an introduction to vpls
DESCRIPTION
An Introduction to VPLS. Jeff Apcar, Distinguished Services Engineer APAC Technical Practices, Advanced Services. Agenda. VPLS Introduction Pseudo Wire Refresher VPLS Architecture VPLS Configuration Example VPLS Deployment Summary. Do you want to date VPLS?. - PowerPoint PPT PresentationTRANSCRIPT
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
An Introduction to VPLS
Jeff Apcar, Distinguished Services Engineer
APAC Technical Practices, Advanced Services
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Agenda
VPLS Introduction
Pseudo Wire Refresher
VPLS Architecture
VPLS Configuration Example
VPLS Deployment
Summary
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Do you want to date VPLS?
āVPLS is like having Paris Hilton as your girlfriend.
The concept is fantastic, but in reality the experience might not be what you expected.
Butā¦ weāre still willing to give it a go as long as we can understand/handle her behaviourā
Me, Just Then
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
VPLS Introduction
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
Virtual Private LAN Service (VPLS)
VPLS defines an architecture allows MPLS networks offer Layer 2 multipoint Ethernet Services
SP emulates an IEEE Ethernet bridge network (virtual)
Virtual Bridges linked with MPLS Pseudo WiresData Plane used is same as EoMPLS (point-to-point)
PE PECE CE
VPLS is an Architecture
CE
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
Virtual Private LAN Service
End-to-end architecture that allows MPLS networks to provide Multipoint Ethernet services
It is āVirtualā because multiple instances of this service share the same physical infrastructure
It is āPrivateā because each instance of the service is independent and isolated from one another
It is āLAN Serviceā because it emulates Layer 2 multipoint connectivity between subscribers
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
Why Provide A Layer 2 Service?
Customer have full operational control over their routing neighbours
Privacy of addressing space - they do not have to be shared with the carrier network
Customer has a choice of using any routing protocol including non IP based (IPX, AppleTalk)
Customers could use an Ethernet switch instead of a router as the CPE
A single connection could reach all other edge points emulating an Ethernet LAN (VPLS)
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
VPLS is defined in IETF
Application
General
Ops and Mgmt
Routing
Security
IETF
MPLS
Transport
Formerly PPVPNworkgroup
VPWS, VPLS, IPLS
BGP/MPLS VPNs (RFC 4364 was 2547bis)IP VPNs using Virtual Routers (RFC 2764)CE based VPNs using IPsec
Pseudo Wire Emulation edge-to-edge Forms the backbone transport for VPLS
IAB
ISOC
As of 2-Nov-2006
Internet
L2VPN
L3VPN
PWE3
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
Classification of VPNs
CPEBased
Layer 3
MPLSVPN
VirtualRouter
GREIPSec
Layer 3
P2P VPWSEthernet
Fra
me
Re
lay
PP
P/H
DL
CA
TM
/Ce
ll R
ela
yE
the
rne
t (P
2P
)
Fra
me
R
ela
yA
TM
Eth
ern
et (P
2M
P)
Eth
ern
et
(MP
2M
P)
NetworkBased
Layer 2
VPLSIPLS
VPN
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
ATMAAL5/Cell
PPPHDLC
Ethernet FR
L2VPN Models
IP
L2TPv3Point-to-Point
ATMAAL5/Cell
PPPHDLC
Ethernet FR
VPWSPoint-to-Point
Like-to-LikeAny-to-Any
Like-to-LikeAny-to-Any Like-to-LikeLike-to-Like
L2VPN
MPLS
VPLS/IPLSMultipoint
Ethernet
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
IP LAN-Like Service (IPLS)
An IPLS is very similar to a VPLS exceptThe CE devices must be hosts or routers not switches
The service will only carry IPv4 or IPv6 packets
IP Control packets are also supported ā ARP, ICMP
Layer 2 packets that do not contain IP are not supported
IPLS is a functional subset of the VPLS serviceMAC address learning and aging not required
Simpler mechanism to match MAC to CE can be used
Bridging operations removed from the PE
Simplifies hardware capabilities and operation
Defined in draft-ietf-l2vpn-ipls
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
VPLS Components
N-PE
MPLS Core
CE router
CE router
CE switch
CE router
CE router
CE switch
CE switch
CE router
Attachment circuitsPort or VLAN mode
Mesh of LSP between N-PEsN-PE
N-PE
Pseudo Wires within LSPVirtual Switch Interface (VSI) terminates PW and provides
Ethernet bridge function
Targeted LDP between PEs to exchange VC labels for Pseudo
Wires Attachment CEcan be a switch or
router
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
Virtual Switch Interface
Flooding / Forwarding MAC table instances per customer (port/vlan) for each PE
VFI will participate in learning and forwarding process
Associate ports to MAC, flood unknowns to all other ports
Address Learning / AgingLDP enhanced with additional MAC List TLV (label withdrawal)
MAC timers refreshed with incoming frames
Loop PreventionCreate full-mesh of Pseudo Wire VCs (EoMPLS)
Unidirectional LSP carries VCs between pair of N-PE Per
A VPLS use āsplit horizonā concepts to prevent loops
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
Pseudo Wire Refresher
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
Pseudo Wires in VPLS
IETF working group PWE3 āPseudo Wire Emulation Edge to Edgeā;
Requirements detailed in RFC3916
Architecture details in RFC3985
Develop standards for the encapsulation & service emulation of āPseudo Wiresā
Across a packet switched backbone
A VPLS is based on a full mesh of Pseudo Wires
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
Pseudo Wire Reference Model (RFC 3916)
A Pseudo Wire (PW) is a connection between two provider edge devices connecting two attachment circuits (ACs)
In an MPLS core a Pseudo Wire uses two MPLS labelsTunnel Label (LSP) identifying remote PE routerVC Label identifying Pseudo Wire circuit within tunnel
Emulated Service
IP/MPLS
PE1
Attachment Circuit
Pseudo Wire PDUs
Customer Site
Customer Site
Customer Site
Customer Site
PSN Tunnel (LSP in MPLS)
Packet Switched Network (PSN)
IP or MPLS
Pseudo Wire
PE2CE
PW1
PW2
CE
CE
CE
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
Pseudo Wire Standards (Care for a Martini?)
RFC 4446 ā Numeric values for PW types
RFC 4447 ā Distribution mechanism for VC labelsPreviously called draft-martini-l2circuit-trans-mpls
RFC 4448 ā Encapsulation for Ethernet using MPLSPreviously called draft-martini-l2circuit-encap-mpls
Other drafts are addressing different encapsulationsdraft-ietf-pwe3-frame-relay/draft-ietf-pwe3-atm-encap
draft-ietf-pwe3-ppp-hdlc-encap-mpls
Originally part of draft-martini-l2circuit-encap-mpls
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
MPLS PW Types (RFC 4446)
0x0001 Frame Relay DLCI ( Martini Mode )
0x0002 ATM AAL5 SDU VCC transport
0x0003 ATM transparent cell transport
0x0004 Ethernet Tagged Mode (VLAN)
0x0005 Ethernet (Port)
0x0006 HDLC
0x0007 PPP
0x0008 SONET/SDH Circuit Emulation
0x0009 ATM n-to-one VCC cell transport
0x000A ATM n-to-one VPC cell transport
0x000B IP Layer2 Transport
0x000C ATM one-to-one VCC Cell Mode
0x000D ATM one-to-one VPC Cell Mode
0x000E ATM AAL5 PDU VCC transport
0x000F Frame-Relay Port mode
0x0010 SONET/SDH Circ. Emu. over Packet
0x0011 Structure-agnostic E1 over Packet
0x0012 Structure-agnostic T1 over Packet
0x0013 Structure-agnostic E3 over Packet
0x0014 Structure-agnostic T3 over Packet
0x0015 CESoPSN basic mode
0x0016 TDMoIP AAL1 Mode
0x0017 CESoPSN TDM with CAS
0x0018 TDMoIP AAL2 Mode
0x0019 Frame Relay DLCI
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
VC Information Distribution (RFC 4447)
VC labels are exchanged across a targeted LDP session between PE routers
Generic Label TLV within LDP Label Mapping Message
LDP FEC element defined to carry VC informationSuch PW Type (RFC 4446) and VCID
VC information exchanged using Downstream Unsolicited label distribution procedures
Separate āMAC Listā TLV for VPLS Defined in draft-ietf-l2vpn-vpls-ldp
Use to withdraw labels associated with MAC addresses
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
VC Label identifies interface
Tunnel Label(s) gets to PE router
Unidirectional Tunnel LSP between PE routers to transport PW PDU from PE to PE using tunnel label(s)
Both LSPs combined to form single bi-directional Pseudo Wire
Directed LDP session between PE routers to exchange VC information, such as VC label and control information
VC Distribution Mechanism using LDP
IP/MPLS
PE1LSP created
using IGP+LDP or RSVP-TE
Customer Site
Customer Site
Customer Site
Customer Site
Label Switch Path
Directed LDP Session between PE1 and PE2
PE2CE
CE
CE
CE
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21
PW Encapsulation over MPLS (RFC 4448)
Ethernet Pseudo Wires use 3 layers of encapsulationTunnel Encapsulation (zero, one or more MPLS Labels)
To get PDU from ingress to egress PE; Could be an MPLS label (LDP, TE), GRE tunnel, L2TP tunnel
Pseudo Wire Demultiplexer (PW Label)To identify individual circuits within a tunnel; Obtained from Directed LDP session
Control Word (Optional) The following is supported when carrying Ethernet
Provides the ability to sequence individual framesAvoidance of equal-cost multiple-path load-balancingOperations and Management (OAM) mechanisms
Control word format varies depending on transported PDU
TunnelLabel
PWLabel
ControlWord
Layer 2PDU
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
Ethernet PW Tunnel Encapsulation
Tunnel Encapsulation One or more MPLS labels associated with the tunnel
Defines the LSP from ingress to egress PE router
Can be derived from LDP+IGP, RSVP-TE, BGP IPv4+Label
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
EXP TTL (set to 2)VC Label (VC) 1
Tunnel Label (LDP,RSVP,BGP)
Layer-2 PDU
0 0 0 0 Reserved Sequence Number
EXP TTL0
PW Demux
Tunnel Encaps
Control Word
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23
Ethernet PW Demultiplexer
VC Label
Inner label used by receiving PE to determine the following
Egress interface for L2PDU forwarding (Port based)
Egress VLAN used on the CE facing interface (VLAN Based)
EXP can be set to the values received in the L2 frame
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
EXP TTL (set to 2)VC Label (VC) 1
Tunnel Label (LDP,RSVP,BGP)
Layer-2 PDU
0 0 0 0 Reserved Sequence Number
EXP TTL0
PW Demux
Tunnel Encaps
Control Word
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24
Ethernet PW Control Word
Control Word is Optional (as per RFC)0 0 0 0 First nibble is 0x0 to prevent aliasing with IP
Packets over MPLS (MAC addresses that start with 0x4 or 0x6)
Reserved Should be all zeros, ignored on receive
Seq number provides sequencing capability to detect out of order packets - currently not in Ciscoās
implementation ā processing is optional
EXP TTL (set to 2)VC Label (VC) 1
Tunnel Label (LDP,RSVP,BGP)
Layer-2 PDU
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
PW Demux
Tunnel Encaps
Control Word 0 0 0 0 Reserved Sequence Number
EXP TTL0
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25
P2P1
PW Operation and Encapsulation
IP/MPLS
Customer Site
Customer Site
Directed LDP Session between PE1 and PE2
PE2CE CE
LSPāPW1ā
Lo0:
Label 24for Lo0:
Label Popfor Lo0:
Label 38for Lo0:
Label 72for PW1
PE1
LDPSession
LDPSession
LDPSession
24 72 L2 PDU
This process happens in both directions(Example shows process for PE2 PE1 traffic)
38 72 L2 PDU72 L2 PDU
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26
VPLS Architecture
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27
VPLS Standards
Architecture allows IEEE 802.1 bridge behaviour in SP plus:
Autodiscovery of other N-PE in same VPLS instance
Signaling of PWs to interconnect VPLS instances
Loop avoidance & MAC Address withdrawal
Two drafts have been approved by IETF L2VPN Working Group
draft-ietf-l2vpn-vpls-ldp
Uses LDP for signalling, agnostic on PE discovery method
Predominant support from carriers and vendors
Cisco supports this draft
draft-ietf-l2vpn-vpls-bgp
Uses BGP for signalling and autodiscovery
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28
NMS/OSS
Cisco VPLS Building Blocks
TunnelProtocol MPLS IP
L2VPN Discovery
CentralisedDNS Radius Directory Services
DistributedBGP
Signaling Label DistributionProtocol
Point-to-PointLayer 2 VPNLayer 2 VPN Multipoint
Layer 2 VPN Layer 3 VPN
ForwardingMechanism
Interface-Based/Sub-Interface
Ethernet Switching (VFI) IP Routing
Hardware Cisco 7600 Catalyst 6500 Cisco 12000
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29
VPLS Auto-discovery & Signaling
Draft-ietf-l2vpn-vpls-ldp
Does not mandate an auto-discovery protocol
Can be BGP, Radius, DNS, or Directory based
Uses Directed LDP for label exchange (VC) and PW signaling
PWs signal control information as well (for example, circuit state)
Cisco IOS supports Directed LDP for all VC signaling
Point-to-point ā Cisco IOS Any Transport over MPLS (AToM)
Multipoint ā Cisco IOS MPLS Virtual Private LAN Services
VPN Discovery
CentralisedDNS Radius Directory Services
DistributedBGP
Signaling Label DistributionProtocol
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30
VPLS Flooding & Forwarding
Flooding (Broadcast, Multicast, Unknown Unicast)
Dynamic learning of MAC addresses on PHY and VCs
Forwarding
Physical Port
Virtual Circuit
Data SA DA?
Unknown DA? Pseudo Wire in LSP
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31
MAC Address Learning and Forwarding
Broadcast, Multicast, and Unknown Unicast are learned via the received label associations
Two LSPs associated with a VC (Tx & Rx)
If inbound or outbound LSP is downThen the entire Pseudo Wire is considered down
PE1 PE2
Send me frames using Label 170
Send me frames using Label 102
CECE
E0/0 E0/1
MAC 2 E0/1
MAC Address Adj
MAC 1 102
MAC 2 170
MAC Address Adj
MAC 1 E0/0
Use VCLabel 102
MAC1
Use VCLabel 170
MAC2
PE2170MAC2MAC1Data
PE2 102 MAC1 MAC2 Data
Directed LDP
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 32
MPLSMPLS
MAC Address Withdrawal Message
Message speeds up convergence process
Otherwise PE relies on MAC Address Aging Timer
Upon failure PE removes locally learned MAC addresses
Send LDP Address Withdraw (RFC3036) to remote PEs in VPLS (using the Directed LDP session)
New MAC List TLV is used to withdraw addresses
X
MAC
Withdrawal
MA
CW
ith
dra
wal
Directed LDP
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 33
MPLSMPLS
VPLS Topology ā PE View
Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection
Full mesh topology obviates STP in the SP network
Customer STP is transparent to the SP / Customer BPDUs are forwarded transparently
PEs
CEs
PE view
Full Mesh LDP
Ethernet PW to each peer
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 34
MPLSMPLSPEs
CEs
PE view
Full Mesh LDP
Ethernet PW to each peer
VPLS Topology ā CE View
CE routers/switches see a logical Bridge/LAN
VPLS emulates a LAN ā but not exactlyā¦This raises a few issues which are discussed later
MPLS VPLS CoreMPLS VPLS CoreMPLSMPLS
CEs
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 35
VPLS Architectures
VPLS defines two Architectures Direct Attachment (Flat)
Described in section 4 of Draft-ietf-l2vpn-vpls-ldp
Hierarchical or H-VPLS comprising of two access methods
Ethernet Edge (EE-H-VPLS) ā QinQ tunnels
MPLS Edge (ME-H-VPLS) - PWE3 Pseudo Wires (EoMPLS)
Described in section 10 of Draft-ietf-l2vpn-vpls-ldp
Each architecture has different scaling characteristics
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 36
VPLS Functional Components
CE U-PE N-PE MPLS Core N-PE U-PE CE
Customer MxUs
SP PoPs Customer MxUs
N-PE provides VPLS termination/L3 services
U-PE provides customer UNI
CE is the custome device
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 37
Directed attachment (Flat) Characteristics
Suitable for simple/small implementations
Full mesh of directed LDP sessions required N*(N-1)/2 Pseudo Wires required
Scalability issue a number of PE routers grows
No hierarchical scalability
VLAN and Port level support (no QinQ)
Potential signaling and packet replication overheadLarge amount of multicast replication over same physical
CPU overhead for replication
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 38
Direct Attachment VPLS (Flat Architecture)
CE N-PE MPLS Core N-PE CE
Ethernet (VLAN/Port
Ethernet(VLAN Port)Full Mesh PWs + LDP
MAC2MAC1Data
PEVCMAC2MAC1Data
MAC2MAC1Data802.1q
Customer
Pseudo WireSP Core
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 39
Hierarchical VPLS (H-VPLS)
Best for larger scale deployment
Reduction in packet replication and signaling overhead
Consists of two levels in a Hub and Spoke topologyHub consists of full mesh VPLS Pseudo Wires in MPLS core
Spokes consist of L2/L3 tunnels connecting to VPLS (Hub) PEs
Q-in-Q (L2), MPLS (L3), L2TPv3 (L3)
Some additional H-VPLS termsMTU-s Multi-Tenant Unit Switch capable of bridging (U-PE)
PE-r Non bridging PE router
PE-rs Bridging and Routing capable PE
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 40
Why H-VPLS?
Potential signaling overhead
Full PW mesh from the Edge
Packet replication done at the Edge
Node Discovery and Provisioning extends end to end
Minimizes signaling overhead
Full PW mesh among Core devices
Packet replication done the Core
Partitions Node Discovery process
VPLS H-VPLS
CE
CE
CE CE
CE
CE PE
PE
PE
PE
PE
PE
PE
PE CE
CE
MTU-s
CE
CE
PE-rs
PE-rs
PE-rs
PE-rs
PE-rs
PE-rs
PE-r
CE
CE
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 41
Ethernet Edge H-VPLS (EE-H-VPLS)
CEN-PEPE-rs MPLS Core
N-PEPE-rs CE
QinQTunnel Full Mesh PWs + LDP
U-PEMTU-s
U-PEMTU-s
802.1qAccess
802.1qAccess
QinQTunnel
MAC2MAC1Data VlanCE
PEVCMAC2MAC1Data VlanCE
MAC2MAC1Data VlanCE
VlanSP
802.1q Customer
QinQSP Edge
Pseudo WireSP Core
1 23
1
2
3
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 42
Bridge Capability in EE-H-VPLS
Local edge traffic does not have to traverse N-PEMTU-s can switch traffic locally
Saves bandwidth capacity on circuits to N-PE
CEN-PEPE-rs
U-PEMTU-s
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 43
MPLS VPLS
N-PE
N-PE
N-PE
P P
PP
GE Ring
Metro A U-PEPE-AGG
Metro C
U-PE
DWDM/CDWM
U-PE
User Facing Provider Edge (U-PE)
Network Facing Provider Edge (N-PE)
Ethernet Edge Topologies
U-PE
RPR
Metro D
Large ScaleAggregation
PE-AGG
Intelligent EdgeN-PE
Multiservice Core
P
Efficient Access
U-PE
Intelligent EdgeN-PE
Efficient Access
U-PE
SiSi
SiSi
Metro B
10/100/
1000 Mbps
10/100/
1000 Mbps
10/100/1000 Mbps
10/100/1000 Mbps
Hub and Spoke
FullService
CPE
FullService
CPE
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 44
MPLS CoreMPLS Core
MPLS Edge H-VPLS
CEN-PEPE-rs MPLS Core
N-PEPE-rs CE
MPLSPseudo Wire Full Mesh PWs + LDP
U-PEPE-rs
U-PEPE-rs
802.1qAccess
802.1qAccess
MPLSPseudo
Wire
MAC2MAC1Data VlanCE
PEVCMAC2MAC1Data VlanCE
802.1q Customer
MPLS PWSP Edge
Pseudo WireSP Core
PEVCMAC2MAC1Data VlanCE
Same VCID used in Edge and core (Labels
may differ)
MPLS Acces
s
MPLS Acces
s
1 23
1
2
3
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 45
VFI and Split Horizon (VPLS, EE-H-VPLS)
VFI
Pseudo Wire #2
VirtualForwarding
Interface Pseudo Wires
Local Switching
Virtual Forwarding Interface is the VSI representation in IOSSingle interface terminates all PWs for that VPLS instanceThis model applicable in direct attach and H-VPLS with Ethernet Edge
Split Horizon Active
11111
3 3 3 3 3
3 3 3 3 3
3 3 3 3 3Broadcast/Multicast
Bridging Function(.1Q or QinQ)
22222
111 22
Pseudo Wire #1
N-PE1
1 11 1
2 22 2
33 33
3 33 3N-PE2
N-PE3
CE
CE
This traffic will not be replicated out PW #2 and visa versa
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 46
N-PE1
Pseudo Wire #3
VFI and NO Split Horizon (ME-H-VPLS)
VFI
Pseudo Wire #2
VirtualForwarding
Interface Pseudo Wires
NO Split Horizon
This model applicable H-VPLS with MPLS Edge
PW #1, PW #2 will forward traffic to PW #3 (non split horizon port)
Split Horizon Active
11111
3 3 3 3 3
3 3 3 3 3
Unicast
Pseudo WireMPLS Based
22222
111 22Pseudo Wire #1
U-PE
N-PE3
Split Horizon disabled
N-PE2
CE
CE
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 47
VPLS Logical Topology Comparison
Direct Attach H-VPLS ā QinQ tunnel H-VPLS - MPLS PW
Pros Simple access via Ethernet
Simple access via Ethernet
Hierarchical support via QinQ at access
Scalable customer VLANs (4K x 4K)
4K customers supported per Ethernet Access Domain
Fast L3 IGP convergence
MPLS TE FRR <50msec
Hierarchical support via MPLS PW at access
Cons No hierarchical scalability
Customer VLAN cannot over lap
4K customer VLAN limit in Ethernet access domain
High STP reconvergence time
High STP re-convergence time
MAC is not scalable as customer MAC still seen on SP network
Supported on SIP-600 only as of 12.2(33)SRA
More complicated provisioning
Requires MPLS to u-PE
OSM/SIP-400/600 as U-PE facing card on N-PE (for 7600)
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 48
Configuration Examples
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 49
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 50
MPLS CoreMPLS Core
Direct Attachment Configuration (C7600)
CEs are all part of same VPLS instance (VCID = 56)CE router connects using VLAN 100 over sub-interface
PE1 PE2CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1VLAN100
VLAN100
VLAN100
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 51
interface GigabitEthernet 1/3.100 encapsulation dot1q 100 ip address 192.168.20.2
interface GigabitEthernet 2/0.100 encapsulation dot1q 100 ip address 192.168.20.3
Direct Attachment CE router Configuration
CE routers sub-interface on same VLANCan also be just port based (NO VLAN)
CE1 CE2
CE2
VLAN100
VLAN100
VLAN100
Subnet 192.168.20.0/24
interface GigabitEthernet 2/1.100 encapsulation dot1q 100 ip address 192.168.20.1
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 52
l2 vfi VPLS-A manual vpn id 56 neighbor 2.2.2.2 encapsulation mpls neighbor 1.1.1.1 encapsulation mpls
l2 vfi VPLS-A manual vpn id 56 neighbor 1.1.1.1 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls
l2 vfi VPLS-A manual vpn id 56 neighbor 2.2.2.2 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls
MPLS CoreMPLS Core
Direct Attachment VSI Configuration
Create the Pseudo Wires between N-PE routers
PE1 PE2CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1VLAN100
VLAN100
VLAN100
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 53
MPLS CoreMPLS Core
Direct Attachment CE Router (VLAN Based)
Same set of commands on each PE
Configured on the CE facing interface
PE1 PE2CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1VLAN100
VLAN100
VLAN100Interface GigabitEthernet3/0 switchport switchport mode trunk switchport trunk encapsulation dot1q switchport trunk allowed vlan 100!Interface vlan 100 no ip address xconnect vfi VPLS-A!vlan 100 state active
This command associates the VLAN with the VPLS instance
VLAN100 = VCID 56
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 54
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 55
MPLS CoreMPLS Core
Direct Attachment CE switch (Port Based)
PE1 PE2CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1All VLANs
All VLANs
All VLANsInterface GigabitEthernet3/0 switchport switchport mode dot1qtunnel switchport access vlan 100 l2protocol-tunnel stp! Interface vlan 100 no ip address xconnect vfi VPLS-A!vlan 100 state active
This command associates the VLAN with the VPLS instance
VLAN100 = VCID 56
If CE was a switch instead of a router then we can use QinQ
QinQ places all traffic (tagged/untagged) from switch into a VPLS
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 56
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 57
MPLS CoreMPLS Core
H-VPLS Configuration (C7600/3750ME)
U-PEs provide services to customer edge deviceCE traffic then carried in QinQ or EoMPLS PW to N-PE
PW VSI mesh configuration is same as previous examples
N-PE1 N-PE2
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
CE1
CE2
U-PE1Cisco
3750ME
gi4/4 gi1/1/1 fa1/0/1
U-PE2Cisco
3750ME4.4.4.4
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 58
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 59
MPLS CoreMPLS Core
H-VPLS QinQ Tunnel (Ethernet Edge)
N-PE1 N-PE2
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4 gi1/1/1
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
Interface GigabitEthernet4/4 switchport switchport mode trunk switchport trunk encapsulation dot1q switchport trunk allowed vlan 100!Interface vlan 100 no ip address xconnect vfi VPLS-A!vlan 100 state active
U-PE carries all traffic from CE using QinQOuter tag is VLAN100, inner tags are customerās
interface FastEthernet1/0/1 switchport switchport access vlan 100 switchport mode dot1q-tunnel switchport trunk allow vlan 1-1005!interface GigabitEthernet 1/1/1 switchport switchport mode trunk switchport allow vlan 1-1005
CE1
CE2
fa1/0/1
4.4.4.4
U-PE2Cisco
3750ME
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 60
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 61
MPLS CoreMPLS Core
H-VPLS EoMPLS PW Edge (VLAN Based)
CE interface on U-PE can be access or trunk portxconnect per VLAN is required
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
interface FastEthernet1/0/1 switchport switchport access vlan 500!interface vlan500 xconnect 2.2.2.2 56 encapsulation mpls!interface GigabitEthernet1/1/1 no switchport ip address 156.50.20.2 255.255.255.252 mpls ip
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1Interface GigabitEthernet4/4 no switchport ip address 156.50.20.1 255.255.255.252 mpls ip!l2 vfi VPLS-A manual vpn id 56 neighbor 1.1.1.1 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls neighbor 4.4.4.4 encaps mpls no-split
4.4.4.4
Ensures CE traffic passed on PW to/from U-PE
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 62
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 63
MPLS CoreMPLS Core
H-VPLS EoMPLS PW Edge (Port Based)
CE interface on U-PE can be access or trunk portxconnect for entire PORT is required
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
interface FastEthernet1/0/1 no switchport xconnect 2.2.2.2 56 encapsulation mpls!interface GigabitEthernet1/1/1 no switchport ip address 156.50.20.2 255.255.255.252 mpls ip
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1Interface GigabitEthernet4/4 no switchport ip address 156.50.20.1 255.255.255.252 mpls ip!l2 vfi PE1-VPLS-A manual vpn id 56 neighbor 1.1.1.1 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls neighbor 4.4.4.4 encaps mpls no-split
4.4.4.4
Ensures CE traffic passed on PW to/from U-PE
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 64
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 65
MPLS CoreMPLS Core
show mpls l2 vc
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1
NPE-A#show mpls l2 vc
Local intf Local circuit Dest address VC ID Status
------------- ------------- ------------- ------ ------
VFI VPLS-A VFI 1.1.1.1 10 UP
VFI VPLS-A VFI 3.3.3.3 10 UP
4.4.4.4
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 66
MPLS CoreMPLS Core
show mpls l2 vc detail
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1
NPE-2#show mpls l2 vc detail
Local interface: VFI VPLS-A up
Destination address: 1.1.1.1, VC ID: 10, VC status: up
Tunnel label: imp-null, next hop 156.50.20.1
Output interface: POS4/3, imposed label stack {19}
Create time: 1d01h, last status change time: 00:40:16
Signaling protocol: LDP, peer 1.1.1.1:0 up
MPLS VC labels: local 23, remote 19
4.4.4.4Use VCLabel 19
Use VCLabel 23
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 67
Deployment Issues
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 68
Deployment Issues
MTU Size
Broadcast Handling
Router or a Switch CPE?
Ramblings of an Engineer
A Sample Problem
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 69
Pseudo Wire Data Plane Overhead
At imposition, N-PE encapsulates CE Ethernet or VLAN packet to route across MPLS cloud
These are the associated overheadsTransport Header is 6 bytes DA + 6 bytes SA + 2 bytes Etype + OPTIONAL 4 Bytes of VLAN Tag (carried in Port based service)
At least 2 levels of MPLS header (Tunnel + VC) of 4 bytes each
There is an optional 4-Byte control word
Inner Label (32-bits)
Outer Label (32-bits)
Tunnel HeaderTunnel Header VC HeaderVC HeaderL2 HeaderL2 Header Original Ethernet FrameOriginal Ethernet Frame
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 70
Calculating Core MTU Requirements
Core MTU ā„ Edge MTU + Transport Header + AToM Header + (MPLS Label Stack * MPLS Header Size)
Edge MTU is the MTU configured in the CE-facing PE interface
Examples (all in Bytes):
1530[1526]
1530[1526]
1526[1522]
Total
431500EoMPLS Port w/ TE FRR
421500EoMPLS VLAN Mode
421500EoMPLS Port Mode
MPLSHeader
MPLSStack
Edge
14
18
14
Transport
4 [0]
4 [0]
4 [0]
AToM
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 71
Beware the MTU ā It Can Get Real Big
DA SA Type TE VcTu DA SA TPID TCI Type DataSFDPre
Enterprise MPLS Frame
FCS
Pream
ble
Start o
f Fram
e D
elimter
Carrier D
estM
AC
Carrier S
ou
rce M
AC
Eth
er type =
8847
Traffic
En
gin
eer label
Eo
MP
LS
Tu
nn
el L
ab
el
Eo
MP
LS
VC
Lab
el
Cu
st Destin
atio
n M
AC
Cu
st So
urce
MA
C
VL
AN
Pro
toco
l ID =
8100
VL
AN
ID In
fo7 1 6 6 2 4 4 4 6 6 2 2 2
Cu
st Typ
e
Cu
st Pa
cket
Fram
e Ch
eck Seq
ue
nce
> 1500 4
Cntrl
Co
ntro
l Wo
rd
4
Carrier Pseudowire Encapsulation
Data portion may be > 1500 if
carrying MPLS labels
MTU SizingPacket size can get very large in backhaul due to multiple tags and labels
Ensure core and access Ethernet interfaces are configured with appropriate MTU size
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 72
Broadcast/Multicast/Unknown Unicast Handling
VPLS relies on ingress replication Ingress PE replicates the multicast packet to each egress Pseudo Wire (PE neighbour)
Ethernet switches replicate broadcast/multicast flows once per output interface
VPLS may duplicate packets over the same physical egress interface ā for each PW that interface carriers
Unnecessary replication brings the risk of resource exhaustion when the number of PWs increases
Some discussion on maybe using multicast for PWsRather than full mesh of P2P Pseudo Wires
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 73
Switch or Router as CE device
Ethernet Switch as CE deviceIf directly attached SP allocates VLAN could be an issue in customer network
SP UNI exposed to L2 network of customer
L2 PDUs must be tunnelled such as STP BPDUs
No visibility of network behind CE switch
Many MAC address can exists on UNI
High exposure to broadcast storms
Router as CE deviceSingle MAC Address exists (for interface of router)
No SPT interactions
Router controls broadcast issues (multicast still happens)
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 74
VPLS Caveats (Ramblings of an Engineer)
VPLS may introduce non-deterministic behaviour in SP CoreCase in point ā learning of VPN routes
An MPLS-VPN provides ordered manner to learn VPNv4 routers using MP-BGP ā unknown addresses are dropped
In VPLS, learning is achieved through flooding MAC address
Excessive number of Unknown, Broadcast and Multicast frames could behave as a series of āpacket bombsā
Solution: Ingress Threshold Filters (on U-PE or N-PE)How to selectively choose which Ethernet Frames to discard?
How to avoid dropping Routing and Keepalives (control)
May cause more problems in customer networkā¦
How many MAC addresses allowed?
Does SP really want to take this responsibility?
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 75
VPLS Caveats (Ramblings of an Engineer)
DoS attack has a higher probability of manifestingWhether intentional or by mis-configuration
Since traffic is carried at layer 2, a lot of chatter could be traversing the MPLS core unnecessarily.
For example, status requests for printers
How is CoS applied across for a VPLS service? Should all frames on a VPLS interface be afforded the same class of service?
Should there be some sort of differentiation?
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 76
A Common VPLS Problem
Protocols expect LAN behaviour
VPLS is viewed as an Ethernet networkAlthough it does not necessarily behave like one
VPLS is āvirtualā in its LAN service
There are some behaviours which differ from a real LAN
An example The OSPF designated router problemā¦
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 77
OSPF Designated Router Problem
VPLS ViewRouter A is the DR, Router B is the BDR
Router C sees both A and B via Pseudo Wires
OSPF DR(A)
OSPF Backup DR
(B)
OSPF Neighbour(C)
Pseudo WiresOSPF DR
(A)
OSPF Backup DR
(B) OSPF Neighbour(C)
Router ViewRouter A, B and C behave like they are on a LAN
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 78
OSPF Designated Router Problem
Assume PW between A and B loses connectivityRouter A and Router B cannot see each other
Router C can still see both the Router A and Router B
Pseudo WiresOSPF DR
(A)
OSPF Backup DR
(B) OSPF Neighbour(C)
Ethernet frames travel along discrete paths a VPLSTherefore Router C can see both Router A and B
But Router A and Router B cannot see each other!
Router B assumes A has failed and becomes the DRRouter C now see two DRs on same LAN segment ā Problem!
No arbitration available between Router A and Router B
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 79
Summary
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 80
Summary
VPLS has its advantages and benefitsNon-IP protocols supported, customers do not have routing interaction etc..
Use routers as the CE deviceUnderstand their multicast requirements
Then again, maybe MPLS-VPN could do the job?
Avoid switches as CPEOtherwise understand customerās network requirements
Devices, applications (broadcast/multicast vs unicast)
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 81
Q & A
Ā© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 82