huy_2. 7600_l2vpn.pdf
TRANSCRIPT
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1
L2VPN Fundamentals
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 2
L2VPN Fundamentals
EoMPLS
EoMPLS Control and Forwarding Plane
A simple EoMPLS Configuration Example
7600 EoMPLS Options
VPLS
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 3
MPLS
EoMPLS Overview
MPLS in the core, normal LDP sessions per hop to exchange Tunnel label
Targeted (AKA directed) LDP session between PEs to exchange VC (AKA PW label) label
Tunnel label is used to forward packet from PE to PE
VC label is used to identify L2VPN circuit
Attachment Circuit (AC) Connection to CE, it could be a physical Ethernet port, a logical Ethernet port, and ATM PVC carrying Ethernet frames, etc
Attachment circuit is mapped to EoMPLS PW. It can be 1:1 or N:1 mapping
Pseudowire
PE P PE
CE CE LDP
LDP
Targeted LDP
Attachment Circuit Attachment Circuit
P
Tunnel label
Customer PDU
VC label
Customer PDU
Customer PDU
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 4
Control Plane: Signalling
VC Type: FR, ATM, E802.1Q, Eth
C: 1 control word present
Group ID: If for a group of VC, useful to withdraws many labels at once
VC ID + VC Type: ID for the transported L2 vc
Int. Param: MTU
VC TLV C VC Type VC info length
Group ID
VC ID
Interface Parameter
Emulated VC signaling is done via directed LDP session between PEs. Information like VC type, VC ID, interface parameter, etc are negotiated
via VC signaling
For EoMPLS, it uses two VC types, VC type 4 (Ethernet VLAN) and VC type 5 (Ethernet). 7600 use VC type 5 by default, but can negotiate to VC
type 4 per peers request
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 5
Data plane (Martini encapsulation)
Length Sequence number Rsvd Flags
EXP TTL 1 VC Label
EXP TTL 0 Tunnel Label
L2 PDU
0 0
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
VC label
Tunnel label
Control Word(Optional)
L2 Frame
L2 Frame
Original customer Ethernet L2 PDUs are transported except the preamble, SFD and FCS. Customer VLAN id may or may not be transported depends on the VC type and if its used as service delimiter. If its VC type 4, service delimiter VLAN id is tunnelled. If its VC type 5, service delimiter VLAN id is not tunnelled
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 7
A EoMPLS Configuration Example
gig4/48
gig6/48
CE IP/MPLS cloud
PE-1
interface GigabitEthernet4/1
ip address 10.10.1.5 255.255.255.252
tag-switching ip
interface Loopback0
ip address 10.1.1.1 255.255.255.255
interface GigabitEthernet4/48.1
encapsulation dot1Q 100
xconnect 10.1.1.3 100 encapsulation mpls
PE-1 PE-2
PE-2
interface TenGigabitEthernet1/0/0
ip address 10.10.3.13 255.255.255.252
tag-switching ip
interface Loopback0
ip address 10.1.1.2 255.255.255.255
interface gig 6/48.1
encapsulation dot1q 101
xconnect 10.1.1.1 100 encapsulation mpls
gig4/1 ten1/0/0
VPN ID is globally significant. It must match on
both PEs to identify the EoMPLS VC Attachment Circuit VLAN ID is local PE
significant
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 8
PE1#sh mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
Gi4/48.1 Eth VLAN 100 10.1.1.2 100 UP
Indicates Emulated VC 100 with Remote Peer 10.1.1.2 is UP
VC type 5 (Ethernet)
CW (0)
MTU (1500)
PE1#sh mpl l2 bind 100
Destination Address: 10.1.1.2, VC ID: 100
Local Label: 25
Cbit: 0, VC Type: Ethernet, GroupID: 0
MTU: 1500, Interface Desc: n/a
VCCV Capabilities: Type 2
Remote Label: 19
Cbit: 0, VC Type: Ethernet, GroupID: 0
MTU: 1500, Interface Desc: n/a
VCCV Capabilities: Type 2
Control Plane Verification
Verify the underlying MPLS/IP connectivity before EoMPLS troubleshooting !!!
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 9
Control Plane Verification
PE1#sh mpl l2 vc 100 detail
Local interface: Gi4/48.1 up, line protocol up, Eth VLAN 100 up
Destination address: 10.1.1.2, VC ID: 100, VC status: up
Tunnel label: 17, next hop 10.10.1.6
Output interface: Gi4/1, imposed label stack {17 19}
Create time: 00:15:02, last status change time: 00:04:37
Signaling protocol: LDP, peer 10.1.1.3:0 up
MPLS VC labels: local 25, remote 19
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 10208285, send 11130498
byte totals: receive 837079404, send 712351872
packet drops: receive 0, send 0
10.1.1.2 (PE2 loopback)
VC ID 100
VC label :19
Tunnel label:17
Statistics Counters
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 10
7600 EoMPLS Configuration Options
Interface gig 1/1
xconnect 1.1.1.1 10 encap mpls
Interface gig 1/1.1
encap dot1q 100
xconnect 1.1.1.1 10 encap mpls
Interface gig 1/1/1
service instance 10 ethernet
encap dot1q 100
xconnect 1.1.1.1 10 encap mpls
Interface gig 1/1
switchport
switchport trunk encap dot1q
switchport trunk allow vlan 100
Interface vlan 100
xconnect 1.1.1.1 10 encap mpls
PFC based EoMPLS
Scalable EoMPLS
SVI based EoMPLS
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 11
7600 EoMPLS Options classify based on who does the EoMPLS label imposition/diposition
Ingress (SIP400 & ES20 ONLY)
PFC/DFC Egress
EoMPLS Option Scalable EoMPLS PFC based (or HW) EoMPLS
WAN based (or SVI based or SW) EoMPLS
EoMPLS Label imposition/deposition
Ingress SIP card (SIP400 and ES20)
PFC/DFC Egress SIP card
Maximum EoMPLS PWs
16K with EVC config
12K with sub-interface config
PW doesnt consume system VLAN resource
4K, each PW need one system VLAN resource
4K, each PW need one system VLAN resource
Local Switching No No Yes
xconnect config Sub-interface or EVC Sub-interface or main interface
SVI
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 12
L2VPN Fundamentals
EoMPLS
VPLS
Concept
A simple VPLS example
VPLS logical topology
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 13
VPLS Overview (vs. SVI based EoMPLS)
MPLS Attachment Circuit
Mac Learning and forwarding
SVI
7600 SIP
pseudo port
Attachment
Circuit
Attachment
Circuit
MPLS uplink port must be SIP based
pseudo port
SVI
VPLS is very similar to SVI based EoMPLS
L2 bridging among attachment circuit ports and PW pseudo ports based on MAC address
xconnect is configured under SVI
Need SIP based card as MPLS uplink port
Same EoMPLS data plane, like L2PDU handling etc
Whats different?
P-to-P (EoMPLS) vs. Multipoint (VPLS)
SVI
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 14
VPLS Components
Attachment Circuit (AC) Connection to CE, it could be a physical Ethernet port, a logical Ethernet port, and ATM PVC carrying Ethernet frames, etc.
Virtual Circuit (Pseudo Wire) - Full Mesh of P-to-P PWs among participating PEs
Virtual Forwarding Instance (VFI) A virtual L2 bridge instance that connects ACs to VCs (PWs)
VFI to VLAN is 1-to-1 mapping. One VPLS instance create one L2 broadcast domain which include all the ACs and PWs. Packet is forwarded in this L2 broadcast domain just as regular L2 switch based on MAC address - MAC learning, forwarding, aging, etc is involved
MPLS
SVI
SVI SVI
AC
PW
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 15
VPLS (multipoint) Requirement
Compared with SVI based EoMPLS (P-to-P L2VPN Circuit), as multipoint
L2VPN circuit, VPLS need to meet following additional requirement
VPLS Multipoint bridging need same L2 forwarding mechanism as normal L2 switch, including
Redundancy mechanism and loop prevention MAC address learning, aging, limiting MAC address flushing/withdrawal upon topology change MAC address based forwarding
Since multiple PEs can participate into same L2VPN, it may need auto VPN membership discovery to simplify configuration. Manual
membership configuration should be also supported
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 16
VPLS Auto-discovery & Signaling
Auto-discovery of VPN membership
Reduces VPN configuration and errors associated with configuration.
Draft-ietf-l2vpn-vpls-ldp-01 does not mandate an auto-discovery protocol. It can be BGP, Radius, DNS, AD based.
7600 use manual configuration. And support BGP based auto discovery from Barracuda release
Signaling of connections between PE devices associated with a VPN.
Same as EoMPLS, using directed LDP session to exchange VC information
Note, 7600 supports BGP based VPLS auto discovery. But this is only for VPN membership discovery, it still use directed LDP for EoMPLS signaling.
VPN Discovery
Signaling
Centralized DNS Radius Directory Services
Distributed BGP
Label Distribution Protocol
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 17
VPLS Layer 2 Packet Forwarding
Flooding/Forwarding
Forwarding based on [VLAN, Destination MAC Address]
Unknwon Ucast/Mcast/Broadcast Flood to all ports (IGMP/PIM snooping can be used to constrict multicast flooding. This is supported from Barracuda release)
MAC Learning/Aging/Limit
Dynamic learning based on Source MAC and VLAN
Refresh aging timers with incoming packet
MAC address table limit per VFI (VLAN)
Note, MAC withdrawal/flushing is included in Advanced L2VPN part
MPLS
SVI
SVI SVI
AC
PW
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 18
VPLS Redundancy and Loop prevention
Customer STP is transparent to the SP / customer BPDUs are dropped or forwarded transparently. VPLS only tunnel BPDU, not participate STP
VPLS use full mesh PW + split horizon to achieve redundancy and for loop prevention
Full mesh PWs among all the participating PEs
Split horizon - Traffic received from the network (PW) will not be forwarded back to the network (PW). Only forwarded to ACs. Exception for H-VPLS with split-horizon turn off
MPLS
SVI
SVI SVI
AC
PW
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 19
A VPLS Configuration Example
l2 vfi full-vpls manual
vpn id 1000
neighbor 10.0.2.1 encapsulation mpls
neighbor 10.0.2.10 encapsulation mpls
!
Interface loopback 0
ip address 10.0.2.2 255.255.255.255
Interface vlan 2000 VLAN ID doesnt need to match VPN ID. Its local PE significant no ip address xconnect vfi full-vpls Interface gig 6/2 switchport switchport trunk encap dot1q switchport trunk allow vlan 2000
l2 vfi full-vpls manual
vpn id 1000
neighbor 10.0.2.2 encapsulation mpls
neighbor 10.0.2.10 encapsulation mpls
Interface loopback 0
ip address 10.0.2.1 255.255.255.255
Interface vlan 1000 xconnect vfi full-vpls Interface gig 1/2 switchport switchport trunk encap dot1q switchport trunk allow vlan 1000
l2 vfi full-vpls manual
vpn id 1000
neighbor 10.0.2.1 encapsulation mpls
neighbor 10.0.2.2 encapsulation mpls
Interface loopback 0
ip address 10.0.2.10 255.255.255.255
Interface vlan 1000 xconnect vfi full-vpls Interface gig 1/2 switchport switchport trunk encap dot1q switchport trunk allow vlan 1000
N-PE1
MPLS
N-PE2
N-PE10
10.0.2.2 / 32
10.0.2.10 / 32
10.0.2.1 / 32
Gig 6/2
Gig 1/2
Gig 1/2
CE1 1.1.1.1 2222.2222.2221
CE2 1.1.1.2 2222.2222.2222
CE3 1.1.1.3 2222.2222.2221
SVI
SVI
SVI
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 20
Show commands (1) 7604-npe1#sh vfi full-vpls
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: full-vpls, state: up, type: multipoint
VPN ID: 1000
Local attachment circuits: local attachment vlan
Vlan1000
Neighbors connected via pseudowires:
Peer Address VC ID S
10.0.2.2 1000 Y split-horizon is enabled by default
10.0.2.10 1000 Y
7604-npe1#sh mac-add vlan 1000
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
* 1000 2222.2222.2221 dynamic Yes 0 Gi1/2 learn from local attachment circuit port
* 1000 2222.2222.2222 dynamic Yes 0 10.0.2.2, 1000 learn from PW, NPE2
* 1000 2222.2222.2223 dynamic Yes 0 10.0.2.10, 1000 learn from PW, NPE10
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 21
Show commands (2)
VC specific show commands are the same as EoMPLS, for example, the following show commands are per VC basis. They are the same as EoMPLS
Show mpls l2 vc
Show mpls l2 binding
Show mpls l2 vc detail
7604-npe1#show mpls l2 vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI full-vpls VFI 10.0.2.2 1000 UP
VFI full-vpls VFI 10.0.2.10 1000 UP
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 22
H-VPLS with MPLS Access
IP / MPLS Core
N-PE U-PEN-PEU-PE
CECE
Service Provider Network
.1Q MPLS
.1Q MPLS
Full Mesh Pseudowires LDP
IP / MPLS IP / MPLS
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 23
H-VPLS with MPLS Access Example
N-PE1
MPLS
N-PE2
N-PE10
10.0.2.2 / 32
10.0.2.10 / 32
10.0.2.1 / 32
Gig 6/2
Gig 1/2
Gig 1/2
CE1 1.1.1.1 2222.2222.2221
CE2 1.1.1.2 2222.2222.2222
CE10 1.1.1.10 2222.2222.222a
MPLS
SVI
SVI
SVI
CE4 1.1.1.4 2222.2222.2224
CE3 1.1.1.3 2222.2222.2223
Frames from Split-Horizon(SH) PW cannot send to other SH PWs, but can be send to No-Split-Horizon(NSH) PWs. Frames from NSH PWs can send to both SH and NSH PWs
On the Hub PE, for frame switched from PW to PW, two stage EoMPLS label imposition/deposition operations are involved.
For Hub PE, both core and access facing port must be SIP based to
support VPLS. For access PE neighbors, split-horizon is disabled
For spoke PE, its regular EoMPLS, no VPLS
configuration needed
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 24
H-VPLS with MPLS Access Configuration
Hub PE Configuration
l2 vfi h-vpls manual
vpn id 999
neighbor 10.0.2.4 encapsulation mpls no-split-horizon for spoke PE
neighbor 10.0.2.3 encapsulation mpls no-split-horizon
neighbor 10.0.2.2 encapsulation mpls for core PE
neighbor 10.0.2.1 encapsulation mpls
Interface vlan 999
xconnect vfi h-vpls
Spoke PE configuration
interface Loopback0
ip address 10.0.2.3 255.255.255.255
interface GigabitEthernet1/9
xconnect 10.0.2.10 999 encapsulation mpls regular EoMPLS, can be any type of EoMPLS option
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 25
H-VPLS with MPLS Access show commands (1)
7604-upe0#sh vfi h-vpls
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: h-vpls, state: up, type: multipoint
VPN ID: 999
Local attachment circuits:
Vlan999
Neighbors connected via pseudowires:
Peer Address VC ID S
10.0.2.4 999 N split-horizon is disabled for spoke PE
10.0.2.3 999 N
10.0.2.2 999 Y
10.0.2.1 999 Y
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 26
H-VPLS with MPLS Access show commands (2)
7604-upe0#sh mac-add vlan 999
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
* 999 2222.2222.2221 dynamic Yes 0 10.0.2.1, 999
* 999 2222.2222.2222 dynamic Yes 160 10.0.2.2, 999
* 999 2222.2222.2223 dynamic Yes 0 10.0.2.3, 999
* 999 2222.2222.2224 dynamic Yes 0 10.0.2.4, 999
* 999 2222.2222.222a dynamic Yes 0 Gi1/2
7604-upe0#sh mpl l2 vc 999
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI h-vpls VFI 10.0.2.1 999 UP
VFI h-vpls VFI 10.0.2.2 999 UP
VFI h-vpls VFI 10.0.2.3 999 UP
VFI h-vpls VFI 10.0.2.4 999 UP
-
2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 27