Anda di halaman 1dari 82

An Introduction to

VPLS

Jeff Apcar, Distinguished Services Engineer


APAC Technical Practices, Advanced Services

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Agenda

VPLS Introduction
Pseudo Wire Refresher
VPLS Architecture
VPLS Configuration Example
VPLS Deployment
Summary

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Do you want to date VPLS?

VPLS is like having Paris


Hilton as your girlfriend.
The concept is fantastic, but
in reality the experience might
not be what you expected.
But were still willing to give
it a go as long as we can
understand/handle her
behaviour

Me, Just Then

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
VPLS Introduction

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Virtual Private LAN Service (VPLS)
VPLS defines an architecture allows MPLS networks offer
Layer 2 multipoint Ethernet Services
SP emulates an IEEE Ethernet bridge network (virtual)
Virtual Bridges linked with MPLS Pseudo Wires
Data Plane used is same as EoMPLS (point-to-point)
VPLS is an Architecture

PE PE
CE CE

CE
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Virtual Private LAN Service

End-to-end architecture that allows MPLS networks to


provide Multipoint Ethernet services
It is Virtual because multiple instances of this service
share the same physical infrastructure
It is Private because each instance of the service is
independent and isolated from one another
It is LAN Service because it emulates Layer 2
multipoint connectivity between subscribers

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Why Provide A Layer 2 Service?

Customer have full operational control over their routing


neighbours
Privacy of addressing space - they do not have to be
shared with the carrier network
Customer has a choice of using any routing protocol
including non IP based (IPX, AppleTalk)
Customers could use an Ethernet switch instead of a
router as the CPE
A single connection could reach all other edge points
emulating an Ethernet LAN (VPLS)

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
VPLS is defined in IETF
VPWS, VPLS, IPLS
Application
ISOC

General L2VPN
Formerly PPVPN
workgroup
IAB
L3VPN
Internet BGP/MPLS VPNs (RFC
4364 was 2547bis)
PWE3 IP VPNs using Virtual
IETF Routers (RFC 2764)
Ops and Mgmt CE based VPNs using
IPsec

Routing MPLS
Pseudo Wire Emulation
edge-to-edge
Forms the backbone
Security transport for VPLS

Transport
As of 2-Nov-2006

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Classification of VPNs
VPN

Network CPE
Based Based

Layer 2 Layer 3 Layer 3

Ethernet P2P VPWS VPLS MPLS Virtual IPSec GRE


IPLS VPN Router
ATM
Frame Relay

Ethernet (P2P)
ATM/Cell Relay
PPP/HDLC
Frame Relay

Ethernet (MP2MP)
Ethernet (P2MP)

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
L2VPN Models

L2VPN

MPLS IP
Like-to-Like
Any-to-Any
Like-to-Like
VPWS VPLS/IPLS L2TPv3
Point-to-Point Multipoint Point-to-Point

PPP ATM PPP ATM


HDLC AAL5/Cell HDLC AAL5/Cell

Ethernet FR Ethernet Ethernet FR

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
IP LAN-Like Service (IPLS)

An IPLS is very similar to a VPLS except


The CE devices must be hosts or routers not switches
The service will only carry IPv4 or IPv6 packets
IP Control packets are also supported ARP, ICMP
Layer 2 packets that do not contain IP are not supported
IPLS is a functional subset of the VPLS service
MAC address learning and aging not required
Simpler mechanism to match MAC to CE can be used
Bridging operations removed from the PE
Simplifies hardware capabilities and operation
Defined in draft-ietf-l2vpn-ipls

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
VPLS Components

Pseudo Wires within LSP


Virtual Switch Interface (VSI)
terminates PW and provides
Attachment circuits Ethernet bridge function
Port or VLAN mode
Mesh of LSP between N-PEs
N-PE N-PE
CE router CE router

CE router CE router

CE switch CE switch
MPLS
Core

Targeted LDP between PEs to


exchange VC labels for Pseudo CE router
Wires Attachment CE
can be a switch or
CE switch router

N-PE
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
Virtual Switch Interface

Flooding / Forwarding
MAC table instances per customer (port/vlan) for each PE
VFI will participate in learning and forwarding process
Associate ports to MAC, flood unknowns to all other ports

Address Learning / Aging


LDP enhanced with additional MAC List TLV (label withdrawal)
MAC timers refreshed with incoming frames

Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS)
Unidirectional LSP carries VCs between pair of N-PE Per
A VPLS use split horizon concepts to prevent loops

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Pseudo Wire
Refresher

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Pseudo Wires in VPLS

IETF working group PWE3


Pseudo Wire Emulation Edge to Edge;
Requirements detailed in RFC3916
Architecture details in RFC3985
Develop standards for the encapsulation & service
emulation of Pseudo Wires
Across a packet switched backbone
A VPLS is based on a full mesh of Pseudo Wires

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Pseudo Wire Reference Model (RFC 3916)
Emulated Service

Pseudo Wire

PSN Tunnel (LSP in MPLS) Customer


Customer
Site CE CE Site

IP/MPLS
PW1
Attachment Circuit
PW2

Customer CE PE1 PE2 Customer


Pseudo Wire
CE Site
Site
PDUs
Packet Switched
Network (PSN)
IP or MPLS
A Pseudo Wire (PW) is a connection between two provider edge devices
connecting two attachment circuits (ACs)
In an MPLS core a Pseudo Wire uses two MPLS labels
Tunnel Label (LSP) identifying remote PE router
VC Label identifying Pseudo Wire circuit within tunnel

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Pseudo Wire Standards (Care for a Martini?)

RFC 4446 Numeric values for PW types


RFC 4447 Distribution mechanism for VC labels
Previously called draft-martini-l2circuit-trans-mpls

RFC 4448 Encapsulation for Ethernet using MPLS


Previously called draft-martini-l2circuit-encap-mpls

Other drafts are addressing different encapsulations


draft-ietf-pwe3-frame-relay/draft-ietf-pwe3-atm-encap
draft-ietf-pwe3-ppp-hdlc-encap-mpls
Originally part of draft-martini-l2circuit-encap-mpls

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
MPLS PW Types (RFC 4446)

0x0001 Frame Relay DLCI ( Martini Mode ) 0x000E ATM AAL5 PDU VCC transport
0x0002 ATM AAL5 SDU VCC transport 0x000F Frame-Relay Port mode
0x0003 ATM transparent cell transport 0x0010 SONET/SDH Circ. Emu. over Packet
0x0004 Ethernet Tagged Mode (VLAN) 0x0011 Structure-agnostic E1 over Packet
0x0012 Structure-agnostic T1 over Packet
0x0005 Ethernet (Port)
0x0013 Structure-agnostic E3 over Packet
0x0006 HDLC
0x0014 Structure-agnostic T3 over Packet
0x0007 PPP
0x0015 CESoPSN basic mode
0x0008 SONET/SDH Circuit Emulation
0x0016 TDMoIP AAL1 Mode
0x0009 ATM n-to-one VCC cell transport 0x0017 CESoPSN TDM with CAS
0x000A ATM n-to-one VPC cell transport 0x0018 TDMoIP AAL2 Mode
0x000B IP Layer2 Transport 0x0019 Frame Relay DLCI
0x000C ATM one-to-one VCC Cell Mode
0x000D ATM one-to-one VPC Cell Mode

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
VC Information Distribution (RFC 4447)

VC labels are exchanged across a targeted LDP


session between PE routers
Generic Label TLV within LDP Label Mapping Message

LDP FEC element defined to carry VC information


Such PW Type (RFC 4446) and VCID

VC information exchanged using Downstream


Unsolicited label distribution procedures
Separate MAC List TLV for VPLS
Defined in draft-ietf-l2vpn-vpls-ldp
Use to withdraw labels associated with MAC addresses

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
VC Distribution Mechanism using LDP
Directed LDP Session Tunnel Label(s) gets to PE router
between PE1 and PE2

Label Switch Path Customer


Customer
Site CE CE Site

IP/MPLS

Customer CE PE1 PE2 CE Customer


Site LSP created Site
using IGP+LDP
VC Label identifies interface
or RSVP-TE

Unidirectional Tunnel LSP between PE routers to transport PW


PDU from PE to PE using tunnel label(s)
Both LSPs combined to form single bi-directional Pseudo Wire
Directed LDP session between PE routers to exchange VC
information, such as VC label and control information
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
PW Encapsulation over MPLS (RFC 4448)

Ethernet Pseudo Wires use 3 layers of encapsulation


Tunnel Encapsulation (zero, one or more MPLS Labels)
To get PDU from ingress to egress PE;
Could be an MPLS label (LDP, TE), GRE tunnel, L2TP tunnel
Pseudo Wire Demultiplexer (PW Label)
To identify individual circuits within a tunnel;
Obtained from Directed LDP session
Control Word (Optional)
The following is supported when carrying Ethernet
Provides the ability to sequence individual frames
Avoidance of equal-cost multiple-path load-balancing
Operations and Management (OAM) mechanisms
Control word format varies depending on transported PDU

Layer 2 Control PW Tunnel


PDU Word Label Label

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
Ethernet PW Tunnel Encapsulation
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Tunnel Encaps Tunnel Label (LDP,RSVP,BGP) EXP 0 TTL

PW Demux VC Label (VC) EXP 1 TTL (set to 2)

Control Word 0 0 0 0 Reserved Sequence Number

Layer-2 PDU

Tunnel Encapsulation
One or more MPLS labels associated with the tunnel
Defines the LSP from ingress to egress PE router
Can be derived from LDP+IGP, RSVP-TE, BGP IPv4+Label

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Ethernet PW Demultiplexer
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Tunnel Encaps Tunnel Label (LDP,RSVP,BGP) EXP 0 TTL

PW Demux VC Label (VC) EXP 1 TTL (set to 2)

Control Word 0 0 0 0 Reserved Sequence Number

Layer-2 PDU

VC Label
Inner label used by receiving PE to determine the following
Egress interface for L2PDU forwarding (Port based)
Egress VLAN used on the CE facing interface (VLAN Based)
EXP can be set to the values received in the L2 frame

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Ethernet PW Control Word
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Tunnel Encaps Tunnel Label (LDP,RSVP,BGP) EXP 0 TTL

PW Demux VC Label (VC) EXP 1 TTL (set to 2)

Control Word 0 0 0 0 Reserved Sequence Number

Layer-2 PDU

Control Word is Optional (as per RFC)


0000 First nibble is 0x0 to prevent aliasing with IP
Packets over MPLS (MAC addresses that start
with 0x4 or 0x6)
Reserved Should be all zeros, ignored on receive
Seq number provides sequencing capability to detect out
of order packets - currently not in Ciscos
implementation processing is optional

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
PW Operation and Encapsulation
Label 72 Directed LDP Session
for PW1 between PE1 and PE2

Lo0:
IP/MPLS
PW1
P1 38
24LSP72 P2L2 PDU

CE PE1 Label Pop Label 38 Label 24 PE2 Customer


Customer
for Lo0: for Lo0: for Lo0:
CE
Site Site

LDP LDP LDP


Session Session Session

This process happens in both directions


(Example shows process for PE2 PE1 traffic)

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
VPLS Architecture

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
VPLS Standards
Architecture allows IEEE 802.1 bridge behaviour in SP plus:
Autodiscovery of other N-PE in same VPLS instance
Signaling of PWs to interconnect VPLS instances
Loop avoidance & MAC Address withdrawal
Two drafts have been approved by IETF L2VPN Working Group
draft-ietf-l2vpn-vpls-ldp
Uses LDP for signalling, agnostic on PE discovery method
Predominant support from carriers and vendors
Cisco supports this draft
draft-ietf-l2vpn-vpls-bgp
Uses BGP for signalling and autodiscovery

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
Cisco VPLS Building Blocks

Point-to-Point Multipoint
Layer 2 VPN Layer 3 VPN
Layer 2 VPN Layer 2 VPN

Forwarding Interface-Based/ Ethernet


IP Routing
Mechanism Sub-Interface Switching (VFI)

L2VPN Centralised Distributed


Discovery DNS Radius Directory Services BGP
NMS/OSS
Label Distribution
Signaling
Protocol

Tunnel
MPLS IP
Protocol

Hardware Cisco 7600 Catalyst 6500 Cisco 12000

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
VPLS Auto-discovery & Signaling

VPN Centralised Distributed


Discovery DNS Radius Directory Services BGP

Label Distribution
Signaling
Protocol

Draft-ietf-l2vpn-vpls-ldp
Does not mandate an auto-discovery protocol
Can be BGP, Radius, DNS, or Directory based
Uses Directed LDP for label exchange (VC) and PW signaling
PWs signal control information as well (for example, circuit state)
Cisco IOS supports Directed LDP for all VC signaling
Point-to-point Cisco IOS Any Transport over MPLS (AToM)
Multipoint Cisco IOS MPLS Virtual Private LAN Services

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
VPLS Flooding & Forwarding

Unknown DA? Pseudo Wire in LSP

Data SA DA?

Flooding (Broadcast, Multicast, Unknown Unicast)


Dynamic learning of MAC addresses on PHY and VCs
Forwarding
Physical Port
Virtual Circuit

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
MAC Address Learning and Forwarding
Send me frames Send me frames
Directed LDP
using Label 102 using Label 170
MAC1 MAC2
PE1 PE2
CE Use VC CE
Label 102
E0/0 Use VC E0/1
Label 170
MAC Address Adj MAC Address Adj
MAC 2 170 MAC 2 E0/1
PE2 102 MAC1 MAC2 Data
MAC 1 E0/0 MAC 1 102
Data MAC1 MAC2 170 PE2

Broadcast, Multicast, and Unknown Unicast are learned via the


received label associations
Two LSPs associated with a VC (Tx & Rx)
If inbound or outbound LSP is down
Then the entire Pseudo Wire is considered down

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
MAC Address Withdrawal Message
Directed LDP

X
MPLS

Message speeds up convergence process


Otherwise PE relies on MAC Address Aging Timer
Upon failure PE removes locally learned MAC addresses
Send LDP Address Withdraw (RFC3036) to remote PEs in VPLS
(using the Directed LDP session)
New MAC List TLV is used to withdraw addresses

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
VPLS Topology PE View

CEs

PEs MPLS

Full Mesh LDP


Ethernet PW to each peer

PE view

Each PE has a P2MP view of all other PEs it sees it self as a root
bridge with split horizon loop protection
Full mesh topology obviates STP in the SP network
Customer STP is transparent to the SP / Customer BPDUs are
forwarded transparently

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
VPLS Topology CE View

CEs

PEs MPLSMPLS
VPLS Core

Full Mesh LDP


Ethernet PW to each peer

PE view

CE routers/switches see a logical Bridge/LAN


VPLS emulates a LAN but not exactly
This raises a few issues which are discussed later

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
VPLS Architectures

VPLS defines two Architectures


Direct Attachment (Flat)
Described in section 4 of Draft-ietf-l2vpn-vpls-ldp
Hierarchical or H-VPLS comprising of two access methods
Ethernet Edge (EE-H-VPLS) QinQ tunnels
MPLS Edge (ME-H-VPLS) - PWE3 Pseudo Wires (EoMPLS)
Described in section 10 of Draft-ietf-l2vpn-vpls-ldp
Each architecture has different scaling characteristics

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
VPLS Functional Components
Customer SP PoPs Customer
MxUs MxUs

CE U-PE N-PE MPLS Core N-PE U-PE CE

N-PE provides VPLS termination/L3 services


U-PE provides customer UNI
CE is the custome device

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
Directed attachment (Flat) Characteristics

Suitable for simple/small implementations


Full mesh of directed LDP sessions required
N*(N-1)/2 Pseudo Wires required
Scalability issue a number of PE routers grows

No hierarchical scalability
VLAN and Port level support (no QinQ)
Potential signaling and packet replication overhead
Large amount of multicast replication over same physical
CPU overhead for replication

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
Direct Attachment VPLS (Flat Architecture)
CE N-PE MPLS Core N-PE CE

Ethernet Ethernet
(VLAN/Port Full Mesh PWs + LDP (VLAN Port)

Data MAC1 MAC2 802.1q


Customer Data MAC1 MAC2

Data MAC1 MAC2 VC PE Pseudo Wire


SP Core

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
Hierarchical VPLS (H-VPLS)

Best for larger scale deployment


Reduction in packet replication and signaling overhead
Consists of two levels in a Hub and Spoke topology
Hub consists of full mesh VPLS Pseudo Wires in MPLS core
Spokes consist of L2/L3 tunnels connecting to VPLS (Hub) PEs
Q-in-Q (L2), MPLS (L3), L2TPv3 (L3)

Some additional H-VPLS terms


MTU-s Multi-Tenant Unit Switch capable of bridging (U-PE)
PE-r Non bridging PE router
PE-rs Bridging and Routing capable PE

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
Why H-VPLS?
VPLS H-VPLS
PE
CE
CE CE PE-rs MTU-s
PE PE

CE
CE PE PE CE PE-rs PE-rs

CE
CE
PE PE

PE-rs PE-r

CE CE PE-rs PE-rs
CE
PE CE
Potential signaling overhead Minimizes signaling overhead
Full PW mesh from the Edge Full PW mesh among Core devices
Packet replication done at the Edge Packet replication done the Core
Node Discovery and Provisioning Partitions Node Discovery process
extends end to end
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
Ethernet Edge H-VPLS (EE-H-VPLS)
U-PE N-PE N-PE U-PE
CE MTU-s PE-rs MPLS Core PE-rs MTU-s CE

1 2
802.1q QinQ
3 QinQ 802.1q
Access Tunnel Full Mesh PWs + LDP Tunnel Access

Vlan 802.1q
1 Data MAC1 MAC2
CE Customer
Vlan Vlan QinQ
2 Data MAC1 MAC2 SP Edge
CE SP
Vlan P Pseudo Wire
3 Data MAC1 MAC2 VC
CE E SP Core
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
Bridge Capability in EE-H-VPLS
U-PE N-PE
CE MTU-s PE-rs

Local edge traffic does not have to traverse N-PE


MTU-s can switch traffic locally
Saves bandwidth capacity on circuits to N-PE

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
Ethernet Edge Topologies

Full Efficient Large Scale Intelligent Multiservice Intelligent Efficient Full


Service Access Aggregation Edge Core Edge Access Service
CPE U-PE PE-AGG N-PE P N-PE U-PE CPE

Si

User Facing Provider Edge (U-PE) Metro C


Metro A U-PE
PE-AGG
Hub and 10/100/
10/100/ GE Ring Si Spoke 1000 Mbps
1000 Mbps P U-PE
P
N-PE
MPLS VPLS
Metro B 10/100/
N-PE 1000 Mbps
P P
DWDM/ RPR
CDWM
N-PE
U-PE 10/100/
U-PE 1000 Mbps
Network Facing Provider Edge (N-PE) Metro D
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
MPLS Edge H-VPLS
U-PE N-PE N-PE U-PE
CE PE-rs PE-rs MPLS Core PE-rs PE-rs CE

MPLS MPLS
Acces Acces
s MPLS Core s

1 2
MPLS
802.1q MPLS 3 Pseudo 802.1q
Access Pseudo Wire Full Mesh PWs + LDP Wire Access

Same VCID used in


Vlan
1 Data MAC1 MAC2 802.1q Edge and core (Labels
CE Customer may differ)
2 Vlan MPLS PW
Data MAC1 MAC2 VC PE
CE SP Edge
3 Vlan P Pseudo Wire
Data MAC1 MAC2 VC
CE E SP Core
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
VFI and Split Horizon (VPLS, EE-H-VPLS)
This traffic will not be
replicated out PW #2 and
visa versa
CE
1 1 1 1 1 1 1 1 1
3 3 3 3 Pseudo Wire #1 N-PE2
1 2 1 2 1 3 3 3 3 3
CE
2 2 2 2 VFI
3 3 3 3 3 2 2 2 2 2
3 3 3 3
Pseudo Wire #2 N-PE3
N-PE1 3 3 3 3 3
Broadcast
/Multicast
Virtual
Bridging Function Forwarding
(.1Q or QinQ) Interface Pseudo Wires

Local Switching Split Horizon Active

Virtual Forwarding Interface is the VSI representation in IOS


Single interface terminates all PWs for that VPLS instance
This model applicable in direct attach and H-VPLS with Ethernet Edge

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
VFI and NO Split Horizon (ME-H-VPLS)
CE Split Horizon 1 1 1 1 1
disabled
Pseudo Wire #1 N-PE2
U-PE 1 2 1 2 1 3 3 3 3 3
CE Pseudo Wire #3 VFI
3 3 3 3 3 2 2 2 2 2
Pseudo Wire #2 N-PE3
Unicast

N-PE1

Virtual
Pseudo Wire Forwarding
MPLS Based Interface Pseudo Wires

NO Split Horizon Split Horizon Active

This model applicable H-VPLS with MPLS Edge


PW #1, PW #2 will forward traffic to PW #3 (non split horizon port)

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46
VPLS Logical Topology Comparison
Direct Attach H-VPLS QinQ tunnel H-VPLS - MPLS PW

Pros Simple access via Simple access via Ethernet Fast L3 IGP convergence
Ethernet
Hierarchical support via MPLS TE FRR <50msec
QinQ at access
Hierarchical support via
Scalable customer VLANs MPLS PW at access
(4K x 4K)
4K customers supported per
Ethernet Access Domain
Cons No hierarchical High STP re-convergence More complicated
scalability time provisioning
Customer VLAN MAC is not scalable as Requires MPLS to u-PE
cannot over lap customer MAC still seen on
OSM/SIP-400/600 as U-PE
SP network
4K customer VLAN facing card on N-PE (for
limit in Ethernet Supported on SIP-600 only 7600)
access domain as of 12.2(33)SRA
High STP
reconvergence time
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47
Configuration
Examples

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48
Configuration Examples

Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 49
Direct Attachment Configuration (C7600)

1.1.1.1 2.2.2.2
PE1 PE2
CE1 MPLS Core CE2
pos4/1 pos4/3
gi3/0 gi4/4
VLAN100 pos3/0 pos3/1 VLAN100

PE3
gi4/2
3.3.3.3 CE2
VLAN100

CEs are all part of same VPLS instance (VCID = 56)


CE router connects using VLAN 100 over sub-interface

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50
Direct Attachment CE router
Configuration
interface GigabitEthernet 2/1.100 interface GigabitEthernet 1/3.100
encapsulation dot1q 100 encapsulation dot1q 100
ip address 192.168.20.1 ip address 192.168.20.2

CE1 CE2

Subnet
VLAN100 192.168.20.0/24 VLAN100

interface GigabitEthernet 2/0.100


encapsulation dot1q 100
ip address 192.168.20.3
CE2
VLAN100

CE routers sub-interface on same VLAN


Can also be just port based (NO VLAN)

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 51
Direct Attachment VSI Configuration
l2 vfi VPLS-A manual l2 vfi VPLS-A manual
vpn id 56 vpn id 56
neighbor 2.2.2.2 encapsulation mpls neighbor 1.1.1.1 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls

1.1.1.1 2.2.2.2
PE1 PE2
CE1 MPLS Core CE2
pos4/1 pos4/3
gi3/0 gi4/4
VLAN100 pos3/0 pos3/1 VLAN100

PE3
gi4/2
3.3.3.3 CE2
VLAN100
l2 vfi VPLS-A manual
vpn id 56
neighbor 2.2.2.2 encapsulation mpls
neighbor 1.1.1.1 encapsulation mpls

Create the Pseudo Wires between N-PE routers


Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52
Direct Attachment CE Router (VLAN Based)
Same set of commands on each PE
Configured on the CE facing interface
1.1.1.1 2.2.2.2
PE1 PE2
CE1 MPLS Core CE2
pos4/1 pos4/3
gi3/0 gi4/4
VLAN100 pos3/0 Interface
pos3/1 GigabitEthernet3/0VLAN100
switchport
switchport mode trunk
switchport
PE3 trunk encapsulation dot1q
gi4/2 switchport trunk allowed vlan 100
3.3.3.3
!
CE2
Interface vlan 100
VLAN100 no ip address
This command associates the xconnect vfi VPLS-A
VLAN with the VPLS instance !
VLAN100 = VCID 56 vlan 100
state active

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 53
Configuration Examples

Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54
Direct Attachment CE switch (Port Based)

If CE was a switch instead of a router then we can use QinQ


QinQ places all traffic (tagged/untagged) from switch into a VPLS
1.1.1.1 2.2.2.2
PE1 PE2
CE1 MPLS Core CE2
pos4/1 pos4/3
gi3/0 gi4/4
All VLANs pos3/0 Interface
pos3/1 GigabitEthernet3/0
All VLANs
switchport
switchport mode dot1qtunnel
switchport
PE3 access vlan 100
gi4/2 l2protocol-tunnel stp
3.3.3.3
!
CE2
Interface vlan 100
All VLANs no ip address
This command associates the xconnect vfi VPLS-A
VLAN with the VPLS instance !
VLAN100 = VCID 56 vlan 100
state active

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55
Configuration Examples

Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 56
H-VPLS Configuration (C7600/3750ME)

U-PE1 1.1.1.1 2.2.2.2


U-PE2
Cisco Cisco 4.4.4.4
3750ME MPLS Core 3750ME
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 fa1/0/1

N-PE1 pos3/0 pos3/1 N-PE2


CE1
CE1 CE2 3.3.3.3 N-PE3 CE2
gi4/2

CE2 U-PE3
Cisco 3750ME
CE1
U-PEs provide services to customer edge device
CE traffic then carried in QinQ or EoMPLS PW to N-PE
PW VSI mesh configuration is same as previous examples

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 57
Configuration Examples

Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 58
H-VPLS QinQ Tunnel (Ethernet Edge)
U-PE carries all traffic from CE using QinQ
Outer tag is VLAN100, inner tags are customers
U-PE1 1.1.1.1 2.2.2.2
U-PE2
Cisco Cisco 4.4.4.4
3750ME MPLS Core 3750ME
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 fa1/0/1
Interface GigabitEthernet4/4
switchport pos3/0 pos3/1
N-PE1
switchport mode trunk
N-PE2
switchport trunk encapsulation dot1q CE1
switchport trunk allowed vlan 100
3.3.3.3 N-PE3
CE1
! CE2 CE2
gi4/2 interface FastEthernet1/0/1
Interface vlan 100 switchport
no ip address CE2 switchport access vlan 100
U-PE3
xconnect vfi VPLS-A switchport
Cisco 3750ME mode dot1q-tunnel
! CE1 switchport trunk allow vlan 1-1005
vlan 100 !
state active interface GigabitEthernet 1/1/1
switchport
switchport mode trunk
switchport allow vlan 1-1005

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 59
Configuration Examples

Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 60
H-VPLS EoMPLS PW Edge (VLAN Based)

CE interface on U-PE can be access or trunk port


xconnect per VLAN is required
U-PE1 1.1.1.1 2.2.2.2
U-PE2
Cisco Cisco 4.4.4.4
3750ME MPLS Core 3750ME
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 fa1/0/1
Interface GigabitEthernet4/4
no switchport pos3/0 pos3/1
N-PE1
ip address 156.50.20.1 255.255.255.252
N-PE2
mpls ip CE1
! 3.3.3.3 N-PE3
interface FastEthernet1/0/1
CE1 CE2
l2 vfi VPLS-A manual CE2
gi4/2 switchport
vpn id 56 switchport access vlan 500
CE2
neighbor 1.1.1.1 encapsulation mpls U-PE3
!
neighbor 3.3.3.3 encapsulation mpls Cisco 3750ME vlan500
interface
CE1 mpls no-split
neighbor 4.4.4.4 encaps xconnect 2.2.2.2 56 encapsulation mpls
!
interface GigabitEthernet1/1/1
Ensures CE traffic passed on no switchport
PW to/from U-PE ip address 156.50.20.2 255.255.255.252
mpls ip
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 61
Configuration Examples

Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 62
H-VPLS EoMPLS PW Edge (Port Based)

CE interface on U-PE can be access or trunk port


xconnect for entire PORT is required
U-PE1 1.1.1.1 2.2.2.2
U-PE2
Cisco Cisco 4.4.4.4
3750ME MPLS Core 3750ME
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 fa1/0/1
Interface GigabitEthernet4/4
no switchport pos3/0 pos3/1
N-PE1
ip address 156.50.20.1 255.255.255.252
N-PE2
mpls ip CE1
! 3.3.3.3 N-PE3
interface FastEthernet1/0/1
CE1 CE2
l2 vfi PE1-VPLS-A manual CE2
gi4/2 no switchport
vpn id 56 xconnect 2.2.2.2 56 encapsulation mpls
CE2
neighbor 1.1.1.1 encapsulation mpls U-PE3
!
neighbor 3.3.3.3 encapsulation mpls Cisco 3750ME GigabitEthernet1/1/1
interface
CE1 mpls no-split
neighbor 4.4.4.4 encaps no switchport
ip address 156.50.20.2 255.255.255.252
mpls ip
Ensures CE traffic passed on
PW to/from U-PE

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 63
Configuration Examples

Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)

H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)

Sample Output

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 64
show mpls l2 vc

U-PE1 1.1.1.1 2.2.2.2


U-PE2
Cisco Cisco 4.4.4.4
3750ME MPLS Core 3750ME
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 fa1/0/1

N-PE1 pos3/0 pos3/1 N-PE2


CE1
CE1 CE2 3.3.3.3 N-PE3 CE2
gi4/2

CE2 U-PE3
NPE-A#show mplsCisco
l2 vc3750ME
CE1
Local intf Local circuit Dest address VC ID Status
------------- ------------- ------------- ------ ------
VFI VPLS-A VFI 1.1.1.1 10 UP
VFI VPLS-A VFI 3.3.3.3 10 UP

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 65
show mpls l2 vc detail

U-PE1 1.1.1.1 2.2.2.2


U-PE2
Cisco Use VC Use VC Cisco 4.4.4.4
3750ME Label 19 MPLS Core Label 23 3750ME
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 fa1/0/1

N-PE1 pos3/0 pos3/1 N-PE2


CE1
CE1 CE2 NPE-2#show
3.3.3.3 mpls l2 N-PE3
vc detail CE2
gi4/2 VFI VPLS-A up
Local interface:
CE2 Destination address:
U-PE3 1.1.1.1, VC ID: 10, VC status: up
CE1 Tunnel label:Cisco
imp-null,
3750ME next hop 156.50.20.1

Output interface: POS4/3, imposed label stack {19}


Create time: 1d01h, last status change time: 00:40:16
Signaling protocol: LDP, peer 1.1.1.1:0 up
MPLS VC labels: local 23, remote 19

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 66
Deployment Issues

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 67
Deployment Issues

MTU Size
Broadcast Handling
Router or a Switch CPE?
Ramblings of an Engineer
A Sample Problem

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 68
Pseudo Wire Data Plane Overhead

At imposition, N-PE encapsulates CE Ethernet or VLAN


packet to route across MPLS cloud
These are the associated overheads
Transport Header is 6 bytes DA + 6 bytes SA + 2 bytes Etype +
OPTIONAL 4 Bytes of VLAN Tag (carried in Port based service)
At least 2 levels of MPLS header (Tunnel + VC) of 4 bytes each
There is an optional 4-Byte control word

L2 Header Tunnel Header VC Header Original Ethernet Frame


Outer Label Inner Label
(32-bits) (32-bits)

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 69
Calculating Core MTU Requirements

Core MTU Edge MTU + Transport Header + AToM Header +


(MPLS Label Stack * MPLS Header Size)
Edge MTU is the MTU configured in the CE-facing PE interface
Examples (all in Bytes):

MPLS MPLS
Edge Transport AToM Total
Stack Header
1526
EoMPLS Port Mode 1500 14 4 [0] 2 4
[1522]
1530
EoMPLS VLAN Mode 1500 18 4 [0] 2 4
[1526]
1530
EoMPLS Port w/ TE FRR 1500 14 4 [0] 3 4
[1526]

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 70
Beware the MTU It Can Get Real Big
Carrier Pseudowire Encapsulation Enterprise MPLS Frame

7 1 6 6 2 4 4 4 4 6 6 2 2 2 > 1500 4
Pre SFD DA SA Type TE Tu Vc Cntrl DA SA TPID TCI Type Data FCS
Preamble

Start of Frame

MAC
Carrier Dest

Cust Destination MAC


Carrier Source

Ether type = 8847

Traffic Engineer label

Cust Source MAC


EoMPLS Tunnel Label

EoMPLS VC Label

Control Word

VLAN Protocol ID = 8100

VLAN ID Info

Cust Type

Cust Packet

Frame Check Sequence


Delimter

MAC

MTU Sizing
Packet size can get very large in backhaul due to
multiple tags and labels
Data portion may
Ensure core and access Ethernet interfaces are be > 1500 if
configured with appropriate MTU size carrying MPLS
labels

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 71
Broadcast/Multicast/Unknown Unicast Handling

VPLS relies on ingress replication


Ingress PE replicates the multicast packet to each egress Pseudo
Wire (PE neighbour)

Ethernet switches replicate broadcast/multicast flows once


per output interface
VPLS may duplicate packets over the same physical egress
interface for each PW that interface carriers
Unnecessary replication brings the risk of resource exhaustion
when the number of PWs increases

Some discussion on maybe using multicast for PWs


Rather than full mesh of P2P Pseudo Wires

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 72
Switch or Router as CE device

Ethernet Switch as CE device


If directly attached SP allocates VLAN could be an issue in
customer network
SP UNI exposed to L2 network of customer
L2 PDUs must be tunnelled such as STP BPDUs
No visibility of network behind CE switch
Many MAC address can exists on UNI
High exposure to broadcast storms
Router as CE device
Single MAC Address exists (for interface of router)
No SPT interactions
Router controls broadcast issues (multicast still happens)

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 73
VPLS Caveats (Ramblings of an Engineer)

VPLS may introduce non-deterministic behaviour in SP Core


Case in point learning of VPN routes
An MPLS-VPN provides ordered manner to learn VPNv4 routers using
MP-BGP unknown addresses are dropped
In VPLS, learning is achieved through flooding MAC address
Excessive number of Unknown, Broadcast and Multicast frames could
behave as a series of packet bombs
Solution: Ingress Threshold Filters (on U-PE or N-PE)
How to selectively choose which Ethernet Frames to discard?
How to avoid dropping Routing and Keepalives (control)
May cause more problems in customer network
How many MAC addresses allowed?
Does SP really want to take this responsibility?

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 74
VPLS Caveats (Ramblings of an Engineer)

DoS attack has a higher probability of manifesting


Whether intentional or by mis-configuration

Since traffic is carried at layer 2, a lot of chatter could be


traversing the MPLS core unnecessarily.
For example, status requests for printers

How is CoS applied across for a VPLS service?


Should all frames on a VPLS interface be afforded the same class
of service?
Should there be some sort of differentiation?

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 75
A Common VPLS Problem

Protocols expect LAN behaviour


VPLS is viewed as an Ethernet network
Although it does not necessarily behave like one
VPLS is virtual in its LAN service
There are some behaviours which differ from a real LAN

An example
The OSPF designated router problem

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 76
OSPF Designated Router Problem
VPLS View
Router A is the DR, Router B is the BDR
Router C sees both A and B via Pseudo Wires
OSPF DR
(A) Pseudo Wires

OSPF
Backup DR
(B) OSPF Neighbour
(C)
Router View
Router A, B and C behave like they are on a LAN
OSPF DR
(A)

OSPF OSPF Neighbour


Backup DR (C)
(B)
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 77
OSPF Designated Router Problem
Assume PW between A and B loses connectivity
Router A and Router B cannot see each other
Router C can still see both the Router A and Router B

No arbitration available between OSPF DR


(A) Pseudo Wires
Router A and Router B

OSPF
Backup DR
(B) OSPF Neighbour
(C)

Ethernet frames travel along discrete paths a VPLS


Therefore Router C can see both Router A and B
But Router A and Router B cannot see each other!
Router B assumes A has failed and becomes the DR
Router C now see two DRs on same LAN segment Problem!

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 78
Summary

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 79
Summary

VPLS has its advantages and benefits


Non-IP protocols supported, customers do not have routing
interaction etc..

Use routers as the CE device


Understand their multicast requirements
Then again, maybe MPLS-VPN could do the job?

Avoid switches as CPE


Otherwise understand customers network requirements
Devices, applications (broadcast/multicast vs unicast)

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 80
Q&A

Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 81
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 82