch Office A
LS
Tun
nel
(LS
P)
PE
Headquarter B
VC Label distributed by LDP

Branch Office B
Page 15
15
15
The Martini mode implements MPLS L2VPN by setting up a point-to-point link. It

takes LDP as the signaling protocol to transfer Layer 2 information and VC labels.
Martini MPLS L2VPN adopts VC-type plus VC-ID to identify a VC between two
CEs.
VC-type: indicates the type of the VC, such as ATM, VLAN and PPP.
VC-ID: VC-ID of each VC in the same VC-type must be unique in the whole
PE.
PEs connecting two CEs exchange VC labels through LDP, and bind the
corresponding CE by VC-ID.
Martini supports inter-AS L2VPN in multi-hop mode. But it does not support local
connection.
15
Draft for Martini
• The Mode is based on two drafts from Lucca

Martini.
– draft-martini-l2circuit-trans-mpls
• VC label distribution, uses extended LDP
– draft-martini-l2circuit-encap-mpls
• Different encapsulation mechanism for different
L2 circuit.
Page 16
16
16
draft-martini-l2circuit-trans-mpls :
This document describes methods for transporting the Protocol Data Units (PDUs)
of layer 2 protocols such as Frame Relay, ATM AAL5, Ethernet, and providing a
circuit emulation service across an MPLS network.
draft-martini-l2circuit-encap-mpls :
This document describes methods for encapsulating the Protocol Data Units
(PDUs) of layer 2 protocols such as Frame Relay, ATM, or Ethernet for transport
across an MPLS network. Although different layer 2 protocols require different
information to be carried in this encapsulation, an attempt has been made to make
the encapsulation as common as possible for all layer 2 protocols.
16
Martini Characters
• VC ID is used to identify a VC,VC Type indicates the

encapsulation type.
• Martini Protocol extends LDP by adding VC FEC type
including VC ID and VC Type. One label is allocated for
per VC FEC.VC label has only local meanings.
• VC FEC and VC label is exchanged through targeted
LDP session between two PEs.
• Tunnel between PEs can be used commonly by different
VCs. Tunnel type can be LSP,TE tunnel or GRE tunnel.
• Can’t provide local connection.
Page 17
17
17
The Martini mode implements MPLS L2VPN by setting up a point-to-point link. It

takes LDP as the signaling protocol to transfer layer 2 information and VC labels.
Martini MPLS L2VPN adopts VC-Type + VC-ID to identify a VC between two

CEs.
•VC-Type: indicates the type of the VC. For example, ATM, VLAN or
PPP.
•VC-ID: VC-ID of each VC in the same VC-TYPE must be unique in the

whole PE.
PEs connecting two CEs exchange VC labels through LDP, and bind the
corresponding CE by VC-ID.
After the LSP connecting the two PEs is successfully created, and the label
exchange and the binding with CE are finished, a VC is set up.
In order to exchange VC labels between PEs, Martini has extended LDP by adding
the FEC type in the VC FEC. Moreover, because the two PEs exchanging VC
labels may not be connected directly, a remote LDP session must be set up to
transfer the VC FEC and VC labels.
Martini supports inter-AS L2VPN in multi-hop mode. But it does not support local
connection. Why? Because VC type + VC ID is unique, one PE can’t connect two
CEs with the same VC type and VC ID. 17
VC FEC Format
0 15 31
0 Label Message(0x0400) Message Length
Message ID
0 0 FEC TLV(0x0010) Length
VC TLV(0x80) c VC Type VC Info Length
Group ID
VC ID
Interface Parameters
0 0 Generic Label(0x0200) Length
Label
Optional Parameters
Page 18
18
18
As we know, LDP generate label for FEC, while In Martini, PE set up the remote
LDP session and exchange VC information. In order to support such VC type, we
extended another FEC type means VC FEC, and the TVL value is 0x80, equal
decimal 128 . The FEC structure as the light blue part.
•VC TVL : value 0x80，equal as decimal 128.
•C : used to flag the presence of a control word, 1 means control
word present on this VC. 0 means no control word present on this VC
•VC Type : layer 2 encapsulation type, include FR，ATM，VLAN，
Ethernet， PPP and HDLC and so on
VC Type Description
0x0001 Frame Relay DLCI
0x0002 ATM AAL5 VCC transport
0x0003 ATM transparent cell transport
0x0004 Ethernet VLAN
0x0005 Ethernet
0x0006 HDLC
0x0007 PPP
0x8008 CEM [8]
0x0009 ATM VCC cell transport
0x000A ATM VPC cell transport
•VC information length:
Length of the VC ID field and the interface parameters field in octets. If 18
this value is 0 then it references all VCs using the specified group ID and
VC Status
• An In Label is allocated when a LDP VC is configured.

• If the Local State is up i.e. if the interface is up
• LDP Session is established
• at least one tunnel to destination exists
• then a mapping containing L2VPN Info like VC-ID, Interface type
and other Interface parameters are sent to the destination.
• VC state is not up until it receives a mapping from the remote peer
with matching VC ID, Interface type and parameters.
• With this mapping we also receive the in-label of the remote VC
which is out-label for the local LDP VC.
Page 19
19
19
When the VC status will be UP, there should be local LDP VC is configured and
local state and interface is UP, LDP session is established and a mapping message
from remote peer is received with matching VC ID、 encapsulation type and
parameters, both sides do the same works, then the VC status will be UP.
19
Label Mapping
PE2 repeats steps 1-5 so

that bi-directional
label/VCID mappings are
established
1.L2 transport route
entered on ingress PE
2. PE1 starts LDP session

CE1 with PE2 if one does not CE2
already exist
3. PE1 allocates VC label 5. PE2 receives VC FEC

For new interface & binds TLV & VC label TLV that
to configured VCID
PE1 PE2 Matches local VCID
4. PE1 sends label mapping
Message containing VC FEC
TLV & VC label TLV
Page 20
20
20
The VC label mapping procedures are as follows:
1. L2 transports routes to the ingress PE1
2. PE1 checks whether there have the LDP remote session with the other PE like
PE2, if not, sets up the remote session with PE2.
3. PE1 allocates a VC label for the new interface and bind it to the configured VC
ID.
4. PE1 sends out the label mapping message to the remote peer PE2.
5. PE2 receive the message and check matches of VC ID, if matched, keep the
mapping label. And also PE2 repeat the steps 1-5.
20
Label Withdrawing
• If a PE route detects a condition that affects normal

service, it must withdraw the corresponding VC label
through the LDP signaling
CE1 CE2
CE port/VC failure
triggers Label
withdraw Msg
Circuit status signaling PE port failure triggers

PE1 PE2 Group ID withdraw
LDP label withdraw VCID
20 VC label 100
Page 21
21
21
As mentioned before the Group ID field can be used to withdraw all VC labels
associated with a particular group ID. This procedure is OPTIONAL, and if it is
implemented the LDP label withdraw message should be as follows: the VC
information length field is set to 0, the VC ID field is not present, and the interface
paramenters field is not present. All LSRs implementing this design are
REQUIRED to accept such a withdraw message, but are not required to send it.
The interface parameters field must not be present in any LDP VC label withdrawal
message or release message. A wildcard release message must include only the
group ID.A Label Release message initiated from the imposition router must
always include the VC ID.
21
Questions
• Martini provide local connection or not? Why?
• As we know, two CEs which can set up the VPN connection need to be
the same encapsulation type and CE ID, then on PE the in and out VC
label is the same?
Page 22
22
22
1. Not support, Because VC type + VC ID is unique, one PE can’t connect two

CEs with the same VC type and VC ID.
2. Remember? In label is allocated by local PE, out label is allocated by remote

PE, they are allocated independently. So usually it is not the same.
22
1 CCC
2 Martini
3 SVC
4 Kompella
Page 23
23
23
23
SVC (Static Virtual Circuit)
• Similar to Martini MPLS L2VPN, the only

difference is In and Out VC Label is allocated
manually.
• Targeted LDP session between two PEs is not
needed for VC info exchange.
• VC state only depends on the local state and the
tunnel state between two PEs.
• Tunnels are used to pass on the data packets
between the PEs.
Page 24
24
24
SVC implements MPLS L2VPN through static configuration. SVC transfers

L2VPN information without using the signaling protocols. But it requires the
manual configuration of VC Label information.
While creating the static L2VC connection of SVC, you can specify the tunnel type
(LDP LSP, CR LDP or GRE) to be used and load balancing through tunnel
policies.
SVC supports inter-AS L2VPN in multi-hop mode but does not support local
connection.
Note:
The labels used by CCC and SVC range from 16 to 1023, that is, they are in the
same label space with those reserved for static LSP.
24
1 CCC
2 Martini
3 SVC
4 Kompella
Page 25
25
25
25
Kompella Network Structure
Brach Office A
PE
Headquarter A Headquarter B
P)
(LS
nel
MPLS Tunnel (LSP)

S Tun
P L
M
MPLS Network
PE
MP
LS
Tun Brach Office A
nel
(LS
P)
PE
Brach Office B
l2VPN Instance info distributed by BGP Brach Office B
Page 26
26
26
The Kompella mode realizes MPLS L2VPN by means of end-to-end (CE to CE) in
the MPLS network. It takes BGP as the signaling protocol to transfer Layer 2
information and VC labels.
Kompella MPLS L2VPN is different from Martini in that it does not operate on the
connection between the CEs directly. It allocates different VPNs in the whole SP
network and encodes each CE in the VPN. Similar to BGP/MPLS VPN, Kompella
MPLS L2VPN also uses VPN targets to identify different VPNs that make the VPN
networking more flexible.
To connect two CEs, you need to configure local CE ID and remote CE ID on the
PE.
Kompella supports both local and remote connections.
It supports inter-AS L2VPN in the following two modes:
•Multi-hop mode: adopts routes with BGP label.
•MP-EBGP mode: saves label block on the ASBR
26
Draft for Kompella
• Implemented through a draft from Keerti

Kompella.
– draft-kompella-l2vpn-l2vpn-01
• Describes label distribution, uses BGP4
• Continue to use Martini draft for encapsulation
– draft-martini-l2circuit-encap-mpls
Page 27
27
27
draft-kompella-l2vpn-l2vpn-01.txt. this draft expiration date is July 2006.
This document offers a solution that preserves the advantages of a Layer 2 VPN
while allowing the Service Provider to maintain and manage a single network for
IP, IP VPNs and Layer 2 VPNs, and reducing the provisioning problem
significantly. In particular, adding a site to an existing VPN in most cases requires
configuring just the Provider Edge router connected to the new site.
To ease the restriction that all sites within a single VPN connect via the same layer
2 technology, this document proposes a limited form of layer 2 interworking,
restricted to IP only as the layer 3 protocol.
27
Kompella Control Plane
CE1
CE2
PE2 receives the

Information and checks it
and calculate the VC
PE1 label with it
PE1 sends out the PE2
configured VPN info
to neighbors with
MP-BGP
MP-BGP
Page 28
28
28
1. BGP version 4 is used as the auto-discovery and signaling protocol for Layer 2
VPNs. In BGP, the Multiprotocol Extensions (MP-BGP) are used to carry L2-
VPN signaling information. MP-BGP defines the format of two BGP attributes
(MP_REACH_NLRI and MP_UNREACH_NLRI) that can be used to
announce and withdraw the announcement of reachability information. We
introduce a new address family identifier (AFI) for L2-VPN [to be assigned by
IANA, because it is a draft], a new subsequent address family identifier (SAFI)
[to be assigned by IANA], and also a new NLRI format for carrying the
individual L2-VPN label-block information. One or more NLRIs will be carried
in the above-mentioned BGP attributes. L2VPN NLRIs must be accompanied
by one or more extended communities. the reuse of ROUTE TARGET
extended community. Its usage is exactly the same as in the case of MPLS L3
VPN, also RD.
2. Different site within the same VPN is identified by using CE ID, in the same
VPN, CE ID should be unique.
3. Each PE use the receiving l2vpn information to calculate the VC label.

Different VC label is bound with PE-CE link, not like L3 VPN for route.
28
VPN Information－Label Block
• PE chooses a Label Block. PE Label Block
• Label Base : Smallest Label 1000

CE1 Label Block1
in Block LB=1000
1001
LR=3
• Range : number of labels of LO=0
1002
the block
• Offset: the sum of all the CE2 Label Block1
1003
previous label blocks’ range. LB=1003

1004
LR=3
• A remote site with CE ID m will LO=0
1005
connect to this CE with a label
selected from one of the label 1006
CE1 Label Block2
blocks. block offset <= m < LB=1006 1007
block offset + label-range LR=3
LO=3
1008
Means m should be lower than the

Page 29
Network Learning Centre total label range counts 29
1. Kompella MPLS L2VPN adopts the label block to allocate labels. Through it,
labels can be allocated to connections at the same time.
2. Users can specify the local CE range that indicates how many CEs can be
connected with this CE. PE assigns a label block for this CE. The size of the
label block equals the CE range. In this way, users can reserve some extra
labels for the VPN for future use. It is a waste of label resources in a short term,
but it can reduce the workload of VPN deployment and configuration in
expansion.
3. Suppose an enterprise VPN has 10 CEs and the number may increase to 20
concerning its service expansion in future. The CE range of each CE can be set
to 20 to meet future expansion. In this way, it is only necessary to modify the
configuration of the PE that is attached with the newly added CE, without
modifying other PEs when the VPN adds nodes in the future.
4. An L2VPN NLRI is uniquely identified by the RD, CE ID and the Label-block

Offset.
29
Label Block Structure
0 7 15 23 31
Length
Route Distingguisher
CE ID
Label-block Offset Label Base
Label Base
Variable TLVs
• Circuit State Vector (CSV): variable TLV,

used to identify the status of circuit.
Page 30
30
30
One or more such NLRIs can be carried in a single MP_REACH_NLRI or

MP_REACH_NLRI attribute. An L2VPN NLRI is uniquely identified by the RD,
CE ID and the Label-block Offset. So an L2VPN NLRI carried in
MP_UNREACH_NLRI attribute must contain only these 3 fields other than the
length field.
Length :
The Length field indicates the length in octets of the L2-VPN address information.
Route Distinguisher :
Has the same meaning as in MPLS L3 VPN.
CE ID, Label Base and Label offset please refer to previous slide.
Variable-TLVs:
L2VPN TLVs can be added to extend the information carried in the L2 VPN NLRI.
In L2VPN TLVs, type is 1 octet, length is 2 octets and represents the size of the
value field in bits.
A new sub-TLV (CSV) is introduced to carry the status of an L2VPN PVC between
a pair of PEs. This sub-TLV is a mandatory part of MP_REACH_NLRI.
The value field of this TLV is a bit-vector, each bit of which indicates the status of
the VC associated with the corresponding label in the label-block. Bit value 0 30
i di h h l l i i d h l LSP h PE i hil
Layer2-Info Extended Community
0 7 15 23 31
Extended Community type Encaps Type Control Flags
Layer-2 MTU Reserved
• The extended community, Layer2-Info, Used

to carry layer 2 specific information in a
VPN. This extended community must be
carried as part of path attribute in all BGP
update messages carrying L2VPN NLRIs.
Page 31
31
31
Extended Community Type TBD( to be determined)
Encapsulation Type Identifies the layer 2 encapsulation, e.g., ATM, Frame Relay
etc. The following encapsulation types are defined:
Value Encapsulation
0 Reserved
1 Frame Relay
2 ATM AAL5 VCC transport
3 ATM transparent cell transport
4 Ethernet VLAN
5 Ethernet
6 Cisco-HDLC
7 PPP
8 CEM [8]
9 ATM VCC cell transport
10 ATM VPC cell transport

31
11 MPLS
VC Label Calculation-1
CE m
CE k
L2VPNA (RD RT)

CE m L2VPNA (RD RT)
label-block : Lm CE k
Lm's block offset : LOm
PE1 PE2 label-block : Lk
label-base : LBm Lk's block offset : LOk
label-range : LRm label-base : LBk
MP-BGP label-range : LRk
Page 32
32
32
When a PE receives a Layer 2 VPN advertisement, it checks if the received

VPN Target community matches any VPN that it is a member of.
Advertised PE1
VPN A
CE m
label-block Lm
Lm's block offset as LOm
label-base as LBm
label-range as LRm
receiving PE2 is a member of VPN A
the configured CE ID is k.
label-block Lk.
Lk's block offset LOk
label-base as LBk
32
label range as LRk
VC Label Calculation-2
• Check the encapsulation type for VPN A, if does not match stop.
(Note that for IP-only layer 2 interworking a separate encapsulation
type is defined).
• Check if k = m. If so, issue an error: Stop.
• Search among all the label-blocks from m for one which satisfies
LOm <= k < LOm + LRm. If none found, stop. Otherwise let Lm be
the label-block found.
• Search among all the label-blocks of k for one which satisfies LOk
<= m < LOk + LRk. If none found, stop. Otherwise let Lk be the
label-block found.
• The Interface bound with remote CE-m is identified based on the
configuration in remote CE. Then VC label for sending packets to
CE-m is (LBm + k - LOm) and The VC label on which to expect
packets from CE-m is (LBk + m - LOk).
Page 33
33
33
As for the incoming VC label and out going VC label calculation. Remember
that the incoming VC label is that local label base + remote CE ID - local label
offset, the outgoing VC label is remote label base + local CE ID – remote label
offset
PE1’s calculation steps is similar to PE2.
Question:
As for VPNA, is PE1’s incoming VC label same with PE2’s outgoing label ?
Vice versa.
If an advertisement is withdrawn, the corresponding routes must be removed

from the forwarding table.
33
VC Calculation Example
II have:
have:
VPN CE2
VPN :: red
red
CE-id:
CE-id: 22
Label
Label Base:
Base: 2000
2000
Label
Label Range:
Range: 10
10 201 203
PE2
Tunnel 1002 Payload
Tunnel 3002 Payload
Tunnel 2001 Payload Tunnel 2003 Payload
102 302
CE3
CE1
103
PE1 301
PE3
Tunnel 3001 Payload Tunnel 1003 Payload
II have: II have:
have:
have:
VPN VPN
VPN :: red
red
VPN :: red
red
CE-id: CE-id:
CE-id: 33
CE-id: 11
Label Label
Label Base:
Base: 3000
3000
Label Base:
Base: 1000
1000
Label Label
Label Range:
Range: 10
10
Label Range:
Range: 10
10
Page 34
34
34
For example: PE1’s calculation
1.Check the encapsulation type
2.Check k=m or not.
3.Find a label block. [Local block offset <= remote CE ID < local block offset +
local block CE range ?] and [remote block offset<=local CE ID < remote block
offset + remote block CE range] Default offset is 0.
4.Calculate the VC label
As for CE2 the incoming VC label is local label base + remote CE ID – local
offset equals 1000+2-0=1002, the outgoing label is remote label base + local CE
ID – remote offset equals 2000 + 1 -0 = 2001.
The other calculations are similar.
34
Kompella Summary
• MP-BGP is used for signaling to transfer

layer 2 NLRI and VC Label，use CE-ID to
identify CE.
• Label Block is allocated based on the CE
Range.
• Advantages:
– Topology Auto-discovery; Support local
cross ; Inter-as support.
• Disadvantages：
– Implementation is complex; Venders
who support this are less; Label
Wastage.
Page 35
35
35
35
L2VPN Types
Mode Kompella Martini CCC SVC

Index
Signaling BGP LDP NA NA
Tunnel Type GRE/LSP/ GRE/LSP/ Static LSP GRE/LSP/

L2TPv3 L2TPv3 L2TPv3
Tunnel Shared Shared Shared Exclusive Shared
Encapsulation ATM/FR/PPP ATM/FR/PPP/ ATM/FR/PPP/ ATM/FR/PPP

Type /HDLC/ETH/ HDLC/ETH/ HDLC/ETH/ /HDLC/ETH/
VLAN
VLAN VLAN VLAN
Scalability High High Low Normal
Page 36
36
36
36
Layer 2 Interworking
• As defined so far, all CE-PE connections for a given Layer 2 VPN must
use the same layer 2 encapsulation, e.g., they must all be Frame
Relay. This is often a burdensome restriction.
CE1 FR Link
ATM Link CE2
PE1 PE2
Page 37
37
37
For Layer 2 interworking as defined here, when an IP packet arrives at a PE, its
Layer 2 address is noted, then all Layer 2 overhead is stripped, leaving just the
IP packet. Then, a VPN label is added, and the packet is encapsulated in the PE-
PE tunnel (as required by the tunnel technology). Finally, the packet is
forwarded. Note that the forwarding decision is made on the basis of the Layer 2
information, not the IP header. At the egress, the VPN label determines to which
CE the packet must be sent, and over which virtual circuit; from this, the egress
PE can also determine the Layer 2 encapsulation to place on the packet once the
VPN label is stripped.
Notes:
In L2VPN interworking, L2VPN connection can only be established in

Kompella, Martini or CCC local connection mode, not in CCC remote
connection or SVC mode.
As for Huawei’s device, the following interfaces used in L2VPN can be

encapsulated with ip-interworking:
• Interfaces and sub interfaces of Ethernet type
• Interfaces and sub interfaces of Gigabit Ethernet type
• Interfaces of Virtual-Ethernet type
Note that, 37
Module 5
VPLS

38
Basic concept of VPLS
VPLS Overview
• VPLS is also known as Transparent LAN Service (TLS) and Virtual
Private Switched Network service
• VPLS provides L2 VPN service. By function, L2 VPN and L3 VPN are
different in whether L2 forwarding or L3 forwarding functions are
simulated on the public network
• In VPLS, users are connected through a point-to-multipoint network,
rather than the point-to-point connection service provided on the
traditional L2 VPN.
• VPLS, in fact, is about creating a series of virtual switches on the PE to
be leased to users. Such virtual switches can be networked in the
same way as traditional switches. This way, the users can implement
their own LAN connections through the WAN
Page 39
39
39
VPLS is a L2 VPN technology based on MPLS and Ethernet technology. In the

past ten years, the Ethernet technology has seen rapid growth and found wide
application. Its rate has increased from 10M to 100M and then to 1000M, while the
deployment costs become increasingly lower. The Ethernet technology has not only
found application with enterprise networks but also increasingly more application
with the operating networks, particularly MANs. Thanks to its high bandwidth and
low costs, the Ethernet is highly competitive. However, MAN Ethernet often
provides point-to-point services, and cannot provide services across the WAN. The
development of MPLS has enabled the wide application of the L2 VPN based on
MPLS. However, other L2 VPNs except VPLS all provide only point-to-point
services. To provide multipoint services similar to Ethernet on the MAN/WAN,
VPLS has emerged at the right time.
VPLS provides services similar to LAN on the MPLS network. It allows users to
access the network at the same time from multiple districted points to visit each
other, as if these points have been directly connected to a LAN. VPLS enables
users to expand their LANs to the MAN or even to WAN.
39
VPLS Structure
Emulated Service
Pseudo-wire A branch 1
CE
Attachment Attachment
Circuit PE Circuit S
Virtual B headquarters
CE Switch
Instance
R
S
MPLS LSP
PE CE
S SP
P LS L
MP M
A headquarters R LS
LSP IP/MPLS network A branch 2
PE Virtual CE
Switch
Instance S
S PE
B branch 1
CE
R B branch 2
S
CE
Page 40
40
40
Pseudo Wire (PW): It is a virtual connection used to transmit frames between two
PEs in VPLS. PE establishes and maintains PWs through the use of signaling, and
the two PEs at two ends of a PW maintain PW state information.
Virtual Switch Instance (VSI): Every VSI can offer separate VPLS service. The
VSI implements Ethernet bridge function and terminates Pseudo Wire (PW). In
Cisco it is called as VFI (Virtual Forwarding Instance)
Virtual Circuit (VC): a logic single directional circuit between two nodes. A PW is
constitutes by two opposite directional VCs. A VC can be used as a single
directional PW.
Attachment Circuit (AC): In L2VPN, CE accesses PE through AC. AC can be
either a physical link or a logical link. AC transmits frames between CE and PE.
40
VPLS Basic Concept

• Pseudo Wire (PW): It is a virtual connection used to transmit frames
between two PEs in VPLS
• Virtual Switch Instance (VSI): Every VSI can offer separate VPLS
service. The VSI implements Ethernet bridge function and terminates
Pseudo Wire (PW). In Cisco it is called as VFI (Virtual Forwarding
Instance)
• Virtual Circuit (VC): a logic single directional circuit between two
nodes. A PW is constitutes by two opposite directional VCs. A VC can
be used as a single directional PW.
• Attachment Circuit (AC): In L2VPN, CE accesses PE through AC. AC
can be either a physical link or a logical link. AC transmits frames
between CE and PE.
Page 41
41
41
Working process of VPLS
z Member relationship discovery (control

plane)
z PW creation and maintenance (control
plane)
• Forwarding based on MAC addresses in
VSI (data plane)
Page 42
42
42
Control Plane
z Member discovery: It is the process to find all other PEs in the

same VPLS. This can be implemented either through manual
configuration or automatically by the use of some protocols. In the
later case, it is called “auto discovery”.
z Signaling mechanism: It is the process to use the signaling
protocol between the PEs of the same VPLS to establish, maintain
and remove PW.
• Huawei products support the use of the BGP or LDP to implement
the control plane of VPLS, referred to as Kompella VPLS and
Martini VPLS respectively. Whereas, Cisco products support only
Martini.
Page 43
43
43
Data Plane
• Encapsulation: When receiving Ethernet

frames from CE, PE sends them to PSN after
encapsulation.
• Forwarding: How to forward packets depends
on the interface receiving the packets and the
destination MAC addresses of the packets .
Page 44
44
44
VPLS Forwarding Model

R
R VSI1
CE
VSI1 VLAN1
CE
VLAN1 PE PE
R R
VSI2 VSI2
R R
CE
VLAN2 CE
VLAN2
VSI1 VSI2
R
PE
CE CE
VLAN1 VLAN2
R R
Page 45
45
45
PE implements VPLS forwarding through the use of VSIs. Ethernet frames can be
forwarded between two PEs through the fully-connected Ethernet emulated circuit
or PW.
PEs in a VPLS must be fully connected, that is, there is a PW between any two
PEs. Then packets can be directly transmitted from ingress PE to egress PE,
without forwarded by intermediate PEs. Therefore, loop is free between PEs, and
Spanning Tree Protocol (STP) is unnecessary to run.
45
Packet transport process CE

A branch 1
MAC Lable VC ID User PDU
PE S
R
User PDU
CE MAC Lable VC ID User PDU When the PE forwards
the packets from the
MPLS LSP
PE
S SP remote PE, it selects
P LS L
MP M the home VPNs of the
A headquarters R LS
LSP IP/MPLS network PDUs of the users
according to the VC
The VPLS tunnel, for label, and it looks for
According to the VPNs of the users, the
the CE equipment, is the egress interfaces of
PE encapsulates the PDUs with the VC PE
like a L2 switch that the packets according
Labels to distinguish different users in CE
to the destination
has no protocol the MPLS network. According to the R addressesAof
started, as it destination MACs of the users, the branchusers,
the 2
transparently removing the VC Label
PSTN labels are encapsulated for
transmitted the and sending the original
transmission to the destination PE:
packets of the users PDUs ofSthe users to
Obviously, the PE in the VPLS network
the CE
must have the ability to learn the MAC
addresses of the users
Page 46
46
46
Martini VPLS
Overview
• Using the LDP as signaling

• Using the TLV of the expanded standard LDP to carry the
information of VPLS
– FEC TLV of type 128 and type 129 added
• Label allocation and reservation mode when PW is
established
– DU (downstream unsolicited) used as the allocation
mode
– Liberal label retention used as the label retention mode
• LDP connection used for exchanging VC signaling must be
configured to be the Remote mode in Huawei routers
Page 47
47
47
Martini VPLS: LDP used for signaling, and needing manual designation of various
peers of the PE. Since full connections must be established between various PEs in
the same VPLS, whenever a new PE joins, all related PEs modify the
configuration, which causes poor expandability. Since the PW is actually a point-
to-point link, the LDP is more effective to be used for establishing, maintaining and
removing the PW.
47
Martini VPLS
Signaling process
Configuring VSI, and
PE1 designating PE2
the PE2 as Peer Configuring VSI, and
Mapping Message designating
the PE1 as Peer
Mapping Message
Interface parameters Interface parameters
match . PW UP match . PW UP
Withdraw Message
Removing PW
Release Message PW Down
Recycle label
PW Down
Page 48
48
48
This slide shows a typical process where the LDP is used as the signaling for the
establishment and removal of the PW. When the PE1 is configured with one VSI
(Virtual Switch Instance) and the PE2 has been designated as its peer, a label will
be assigned and the mapping message will be sent to PE2 if the LDP session has
already been established between PE1 and PE2. After PE2 receives the mapping
message, it checks if the same VSI has been configured locally. If the same VSI
has been configured, and the VSI ID and encapsulation type are both the same, it
means that the VSIs on these two PEs are within the same VPN. If the interface
parameters are the same between them, the PW on the PE2 end has been
established. After PE1 receives the mapping message from PE2, it performs the
same check and processing.When PE1 no longer wants to forward the packets of
PE2 (for example, the user cancels the designation of the PE2 as peer), it sends the
withdraw message to the PE2. After PE2 receives the withdraw message, it
removes the PW and responds with the release message. After PE1 receives the
release message, it releases the label and removes the PW.
48
Martini VPLS
Setup PW
VC
VC:111 in VLAN 10 VC:111 in VLAN 10
VC:222 in VLAN 20 VC:222 in VLAN 20
.
.
. VC:555 in VLAN 50
VC:555 in VLAN 50
1.1.1.1 2.2.2.2
LSP
IP MPLS Network
R R
Trunk PE PE Trunk
VLAN 10-50 1.1.1.1 Remote Session 2.2.2.2 VLAN 10-50
S CE CE S
Vlan:1020 50 Vlan:1020 50
Page 49
49
49
Common LDP Neighbor still needs to be established between PE and P for the
allocation of the MPLS labels of the public network.
Neighborhood relationship is established between PEs through the expanded LDP,
and the TCP connection is directly used to send LDP messages to maintain the
Remote LDP Session.
Through this LDP Session, the VPN control information is interacted, including the
allocation of the PW labels (equivalent to the private labels in the L3VPN)PE
creates one VSI (Virtual Switch Instance) for each VPN. Each VSI has one ID.
When the LDP negotiates for PW, the ID works as the tag of VPN
49
Martini VPLS
Label allocation
z To establish one VC, PE needs to allocate two layers of labels for it.
z The outer layer label is the MPLS LSP label of the public network, as
allocated by the LDP. Only with the outer layer label, packets can be
transmitted on the public network.
z The inner layer label is the VC label, as allocated through the negotiation of
the remote LDP Session. PE allocates one label for each VC. PE
determines the VC to which the packets belong according to the inner layer
label, and then sends the packets to the right CE.
z The VC can be up and the VPLS can start to work only when two layer
labels have been correctly allocated.
Page 50
50
50
PW label allocation: PE allocates labels for the PW in the incoming direction, and
identifies it as Local-Labels. That of the PW in the outgoing direction is allocated
by the other party, and is identified as Remote-Label locally.
To establish one VC, PE needs to allocate two layers of labels for it.
The outer layer label is the MPLS LSP label of the public network, as allocated by
the LDP. Only with the outer layer label can packets be transmitted on the public
network.
The inner layer label is the VC label, as allocated through the negotiation of the
remote LDP Session established on the Loopback interface. PE allocates one label
for each VC. How this is allocated is determined in advance by the PEs on both
ends. PE determines the VC to which the packets belong according to the inner
layer label, and then sends the packets to the right CE.
The VC can be up and the VPLS can start to work only when two layer labels have
been correctly allocated.
50
Martini VPLS
Packet forwarding
Public LabelPrivate Label
MPLS VC label Tag Payload
Private Label
VC label Tag Payload
IP MPLS Network
R R
PE PE Trunk
Tag Payload VLAN 10-50
S CE CE S
Vlan:1020 50 Vlan:1020 50
Page 51
51
51
Start PE:
Each VSI is bound with a L3 vlan virtual interface connected to CE.
In packet forwarding, after a user packet is received, the VSI of the packet is
selected according to the vlan of the physical port on the PE. Then, the ID of the
remote PE of the packet is found in the MAC table in the VSI according to the
destination MAC in the user packet, and label A of direction PW is found
according to the remote PE ID, and the label is encapsulated on the user packet.
If the MAC table of the VSI does not have the destination mac entry of the user, the
packet is sent as a broadcast packet. In other words, the packet is sent to all the PE-
Peers of the VPN (in the VPN, the multicast packets of the user are processed in
the same way)
MPLS of the public network is looked up according to the ID of the remote PE,
next the public network label is encapsulated, and then the Mac header of the
public network is encapsulated
On the P equipment: SWAP,
When the packet is propagated in the MPLS backbone network, all the P
equipments perform SWAP of the common public network label or perform PHP
according to the LSP table.
End PE:
After a packet is forwarded to the end PE, the end PE views the label of the packet
and finds the right VSI for the packet in the label table, and then the physical egress
of the MAC is found in the MAC table of the VSI, and the label of the packet is
POPed. Finally the packet is forwarded from the appropriate physical port
51
Key Technology
MAC Address Learning
• In the VPLS, the service provider network simulates the bridge

equipment, and the PE performs MAC address learning. To forward
packets, the PE must be able to associate the destination MAC address
with the PW. The PE learns the remote MAC address through the PW,
and learns the MAC address of direct access through the AC.
– MAC address from the remote PE: recorded as MAC—LSR-ID of
the remote PE
– MAC from the local CE: recorded as MAC—VSI corresponding
interface
Page 52
52
52
Key Technology
MAC Address Learning and Flooding
VSI MAC PORT

VPN1 A Vlan10,port1
ARP Broadcast VPN1 B PW1
PW2
S R R S
PW
1 2 VSI MAC PORT
PW
MAC A IP 1.1.1.2 VPN1 A PW2
VSI MAC PORT

R ARP Response
VPN1 A PW1
VPN1 B Vlan10,port1
S MAC B IP 1.1.1.3
Page 53
53
53
I) Source MAC address learning

To forward packets, the PE needs to create the MAC forwarding table. It is
different from the BGP VPN in that the BGP VPN uses the route distribution
mechanism to create the routing table, working on the control plane. The
VPLS uses the standard bridge learning function to create the forwarding
table, performed by the forwarding plane. The method for creating the MAC
forwarding table is MAC address learning, including learning the packets
from the user side and the packets from the PW. The outgoing interfaces of
the MAC addresses learnt from the PW must be set to the corresponding
outgoing PW of the PW. The MAC address learning process consists of two
parts:
A. Remote MAC address learning associated with PW
Because the PW consists of one pair of unidirectional VC LSP (only when the VC
LSP in both directions are both UP, the PW is deemed as UP), when an
unknown MAC address is learnt from the VC LSP of the incoming direction,
the PW must map the address MAC to the VC LSP of the outgoing direction.
B. Local MAC address learning of the port directly connected to the user
For a L2 packet submitted by the CE, the source MAC address in the packet must
be learnt to the corresponding port of the VSI.
II) MAC address aging
The remote MAC addresses learnt by the PE must have an aging mechanism to
remove the entries related to the VC label that are no longer used. When a
packet is received, its appropriate aging timer is reset according to the source
address. Similarly, the MAC addresses learnt in the local VSI must all
undergo the aging process. 53
Key Technology
Two modes of MAC address learning

• Qualified
– PE learns MAC addresses according to MAC addresses of
Ethernet packets and VLAN tags, that is, based on every
VLAN of every VSI. In this mode, every VLAN forms its
own broadcast domain and has its own independent MAC
address range.
• Unqualified
– PE learns MAC addresses according to MAC addresses of
Ethernet packets, that is, based on every VSI. In this mode,
all VLANs share a broadcast domain and a MAC address
range. The MAC address of a VLAN must be unique, and
no overlapped address exists.
Page 54
54
54
One feature of the Ethernet network is that for broadcast packets, multicast packets
or unicast packets with unknown destination MAC addresses, the Ethernet network
sends them to all the other ports on the same Ethernet segment.
In VPLS, the service provider network stimulates network bridge devices and PE
performs MAC address learning. PE must associate destination MAC address with
PW to forward packets. PE learns remote MAC addresses through PW and directly-
connected MAC addresses through AC.
There are two modes of MAC address learning:
Qualify: PE learns MAC addresses according to MAC addresses of Ethernet
packets and VLAN tags, that is, based on every VLAN of every VSI. In this mode,
every VLAN forms its own broadcast domain and has its own independent MAC
address range.
Unqualify: PE learns MAC addresses according to MAC addresses of Ethernet
packets, that is, based on every VSI. In this mode, all VLANs share a broadcast
domain and a MAC address range. The MAC address of a VLAN must be unique,
and no overlapped address exists.
54
Key Technology
Broadcast Traffic Forwarding
• If PE receives broadcast sent by the local customer, PE

forwards it to all other ports and PEs of the same VPLS.
• If PE receives broadcast sent by remote PE, PE forwards it to

directly-connected VPLS customers, instead of other PEs.
• For the packet whose destination MAC address is non-

broadcast address, if PE does not learn such MAC address,
then PE broadcasts this packet.
Page 55
55
55
If PE receives broadcast flows sent by the local customer, PE forwards it to all

other ports and PEs of the same VPLS.
If PE receives broadcast flow sent by remote PE, PE forwards it to directly-
connected VPLS customers, instead of other PEs.
For the packet whose destination MAC address is non-broadcast address, if PE
does not learn such MAC address, then PE broadcasts this packet.
55
Key Technology
Packet Encapsulation on AC
• 802.1Q tag,Ethernet access: (also known as QinQ access) The PE of the

carrier ignores the 802.1Q tag in the user packets, and it selects their home
VPNs according to the QinQ VLAN. This mode requires intervention in the
VLAN planning of the user, and one PE allows the VLAN overlapping of
different CEs.
• VLAN access: The carrier allocates a user with a VLAN for access, and all the
packets of the user must be placed with the tag of the VLAN and sent to the
PE. Otherwise, communication is impossible. This mode requires intervention
in the user VLAN planning, and one PE does not allow the VLAN overlapping
of different CEs.
Page 56
56
56
ThankYou


MEN Part 2 - Day4 - Ver1 - NoRestriction

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

MEN Part 2 - Day4 - Ver1 - NoRestriction

Загружено:

Авторское право:

Доступные форматы

Network Learning Centre 1

Network Learning Centre 2

Network Learning Centre 3

Dependence on special media (such as ATM or FR): for ATM-based or FR-based

Complicated VPN structure: when a site is added to an existing VPN, it is required to

VPN as we know it is virtual private network, using some tunnel technology to

We define a Layer 2 VPN as one where a Service Provider provides a layer 2

• The basic principle of all MPLS L2VPN modes,

• The service provider use MPLS network to provide Layer

• Routing occurs between CE routers

• PE sends VPN traffic across the service provider’s

• Separation of Administrative Responsibilities

• Routing Privacy and Security

• Native Multi protocol Support

PE routers share between themselves only a small amount of information about

Separation of Administrative Responsibilities

Routing Privacy and Security

As for traditional layer 2 VPN, if CE is full-meshed, there have N2 problem, just

• VLL=Virtual Leased Line

VLL (Virtual Leased Line）：VLL is the simulation of traditional leased line

Connection > LDP、BGP、STATIC-LSP and so on

‘Emulated Circuits’—three layers encapsulation

>Emulate VC Encapsulation (Control Word)

In an MPLS network, it is possible to use control protocols to set up "emulated virtual

•the "demultiplexer field", which is used to distinguish individual emulated virtual

-Although different layer 2 protocols require different information to be carried in this

VC Label(VC) EXP 1 TTL(Set to 2)

Rsvd Flags 0 0 Length Sequence Number

Tunnel Label /VC Label

Layer-2 Protocol Data Unit

Encap type Control Word

Tunnel Label Layer2 Header Data Branch Office B

Only one level PE

An important application of MPLS is the "convergence" of Layer 2 networks,

CCC（Circuit Cross Connect）is a static VC connected VPN, according to the

Outer Label VC Label Layer2 Header Data

MPLS Tunnel (LSP)

VC Label distributed by LDP

The Martini mode implements MPLS L2VPN by setting up a point-to-point link. It

• The Mode is based on two drafts from Lucca

• VC ID is used to identify a VC,VC Type indicates the

The Martini mode implements MPLS L2VPN by setting up a point-to-point link. It

Martini MPLS L2VPN adopts VC-Type + VC-ID to identify a VC between two

•VC-ID: VC-ID of each VC in the same VC-TYPE must be unique in the

0 0 FEC TLV(0x0010) Length

VC TLV(0x80) c VC Type VC Info Length

0 0 Generic Label(0x0200) Length

• An In Label is allocated when a LDP VC is configured.

PE2 repeats steps 1-5 so

2. PE1 starts LDP session

3. PE1 allocates VC label 5. PE2 receives VC FEC

The VC label mapping procedures are as follows:

1. L2 transports routes to the ingress PE1

• If a PE route detects a condition that affects normal

Circuit status signaling PE port failure triggers

1. Not support, Because VC type + VC ID is unique, one PE can’t connect two

2. Remember? In label is allocated by local PE, out label is allocated by remote

• Similar to Martini MPLS L2VPN, the only

SVC implements MPLS L2VPN through static configuration. SVC transfers

MPLS Tunnel (LSP)

Kompella supports both local and remote connections.