Академический Документы
Профессиональный Документы
Культура Документы
Jeff Apcar, Distinguished Services Engineer APAC Technical Practices, Advanced Services
Presentation_ID
Cisco Confidential
Agenda
VPLS Introduction Pseudo Wire Refresher VPLS Architecture VPLS Configuration Example VPLS Deployment Summary
Presentation_ID
Cisco Confidential
The concept is fantastic, but in reality the experience might not be what you expected.
But were still willing to give it a go as long as we can understand/handle her behaviour
Presentation_ID
Cisco Confidential
VPLS Introduction
Presentation_ID
Cisco Confidential
CE
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Presentation_ID
Cisco Confidential
Presentation_ID
Cisco Confidential
Routing
MPLS
Security
Pseudo Wire Emulation edge-to-edge Forms the backbone transport for VPLS
As of 2-Nov-2006
Presentation_ID
Transport
Cisco Confidential
Classification of VPNs
VPN
Network Based
CPE Based
Layer 2
Layer 3
Layer 3
Ethernet
P2P
VPWS
VPLS IPLS
Ethernet (P2MP) Ethernet (MP2MP)
MPLS VPN
Virtual Router
IPSec
GRE
Presentation_ID
Cisco Confidential
L2VPN Models
L2VPN
MPLS
Like-to-Like Any-to-Any Like-to-Like
IP
VPWS Point-to-Point
VPLS/IPLS Multipoint
L2TPv3 Point-to-Point
PPP HDLC
ATM AAL5/Cell
FR Ethernet
PPP HDLC
ATM AAL5/Cell
FR
Ethernet
Ethernet
Presentation_ID
Cisco Confidential
10
Defined in draft-ietf-l2vpn-ipls
Presentation_ID
Cisco Confidential
11
VPLS Components
Pseudo Wires within LSP Attachment circuits Port or VLAN mode Virtual Switch Interface (VSI) terminates PW and provides Ethernet bridge function Mesh of LSP between N-PEs
CE router
N-PE
N-PE
CE router
CE router
CE router
CE switch
MPLS Core
CE switch
CE router CE switch
N-PE
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
12
Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS) Unidirectional LSP carries VCs between pair of N-PE Per
Presentation_ID
Cisco Confidential
Presentation_ID
Cisco Confidential
14
Develop standards for the encapsulation & service emulation of Pseudo Wires
Across a packet switched backbone
Presentation_ID
Cisco Confidential
15
CE IP/MPLS
CE
Customer Site
CE
PE1
Packet Switched Network (PSN) IP or MPLS
PE2
Pseudo Wire PDUs
CE
Customer Site
A Pseudo Wire (PW) is a connection between two provider edge devices connecting two attachment circuits (ACs)
16
Presentation_ID
Cisco Confidential
17
Presentation_ID
Cisco Confidential
18
VC information exchanged using Downstream Unsolicited label distribution procedures Separate MAC List TLV for VPLS
Defined in draft-ietf-l2vpn-vpls-ldp Use to withdraw labels associated with MAC addresses
Presentation_ID
Cisco Confidential
19
Customer Site
CE IP/MPLS
CE
Customer Site
Customer Site
CE
PE1
LSP created using IGP+LDP or RSVP-TE
PE2
VC Label identifies interface
CE
Customer Site
Unidirectional Tunnel LSP between PE routers to transport PW PDU from PE to PE using tunnel label(s)
Both LSPs combined to form single bi-directional Pseudo Wire
Directed LDP session between PE routers to exchange VC information, such as VC label and control information
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
20
Layer 2 PDU
Control Word
PW Label
Tunnel Label
21
Presentation_ID
Cisco Confidential
EXP EXP
0 1
Sequence Number
Tunnel Encapsulation
One or more MPLS labels associated with the tunnel Defines the LSP from ingress to egress PE router
Presentation_ID
Cisco Confidential
22
Ethernet PW Demultiplexer
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tunnel Encaps PW Demux Control Word
EXP EXP
0 1
Sequence Number
VC Label
Inner label used by receiving PE to determine the following Egress interface for L2PDU forwarding (Port based) Egress VLAN used on the CE facing interface (VLAN Based)
Presentation_ID
Cisco Confidential
23
EXP EXP
0 1
Sequence Number
Reserved
Seq number
provides sequencing capability to detect out of order packets - currently not in Ciscos implementation processing is optional
Cisco Confidential
Presentation_ID
24
Lo0: IP/MPLS
PW1 L2 PDU 24LSP72 P2 P1 38
Customer Site
CE
PE2
CE
Customer Site
LDP Session
Presentation_ID
Cisco Confidential
25
VPLS Architecture
Presentation_ID
Cisco Confidential
26
VPLS Standards
Architecture allows IEEE 802.1 bridge behaviour in SP plus:
Autodiscovery of other N-PE in same VPLS instance Signaling of PWs to interconnect VPLS instances Loop avoidance & MAC Address withdrawal
draft-ietf-l2vpn-vpls-ldp
Uses LDP for signalling, agnostic on PE discovery method Predominant support from carriers and vendors Cisco supports this draft
draft-ietf-l2vpn-vpls-bgp
Uses BGP for signalling and autodiscovery
Presentation_ID
Cisco Confidential
27
IP Routing
DNS
Signaling
MPLS
IP
Cisco 7600
Catalyst 6500
Cisco 12000
Presentation_ID
Cisco Confidential
28
Signaling
Draft-ietf-l2vpn-vpls-ldp
Does not mandate an auto-discovery protocol Can be BGP, Radius, DNS, or Directory based Uses Directed LDP for label exchange (VC) and PW signaling PWs signal control information as well (for example, circuit state)
Presentation_ID
Cisco Confidential
29
Data
SA
DA?
Flooding (Broadcast, Multicast, Unknown Unicast) Dynamic learning of MAC addresses on PHY and VCs Forwarding
Physical Port
Virtual Circuit
30
Presentation_ID
Cisco Confidential
CE
E0/0
CE
E0/1
Broadcast, Multicast, and Unknown Unicast are learned via the received label associations
Presentation_ID
Cisco Confidential
X
MPLS
Upon failure PE removes locally learned MAC addresses Send LDP Address Withdraw (RFC3036) to remote PEs in VPLS (using the Directed LDP session) New MAC List TLV is used to withdraw addresses
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
32
PEs
MPLS
Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection Full mesh topology obviates STP in the SP network Customer STP is transparent to the SP / Customer BPDUs are forwarded transparently
Presentation_ID
Cisco Confidential
33
PEs
CE routers/switches see a logical Bridge/LAN VPLS emulates a LAN but not exactly
This raises a few issues which are discussed later
Presentation_ID
Cisco Confidential
34
VPLS Architectures
VPLS defines two Architectures
Direct Attachment (Flat) Described in section 4 of Draft-ietf-l2vpn-vpls-ldp Hierarchical or H-VPLS comprising of two access methods Ethernet Edge (EE-H-VPLS) QinQ tunnels MPLS Edge (ME-H-VPLS) - PWE3 Pseudo Wires (EoMPLS) Described in section 10 of Draft-ietf-l2vpn-vpls-ldp
Presentation_ID
Cisco Confidential
35
U-PE
N-PE
MPLS Core
N-PE
U-PE
CE
N-PE provides VPLS termination/L3 services U-PE provides customer UNI CE is the custome device
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
36
No hierarchical scalability VLAN and Port level support (no QinQ) Potential signaling and packet replication overhead
Large amount of multicast replication over same physical CPU overhead for replication
Presentation_ID
Cisco Confidential
37
Data
MAC1 MAC2
MAC1 MAC2
Data
Presentation_ID
Cisco Confidential
38
PE-rs
Presentation_ID
Cisco Confidential
39
Why H-VPLS?
VPLS
PE
CE PE PE CE
H-VPLS
CE PE-rs MTU-s
CE
PE
PE
CE CE
PE
PE PE-rs
CE
CE
Potential signaling overhead Full PW mesh from the Edge Packet replication done at the Edge Node Discovery and Provisioning extends end to end
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
PE
Minimizes signaling overhead Full PW mesh among Core devices Packet replication done the Core Partitions Node Discovery process
40
1
802.1q Access
2
QinQ Tunnel
3
Full Mesh PWs + LDP 802.1q Customer
QinQ Tunnel
802.1q Access
Data
Vlan CE
2
QinQ SP Edge
MAC1 MAC2
VC
P E
Presentation_ID
Cisco Confidential
Presentation_ID
Cisco Confidential
42
Si
Metro A
Metro C
GE Ring
MPLS VPLS Metro B N-PE DWDM/ CDWM N-PE U-PE Network Facing Provider Edge (N-PE)
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
P RPR
Metro D
43
MPLS Core
N-PE PE-rs
U-PE PE-rs
CE
MPLS Acces s
MPLS Core
MPLS Acces s
1
802.1q Access
2
MPLS Pseudo Wire
3
Full Mesh PWs + LDP
802.1q Access
Data 2
Vlan CE
Data
Data
MAC1 MAC2
VC
P E
Presentation_ID
Cisco Confidential
CE
1 3 1 3 1 3 1 3
1 1 2 3 1 3 2 3 1 3
1 3 2 3
1 3 2 3
1 3 2 3
Pseudo Wire #1 3 2
N-PE2
CE
2 3 2 3 2 3 2 3
VFI
3 3 2 3
Virtual Forwarding Interface
Pseudo Wire #2
Broadcast /Multicast
N-PE3
3
N-PE1
Bridging Function (.1Q or QinQ)
Pseudo Wires
Local Switching
45
1 1 3
1 3 2
1 3 2
1 3 2
N-PE2
VFI
2 Pseudo Wire #2
N-PE3
N-PE1
Pseudo Wire MPLS Based Virtual Forwarding Interface
Pseudo Wires
NO Split Horizon
46
Cisco Confidential
47
Configuration Examples
Presentation_ID
Cisco Confidential
48
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
Presentation_ID
Cisco Confidential
49
1.1.1.1
2.2.2.2
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
gi4/4
CE2
pos3/0
pos3/1
VLAN100
PE3
gi4/2 3.3.3.3 VLAN100
CE2
50
CE1
Subnet 192.168.20.0/24
CE2
VLAN100
VLAN100
CE2
VLAN100
51
l2 vfi VPLS-A manual vpn id 56 neighbor 1.1.1.1 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls
2.2.2.2
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
gi4/4
CE2
pos3/0
pos3/1
VLAN100
PE3
gi4/2 3.3.3.3 VLAN100
CE2
l2 vfi VPLS-A manual vpn id 56 neighbor 2.2.2.2 encapsulation mpls neighbor 1.1.1.1 encapsulation mpls
52
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
gi4/4
CE2
pos3/0
3.3.3.3 VLAN100
This command associates the VLAN with the VPLS instance VLAN100 = VCID 56
Interface GigabitEthernet3/0VLAN100 pos3/1 switchport switchport mode trunk switchport trunk encapsulation dot1q PE3 gi4/2 switchport trunk allowed vlan 100 ! CE2 Interface vlan 100 no ip address xconnect vfi VPLS-A ! vlan 100 state active
Presentation_ID
Cisco Confidential
53
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
Presentation_ID
Cisco Confidential
54
CE1
gi3/0 All VLANs
PE1
pos4/1
MPLS Core
pos4/3
PE2
gi4/4
CE2
pos3/0
This command associates the VLAN with the VPLS instance VLAN100 = VCID 56
Interface GigabitEthernet3/0 pos3/1 All VLANs switchport switchport mode dot1qtunnel switchport access vlan 100 PE3 gi4/2 l2protocol-tunnel stp ! CE2 Interface vlan 100 no ip address xconnect vfi VPLS-A ! vlan 100 state active
Presentation_ID
Cisco Confidential
55
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
Presentation_ID
Cisco Confidential
56
U-PE1
Cisco 3750ME
1.1.1.1
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
MPLS Core
pos4/1 gi3/0 pos4/3
gi4/4 gi1/1/1
pos3/0
pos3/1
N-PE3
gi4/2
U-PE3
Cisco 3750ME
57
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
Presentation_ID
Cisco Confidential
58
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
MPLS Core
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 Interface GigabitEthernet4/4 switchport pos3/0 pos3/1 N-PE1 N-PE2 switchport mode trunk switchport trunk encapsulation dot1q CE1 switchport trunk allowed vlan 100 N-PE3 3.3.3.3 CE1 CE2 CE2 ! gi4/2 interface FastEthernet1/0/1 Interface vlan 100 switchport CE2 no ip address switchport access vlan 100 U-PE3 xconnect vfi VPLS-A switchport mode dot1q-tunnel Cisco 3750ME CE1 ! switchport trunk allow vlan 1-1005 vlan 100 ! state active interface GigabitEthernet 1/1/1 switchport switchport mode trunk switchport allow vlan 1-1005
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
59
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
Presentation_ID
Cisco Confidential
60
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
MPLS Core
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 Interface GigabitEthernet4/4 no switchport pos3/0 pos3/1 N-PE1 N-PE2 ip address 156.50.20.1 255.255.255.252 CE1 mpls ip ! N-PE3 3.3.3.3 interface FastEthernet1/0/1 CE1 CE2 CE2 l2 vfi VPLS-A manual gi4/2 switchport vpn id 56 switchport access vlan 500 CE2 neighbor 1.1.1.1 encapsulation mpls U-PE3 ! neighbor 3.3.3.3 encapsulation mpls Cisco 3750ME vlan500 interface CE1 mpls no-split neighbor 4.4.4.4 encaps xconnect 2.2.2.2 56 encapsulation mpls ! interface GigabitEthernet1/1/1 Ensures CE traffic passed on no switchport ip address 156.50.20.2 255.255.255.252 PW to/from U-PE mpls ip
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
61
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
Presentation_ID
Cisco Confidential
62
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
MPLS Core
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 Interface GigabitEthernet4/4 no switchport pos3/0 pos3/1 N-PE1 N-PE2 ip address 156.50.20.1 255.255.255.252 CE1 mpls ip ! N-PE3 3.3.3.3 interface FastEthernet1/0/1 CE1 CE2 CE2 l2 vfi PE1-VPLS-A manual gi4/2 no switchport vpn id 56 xconnect 2.2.2.2 56 encapsulation mpls CE2 neighbor 1.1.1.1 encapsulation mpls U-PE3 ! neighbor 3.3.3.3 encapsulation mpls Cisco 3750ME GigabitEthernet1/1/1 interface CE1 mpls no-split neighbor 4.4.4.4 encaps no switchport ip address 156.50.20.2 255.255.255.252 mpls ip
63
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
Presentation_ID
Cisco Confidential
64
show mpls l2 vc
U-PE1
Cisco 3750ME
1.1.1.1
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
MPLS Core
pos4/1 gi3/0 pos4/3
gi4/4 gi1/1/1
pos3/0
pos3/1
N-PE3
gi4/2
NPE-A#show mplsCisco l2 vc 3750ME Local intf ------------VFI VPLS-A VFI VPLS-A Local circuit Dest address VFI VFI 1.1.1.1 3.3.3.3 VC ID 10 10
U-PE3
Status UP UP
65
Presentation_ID
Cisco Confidential
U-PE1
Cisco 3750ME
1.1.1.1
Use VC Label 19
MPLS Core
pos4/3
Use VC Label 23
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
pos4/1 gi3/0
gi4/4 gi1/1/1
pos3/0
pos3/1
Output interface: POS4/3, imposed label stack {19} Create time: 1d01h, last status change time: 00:40:16 Signaling protocol: LDP, peer 1.1.1.1:0 up MPLS VC labels: local 23, remote 19
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
66
Deployment Issues
Presentation_ID
Cisco Confidential
67
Deployment Issues
MTU Size Broadcast Handling Router or a Switch CPE? Ramblings of an Engineer A Sample Problem
Presentation_ID
Cisco Confidential
68
L2 Header
Tunnel Header
Outer Label (32-bits)
VC Header
Inner Label (32-bits)
Presentation_ID
Cisco Confidential
69
Edge EoMPLS Port Mode EoMPLS VLAN Mode EoMPLS Port w/ TE FRR
Transport
AToM
MPLS Stack
MPLS Header
Total
14
4 [0]
2 2 3
4 4 4
18
14
4 [0]
4 [0]
Presentation_ID
Cisco Confidential
70
7 Pre
1 SFD
6 DA
6 SA
2 Type
4 TE
4 Tu
4 Vc
4 Cntrl
6 DA
6 SA
2 TPID
2 TCI
2 Type
4 FCS
MTU Sizing
Preamble
Presentation_ID
Packet size can get very large in backhaul due to multiple tags and labels Ensure core and access Ethernet interfaces are configured with appropriate MTU size
Cisco Confidential
EoMPLS VC Label
Control Word
VLAN ID Info
Cust Type
Cust Packet
Unnecessary replication brings the risk of resource exhaustion when the number of PWs increases
Presentation_ID
Cisco Confidential
72
Router as CE device
Single MAC Address exists (for interface of router) No SPT interactions Router controls broadcast issues (multicast still happens)
Presentation_ID
Cisco Confidential
73
Presentation_ID
Cisco Confidential
74
Since traffic is carried at layer 2, a lot of chatter could be traversing the MPLS core unnecessarily.
For example, status requests for printers
Presentation_ID
Cisco Confidential
75
An example
The OSPF designated router problem
Presentation_ID
Cisco Confidential
76
Router View
OSPF DR (A)
78
Summary
Presentation_ID
Cisco Confidential
79
Summary
VPLS has its advantages and benefits
Non-IP protocols supported, customers do not have routing interaction etc..
Presentation_ID
Cisco Confidential
80
Q&A
Presentation_ID
Cisco Confidential
81
Presentation_ID
Cisco Confidential
82