Вы находитесь на странице: 1из 82

An Introduction to

VPLS

Jeff Apcar, Distinguished Services Engineer


APAC Technical Practices, Advanced Services

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Agenda
VPLS Introduction
Pseudo Wire Refresher
VPLS Architecture
VPLS Configuration Example
VPLS Deployment
Summary

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Do you want to date VPLS?


VPLS is like having Paris
Hilton as your girlfriend.
The concept is fantastic, but
in reality the experience might
not be what you expected.
But were still willing to give
it a go as long as we can
understand/handle her
behaviour

Me, Just Then

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

VPLS Introduction

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Virtual Private LAN Service (VPLS)


VPLS defines an architecture allows MPLS networks offer
Layer 2 multipoint Ethernet Services
SP emulates an IEEE Ethernet bridge network (virtual)
Virtual Bridges linked with MPLS Pseudo Wires
Data Plane used is same as EoMPLS (point-to-point)
VPLS is an Architecture
CE

PE

PE

CE

CE
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Virtual Private LAN Service


End-to-end architecture that allows MPLS networks to
provide Multipoint Ethernet services
It is Virtual because multiple instances of this service
share the same physical infrastructure
It is Private because each instance of the service is
independent and isolated from one another
It is LAN Service because it emulates Layer 2
multipoint connectivity between subscribers

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Why Provide A Layer 2 Service?


Customer have full operational control over their routing
neighbours
Privacy of addressing space - they do not have to be
shared with the carrier network
Customer has a choice of using any routing protocol
including non IP based (IPX, AppleTalk)
Customers could use an Ethernet switch instead of a
router as the CPE
A single connection could reach all other edge points
emulating an Ethernet LAN (VPLS)

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

VPLS is defined in IETF


Application

VPWS, VPLS, IPLS

ISOC
General
IAB
Internet

L2VPN
L3VPN
PWE3

IETF

Ops and Mgmt

Routing

Security

As of 2-Nov-2006
Presentation_ID

Formerly PPVPN
workgroup

MPLS

BGP/MPLS VPNs (RFC


4364 was 2547bis)
IP VPNs using Virtual
Routers (RFC 2764)
CE based VPNs using
IPsec
Pseudo Wire Emulation
edge-to-edge
Forms the backbone
transport for VPLS

Transport

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Classification of VPNs
VPN

Network
Based

Layer 2

2006 Cisco Systems, Inc. All rights reserved.

Layer 3

VPLS
IPLS

MPLS
VPN

Virtual
Router

Layer 3

IPSec

GRE

Ethernet (P2MP)
Ethernet (MP2MP)

VPWS

Frame Relay
PPP/HDLC
ATM/Cell Relay
Ethernet (P2P)

Presentation_ID

P2P

Frame Relay
ATM

Ethernet

CPE
Based

Cisco Confidential

L2VPN Models
L2VPN

MPLS

IP

Like-to-Like
Like-to-Like
Any-to-Any
Any-to-Any

Like-to-Like
Like-to-Like

VPWS
Point-to-Point

PPP
HDLC

FR

2006 Cisco Systems, Inc. All rights reserved.

L2TPv3
Point-to-Point

PPP
HDLC

ATM
AAL5/Cell

Ethernet

Presentation_ID

VPLS/IPLS
Multipoint

Ethernet

Cisco Confidential

Ethernet

ATM
AAL5/Cell
FR

10

IP LAN-Like Service (IPLS)


An IPLS is very similar to a VPLS except
The CE devices must be hosts or routers not switches
The service will only carry IPv4 or IPv6 packets
IP Control packets are also supported ARP, ICMP
Layer 2 packets that do not contain IP are not supported

IPLS is a functional subset of the VPLS service


MAC address learning and aging not required
Simpler mechanism to match MAC to CE can be used
Bridging operations removed from the PE
Simplifies hardware capabilities and operation

Defined in draft-ietf-l2vpn-ipls
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

11

VPLS Components
Pseudo Wires within LSP
Attachment circuits
Port or VLAN mode

CE router

Virtual Switch Interface (VSI)


terminates PW and provides
Ethernet bridge function

Mesh of LSP between N-PEs

N-PE

N-PE

CE router

CE router

CE router

CE switch

CE switch

MPLS
Core

Targeted LDP between PEs to


exchange VC labels for Pseudo
Wires

CE router
CE switch

Attachment CE
can be a switch or
router

N-PE
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

12

Virtual Switch Interface


Flooding / Forwarding
MAC table instances per customer (port/vlan) for each PE
VFI will participate in learning and forwarding process
Associate ports to MAC, flood unknowns to all other ports

Address Learning / Aging


LDP enhanced with additional MAC List TLV (label withdrawal)
MAC timers refreshed with incoming frames

Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS)
Unidirectional LSP carries VCs between pair of N-PE Per
A VPLS use split horizon concepts to prevent loops
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

13

Pseudo Wire
Refresher

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

14

Pseudo Wires in VPLS


IETF working group PWE3
Pseudo Wire Emulation Edge to Edge;
Requirements detailed in RFC3916
Architecture details in RFC3985

Develop standards for the encapsulation & service


emulation of Pseudo Wires
Across a packet switched backbone

A VPLS is based on a full mesh of Pseudo Wires

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

15

Pseudo Wire Reference Model (RFC 3916)


Emulated Service
Pseudo Wire
Customer
Site

PSN Tunnel (LSP in MPLS)

CE

CE

Customer
Site

IP/MPLS
PW1
Attachment Circuit
PW2

Customer
Site

CE

PE1

PE2
Pseudo Wire
PDUs

CE

Customer
Site

Packet
Switched
Network (PSN)
IP or MPLS

A Pseudo Wire (PW) is a connection between two provider edge devices


connecting two attachment circuits (ACs)
In an MPLS core a Pseudo Wire uses two MPLS labels
Tunnel Label (LSP) identifying remote PE router
VC Label identifying Pseudo Wire circuit within tunnel
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

16

Pseudo Wire Standards (Care for a Martini?)


RFC 4446 Numeric values for PW types
RFC 4447 Distribution mechanism for VC labels
Previously called draft-martini-l2circuit-trans-mpls

RFC 4448 Encapsulation for Ethernet using MPLS


Previously called draft-martini-l2circuit-encap-mpls

Other drafts are addressing different encapsulations


draft-ietf-pwe3-frame-relay/draft-ietf-pwe3-atm-encap
draft-ietf-pwe3-ppp-hdlc-encap-mpls
Originally part of draft-martini-l2circuit-encap-mpls

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

17

MPLS PW Types (RFC 4446)


0x0001 Frame Relay DLCI ( Martini Mode )
0x0002 ATM AAL5 SDU VCC transport

0x000E ATM AAL5 PDU VCC transport


0x000F Frame-Relay Port mode

0x0003 ATM transparent cell transport

0x0010 SONET/SDH Circ. Emu. over Packet

0x0004 Ethernet Tagged Mode (VLAN)

0x0011 Structure-agnostic E1 over Packet

0x0005 Ethernet (Port)

0x0012 Structure-agnostic T1 over Packet

0x0006 HDLC

0x0013 Structure-agnostic E3 over Packet

0x0007 PPP

0x0014 Structure-agnostic T3 over Packet

0x0008 SONET/SDH Circuit Emulation

0x0015 CESoPSN basic mode

0x0009 ATM n-to-one VCC cell transport

0x0016 TDMoIP AAL1 Mode

0x000A ATM n-to-one VPC cell transport

0x0017 CESoPSN TDM with CAS

0x000B IP Layer2 Transport


0x000C ATM one-to-one VCC Cell Mode

0x0018 TDMoIP AAL2 Mode


0x0019 Frame Relay DLCI

0x000D ATM one-to-one VPC Cell Mode

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

18

VC Information Distribution (RFC 4447)


VC labels are exchanged across a targeted LDP
session between PE routers
Generic Label TLV within LDP Label Mapping Message

LDP FEC element defined to carry VC information


Such PW Type (RFC 4446) and VCID

VC information exchanged using Downstream


Unsolicited label distribution procedures
Separate MAC List TLV for VPLS
Defined in draft-ietf-l2vpn-vpls-ldp
Use to withdraw labels associated with MAC addresses

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

19

VC Distribution Mechanism using LDP


Directed LDP Session
between PE1 and PE2

Customer
Site

Tunnel Label(s) gets to PE router

Label Switch Path

CE

CE

Customer
Site

IP/MPLS

Customer
Site

CE

PE1

LSP created
using IGP+LDP
or RSVP-TE

PE2

CE

Customer
Site

VC Label identifies interface

Unidirectional Tunnel LSP between PE routers to transport PW


PDU from PE to PE using tunnel label(s)
Both LSPs combined to form single bi-directional Pseudo Wire

Directed LDP session between PE routers to exchange VC


information, such as VC label and control information
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

20

PW Encapsulation over MPLS (RFC 4448)


Ethernet Pseudo Wires use 3 layers of encapsulation
Tunnel Encapsulation (zero, one or more MPLS Labels)
To get PDU from ingress to egress PE;
Could be an MPLS label (LDP, TE), GRE tunnel, L2TP tunnel
Pseudo Wire Demultiplexer (PW Label)
To identify individual circuits within a tunnel;
Obtained from Directed LDP session
Control Word (Optional)
The following is supported when carrying Ethernet
Provides the ability to sequence individual frames
Avoidance of equal-cost multiple-path load-balancing
Operations and Management (OAM) mechanisms

Control word format varies depending on transported PDU

Layer 2
PDU
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Control
Word

PW
Label

Tunnel
Label
21

Ethernet PW Tunnel Encapsulation


0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tunnel Label (LDP,RSVP,BGP)

Tunnel Encaps

VC Label (VC)

PW Demux
Control Word 0 0 0 0

Reserved

EXP

TTL

EXP

TTL (set to 2)

Sequence Number
Layer-2 PDU

Tunnel Encapsulation
One or more MPLS labels associated with the tunnel
Defines the LSP from ingress to egress PE router
Can be derived from LDP+IGP, RSVP-TE, BGP IPv4+Label

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

22

Ethernet PW Demultiplexer
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tunnel Label (LDP,RSVP,BGP)

Tunnel Encaps

VC Label (VC)

PW Demux
Control Word 0 0 0 0

Reserved

EXP

EXP

TTL
TTL (set to 2)

Sequence Number
Layer-2 PDU

VC Label
Inner label used by receiving PE to determine the following
Egress interface for L2PDU forwarding (Port based)
Egress VLAN used on the CE facing interface (VLAN
Based)

EXP can be set to the values received in the L2 frame

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

23

Ethernet PW Control Word


0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tunnel Encaps

Tunnel Label (LDP,RSVP,BGP)

EXP

TTL

VC Label (VC)

EXP

TTL (set to 2)

PW Demux
Control Word

0 0 0 0

Reserved

Sequence Number
Layer-2 PDU

Control Word is Optional (as per RFC)


0000

First nibble is 0x0 to prevent aliasing with IP


Packets over MPLS (MAC addresses that start
with 0x4 or 0x6)

Reserved

Should be all zeros, ignored on receive

Seq number

provides sequencing capability to detect out


of order packets - currently not in Ciscos
implementation processing is optional

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

24

PW Operation and Encapsulation


Label 72
for PW1

Directed LDP Session


between PE1 and PE2

Lo0:
IP/MPLS
PW1
24LSP72 P2L2 PDU
P1 38

Customer
Site

CE

PE1

Label Pop
for Lo0:

Label 38
for Lo0:

Label 24
for Lo0:

LDP
Session

LDP
Session

LDP
Session

PE2

CE

Customer
Site

This process happens in both directions


(Example shows process for PE2 PE1 traffic)

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

25

VPLS Architecture

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

26

VPLS Standards
Architecture allows IEEE 802.1 bridge behaviour in SP plus:
Autodiscovery of other N-PE in same VPLS instance
Signaling of PWs to interconnect VPLS instances
Loop avoidance & MAC Address withdrawal

Two drafts have been approved by IETF L2VPN Working Group


draft-ietf-l2vpn-vpls-ldp
Uses LDP for signalling, agnostic on PE discovery method
Predominant support from carriers and vendors
Cisco supports this draft

draft-ietf-l2vpn-vpls-bgp
Uses BGP for signalling and autodiscovery

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

27

Cisco VPLS Building Blocks


Layer 2 VPN

Point-to-Point
Layer 2 VPN

Multipoint
Layer 2 VPN

Layer 3 VPN

Forwarding
Mechanism

Interface-Based/
Sub-Interface

Ethernet
Switching (VFI)

IP Routing

L2VPN
Discovery

DNS

Centralised
Radius Directory Services

Distributed
BGP
NMS/OSS

Signaling

Label Distribution
Protocol

Tunnel
Protocol

MPLS

Hardware

Cisco 7600

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

IP

Catalyst 6500

Cisco Confidential

Cisco 12000
28

VPLS Auto-discovery & Signaling


VPN
Discovery

DNS

Centralised
Radius Directory Services

Distributed
BGP

Label Distribution
Protocol

Signaling

Draft-ietf-l2vpn-vpls-ldp
Does not mandate an auto-discovery protocol
Can be BGP, Radius, DNS, or Directory based
Uses Directed LDP for label exchange (VC) and PW signaling
PWs signal control information as well (for example, circuit state)

Cisco IOS supports Directed LDP for all VC signaling


Point-to-point Cisco IOS Any Transport over MPLS (AToM)
Multipoint Cisco IOS MPLS Virtual Private LAN Services

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

29

VPLS Flooding & Forwarding


Unknown DA?

Data

SA

Pseudo Wire in LSP

DA?

Flooding (Broadcast, Multicast, Unknown Unicast)


Dynamic learning of MAC addresses on PHY and VCs
Forwarding
Physical Port
Virtual Circuit
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

30

MAC Address Learning and Forwarding


Send me frames
using Label 102
MAC1

PE1

CE

Adj

MAC 2

170

MAC 1

E0/0

Use VC
Label 170

PE2
Data

102

MAC1 MAC2

MAC1 MAC2

MAC2

PE2

Use VC
Label 102

E0/0

MAC Address

Send me frames
using Label 170

Directed LDP

Data

170

CE
E0/1

MAC Address

Adj

MAC 2

E0/1

MAC 1

102

PE2

Broadcast, Multicast, and Unknown Unicast are learned via the


received label associations
Two LSPs associated with a VC (Tx & Rx)
If inbound or outbound LSP is down
Then the entire Pseudo Wire is considered down
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

31

MAC Address Withdrawal Message


Directed LDP

MPLS
MPLS

MA
Withd C
ra w a
l

MAC wal
dra
With

Message speeds up convergence process


Otherwise PE relies on MAC Address Aging Timer

Upon failure PE removes locally learned MAC addresses


Send LDP Address Withdraw (RFC3036) to remote PEs in VPLS
(using the Directed LDP session)
New MAC List TLV is used to withdraw addresses
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

32

VPLS Topology PE View


CEs

PEs

MPLS
MPLS

Full Mesh LDP


Ethernet PW to each peer
PE view

Each PE has a P2MP view of all other PEs it sees it self as a root
bridge with split horizon loop protection
Full mesh topology obviates STP in the SP network
Customer STP is transparent to the SP / Customer BPDUs are
forwarded transparently

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

33

VPLS Topology CE View


CEs

PEs

MPLS
MPLS
VPLS
MPLS
MPLS
VPLSCore
Core

Full Mesh LDP


Ethernet PW to each peer
PE view

CE routers/switches see a logical Bridge/LAN


VPLS emulates a LAN but not exactly
This raises a few issues which are discussed later

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

34

VPLS Architectures
VPLS defines two Architectures
Direct Attachment (Flat)
Described in section 4 of Draft-ietf-l2vpn-vpls-ldp
Hierarchical or H-VPLS comprising of two access methods
Ethernet Edge (EE-H-VPLS) QinQ tunnels
MPLS Edge (ME-H-VPLS) - PWE3 Pseudo Wires
(EoMPLS)
Described in section 10 of Draft-ietf-l2vpn-vpls-ldp

Each architecture has different scaling characteristics

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

35

VPLS Functional Components


Customer
MxUs
CE

U-PE

Customer
MxUs

SP PoPs
N-PE

MPLS Core

N-PE

U-PE

CE

N-PE provides VPLS termination/L3 services


U-PE provides customer UNI
CE is the custome device
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

36

Directed attachment (Flat) Characteristics


Suitable for simple/small implementations
Full mesh of directed LDP sessions required
N*(N-1)/2 Pseudo Wires required
Scalability issue a number of PE routers grows

No hierarchical scalability
VLAN and Port level support (no QinQ)
Potential signaling and packet replication overhead
Large amount of multicast replication over same physical
CPU overhead for replication

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

37

Direct Attachment VPLS (Flat Architecture)


CE

N-PE

MPLS Core

Ethernet
(VLAN/Port

Data

MAC1 MAC2

Presentation_ID

Ethernet
(VLAN Port)

Full Mesh PWs + LDP


802.1q
Customer

Data

2006 Cisco Systems, Inc. All rights reserved.

CE

N-PE

Data
MAC1 MAC2

Cisco Confidential

VC

PE

MAC1 MAC2

Pseudo Wire
SP Core

38

Hierarchical VPLS (H-VPLS)


Best for larger scale deployment
Reduction in packet replication and signaling overhead
Consists of two levels in a Hub and Spoke topology
Hub consists of full mesh VPLS Pseudo Wires in MPLS core
Spokes consist of L2/L3 tunnels connecting to VPLS (Hub) PEs
Q-in-Q (L2), MPLS (L3), L2TPv3 (L3)

Some additional H-VPLS terms

Presentation_ID

MTU-s

Multi-Tenant Unit Switch capable of bridging (U-PE)

PE-r

Non bridging PE router

PE-rs

Bridging and Routing capable PE

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

39

Why H-VPLS?
VPLS

H-VPLS

PE

CE
PE

CE

CE

CE

PE-rs

PE

PE

PE

MTU-s

CE

CE

PE-rs

PE-rs

CE
PE

CE

PE
PE-rs

CE

PE-rs

CE
PE

Potential signaling overhead

PE-r
PE-rs
CE

CE

Minimizes signaling overhead

Full PW mesh from the Edge

Full PW mesh among Core devices

Packet replication done at the Edge

Packet replication done the Core

Node Discovery and Provisioning


extends end to end

Partitions Node Discovery process

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

40

Ethernet Edge H-VPLS (EE-H-VPLS)


U-PE
MTU-s

CE

N-PE
PE-rs

802.1q
Access

QinQ
Tunnel

Data

Vlan
CE
2

CE

802.1q
Access

802.1q
Customer

Vlan Vlan
CE
SP

2006 Cisco Systems, Inc. All rights reserved.

U-PE
MTU-s

QinQ
Tunnel

Full Mesh PWs + LDP

3
Presentation_ID

MPLS Core

MAC1 MAC2
Data

N-PE
PE-rs

MAC1 MAC2

Data
Cisco Confidential

Vlan
CE

QinQ
SP Edge

MAC1 MAC2

VC

PE

Pseudo Wire
SP Core
41

Bridge Capability in EE-H-VPLS


CE

U-PE
MTU-s

N-PE
PE-rs

Local edge traffic does not have to traverse N-PE


MTU-s can switch traffic locally
Saves bandwidth capacity on circuits to N-PE

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

42

Ethernet Edge Topologies


Full
Service
CPE

Efficient
Access
U-PE

Large Scale Intelligent


Aggregation
Edge
PE-AGG
N-PE

Multiservice
Core
P

Intelligent
Edge
N-PE

Efficient
Access
U-PE

Full
Service
CPE

Si

Metro A

10/100/
1000 Mbps

User Facing Provider Edge (U-PE)


U-PE

Metro C

PE-AGG

GE Ring

Si

Hub and
10/100/
Spoke
1000 Mbps
U-PE
N-PE

MPLS VPLS

Metro B
N-PE

DWDM/
CDWM

10/100/
1000 Mbps

P
RPR

N-PE
U-PE
Network Facing Provider Edge (N-PE)
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

U-PE

10/100/
1000 Mbps

Metro D
43

MPLS Edge H-VPLS


U-PE
PE-rs

CE

N-PE
PE-rs

MPLS Core

MPLS
Acces
s

Data
2

MPLS
MPLSCore
Core

Vlan
CE
Data

Full Mesh PWs + LDP

MAC1 MAC2
3

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

CE

802.1q
Access

Same VCID used in


Edge and core (Labels
may differ)

MAC1 MAC2 802.1q


Customer
Vlan
CE

MPLS
Pseudo
Wire

MPLS
Pseudo Wire

U-PE
PE-rs

MPLS
Acces
s

802.1q
Access

N-PE
PE-rs

VC

Data

PE
Vlan
CE

MPLS PW
SP Edge

MAC1 MAC2

VC

PE

Pseudo Wire
SP Core
44

VFI and Split Horizon (VPLS, EE-H-VPLS)


This traffic will not be
replicated out PW #2 and
visa versa

CE

CE

Broadcast
/Multicast

N-PE2

Pseudo Wire #1
1

VFI

N-PE3

Pseudo Wire #2
3

N-PE1
Bridging Function
(.1Q or QinQ)

Local Switching

Virtual
Forwarding
Interface

Pseudo Wires

Split Horizon Active

Virtual Forwarding Interface is the VSI representation in IOS


Single interface terminates all PWs for that VPLS instance
This model applicable in direct attach and H-VPLS with Ethernet Edge
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

45

VFI and NO Split Horizon (ME-H-VPLS)


CE

Split Horizon
disabled

U-PE

CE

Pseudo Wire #1
1

Pseudo Wire #3
3

VFI

N-PE2

Pseudo Wire #2

N-PE3

Unicast

N-PE1
Pseudo Wire
MPLS Based

NO Split Horizon

Virtual
Forwarding
Interface

Pseudo Wires

Split Horizon Active

This model applicable H-VPLS with MPLS Edge


PW #1, PW #2 will forward traffic to PW #3 (non split horizon port)
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

46

VPLS Logical Topology Comparison


Pros

Direct Attach

H-VPLS QinQ tunnel

H-VPLS - MPLS PW

Simple access via


Ethernet

Simple access via Ethernet

Fast L3 IGP convergence

Hierarchical support via


QinQ at access

MPLS TE FRR <50msec

Scalable customer VLANs


(4K x 4K)

Hierarchical support via


MPLS PW at access

4K customers supported per


Ethernet Access Domain
Cons

No hierarchical
scalability

High STP re-convergence


time

More complicated
provisioning

Customer VLAN
cannot over lap

MAC is not scalable as


customer MAC still seen on
SP network

Requires MPLS to u-PE

4K customer VLAN
limit in Ethernet
access domain

Supported on SIP-600 only


as of 12.2(33)SRA

OSM/SIP-400/600 as U-PE
facing card on N-PE (for
7600)

High STP
reconvergence time
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

47

Configuration
Examples

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

48

Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

49

Direct Attachment Configuration (C7600)

1.1.1.1

CE1

PE1
pos4/1

MPLS
MPLSCore
Core

PE2

CE2

pos4/3

gi3/0
VLAN100

2.2.2.2

gi4/4
pos3/0

pos3/1

VLAN100

PE3
gi4/2
3.3.3.3

CE2

VLAN100

CEs are all part of same VPLS instance (VCID = 56)


CE router connects using VLAN 100 over sub-interface
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

50

Direct Attachment CE router


Configuration
interface GigabitEthernet 2/1.100
encapsulation dot1q 100
ip address 192.168.20.1

interface GigabitEthernet 1/3.100


encapsulation dot1q 100
ip address 192.168.20.2

CE1

CE2
Subnet
192.168.20.0/24

VLAN100

CE2

VLAN100

interface GigabitEthernet 2/0.100


encapsulation dot1q 100
ip address 192.168.20.3

VLAN100

CE routers sub-interface on same VLAN


Can also be just port based (NO VLAN)
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

51

Direct Attachment VSI Configuration


l2 vfi VPLS-A manual
vpn id 56
neighbor 2.2.2.2 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls
1.1.1.1

CE1

PE1
pos4/1

l2 vfi VPLS-A manual


vpn id 56
neighbor 1.1.1.1 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls

MPLS
MPLSCore
Core

PE2

CE2

pos4/3

gi3/0
VLAN100

2.2.2.2

gi4/4
pos3/0

pos3/1

VLAN100

PE3
gi4/2
3.3.3.3

CE2

VLAN100

l2 vfi VPLS-A manual


vpn id 56
neighbor 2.2.2.2 encapsulation mpls
neighbor 1.1.1.1 encapsulation mpls

Create the Pseudo Wires between N-PE routers


Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

52

Direct Attachment CE Router (VLAN Based)


Same set of commands on each PE
Configured on the CE facing interface
1.1.1.1

CE1

PE1
pos4/1

MPLS
MPLSCore
Core

gi3/0
pos3/0

3.3.3.3
VLAN100

This command associates the


VLAN with the VPLS instance
VLAN100 = VCID 56

2006 Cisco Systems, Inc. All rights reserved.

CE2

pos4/3
gi4/4

VLAN100

Presentation_ID

PE2

2.2.2.2

Cisco Confidential

Interface
GigabitEthernet3/0VLAN100
pos3/1
switchport
switchport mode trunk
switchport
trunk encapsulation dot1q
PE3
gi4/2 switchport trunk allowed vlan 100
!
CE2
Interface vlan 100
no ip address
xconnect vfi VPLS-A
!
vlan 100
state active

53

Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

54

Direct Attachment CE switch (Port Based)


If CE was a switch instead of a router then we can use QinQ
QinQ places all traffic (tagged/untagged) from switch into a VPLS
1.1.1.1

CE1

PE1
pos4/1

MPLS
MPLSCore
Core

gi3/0
pos3/0

3.3.3.3
All VLANs

This command associates the


VLAN with the VPLS instance
VLAN100 = VCID 56

2006 Cisco Systems, Inc. All rights reserved.

CE2

pos4/3
gi4/4

All VLANs

Presentation_ID

PE2

2.2.2.2

Cisco Confidential

Interface
GigabitEthernet3/0
pos3/1
All VLANs
switchport
switchport mode dot1qtunnel
switchport
access vlan 100
PE3
gi4/2 l2protocol-tunnel stp
!
CE2
Interface vlan 100
no ip address
xconnect vfi VPLS-A
!
vlan 100
state active

55

Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

56

H-VPLS Configuration (C7600/3750ME)

U-PE1

1.1.1.1

Cisco
3750ME

2.2.2.2
pos4/1

MPLS
MPLSCore
Core

Cisco
3750ME

pos4/3

gi3/0

gi4/4 gi1/1/1
pos3/0

N-PE1
CE1

U-PE2

pos3/1

CE1

gi4/2

CE2

U-PE3

CE1

Cisco 3750ME

fa1/0/1

N-PE2

N-PE3

3.3.3.3

CE2

4.4.4.4

CE2

U-PEs provide services to customer edge device


CE traffic then carried in QinQ or EoMPLS PW to N-PE
PW VSI mesh configuration is same as previous examples
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

57

Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

58

H-VPLS QinQ Tunnel (Ethernet Edge)


U-PE carries all traffic from CE using QinQ
Outer tag is VLAN100, inner tags are customers
U-PE1
Cisco
3750ME

1.1.1.1

2.2.2.2
pos4/1

MPLS
MPLSCore
Core

gi3/0

U-PE2
Cisco
3750ME

pos4/3
gi4/4 gi1/1/1

4.4.4.4
fa1/0/1

Interface GigabitEthernet4/4
switchport
pos3/0
pos3/1
N-PE1
N-PE2
switchport mode trunk
switchport trunk encapsulation dot1q
CE1
switchport trunk allowed vlan
N-PE3
3.3.3.3100
CE1
CE2
CE2
!
interface FastEthernet1/0/1
gi4/2
Interface vlan 100
switchport
CE2
no ip address
switchport access vlan 100
U-PE3
xconnect vfi VPLS-A
switchport
mode dot1q-tunnel
Cisco
3750ME
CE1
!
switchport trunk allow vlan 1-1005
vlan 100
!
state active
interface GigabitEthernet 1/1/1
switchport
switchport mode trunk
switchport allow vlan 1-1005
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

59

Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

60

H-VPLS EoMPLS PW Edge (VLAN Based)


CE interface on U-PE can be access or trunk port
xconnect per VLAN is required
U-PE1
Cisco
3750ME

1.1.1.1

2.2.2.2
pos4/1

MPLS
MPLSCore
Core

gi3/0

U-PE2
Cisco
3750ME

pos4/3
gi4/4 gi1/1/1

4.4.4.4
fa1/0/1

Interface GigabitEthernet4/4
no switchport
pos3/0
pos3/1
N-PE1
N-PE2
ip address 156.50.20.1 255.255.255.252
CE1
mpls ip
!
N-PE3
3.3.3.3
interface FastEthernet1/0/1
CE1
CE2
CE2
l2 vfi VPLS-A manual
gi4/2
switchport
vpn id 56
switchport access vlan 500
CE2
neighbor 1.1.1.1 encapsulation
mpls
U-PE3
!
neighbor 3.3.3.3 encapsulation mpls
Cisco
3750ME vlan500
interface
CE1
neighbor 4.4.4.4 encaps mpls no-split
xconnect 2.2.2.2 56 encapsulation mpls
!
interface GigabitEthernet1/1/1
Ensures CE traffic passed on
no switchport
ip address 156.50.20.2 255.255.255.252
PW to/from U-PE
mpls ip
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

61

Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

62

H-VPLS EoMPLS PW Edge (Port Based)


CE interface on U-PE can be access or trunk port
xconnect for entire PORT is required
U-PE1
Cisco
3750ME

1.1.1.1

2.2.2.2
pos4/1

MPLS
MPLSCore
Core

gi3/0

U-PE2
Cisco
3750ME

pos4/3
gi4/4 gi1/1/1

4.4.4.4
fa1/0/1

Interface GigabitEthernet4/4
no switchport
pos3/0
pos3/1
N-PE1
N-PE2
ip address 156.50.20.1 255.255.255.252
CE1
mpls ip
!
N-PE3
3.3.3.3
interface FastEthernet1/0/1
CE1
CE2
CE2
l2 vfi PE1-VPLS-A manual
gi4/2
no switchport
vpn id 56
xconnect 2.2.2.2 56 encapsulation mpls
CE2
neighbor 1.1.1.1 encapsulation
mpls
U-PE3
!
neighbor 3.3.3.3 encapsulation mpls
Cisco
3750ME GigabitEthernet1/1/1
interface
CE1
neighbor 4.4.4.4 encaps mpls no-split
no switchport
ip address 156.50.20.2 255.255.255.252
mpls ip

Ensures CE traffic passed on


PW to/from U-PE

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

63

Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

64

show mpls l2 vc

U-PE1

1.1.1.1

Cisco
3750ME

2.2.2.2
pos4/1

MPLS
MPLSCore
Core

U-PE2
Cisco
3750ME

4.4.4.4

pos4/3

gi3/0

fa1/0/1

gi4/4 gi1/1/1
pos3/0

N-PE1

pos3/1

N-PE2
CE1

CE1

N-PE3

3.3.3.3

CE2
CE2
CE1

Presentation_ID

CE2

gi4/2

2006 Cisco Systems, Inc. All rights reserved.

U-PE3
NPE-A#show mplsCisco
l2 vc
3750ME
Local intf

Local circuit Dest address

-------------

------------- ------------- ------ ------

VFI VPLS-A

VFI

1.1.1.1

10

UP

VFI VPLS-A

VFI

3.3.3.3

10

UP

Cisco Confidential

VC ID

Status

65

show mpls l2 vc detail

U-PE1

1.1.1.1

Cisco
3750ME

Use VC
Label 19

pos4/1

MPLS
MPLSCore
Core

Use VC
Label 23

2.2.2.2

U-PE2
Cisco
3750ME

4.4.4.4

pos4/3

gi3/0

fa1/0/1

gi4/4 gi1/1/1
pos3/0

N-PE1

pos3/1

N-PE2
CE1

CE1

3.3.3.3
NPE-2#show
mpls l2 N-PE3
vc detail

CE2

gi4/2

CE2

CE2

Local interface: VFI VPLS-A up

CE1

Destination address:
U-PE3 1.1.1.1, VC ID: 10, VC status: up
3750ME
Tunnel label:Cisco
imp-null,
next hop 156.50.20.1

Output interface: POS4/3, imposed label stack {19}


Create time: 1d01h, last status change time: 00:40:16
Signaling protocol: LDP, peer 1.1.1.1:0 up
MPLS VC labels: local 23, remote 19
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

66

Deployment Issues

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

67

Deployment Issues
MTU Size
Broadcast Handling
Router or a Switch CPE?
Ramblings of an Engineer
A Sample Problem

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

68

Pseudo Wire Data Plane Overhead


At imposition, N-PE encapsulates CE Ethernet or VLAN
packet to route across MPLS cloud
These are the associated overheads
Transport Header is 6 bytes DA + 6 bytes SA + 2 bytes Etype +
OPTIONAL 4 Bytes of VLAN Tag (carried in Port based service)
At least 2 levels of MPLS header (Tunnel + VC) of 4 bytes each
There is an optional 4-Byte control word

L2 Header

Presentation_ID

Tunnel Header

VC Header

Outer Label
(32-bits)

Inner Label
(32-bits)

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Original Ethernet Frame

69

Calculating Core MTU Requirements


Core MTU Edge MTU + Transport Header + AToM Header + (MPLS
Label Stack * MPLS Header Size)
Edge MTU is the MTU configured in the CE-facing PE interface
Examples (all in Bytes):

Edge

Transport

AToM

MPLS
Stack

MPLS
Header

EoMPLS Port Mode

1500

14

4 [0]

EoMPLS VLAN Mode

1500

18

4 [0]

EoMPLS Port w/ TE FRR

1500

14

4 [0]

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Total

1526
[1522]
1530
[1526]
1530
[1526]

70

Beware the MTU It Can Get Real Big


Carrier Pseudowire Encapsulation

Enterprise MPLS Frame

Pre

SFD

DA

SA

Type

TE

Tu

Vc

Cntrl

DA

SA

TPID

TCI

Type

Data

Control Word

Cust Destination MAC

Cust Source MAC

VLAN Protocol ID = 8100

VLAN ID Info

Cust Type

Cust Packet

MTU Sizing

Packet size can get very large in backhaul due to


multiple tags and labels
Ensure core and access Ethernet interfaces are
configured with appropriate MTU size

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

> 1500

4
FCS

Frame Check Sequence

EoMPLS VC Label

EoMPLS Tunnel Label

Traffic Engineer label

Ether type = 8847

Carrier Source
MAC

Carrier Dest
MAC

Start of Frame
Delimter

Preamble

Data portion may


be > 1500 if
carrying MPLS
labels
71

Broadcast/Multicast/Unknown Unicast Handling


VPLS relies on ingress replication
Ingress PE replicates the multicast packet to each egress Pseudo
Wire (PE neighbour)

Ethernet switches replicate broadcast/multicast flows once


per output interface
VPLS may duplicate packets over the same physical egress
interface for each PW that interface carriers
Unnecessary replication brings the risk of resource exhaustion
when the number of PWs increases

Some discussion on maybe using multicast for PWs


Rather than full mesh of P2P Pseudo Wires

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

72

Switch or Router as CE device


Ethernet Switch as CE device
If directly attached SP allocates VLAN could be an issue in
customer network
SP UNI exposed to L2 network of customer
L2 PDUs must be tunnelled such as STP BPDUs
No visibility of network behind CE switch
Many MAC address can exists on UNI
High exposure to broadcast storms

Router as CE device
Single MAC Address exists (for interface of router)
No SPT interactions
Router controls broadcast issues (multicast still happens)
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

73

VPLS Caveats (Ramblings of an Engineer)


VPLS may introduce non-deterministic behaviour in SP Core
Case in point learning of VPN routes
An MPLS-VPN provides ordered manner to learn VPNv4 routers using
MP-BGP unknown addresses are dropped
In VPLS, learning is achieved through flooding MAC address
Excessive number of Unknown, Broadcast and Multicast frames could
behave as a series of packet bombs

Solution: Ingress Threshold Filters (on U-PE or N-PE)


How to selectively choose which Ethernet Frames to discard?
How to avoid dropping Routing and Keepalives (control)
May cause more problems in customer network
How many MAC addresses allowed?
Does SP really want to take this responsibility?

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

74

VPLS Caveats (Ramblings of an Engineer)


DoS attack has a higher probability of manifesting
Whether intentional or by mis-configuration

Since traffic is carried at layer 2, a lot of chatter could be


traversing the MPLS core unnecessarily.
For example, status requests for printers

How is CoS applied across for a VPLS service?


Should all frames on a VPLS interface be afforded the same class of
service?
Should there be some sort of differentiation?

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

75

A Common VPLS Problem


Protocols expect LAN behaviour
VPLS is viewed as an Ethernet network
Although it does not necessarily behave like one
VPLS is virtual in its LAN service
There are some behaviours which differ from a real LAN

An example
The OSPF designated router problem

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

76

OSPF Designated Router Problem


VPLS View
Router A is the DR, Router B is the BDR
Router C sees both A and B via Pseudo Wires
OSPF DR
(A)

OSPF
Backup DR
(B)

Pseudo Wires

OSPF Neighbour
(C)

Router View

Router A, B and C behave like they are on a LAN


OSPF DR
(A)

OSPF
Backup DR
(B)
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

OSPF Neighbour
(C)
Cisco Confidential

77

OSPF Designated Router Problem


Assume PW between A and B loses connectivity
Router A and Router B cannot see each other
Router C can still see both the Router A and Router B
No arbitration available between
Router A and Router B
OSPF
Backup DR
(B)

OSPF DR
(A)

Pseudo Wires

OSPF Neighbour
(C)

Ethernet frames travel along discrete paths a VPLS


Therefore Router C can see both Router A and B
But Router A and Router B cannot see each other!

Router B assumes A has failed and becomes the DR


Router C now see two DRs on same LAN segment Problem!
Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

78

Summary

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

79

Summary
VPLS has its advantages and benefits
Non-IP protocols supported, customers do not have routing
interaction etc..

Use routers as the CE device


Understand their multicast requirements
Then again, maybe MPLS-VPN could do the job?

Avoid switches as CPE


Otherwise understand customers network requirements
Devices, applications (broadcast/multicast vs unicast)

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

80

Q&A

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

81

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

82