L2VPN Fundamentals

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

L2VPN Fundamentals
EoMPLS
EoMPLS Control and Forwarding Plane A simple EoMPLS Configuration Example

7600 EoMPLS Options

VPLS

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

EoMPLS Overview
Tunnel label VC label Customer PDU

Customer PDU

Pseudowire

MPLS
PE
P
LDP Targeted LDP P LDP

Customer PDU

Attachment Circuit

Attachment Circuit

PE
CE

CE

MPLS in the core, normal LDP sessions per hop to exchange Tunnel label Targeted (AKA directed) LDP session between PEs to exchange VC (AKA PW label) label Tunnel label is used to forward packet from PE to PE VC label is used to identify L2VPN circuit Attachment Circuit (AC) Connection to CE, it could be a physical Ethernet port, a logical Ethernet port, and ATM PVC carrying Ethernet frames, etc Attachment circuit is mapped to EoMPLS PW. It can be 1:1 or N:1 mapping
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Control Plane: Signalling

VC TLV C VC Type Group ID VC ID Interface Parameter VC info length
VC Type: FR, ATM, E802.1Q, Eth C: 1 control word present Group ID: If for a group of VC, useful to withdraws many labels at once VC ID + VC Type: ID for the transported L2 vc Int. Param: MTU

Emulated VC signaling is done via directed LDP session between PEs. Information like VC type, VC ID, interface parameter, etc are negotiated via VC signaling

For EoMPLS, it uses two VC types, VC type 4 (Ethernet VLAN) and VC type 5 (Ethernet). 7600 use VC type 5 by default, but can negotiate to VC type 4 per peers request

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Data plane (Martini encapsulation)

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 01 Tunnel label VC label Control Word(Optional) L2 Frame Rsvd Flags Tunnel Label VC Label EXP 0 EXP 1 TTL

TTL

0 0

Length L2 PDU

Sequence number

L2 Frame
Original customer Ethernet L2 PDUs are transported except the preamble, SFD and FCS. Customer VLAN id may or may not be transported depends on the VC type and if its used as service delimiter. If its VC type 4, service delimiter VLAN id is tunnelled. If its VC type 5, service delimiter VLAN id is not tunnelled

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

A EoMPLS Configuration Example

CE gig4/48

PE-1
gig4/1

IP/MPLS cloud
ten1/0/0

PE-2
gig6/48

PE-1 interface GigabitEthernet4/1 ip address 10.10.1.5 255.255.255.252 tag-switching ip

PE-2

interface TenGigabitEthernet1/0/0 ip address 10.10.3.13 255.255.255.252 tag-switching ip

interface Loopback0 ip address 10.1.1.2 255.255.255.255 interface gig 6/48.1 encapsulation dot1q 101 xconnect 10.1.1.1 100 encapsulation mpls

interface Loopback0 ip address 10.1.1.1 255.255.255.255

interface GigabitEthernet4/48.1 encapsulation dot1Q 100 xconnect 10.1.1.3 100 encapsulation mpls

VPN ID is globally significant. It must match on

both PEs to identify the EoMPLS VC
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Attachment Circuit VLAN ID is local PE significant

7

Control Plane Verification

Verify the underlying MPLS/IP connectivity before EoMPLS troubleshooting !!!
PE1#sh mpls l2transport vc
Local intf Local circuit ------------- -------------------Gi4/48.1 Eth VLAN 100 Dest address --------------10.1.1.2 VC ID Status ------------------100 UP Indicates Emulated VC 100 with Remote Peer 10.1.1.2 is UP

PE1#sh mpl l2 bind 100 Destination Address: 10.1.1.2, VC ID: 100 Local Label: 25

Cbit: 0,

VC Type: Ethernet,

GroupID: 0
VC type 5 (Ethernet) CW (0) GroupID: 0 MTU (1500)

MTU: 1500, Interface Desc: n/a VCCV Capabilities: Type 2 Remote Label: 19 Cbit: 0, VC Type: Ethernet, MTU: 1500, Interface Desc: n/a VCCV Capabilities: Type 2
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Control Plane Verification

PE1#sh mpl l2 vc 100 detail Local interface: Gi4/48.1 up, line protocol up, Eth VLAN 100 up 10.1.1.2 (PE2 loopback) VC ID 100

Destination address: 10.1.1.2, VC ID: 100, VC status: up

Tunnel label: 17, next hop 10.10.1.6 Output interface: Gi4/1, imposed label stack {17 19} Create time: 00:15:02, last status change time: 00:04:37 Signaling protocol: LDP, peer 10.1.1.3:0 up MPLS VC labels: local 25, remote 19 Group ID: local 0, remote 0 MTU: local 1500, remote 1500 Remote interface description: Sequencing: receive disabled, send disabled VC statistics: packet totals: receive 10208285, send 11130498 byte totals: receive 837079404, send 712351872 packet drops: receive 0, send 0
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential

VC label :19 Tunnel label:17

Statistics Counters

7600 EoMPLS Configuration Options

Interface gig 1/1 xconnect 1.1.1.1 10 encap mpls Interface gig 1/1.1

PFC based EoMPLS

encap dot1q 100

xconnect 1.1.1.1 10 encap mpls Interface gig 1/1/1

service instance 10 ethernet

encap dot1q 100 xconnect 1.1.1.1 10 encap mpls Interface gig 1/1

Scalable EoMPLS

switchport
switchport trunk encap dot1q switchport trunk allow vlan 100 Interface vlan 100

SVI based EoMPLS

xconnect 1.1.1.1 10 encap mpls

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential

10

7600 EoMPLS Options

classify based on who does the EoMPLS label imposition/diposition
Ingress
(SIP400 & ES20 ONLY)

PFC/DFC

Egress

EoMPLS Option EoMPLS Label imposition/deposition Maximum EoMPLS PWs

Scalable EoMPLS Ingress SIP card (SIP400 and ES20) 16K with EVC config 12K with sub-interface config PW doesnt consume system VLAN resource

PFC based (or HW) EoMPLS PFC/DFC

WAN based (or SVI based or SW) EoMPLS Egress SIP card

4K, each PW need one system VLAN resource

4K, each PW need one system VLAN resource

Local Switching xconnect config

Presentation_ID

No Sub-interface or EVC
Cisco Confidential

No Sub-interface or main interface

Yes SVI
11

2006 Cisco Systems, Inc. All rights reserved.

L2VPN Fundamentals
EoMPLS VPLS
Concept A simple VPLS example VPLS logical topology

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

12

VPLS Overview (vs. SVI based EoMPLS)

SVI MPLS uplink port must be SIP based Attachment Circuit Attachment Circuit Attachment Circuit Mac Learning and forwarding

7600
SVI

SIP
pseudo port

MPLS
pseudo port SVI

VPLS is very similar to SVI based EoMPLS L2 bridging among attachment circuit ports and PW pseudo ports based on MAC address xconnect is configured under SVI Need SIP based card as MPLS uplink port Same EoMPLS data plane, like L2PDU handling etc Whats different?

P-to-P (EoMPLS) vs. Multipoint (VPLS)

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential

13

VPLS Components
SVI

PW

AC

SVI

MPLS

SVI

Attachment Circuit (AC) Connection to CE, it could be a physical Ethernet port, a logical Ethernet port, and ATM PVC carrying Ethernet frames, etc. Virtual Circuit (Pseudo Wire) - Full Mesh of P-to-P PWs among participating PEs Virtual Forwarding Instance (VFI) A virtual L2 bridge instance that connects ACs to VCs (PWs) VFI to VLAN is 1-to-1 mapping. One VPLS instance create one L2 broadcast domain which include all the ACs and PWs. Packet is forwarded in this L2 broadcast domain just as regular L2 switch based on MAC address - MAC learning, forwarding, aging, etc is involved

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

14

VPLS (multipoint) Requirement

Compared with SVI based EoMPLS (P-to-P L2VPN Circuit), as multipoint L2VPN circuit, VPLS need to meet following additional requirement VPLS Multipoint bridging need same L2 forwarding mechanism as normal L2 switch, including
Redundancy mechanism and loop prevention MAC address learning, aging, limiting MAC address flushing/withdrawal upon topology change MAC address based forwarding

Since multiple PEs can participate into same L2VPN, it may need auto VPN membership discovery to simplify configuration. Manual membership configuration should be also supported

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

15

VPLS Auto-discovery & Signaling

VPN Discovery
Signaling Centralized Radius Directory Services Label Distribution Protocol Distributed BGP

DNS

Auto-discovery of VPN membership Reduces VPN configuration and errors associated with configuration. Draft-ietf-l2vpn-vpls-ldp-01 does not mandate an auto-discovery protocol. It can be BGP, Radius, DNS, AD based. 7600 use manual configuration. And support BGP based auto discovery from Barracuda release Signaling of connections between PE devices associated with a VPN. Same as EoMPLS, using directed LDP session to exchange VC information

Note, 7600 supports BGP based VPLS auto discovery. But this is only for VPN membership discovery, it still use directed LDP for EoMPLS signaling.
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential

16

VPLS Layer 2 Packet Forwarding

SVI

PW

AC

SVI

MPLS

SVI

Flooding/Forwarding
Forwarding based on [VLAN, Destination MAC Address] Unknwon Ucast/Mcast/Broadcast Flood to all ports (IGMP/PIM snooping can be used to constrict multicast flooding. This is supported from Barracuda release)

MAC Learning/Aging/Limit
Dynamic learning based on Source MAC and VLAN Refresh aging timers with incoming packet MAC address table limit per VFI (VLAN)

Note, MAC withdrawal/flushing is included in Advanced L2VPN part

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential

17

VPLS Redundancy and Loop prevention

SVI

PW

AC

SVI

MPLS

SVI

Customer STP is transparent to the SP / customer BPDUs are dropped or forwarded transparently. VPLS only tunnel BPDU, not participate STP VPLS use full mesh PW + split horizon to achieve redundancy and for loop prevention Full mesh PWs among all the participating PEs Split horizon - Traffic received from the network (PW) will not be forwarded back to the network (PW). Only forwarded to ACs. Exception for H-VPLS with split-horizon turn off

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

18

A VPLS Configuration Example

N-PE1
CE1 1.1.1.1 2222.2222.2221

10.0.2.1 / 32
SVI

N-PE2 10.0.2.2 / 32
SVI
CE2 1.1.1.2 2222.2222.2222

Gig 1/2

MPLS

Gig 6/2

l2 vfi full-vpls manual vpn id 1000 neighbor 10.0.2.2 encapsulation mpls neighbor 10.0.2.10 encapsulation mpls Interface loopback 0 ip address 10.0.2.1 255.255.255.255 Interface vlan 1000 xconnect vfi full-vpls Interface gig 1/2 switchport switchport trunk encap dot1q switchport trunk allow vlan 1000

N-PE10
Gig 1/2

SVI

10.0.2.10 / 32
l2 vfi full-vpls manual vpn id 1000 neighbor 10.0.2.1 encapsulation mpls neighbor 10.0.2.10 encapsulation mpls ! Interface loopback 0 ip address 10.0.2.2 255.255.255.255

CE3 1.1.1.3 2222.2222.2221

l2 vfi full-vpls manual vpn id 1000 neighbor 10.0.2.1 encapsulation mpls

neighbor 10.0.2.2 encapsulation mpls

Interface loopback 0 ip address 10.0.2.10 255.255.255.255 Interface vlan 1000 xconnect vfi full-vpls Interface gig 1/2 switchport switchport trunk encap dot1q switchport trunk allow vlan 1000

Interface vlan 2000 VLAN ID doesnt need to match VPN ID. Its local PE significant no ip address xconnect vfi full-vpls
Interface gig 6/2 switchport switchport trunk encap dot1q switchport trunk allow vlan 2000

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

19

Show commands (1)

7604-npe1#sh vfi full-vpls Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No VFI name: full-vpls, state: up, type: multipoint VPN ID: 1000 Local attachment circuits: local attachment vlan Vlan1000 Neighbors connected via pseudowires: Peer Address VC ID S

10.0.2.2 10.0.2.10

1000 1000

Y split-horizon is enabled by default Y

7604-npe1#sh mac-add vlan 1000 Legend: * - primary entry age - seconds since last seen n/a - not available vlan mac address type learn age ports ------+----------------+--------+-----+----------+-------------------------* 1000 2222.2222.2221 dynamic Yes * 1000 2222.2222.2222 dynamic Yes * 1000 2222.2222.2223 dynamic Yes
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.

0 Gi1/2 learn from local attachment circuit port 0 10.0.2.2, 1000 learn from PW, NPE2 0 10.0.2.10, 1000 learn from PW, NPE10
Cisco Confidential

20

Show commands (2)

VC specific show commands are the same as EoMPLS, for example, the following show commands are per VC basis. They are the same as EoMPLS

Show mpls l2 vc
Show mpls l2 binding Show mpls l2 vc detail
7604-npe1#show mpls l2 vc Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------VFI full-vpls VFI 10.0.2.2 1000 UP VFI full-vpls VFI 10.0.2.10 1000 UP

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

21

H-VPLS with MPLS Access

IP / MPLS Core U-PE N-PE N-PE U-PE

IP / MPLS

IP / MPLS

CE
Service Provider Network

CE

.1Q
MPLS

Full Mesh Pseudowires LDP

.1Q
MPLS

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

22

H-VPLS with MPLS Access Example

N-PE1
CE1 1.1.1.1 2222.2222.2221

10.0.2.1 / 32
MPLS

N-PE2 10.0.2.2 / 32
SVI
CE2 1.1.1.2 2222.2222.2222

Gig 1/2

SVI

Gig 6/2

N-PE10
For Hub PE, both core and access facing port must be SIP based to support VPLS. For access PE neighbors, split-horizon is disabled

SVI

10.0.2.10 / 32
Gig 1/2
CE10 1.1.1.10 2222.2222.222a

MPLS

For spoke PE, its regular EoMPLS, no VPLS configuration needed

CE3 1.1.1.3 2222.2222.2223

CE4 1.1.1.4 2222.2222.2224

Frames from Split-Horizon(SH) PW cannot send to other SH PWs, but can be send to NoSplit-Horizon(NSH) PWs. Frames from NSH PWs can send to both SH and NSH PWs On the Hub PE, for frame switched from PW to PW, two stage EoMPLS label imposition/deposition operations are involved.
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential

23

H-VPLS with MPLS Access Configuration

Hub PE Configuration l2 vfi h-vpls manual vpn id 999 neighbor 10.0.2.4 encapsulation mpls no-split-horizon for spoke PE neighbor 10.0.2.3 encapsulation mpls no-split-horizon neighbor 10.0.2.2 encapsulation mpls for core PE neighbor 10.0.2.1 encapsulation mpls Interface vlan 999 xconnect vfi h-vpls Spoke PE configuration interface Loopback0 ip address 10.0.2.3 255.255.255.255 interface GigabitEthernet1/9 xconnect 10.0.2.10 999 encapsulation mpls regular EoMPLS, can be any type of EoMPLS option
24

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

H-VPLS with MPLS Access show commands (1)

7604-upe0#sh vfi h-vpls Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: h-vpls, state: up, type: multipoint VPN ID: 999 Local attachment circuits: Vlan999 Neighbors connected via pseudowires: Peer Address VC ID S 10.0.2.4 999 N split-horizon is disabled for spoke PE 10.0.2.3 999 N 10.0.2.2 999 Y 10.0.2.1 999 Y

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

25

H-VPLS with MPLS Access show commands (2)

7604-upe0#sh mac-add vlan 999 Legend: * - primary entry age - seconds since last seen n/a - not available vlan mac address type learn age ports ------+----------------+--------+-----+----------+-------------------------* 999 2222.2222.2221 dynamic Yes 0 10.0.2.1, 999 * 999 2222.2222.2222 dynamic Yes 160 10.0.2.2, 999 * 999 2222.2222.2223 dynamic Yes 0 10.0.2.3, 999 * 999 2222.2222.2224 dynamic Yes 0 10.0.2.4, 999 * 999 2222.2222.222a dynamic Yes 0 Gi1/2 7604-upe0#sh mpl l2 vc 999 Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------VFI h-vpls VFI 10.0.2.1 999 UP VFI h-vpls VFI 10.0.2.2 999 UP VFI h-vpls VFI 10.0.2.3 999 UP VFI h-vpls VFI 10.0.2.4 999 UP
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential

26

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

27