10 - Deploying Mpls l2vpn

Deploying MPLS L2VPN
Apricot 2015 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
1
Abstract
This session covers the fundamental and advanced topics associated with the
deployment of Layer 2 VPNs over an MPLS network.
The material presents a technology overview with an emphasis on ethernet-
based point-to-point and multipoint VPNs. Session content then focuses on
deployment considerations including: Signaling/Auto-discovery, OAM,
Resiliency and Inter-AS.
The attendee can expect to see sample configurations (IOS and IOS-XR)
associated with the provisioning of L2VPNs.
This session is intended for service providers and enterprise customers
deploying L2VPNs over their MPLS network.
2
Agenda
Layer 2 VPN Motivation and Overview

VPWS Reference Model
VPLS Reference Model
Pseudowire (PW) Signaling and PE Auto-Discovery
Advanced Topics
Summary
3
L2VPN Motivation and Overview
Motivation for L2VPNs
Old and New Drivers
Network Consolidation
Multiple access services (FR, ATM, TDM)
required multiple core technologies Access Access
Enterprise Ethernet WAN Connectivity L3 service
Services IP/IPSec IP or MPLS IP/IPSec
Ethernet well understood by Enterprise / SPs
CAPEX (lower cost per bit) / Growth (100GE)
L2 service
Layer 2 VPN replacement to ATM/Frame Relay FR/ATM FR/ATM
Broadband ATM Broadband
Internet / Layer 3 VPN access (CE to PE)
Data Center Interconnection (DCI)

Mobile Backhaul Evolution L1 service
TDM /PDH to Dual/Hybrid to All-packet (IP/ SONET / SDH

TDM TDM
Ethernet)
Single (voice + data) IP/Ethernet mobile
backhaul universally accepted solution
Typical Service Provider (circa 2000)
Service Offerings
L2VPN Transport Services
TDM ATM Frame Relay Ethernet

Virtual Private LAN
Virtual Private Wire Service (VPWS)
Service (VPLS)
Circuit Emulation AAL5 over Pseudowire FR over Pseudowire Ethernet Virtual Ethernet Private
Service over PSN Private Line (EVPL) LAN (EPLAN)
(CESoPSN)
Muxed UNI Muxed UNI Muxed UNI Muxed UNI Unmuxed

UNI
Structure Agnostic TDM Cell Relay with Packing
over Packet (SAToP) over Pseudowire Ethernet Virtual
PPP/HDLC over Ethernet Private
Pseudowire Private LAN (EVPLAN)
Line (EPL)
Muxed UNI Muxed UNI

Muxed
Unmuxed UNI Unmuxed UNI UNI
PPP/HDLC
Layer 2 VPN Enabler
The Pseudowire
L2VPNs are built with Pseudowire Provider Edge

(PW) technology
PWs provide a common Packet
Switched
intermediate format to transport Provider Edge Network
multiple types of network services
over a Packet Switched Network
(PSN)
PW technology provides Like-to- Pseudowire
Like transport and also ATM
FR
Interworking (IW)
TDM
PPP/HDLC
Ethernet
Overview
Pseudowire Reference Model
Any Transport Over MPLS (AToM) is Ciscos implementation of VPWS for IP/MPLS
networks
An Attachment Circuit (AC) is the physical or virtual circuit attaching a CE to a PE
Customer Edge (CE) equipment perceives a PW as an unshared link or circuit
Emulated Layer-2 Service

Pseudowire (PW)
Na:ve Na:ve
Service PSN Service
Tunnel
PW1
AC PW2 AC
CE PE PE CE
AC AC
CE CE
Ref: RFC 3985 Pseudo Wire Emula:on Edge-to-Edge (PWE3) Architecture, March 2005
Layer 2 Transport over MPLS
Control Targeted LDP session / BGP session / Static

Connection Used for VC-label negotiation, withdrawal, error notification
The emulated circuit has three (3) layers of encapsulation

Tunnel header (Tunnel Label)
Tunnelling To get PDU from ingress to egress PE
Component MPLS LSP derived through static configuration (MPLS-TP) or dynamic (LDP or
RSVP-TE)
Demultiplexing Demultiplexer field (VC Label)

Component To identify individual circuits within a tunnel
Could be an MPLS label, L2TPv3 header, GRE key, etc.
Emulated VC encapsulation (Control Word)

Layer 2
Information on enclosed Layer 2 PDU
Encapsulation
Implemented as a 32-bit control word
VPWS Traffic Encapsulation
0 2 2 3
0 0 3 1
Tunnel Label Tunnel Label (IGP-LDP or RSVP-TE) EXP 0 TTL
VC Label VC Label (VC) EXP 1 TTL (Set to 2)
Control Word 0 0 0 0 Flags FRG Length Sequence Number Control Word

Encap. Required
Layer 2 PDU ATM N:1
No
Cell Relay
Three-level encapsulation ATM AAL5 Yes

Ethernet No
Packets switched between PEs using Tunnel label Frame
Yes
Relay
VC label identifies PW HDLC No
VC label signaled between PEs PPP No
SAToP Yes
Optional Control Word (CW) carries Layer 2 control bits CESoPSN Yes
and enables sequencing
VPWS Forwarding Plane Processing
PE1 PE2
CE-1 CE-2
P1 P2
MPLS
Pseudowire
Traffic direction
Tunnel label
swapping through Penultimate Hop
Popping (PHP) VC label
VC and Tunnel MPLS cloud disposition
label imposition
Push Swap Pop Pop
Push
Tunnel Label Label = 34 Label = 45

VC Label Label = 28 Label = 28 Label = 28
Payload Payload Payload Payload Payload
Ethernet over MPLS (EoMPLS)
How Are Ethernet Frames Transported?
Ethernet frames transported without Preamble, Start Frame Delimiter

(SFD) and FCS
Two (2) modes of operation supported:
Ethernet VLAN mode (VC type 0x0004) created for VLAN over MPLS application
Ethernet Port / Raw mode (VC type 0x0005) created for Ethernet port tunneling application
Original Ethernet Frame

802.1q Length/
Preamble DA SA Ethernet Payload FCS
tag Type
6B 6B 4B (optional) 2B
MPLS
E-Type
MPLS-encapsulated Ethernet Frame
LSP VC Ethernet
DA SA 0x8847 Control Word Header
Ethernet Payload FCS
Label Label
4B 4B 4B (optional)
MPLS Stack AToM Header

Ethernet PW VC Type Negotiation
Cisco IOS
Cisco devices by default will 7604-2(config-pw-class)#interworking ?

generally attempt to bring up an ethernet Ethernet interworking
ip IP interworking
Ethernet PW using VC type 5 vlan VLAN interworking
7604-2#show running-config
If rejected by remote PE, then VC pseudowire-class test-pw-class-VC4
encapsulation mpls
type 4 will be used interworking vlan
!
Alternatively, Cisco device can be pseudowire-class test-pw-class-VC5
encapsulation mpls
manually configured to use either interworking ethernet
VC type 4 or 5
Ethernet PW VC Type Negotiation
Cisco IOS-XR
Cisco devices by default will RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-

generally attempt to bring up an mpls)#transport-mode ?
ethernet Ethernet port mode
Ethernet PW using VC type 5 vlan Vlan tagged mode
RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-
mpls)#transport-mode vlan ?
If rejected by remote PE, then VC passthrough passthrough incoming tags
type 4 will be used RP/0/RSP0/CPU0:ASR9000-2#show running-config l2vpn

l2vpn
Alternatively, Cisco device can be pw-class test-pw-class-VC4
encapsulation mpls
manually configured to use either transport-mode vlan
VC type 4 or 5 pw-class test-pw-class-VC4-passthrough

encapsulation mpls
transport-mode vlan passthrough
pw-class test-pw-class-VC5
encapsulation mpls
transport-mode ethernet
Introducing Cisco EVC Framework
Functional Highlights
Ethernet Service Layer
Ethernet Flow Point (EFP)
Ethernet Virtual Circuit (EVC)
Flexible service delimiters Bridge Domain (BD)
Single-tagged, Double-tagged Local VLAN significance
Service
Abstraction
VLAN Lists, VLAN Ranges
Header fields (COS, Ethertype) VLAN Header operations -
Flexible EVC Advanced
VLAN Rewrites
Service Framework Frame
Mapping POP
Manipulation
PUSH
SWAP
ANY service ANY port Multiplexed
Forwarding services
Layer 2 Point-to-Point
Layer 2 Multipoint
Layer 3
Encapsulation Adjustment Considerations
EoMPLS PW VC Type and EVC VLAN Rewrites Dummy
VLAN tag
MPLS Imposition
VLAN tags can be added, removed
or translated prior to VC label PUSH 1
VLAN tag
imposition or after disposition 4
EVC VLAN
Any VLAN tag(s), if retained, will Rewrite VC 5 MPLS Label
(Ingress) Type Imposition
appear as payload to the VC
AC PW
VC label imposition and service
delimiting tag are independent from MPLS Disposition
EVC VLAN tag operations POP 1
VLAN tag
Dummy VLAN tag RFC 4448 (sec
4.4.1) 4 EVC VLAN
MPLS Label VC 5 Rewrite
VC service-delimiting VLAN-ID is Disposition Type (Egress)
removed before passing packet to PW AC
Attachment Circuit processing
18
VC 5 and EVC Rewrites PE1 PE2
CE-1 104.104.104.104 102.102.102102 CE-2
MPLS
Pseudowire
VC Type 5
Single-tagged frame 10 10
Double-tagged frame 10 tag tag 10 tag
IOS-XR
No service-delimiting vlan
POP VLAN 10
expected (VC 5)
l2vpn No Push of Dummy tag (VC 5) IOS
pw-class class-VC5
PUSH VLAN 10
encapsulation mpls pseudowire-class class-VC5
transport-mode ethernet encapsulation mpls
interworking ethernet
xconnect group Cisco-Live
p2p xc-sample-1 interface GigabitEthernet2/2
interface GigabitEthernet0/0/0/2.100 service instance 3 ethernet
neighbor 102.102.102.102 pw-id 111 encapsulation dot1q 10
pw-class class-VC5 rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 111 encap mpls pw-class class-VC5
interface GigabitEthernet0/0/0/2.100 l2transport
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric MPLS label
VC 4 and EVC Rewrites PE1 PE2
CE-1 104.104.104.104 102.102.102102 CE-2
MPLS
Pseudowire
VC Type 4
Single-tagged frame 10 Dummy 10

Double-tagged frame 10 tag Dummy tag 10 tag
IOS-XR
POP service-delimiting
POP VLAN 10
vlan (VC 4)
l2vpn Push Dummy tag (VC 4) IOS
pw-class class-VC4
PUSH VLAN 10
encapsulation mpls pseudowire-class class-VC4
transport-mode vlan encapsulation mpls
interworking vlan
xconnect group Cisco-Live
p2p xc-sample-1 interface GigabitEthernet2/2
interface GigabitEthernet0/0/0/2.100 service instance 3 ethernet
neighbor 102.102.102.102 pw-id 111 encapsulation dot1q 10
pw-class class-VC4 rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 111 encap mpls pw-class class-VC4
rewrite ingress tag pop 1 symmetric MPLS label
MTU Considerations
PW payload
No payload fragmentation supported MTU signaled
between PEs
Incoming PDU dropped
if MTU exceeds AC MTU PE1 PE2
PEs exchange PW payload MTU as AC MTU MPLS

part of PW signaling procedures Pseudowire
Both ends must agree to use same

value for PW to come UP
PW MTU derived from AC MTU Intra
PE MTU
backbone
No mechanism to check Backbone CE-1
MTU
CE-2
MTU
MTU in the backbone must be large
enough to carry PW payload and
Apricot 2015
MPLS stack
2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
21
Ethernet MTU Considerations
Cisco IOS
Interface MTU configured as largest interface GigabitEthernet0/0/4

description Main interface
ethernet payload size mtu 1600
ASR1004-1#show int gigabitEthernet 0/0/4.1000 | include MTU

1500B default MTU 1600 bytes, BW 100000 Kbit/sec, DLY 100 usec,
Sub-interfaces / Service Instances

(EFPs) MTU always inherited from main Sub-interface MTU
interface inherited from Main
interface
PW MTU used during PW signaling
By default, inherited from attachment circuit
MTU interface GigabitEthernet0/0/4.1000
encapsulation dot1Q 1000
Submode configuration CLI allows MTU valuesxconnect 106.106.106.106 111 encapsulation mpls
mtu 1500
to be set per subinterface/EFP in xconnect
configuration mode (only for signaling
purposes)
PW MTU used during
No MTU adjustments made for EFP rewrite signaling can be
(POP/PUSH) operations overwritten
Ethernet MTU Considerations
Cisco IOS XR
Interface / sub-interface MTU interface GigabitEthernet0/0/0/2

description Main interface
configured as largest frame size FCS mtu 9000
(4B) interface GigabitEthernet0/0/0/2.100 l2transport

rewrite ingress tag pop 1 symmetric
1514B default for main interfaces mtu 1518
1518B default for single-tagged
subinterfaces
By default, sub-interface Sub-interface MTU can
1522B default for double-tagged MTU inherited from Main be overwritten to match
subinterfaces interface remote AC
PW MTU used during PW signaling

AC MTU 14B + Rewrite offset RP/0/RSP0/CPU0:PE1#show l2vpn xconnect neighbor 102.102.102.102 pw-
id 11
E.g. POP 1 ( - 4B), PUSH 1 (+ 4B) Group Cisco-Live, XC xc-sample-1, state is down; Interworking none
AC: GigabitEthernet0/0/0/2.100, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [100, 100]
MTU 1500; XC ID 0x840014; interworking none
XC MTU = 1518 14 4 Statistics:
= 1500B (snip)
Virtual Private LAN Service (VPLS)
Overview
Virtual Private LAN Service
Overview
Defines Architecture to provide

Ethernet Multipoint connectivity CE-A1 CE-A3
MPLS
sites, as if they were connected
using a LAN CE-B1 CE-B3
VPLS operation emulates an IEEE

Ethernet switch
Two (2) signaling methods
CE-A2
RFC 4762 (LDP-Based VPLS)
CE-B2
RFC 4761 (BGP-Based VPLS)
Reference Model
VFI (Virtual Forwarding Instance)

Also called VSI (Virtual Switching Instance) CE-A3
CE-A1
PE1 MPLS PE3
Emulates L2 broadcast domain among ACs and VCs
Unique per service. Multiple VFIs can exist same PE VFI VFI CE-B3
CE-B1
AC (Attachment Circuit) VFI VFI
Connect to CE device, it could be Ethernet physical

or logical port PE2
One or multiple ACs can belong to same VFI Full-mesh of PWs
VFI
between VFIs
VC (Virtual Circuit) CE-A2
VFI
EoMPLS data encapsulation, tunnel label used to
reach remote PE, VC label used to identify VFI CE-B2
One or multiple VCs can belong to same VFI

PEs must have a full-mesh of PWs in the VPLS core
Operation
Applies
Flooding / Forwarding Split-
Horizon
Customer
Forwarding based on destination MAC Equipment N-PE 1 N-PE 3
addresses CE
CE
Flooding (Broadcast, Multicast, Unknown
PW
Unicast) CE
U-PE B
N-PE 2 Applies N-PE 4Applies
Split-
MAC Learning/Aging/Withdrawal Ethernet UNI Horizon
Split-
Horizon Ethernet UNI
Dynamic learning based on Source MAC

and VLAN
Customer
Refresh aging timers with incoming packet Equipment N-PE 1 N-PE 3
CE
MAC withdrawal upon topology changes
CE
Split-Horizon and Full-Mesh of PWs for CE

PW
U-PE B
loop-avoidance in core N-PE 2 N-PE 4
Ethernet UNI Ethernet UNI
SP does not run STP in the core
Why H-VPLS? Improved Scaling
Flat VPLS
Potential signaling overhead
Packet replication at the edge
Full PW mesh end-end
Hierarchical-VPLS
Minimizes signaling overhead
Packet replication at the core only
Full PW mesh in the core
28
VPLS Operation
Loop Prevention
Core PW Split Horizon ON AC PE

Spoke PW Split Horizon OFF
(default) Core PWs
Split-Horizon Rules
VFI X
Forwarding between Spoke PWs
Forwarding between Spoke and
Core PWs
Forwarding between ACs and Core /
Spoke PWs
Spoke PWs
Forwarding between ACs
Blocking between Core PWs
VPLS Operation
MAC Address Withdrawal
Remove (flush) dynamic MAC

addresses upon Topology Changes
PE1 PE3
Faster convergence avoids blackholing MPLS
CE-B
CE-A
Uses LDP Address Withdraw Message
VFI VFI
(RFC 4762)
H-VPLS dual-home example Primary PW
X PE2
U-PE detects failure of Primary PW uPE1
MPLS
U-PE activates Backup PW
VFI
U-PE sends LDP MAC address withdrawal
request to new N-PE CE-C LDP MAC Backup PW
N-PE forwards the message to all PWs in Withdraw
the VPLS core and flush its MAC address Message
table
30
Pseudowire (PW) Signaling and PE Auto-
Discovery
VPWS / VPLS
An abstraction
Provisioning Model Provisioning

What information needs to be configured Model
and in what entities
Semantic structure of the endpoint
identifiers (e.g. VC ID, VPN ID)
Discovery Discovery
Provisioning information is distributed by a
"discovery process
Distribution of endpoint identifiers
Signaling
Signaling
When the discovery process is complete, a
signaling protocol is automatically invoked
to set up pseudowires (PWs)
32
VPWS
Discovery and Signaling Alternatives
VPWS Signaling VPN Discovery

LDP-based (RFC 4447)
Manual Border Gateway
BGP-based (informational draft) No Auto-Discovery Protocol (BGP)
draft-kompella-l2vpn-l2vpn
Most widely
VPWS with LDP-signaling and No deployed
auto-discovery Signaling
Most widely deployed solution
Label
Auto-discovery for point-to-point Static Distribution
No Signaling
BGP
services not as relevant as for Protocol (LDP)
multipoint
33
VPLS
Discovery and Signaling Alternatives
VPLS Signaling VPN Discovery

LDP-based (RFC 4762)
Manual Border Gateway
BGP-based (RFC 4761) No Auto-Discovery Protocol (BGP)
VPLS with LDP-signaling and No
Most widely
auto-discovery deployed RFC
RFC 4761
Most widely deployed solution Signaling 6074
Operational complexity for larger

deployments Label
Static Distribution
No Signaling
BGP
BGP-based Auto-Discovery (BGP- Protocol (LDP)
AD) (RFC 6074)
Enables discovery of PE devices in a
VPLS instance
34
Discovery
LDP-based Signaling and Manual Provisioning
PW Control Plane Operation
LDP Signaling PEs advertize local VC label using
LDP label-mapping message:
4 Label TLV + PW FEC TLV
2
New targeted LDP session between
PE routers established, in case one
does not already exist PE-1 PE-2
CE-1 MPLS CE-2
1 Interface A Interface B
PW manually Local_int = A Local_int = B

Remote PE = PE2_ip Remote PE = PE1_ip PW manually
provisioned Remote
provisioned Remote
PE info included VC-id <123> PEs assigns VC-id <123>
PE info included
1
local VC label to
PW
5 PEs bind remote

label for PW with Local Label X 3 Local Label Y 3
matching VC-id
Remote Label Y 5 Remote Label X
VPWS (EoMPLS) LDP Signaling
Cisco IOS (VLAN-based services)
hostname PE1
!
interface Loopback0 Sub-interface
ip address 106.106.106.106 255.255.255.255 based xconnect GigabitEthernet2/5
interface GigabitEthernet2/4.300
CE1
encapsulation dot1q 300 OR PE1
106.106.106.106
xconnect 102.102.102.102 111 encapsulation mpls
PE2
interface GigabitEthernet2/4
Service-Instance MPLS Core102.102.102.102
service instance 10 ethernet CE2
encapsulation dot1q 300 (EFP) based xconnect
rewrite ingress tag pop 1 symmetric 111
PW VC id
OR GigabitEthernet2/4
interface Vlan 300
! Interface VLAN (SVI)
interface GigabitEthernet2/4 based xconnect +
switchport mode trunk
switchport trunk allowed vlan 300
Switchport trunk / access
interface Vlan 300 OR

!
interface GigabitEthernet2/4 Interface VLAN (SVI)
service instance 10 ethernet based xconnect +
encapsulation dot1q 300 Service instance BD
bridge-domain
Apricot 2015 300 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
37
Cisco IOS (Port-based services)
hostname PE1
! Main interface
interface Loopback0
based xconnect
ip address 106.106.106.106 255.255.255.255
GigabitEthernet2/5
interface GigabitEthernet2/5 CE1

xconnect 102.102.102.102 222 encapsulation mpls OR PE1
106.106.106.106
PE2
Service-Instance MPLS Core102.102.102.102
service instance 1 ethernet
(EFP) based xconnect CE2
encapsulation default (encap default)

222
xconnect 102.102.102.102 111 encapsulation mpls PW VC id
interface Vlan 300

OR GigabitEthernet2/4

! Interface VLAN (SVI)
switchport mode dot1q-tunnel based xconnect +
switchport access vlan 300 Switchport dot1q-tunnel
interface Vlan 300 OR

!
interface GigabitEthernet2/5 Interface VLAN (SVI)
service instance 1 ethernet based xconnect +
encapsulation default Service instance BD
bridge-domain 300
38
Cisco IOS XR
hostname PE1
!
interface Loopback0
ipv4 address 106.106.106.106 255.255.255.255 GigabitEthernet0/0/0/6
l2vpn CE1
PE1
xconnect group Cisco-Live 106.106.106.106
PW VC id PE2
p2p xc-sample-1
interface GigabitEthernet0/0/0/2.100 111 MPLS Core102.102.102.102
neighbor 102.102.102.102 pw-id 111 CE2
p2p xc-sample-2 222

interface GigabitEthernet0/0/0/2.200 333
neighbor 102.102.102.102 pw-id 222 GigabitEthernet0/0/0/2
p2p xc-sample-3
interface GigabitEthernet0/0/0/6
Single-tagged neighbor 102.102.102.102 pw-id 333
VLAN traffic to PW Single-tagged range Entire port
VLAN traffic to PW OR traffic to PW
interface GigabitEthernet0/0/0/6
l2transport
encapsulation dot1q 999-1010
rewrite ingress tag push dot1q 888 symmetric
39
VPLS LDP Signaling / Manual provisioning
Cisco IOS
hostname PE1
! PE2
interface Loopback0 VPN ID defined per VFI or 192.0.0.2
ip address 192.0.0.1 255.255.255.255 on a per-neighbor basis
!
PE1
l2 vfi sample-vfi manual PW VC id
192.0.0.1
vpn id 1111
1111
neighbor 192.0.0.2 1111 encapsulation mpls Core PWs CE1
neighbor 192.0.0.3 2222 encapsulation mpls PE3
neighbor 192.0.0.4 3333 encapsulation mpls
Full-mesh VFI
MPLS Core 192.0.0.3
!
interface Vlan300 2222
xconnect vfi sample-vfi PE4
3333 192.0.0.4
GigabitEthernet2/4
VFI associated to Bridge-Domain or

VLAN interface (SVI) VLAN/switchport
via xconnect cmd configurations
interface GigabitEthernet2/4 interface GigabitEthernet2/4

service instance 333 ethernet switchport mode trunk
encapsulation dot1q 333 OR
40
VPLS LDP Signaling / Manual provisioning
Cisco IOS XR
hostname PE1 PE2

192.0.0.2
!
interface Loopback0
ipv4 address 192.0.0.1 255.255.255.255 PE1
PW VC id
! 192.0.0.1
interface GigabitEthernet0/0/0/14.101 l2transport 1111
encapsulation dot1q 101 CE1
PE3
rewrite ingress tag pop 1 symmetric MPLS Core 192.0.0.3
VFI
2222
PE4
3333 192.0.0.4
l2vpn GigabitEthernet0/0/0/14.101
bridge group Cisco-Live
bridge-domain bd101
interface GigabitEthernet0/0/0/14.101 Protocol-based CLI:
vfi vfi101
EFPs, PWs and VFI
vpn-id 1111
neighbor 192.0.0.2 pw-id 1111 as members of
neighbor 192.0.0.3 pw-id 2222 Bridge Domain
neighbor 192.0.0.4 pw-id 3333
VPN ID defined per VFI or
on a per-neighbor basis
41
H-VPLS LDP Signaling / Manual provisioning
Cisco IOS
hostname PE1 u-PE1
! 192.0.0.5 PE2
interface Loopback0 CE2 192.0.0.2
ip address 192.0.0.1 255.255.255.255
! 5555
PE1
l2 vfi sample-vfi manual PW VC id
192.0.0.1
vpn id 1111 CE1
neighbor 192.0.0.2 encapsulation mpls 1111
neighbor 192.0.0.3 2222 encapsulation mpls 2/4 PE3
MPLS Core 192.0.0.3
neighbor 192.0.0.4 3333 encapsulation mpls u-PE2 VFI
neighbor 192.0.0.5 5555 encapsulation mpls no-split-horizon 192.0.0.6
neighbor 192.0.0.6 5555 encapsulation mpls no-split-horizon CE3 2222
! 5555 PE4
interface Vlan300 3333 192.0.0.4
xconnect vfi sample-vfi
Bridge-Domain or Spoke
VLAN/switchport PWs
configurations
switchport mode trunk
rewrite ingress tag pop 1 symmetric OR
42
H-VPLS LDP Signaling / Manual provisioning
Cisco IOS XR
u-PE1
hostname PE1 192.0.0.5 PE2
CE2 192.0.0.2
!
interface Loopback0
5555
ipv4 address 192.0.0.1 255.255.255.255 PE1
PW VC id
! 192.0.0.1
interface GigabitEthernet0/0/0/14.101 l2transport CE1
1111
encapsulation dot1q 101 0/0/0/14 PE3
rewrite ingress tag pop 1 symmetric MPLS Core 192.0.0.3
u-PE2 VFI
192.0.0.6
CE3 2222
5555 PE4
3333 192.0.0.4
l2vpn
bridge-domain bd101
interface GigabitEthernet0/0/0/14.101
neighbor 192.0.0.5 pw-id 5555 Spoke
!
PWs
vfi vfi101
vpn-id 1111
neighbor 192.0.0.3 pw-id 2222 Core PWs
Full-mesh
43
Discovery
BGP-based AutoDiscovery (BGP-AD) and LDP
Signaling
BGP Auto-Discovery (BGP-AD)
Eliminates need to manually provision
BGP Update
VPLS neighbors BGP session message with
VPLS NLRI
Automatically detects when new PEs are PE1 BGP RR PE3
added / removed from the VPLS domain CE-A1 CE-A3
Uses BGP Update messages to advertize VFI VFI
PE/VFI mapping (VPLS NLRI) MPLS
Typically used in conjunction with BGP PE2

I am a new PE with ACs
Route Reflectors to minimize iBGP full- Pseudowire on BLACK VFI
mesh peering requirements VFI
Two (2) RFCs define use of BGP for

CE-A2
VPLS AD1 Covered in
this section
RFC 6074 when LDP used for PW signaling
RFC 4761 when BGP used for PW
signaling
(1) VPLSApricot
BGP2015NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
45
What is Discovered? NLRI + Extended
Communities
BGP Update Messages
BGP ASN = 100 BGP ASN = 100
BGP Rtr ID = 1.1.1.10 PE-1 PE-2 BGP Rtr ID = 2.2.2.20
BGP neighbor
CE-1
= 2.2.2.20 MPLS BGP neighbor
CE-2= 1.1.1.10
L2VPN Rtr ID = 10.10.10.10 L2VPN Rtr ID = 20.20.20.20

VPN ID = 111 VPN ID = 111
RT = auto (100:111) RT = auto (100:111)
RD = auto (100:111) RD = auto (100:111)
VPLS-ID = auto (100:111) VPLS-ID = auto (100:111)
Source Address = 1.1.1.10 Source Address = 2.2.2.20

Destination Address = 2.2.2.20 Destination Address = 1.1.1.10
Length = 14 Length = 14
NLRI Route Distinguisher = 100:111 Route Distinguisher = 100:111

L2VPN Router ID = 10.10.10.10 L2VPN Router ID = 20.20.20.20
VPLS-ID = 100:111 VPLS-ID = 100:111

Extended
Communities Route Target = 100:111 Route Target = 100:111
46
BGP Auto-Discovery attributes
VPLS LDP Signaling and BGP-AD VPLS VFI attributes

Signaling attributes
Cisco IOS
PE2
104.104.104.104
hostname PE1
!
interface Loopback0 PE1
PW VC id
102.102.102.102
ip address 102.102.102.102 255.255.255.255
! CE1 100:300
router bgp 100 PE3
MPLS Core 192.0.0.3
bgp router-id 102.102.102.102 VFI
neighbor 104.104.104.104 remote-as 100
neighbor 104.104.104.104 update-source Loopback0 100:300
! PE4
address-family l2vpn vpls BGP L2VPN AF 100:300 192.0.0.4
GigabitEthernet2/4
neighbor 104.104.104.104 activate
neighbor 104.104.104.104 send-community extended
exit-address-family
l2 vfi sample-vfi autodiscovery

vpn id 300 BGP AS 100
vpls-id 100:300 Bridge Domain-
! OR VLAN/switchport- BGP Auto-Discovery
interface Vlan300 based Configuration based Configuration
xconnect vfi sample-vfi
interface GigabitEthernet2/4 interface GigabitEthernet2/4

service instance 333 ethernet switchport mode trunk
encapsulation dot1q 333 switchport trunk allowed vlan 300
bridge-domain 300
47

Cisco IOS (NEW Protocol-based CLI)
PE2
104.104.104.104
hostname PE1
!
PW VC id
102.102.102.102
ip address 102.102.102.102 255.255.255.255
! CE1 100:300
router bgp 100 PE3
MPLS Core 192.0.0.3
neighbor 104.104.104.104 update-source Loopback0 100:300
! PE4
address-family l2vpn vpls 100:300 192.0.0.4
GigabitEthernet2/4
exit-address-family
l2vpn vfi context sample-vfi

vpn id 300 BGP AS 100
autodiscovery bgp signaling ldp
vpls-id 100:300 Bridge Domain- BGP Auto-Discovery
! based Configuration
bridge-domain 300
member vfi sample-vfi
member GigabitEthernet2/4 service instance 333
48

Cisco IOS XR
hostname PE1
!
ipv4 address 106.106.106.106 255.255.255.255 110.110.110.110
!
PE1
encapsulation dot1q 101 PW VC id
106.106.106.106
CE1 100:101
router bgp 100 PE3
MPLS Core 192.0.0.3
address-family l2vpn vpls-vpws
BGP L2VPN AF
neighbor 110.110.110.110 100:101
remote-as 100 PE4
100:101 192.0.0.4
update-source Loopback0 GigabitEthernet0/0/0/2.101
l2vpn
bridge-domain bd101 Full-mesh Core PWs
interface GigabitEthernet0/0/0/2.101 auto-discovered with BGP-AD
vfi vfi101
and signaled by LDP
BGP AS 100
vpn-id 11101 BGP Auto-Discovery
autodiscovery bgp
rd auto PW ID = VPLS-id (100:101)
route-target 100:101
signaling-protocol ldp
vpls-id 100:101
49
H-VPLS LDP Signaling and BGP-AD / Manual provisioning
Cisco IOS
u-PE1
192.0.0.5 PE2
CE2 104.104.104.104
hostname PE1
!
5555
102.102.102.102 PW VC id
ip address 102.102.102.102 255.255.255.255
! CE1 100:300
l2 vfi sample-vfi autodiscovery PE3
2/4
vpn id 300 MPLS Core 192.0.0.3
u-PE2 VFI
vpls-id 100:300
neighbor 192.0.0.5 5555 encapsulation mpls no-split-horizon 192.0.0.6
CE3 100:300
neighbor 192.0.0.6 5555 encapsulation mpls no-split-horizon PE4
5555
100:300 192.0.0.4
Manually
provisioned
Spoke PWs
BGP AS 100
Manual BGP Auto-Discovery
50
H-VPLS LDP Signaling and BGP-AD / Manual provisioning
Cisco IOS XR
u-PE1
192.0.0.5 PE2
CE2 110.110.110.110
hostname PE1
! 5555
l2vpn PE1
PW VC id
bridge group Cisco-Live 106.106.106.106
bridge-domain bd101 CE1
100:101
interface GigabitEthernet0/0/0/2.101 0/0/0/2 PE3
! MPLS Core 192.0.0.3
u-PE2 VFI
! 192.0.0.6
CE3 100:101
neighbor 192.0.0.6 pw-id 5555 PE4
5555
! 100:101 192.0.0.4
vfi vfi101
vpn-id 11101
autodiscovery bgp Manually
rd auto
provisioned
route-target 100:101
Spoke PWs
signaling-protocol ldp
Manual BGP AS 100
vpls-id 100:101 BGP Auto-Discovery
51
Discovery
BGP-based AutoDiscovery (BGP-AD) and BGP
Signaling
BGP Signaling and Auto-Discovery
Overview
BGP Update
RFC 47611 defines use of BGP for BGP session message with
VPLS PE Auto-Discovery and Signaling VPLS NLRI
PE1 PE X
VE_ID 1 BGP RR VE_ID X
All PEs within a given VPLS are CE-A1 CE-A3
assigned a unique VPLS Edge device VFI VFI
ID (VE ID)
MPLS
A PE X wishing to send a VPLS update PE2 I am PE X with ACs on
sends the same label block information VE_ID 2 BLACK VFI
Pseudowire Here is my label block for
to all other PEs using BGP VPLS NLRI this VFI
VFI
Each receiving PE infers the label
intended for PE X by adding its CE-A2
(unique) VE ID to the label base

Each receiving PE gets a unique label for
PE X for that VPLS
(1) VPLSApricot
BGP2015NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
53
VPLS BGP Signaling and BGP-AD VPLS VFI attributes

Cisco IOS XR
hostname PE1
!
ipv4 address 106.106.106.106 255.255.255.255 110.110.110.110
!
router bgp 100
PE1
bgp router-id 106.106.106.106 106.106.106.106
address-family l2vpn vpls-vpws ve-id 6
neighbor 110.110.110.110 CE1
remote-as 100 PE3
MPLS Core 192.0.0.3
update-source Loopback0 VFI
ve-id 5 PE4
192.0.0.4 ve-id 7
GigabitEthernet0/0/0/2.102
l2vpn
bridge-domain bd102
interface GigabitEthernet0/0/0/2.102 ve-id 8
vfi vfi102
vpn-id 11102
autodiscovery bgp BGP AS 100
rd auto
route-target 100:102 BGP Signaling and Auto-Discovery
signaling-protocol bgp
ve-id 5 VE-id must be
unique in a
VPLS instance
54
VPLS BGP Signaling and BGP-AD PE2
Cisco IOS (NEW Protocol-based CLI) 104.104.104.104
hostname PE1
! PE1
interface Loopback0 102.102.102.102
ve-id 6
ip address 102.102.102.102 255.255.255.255 CE1
! PE3
MPLS Core 192.0.0.3
router bgp 100
VFI
bgp router-id 102.102.102.102
neighbor 104.104.104.104 update-source Loopback0 GigabitEthernet2/4 ve-id 5 PE4
! 192.0.0.4 ve-id 7
address-family l2vpn vpls
neighbor 104.104.104.104 suppress-signaling-protocol ldp ve-id 8
exit-address-family
l2vpn vfi context sample-vfi

vpn id 3300 VE-id must be BGP AS 100
autodiscovery bgp signaling bgp unique in a BGP Signaling and Auto-Discovery
ve id 5
VPLS instance
ve range 10
bridge-domain 300
member vfi sample-vfi
member GigabitEthernet2/4 service instance 333 Bridge Domain-
!
based Configuration
rewrite ingress tag pop 1 symmetric 55

10 - Deploying Mpls l2vpn

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

10 - Deploying Mpls l2vpn

Diunggah oleh

Hak Cipta:

Format Tersedia

Deploying MPLS L2VPN

Layer 2 VPN Motivation and Overview

Data Center Interconnection (DCI)

TDM /PDH to Dual/Hybrid to All-packet (IP/ SONET / SDH

TDM ATM Frame Relay Ethernet

Muxed UNI Muxed UNI Muxed UNI Muxed UNI Unmuxed

Muxed UNI Muxed UNI

L2VPNs are built with Pseudowire Provider Edge

Emulated Layer-2 Service

Control Targeted LDP session / BGP session / Static

The emulated circuit has three (3) layers of encapsulation

Demultiplexing Demultiplexer field (VC Label)

Emulated VC encapsulation (Control Word)

Tunnel Label Tunnel Label (IGP-LDP or RSVP-TE) EXP 0 TTL

VC Label VC Label (VC) EXP 1 TTL (Set to 2)

Control Word 0 0 0 0 Flags FRG Length Sequence Number Control Word

Three-level encapsulation ATM AAL5 Yes

Tunnel Label Label = 34 Label = 45

Payload Payload Payload Payload Payload

Ethernet frames transported without Preamble, Start Frame Delimiter

Original Ethernet Frame

MPLS Stack AToM Header

Cisco devices by default will 7604-2(config-pw-class)#interworking ?

Cisco devices by default will RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-

type 4 will be used RP/0/RSP0/CPU0:ASR9000-2#show running-config l2vpn

VC type 4 or 5 pw-class test-pw-class-VC4-passthrough

Single-tagged frame 10 Dummy 10

PEs exchange PW payload MTU as AC MTU MPLS

Both ends must agree to use same

Interface MTU configured as largest interface GigabitEthernet0/0/4

ASR1004-1#show int gigabitEthernet 0/0/4.1000 | include MTU

Sub-interfaces / Service Instances

Interface / sub-interface MTU interface GigabitEthernet0/0/0/2

(4B) interface GigabitEthernet0/0/0/2.100 l2transport

PW MTU used during PW signaling

Defines Architecture to provide

VPLS operation emulates an IEEE

VFI (Virtual Forwarding Instance)

Connect to CE device, it could be Ethernet physical

One or multiple VCs can belong to same VFI

Dynamic learning based on Source MAC

Split-Horizon and Full-Mesh of PWs for CE

Core PW Split Horizon ON AC PE

Remove (flush) dynamic MAC

Provisioning Model Provisioning

VPWS Signaling VPN Discovery

VPLS Signaling VPN Discovery

Operational complexity for larger

CE-1 MPLS CE-2

PW manually Local_int = A Local_int = B

5 PEs bind remote

interface Vlan 300 OR

interface GigabitEthernet2/5 CE1

encapsulation default (encap default)

interface Vlan 300

xconnect 102.102.102.102 111 encapsulation mpls

interface Vlan 300 OR

p2p xc-sample-2 222

VFI associated to Bridge-Domain or

interface GigabitEthernet2/4 interface GigabitEthernet2/4

hostname PE1 PE2

Uses BGP Update messages to advertize VFI VFI

PE/VFI mapping (VPLS NLRI) MPLS