huy_2. 7600_l2vpn.pdf

2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Presentation_ID 1

L2VPN Fundamentals


L2VPN Fundamentals

EoMPLS

EoMPLS Control and Forwarding Plane

A simple EoMPLS Configuration Example

7600 EoMPLS Options

VPLS


MPLS

EoMPLS Overview

MPLS in the core, normal LDP sessions per hop to exchange Tunnel label

Targeted (AKA directed) LDP session between PEs to exchange VC (AKA PW label) label

Tunnel label is used to forward packet from PE to PE

VC label is used to identify L2VPN circuit

Attachment Circuit (AC) Connection to CE, it could be a physical Ethernet port, a logical Ethernet port, and ATM PVC carrying Ethernet frames, etc

Attachment circuit is mapped to EoMPLS PW. It can be 1:1 or N:1 mapping

Pseudowire

PE P PE

CE CE LDP

LDP

Targeted LDP

Attachment Circuit Attachment Circuit

P

Tunnel label

Customer PDU

VC label

Customer PDU

Customer PDU


Control Plane: Signalling

VC Type: FR, ATM, E802.1Q, Eth

C: 1 control word present

Group ID: If for a group of VC, useful to withdraws many labels at once

VC ID + VC Type: ID for the transported L2 vc

Int. Param: MTU

VC TLV C VC Type VC info length

Group ID

VC ID

Interface Parameter

Emulated VC signaling is done via directed LDP session between PEs. Information like VC type, VC ID, interface parameter, etc are negotiated

via VC signaling

For EoMPLS, it uses two VC types, VC type 4 (Ethernet VLAN) and VC type 5 (Ethernet). 7600 use VC type 5 by default, but can negotiate to VC

type 4 per peers request


Data plane (Martini encapsulation)

Length Sequence number Rsvd Flags

EXP TTL 1 VC Label

EXP TTL 0 Tunnel Label

L2 PDU

0 0

0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

VC label

Tunnel label

Control Word(Optional)

L2 Frame

L2 Frame

Original customer Ethernet L2 PDUs are transported except the preamble, SFD and FCS. Customer VLAN id may or may not be transported depends on the VC type and if its used as service delimiter. If its VC type 4, service delimiter VLAN id is tunnelled. If its VC type 5, service delimiter VLAN id is not tunnelled


A EoMPLS Configuration Example

gig4/48

gig6/48

CE IP/MPLS cloud

PE-1

interface GigabitEthernet4/1

ip address 10.10.1.5 255.255.255.252

tag-switching ip

interface Loopback0

ip address 10.1.1.1 255.255.255.255

interface GigabitEthernet4/48.1

encapsulation dot1Q 100

xconnect 10.1.1.3 100 encapsulation mpls

PE-1 PE-2

PE-2

interface TenGigabitEthernet1/0/0

ip address 10.10.3.13 255.255.255.252

tag-switching ip

interface Loopback0

ip address 10.1.1.2 255.255.255.255

interface gig 6/48.1

encapsulation dot1q 101

xconnect 10.1.1.1 100 encapsulation mpls

gig4/1 ten1/0/0

VPN ID is globally significant. It must match on

both PEs to identify the EoMPLS VC Attachment Circuit VLAN ID is local PE

significant


PE1#sh mpls l2transport vc

Local intf Local circuit Dest address VC ID Status

------------- -------------------- --------------- ---------- ----------

Gi4/48.1 Eth VLAN 100 10.1.1.2 100 UP

Indicates Emulated VC 100 with Remote Peer 10.1.1.2 is UP

VC type 5 (Ethernet)

CW (0)

MTU (1500)

PE1#sh mpl l2 bind 100

Destination Address: 10.1.1.2, VC ID: 100

Local Label: 25

Cbit: 0, VC Type: Ethernet, GroupID: 0

MTU: 1500, Interface Desc: n/a

VCCV Capabilities: Type 2

Remote Label: 19

Cbit: 0, VC Type: Ethernet, GroupID: 0

MTU: 1500, Interface Desc: n/a

VCCV Capabilities: Type 2

Control Plane Verification

Verify the underlying MPLS/IP connectivity before EoMPLS troubleshooting !!!


Control Plane Verification

PE1#sh mpl l2 vc 100 detail

Local interface: Gi4/48.1 up, line protocol up, Eth VLAN 100 up

Destination address: 10.1.1.2, VC ID: 100, VC status: up

Tunnel label: 17, next hop 10.10.1.6

Output interface: Gi4/1, imposed label stack {17 19}

Create time: 00:15:02, last status change time: 00:04:37

Signaling protocol: LDP, peer 10.1.1.3:0 up

MPLS VC labels: local 25, remote 19

Group ID: local 0, remote 0

MTU: local 1500, remote 1500

Remote interface description:

Sequencing: receive disabled, send disabled

VC statistics:

packet totals: receive 10208285, send 11130498

byte totals: receive 837079404, send 712351872

packet drops: receive 0, send 0

10.1.1.2 (PE2 loopback)

VC ID 100

VC label :19

Tunnel label:17

Statistics Counters


7600 EoMPLS Configuration Options

Interface gig 1/1

xconnect 1.1.1.1 10 encap mpls

Interface gig 1/1.1

encap dot1q 100


Interface gig 1/1/1

service instance 10 ethernet

encap dot1q 100


Interface gig 1/1

switchport

switchport trunk encap dot1q

switchport trunk allow vlan 100

Interface vlan 100


PFC based EoMPLS

Scalable EoMPLS

SVI based EoMPLS


7600 EoMPLS Options classify based on who does the EoMPLS label imposition/diposition

Ingress (SIP400 & ES20 ONLY)

PFC/DFC Egress

EoMPLS Option Scalable EoMPLS PFC based (or HW) EoMPLS

WAN based (or SVI based or SW) EoMPLS

EoMPLS Label imposition/deposition

Ingress SIP card (SIP400 and ES20)

PFC/DFC Egress SIP card

Maximum EoMPLS PWs

16K with EVC config

12K with sub-interface config

PW doesnt consume system VLAN resource

4K, each PW need one system VLAN resource

4K, each PW need one system VLAN resource

Local Switching No No Yes

xconnect config Sub-interface or EVC Sub-interface or main interface

SVI


L2VPN Fundamentals

EoMPLS

VPLS

Concept

A simple VPLS example

VPLS logical topology


VPLS Overview (vs. SVI based EoMPLS)

MPLS Attachment Circuit

Mac Learning and forwarding

SVI

7600 SIP

pseudo port

Attachment

Circuit

Attachment

Circuit

MPLS uplink port must be SIP based

pseudo port

SVI

VPLS is very similar to SVI based EoMPLS

L2 bridging among attachment circuit ports and PW pseudo ports based on MAC address

xconnect is configured under SVI

Need SIP based card as MPLS uplink port

Same EoMPLS data plane, like L2PDU handling etc

Whats different?

P-to-P (EoMPLS) vs. Multipoint (VPLS)

SVI


VPLS Components

Attachment Circuit (AC) Connection to CE, it could be a physical Ethernet port, a logical Ethernet port, and ATM PVC carrying Ethernet frames, etc.

Virtual Circuit (Pseudo Wire) - Full Mesh of P-to-P PWs among participating PEs

Virtual Forwarding Instance (VFI) A virtual L2 bridge instance that connects ACs to VCs (PWs)

VFI to VLAN is 1-to-1 mapping. One VPLS instance create one L2 broadcast domain which include all the ACs and PWs. Packet is forwarded in this L2 broadcast domain just as regular L2 switch based on MAC address - MAC learning, forwarding, aging, etc is involved

MPLS

SVI

SVI SVI

AC

PW


VPLS (multipoint) Requirement

Compared with SVI based EoMPLS (P-to-P L2VPN Circuit), as multipoint

L2VPN circuit, VPLS need to meet following additional requirement

VPLS Multipoint bridging need same L2 forwarding mechanism as normal L2 switch, including

Redundancy mechanism and loop prevention MAC address learning, aging, limiting MAC address flushing/withdrawal upon topology change MAC address based forwarding

Since multiple PEs can participate into same L2VPN, it may need auto VPN membership discovery to simplify configuration. Manual

membership configuration should be also supported


VPLS Auto-discovery & Signaling

Auto-discovery of VPN membership

Reduces VPN configuration and errors associated with configuration.

Draft-ietf-l2vpn-vpls-ldp-01 does not mandate an auto-discovery protocol. It can be BGP, Radius, DNS, AD based.

7600 use manual configuration. And support BGP based auto discovery from Barracuda release

Signaling of connections between PE devices associated with a VPN.

Same as EoMPLS, using directed LDP session to exchange VC information

Note, 7600 supports BGP based VPLS auto discovery. But this is only for VPN membership discovery, it still use directed LDP for EoMPLS signaling.

VPN Discovery

Signaling

Centralized DNS Radius Directory Services

Distributed BGP

Label Distribution Protocol


VPLS Layer 2 Packet Forwarding

Flooding/Forwarding

Forwarding based on [VLAN, Destination MAC Address]

Unknwon Ucast/Mcast/Broadcast Flood to all ports (IGMP/PIM snooping can be used to constrict multicast flooding. This is supported from Barracuda release)

MAC Learning/Aging/Limit

Dynamic learning based on Source MAC and VLAN

Refresh aging timers with incoming packet

MAC address table limit per VFI (VLAN)

Note, MAC withdrawal/flushing is included in Advanced L2VPN part

MPLS

SVI

SVI SVI

AC

PW


VPLS Redundancy and Loop prevention

Customer STP is transparent to the SP / customer BPDUs are dropped or forwarded transparently. VPLS only tunnel BPDU, not participate STP

VPLS use full mesh PW + split horizon to achieve redundancy and for loop prevention

Full mesh PWs among all the participating PEs

Split horizon - Traffic received from the network (PW) will not be forwarded back to the network (PW). Only forwarded to ACs. Exception for H-VPLS with split-horizon turn off

MPLS

SVI

SVI SVI

AC

PW


A VPLS Configuration Example

l2 vfi full-vpls manual

vpn id 1000

neighbor 10.0.2.1 encapsulation mpls


!

Interface loopback 0

ip address 10.0.2.2 255.255.255.255

Interface vlan 2000 VLAN ID doesnt need to match VPN ID. Its local PE significant no ip address xconnect vfi full-vpls Interface gig 6/2 switchport switchport trunk encap dot1q switchport trunk allow vlan 2000


vpn id 1000




ip address 10.0.2.1 255.255.255.255

Interface vlan 1000 xconnect vfi full-vpls Interface gig 1/2 switchport switchport trunk encap dot1q switchport trunk allow vlan 1000


vpn id 1000




ip address 10.0.2.10 255.255.255.255

Interface vlan 1000 xconnect vfi full-vpls Interface gig 1/2 switchport switchport trunk encap dot1q switchport trunk allow vlan 1000

N-PE1

MPLS

N-PE2

N-PE10

10.0.2.2 / 32

10.0.2.10 / 32

10.0.2.1 / 32

Gig 6/2

Gig 1/2

Gig 1/2

CE1 1.1.1.1 2222.2222.2221

CE2 1.1.1.2 2222.2222.2222

CE3 1.1.1.3 2222.2222.2221

SVI

SVI

SVI


Show commands (1) 7604-npe1#sh vfi full-vpls

Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: full-vpls, state: up, type: multipoint

VPN ID: 1000

Local attachment circuits: local attachment vlan

Vlan1000

Neighbors connected via pseudowires:

Peer Address VC ID S

10.0.2.2 1000 Y split-horizon is enabled by default

10.0.2.10 1000 Y

7604-npe1#sh mac-add vlan 1000

Legend: * - primary entry

age - seconds since last seen

n/a - not available

vlan mac address type learn age ports

------+----------------+--------+-----+----------+--------------------------

* 1000 2222.2222.2221 dynamic Yes 0 Gi1/2 learn from local attachment circuit port

* 1000 2222.2222.2222 dynamic Yes 0 10.0.2.2, 1000 learn from PW, NPE2

* 1000 2222.2222.2223 dynamic Yes 0 10.0.2.10, 1000 learn from PW, NPE10


Show commands (2)

VC specific show commands are the same as EoMPLS, for example, the following show commands are per VC basis. They are the same as EoMPLS

Show mpls l2 vc

Show mpls l2 binding

Show mpls l2 vc detail

7604-npe1#show mpls l2 vc


------------- -------------------------- --------------- ---------- ----------

VFI full-vpls VFI 10.0.2.2 1000 UP

VFI full-vpls VFI 10.0.2.10 1000 UP


H-VPLS with MPLS Access

IP / MPLS Core

N-PE U-PEN-PEU-PE

CECE

Service Provider Network

.1Q MPLS

.1Q MPLS

Full Mesh Pseudowires LDP

IP / MPLS IP / MPLS


H-VPLS with MPLS Access Example

N-PE1

MPLS

N-PE2

N-PE10

10.0.2.2 / 32

10.0.2.10 / 32

10.0.2.1 / 32

Gig 6/2

Gig 1/2

Gig 1/2

CE1 1.1.1.1 2222.2222.2221

CE2 1.1.1.2 2222.2222.2222

CE10 1.1.1.10 2222.2222.222a

MPLS

SVI

SVI

SVI

CE4 1.1.1.4 2222.2222.2224

CE3 1.1.1.3 2222.2222.2223

Frames from Split-Horizon(SH) PW cannot send to other SH PWs, but can be send to No-Split-Horizon(NSH) PWs. Frames from NSH PWs can send to both SH and NSH PWs

On the Hub PE, for frame switched from PW to PW, two stage EoMPLS label imposition/deposition operations are involved.

For Hub PE, both core and access facing port must be SIP based to

support VPLS. For access PE neighbors, split-horizon is disabled

For spoke PE, its regular EoMPLS, no VPLS

configuration needed


H-VPLS with MPLS Access Configuration

Hub PE Configuration

l2 vfi h-vpls manual

vpn id 999

neighbor 10.0.2.4 encapsulation mpls no-split-horizon for spoke PE

neighbor 10.0.2.3 encapsulation mpls no-split-horizon

neighbor 10.0.2.2 encapsulation mpls for core PE


Interface vlan 999

xconnect vfi h-vpls

Spoke PE configuration

interface Loopback0

ip address 10.0.2.3 255.255.255.255

interface GigabitEthernet1/9

xconnect 10.0.2.10 999 encapsulation mpls regular EoMPLS, can be any type of EoMPLS option


H-VPLS with MPLS Access show commands (1)

7604-upe0#sh vfi h-vpls

Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: h-vpls, state: up, type: multipoint

VPN ID: 999

Local attachment circuits:

Vlan999

Neighbors connected via pseudowires:

Peer Address VC ID S

10.0.2.4 999 N split-horizon is disabled for spoke PE

10.0.2.3 999 N

10.0.2.2 999 Y

10.0.2.1 999 Y


H-VPLS with MPLS Access show commands (2)

7604-upe0#sh mac-add vlan 999

Legend: * - primary entry

age - seconds since last seen

n/a - not available

vlan mac address type learn age ports

------+----------------+--------+-----+----------+--------------------------

* 999 2222.2222.2221 dynamic Yes 0 10.0.2.1, 999

* 999 2222.2222.2222 dynamic Yes 160 10.0.2.2, 999

* 999 2222.2222.2223 dynamic Yes 0 10.0.2.3, 999

* 999 2222.2222.2224 dynamic Yes 0 10.0.2.4, 999

* 999 2222.2222.222a dynamic Yes 0 Gi1/2

7604-upe0#sh mpl l2 vc 999


------------- -------------------------- --------------- ---------- ----------

VFI h-vpls VFI 10.0.2.1 999 UP




huy_2. 7600_l2vpn.pdf

Documents