View
241
Download
9
Category
Tags:
Preview:
Citation preview
1© 2003 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID
Metro Ethernet Technology & Deployment Deep Dive
Muhammad DurraniCCIE # 12521
Technical Leader , Cisco Systems Inc.
222Presentation_ID
Agenda
• Layer 2 VPN - Introduction• PEW3 Signaling - Concepts• VPLS – Architecture and Standards• VPLS - Forwarding• Scale• Config Examples• Limitations• Future Roadmap• Q&A
* source: IDC
333Presentation_ID
Layer 2 VPN – Introduction
333© 2004 Cisco Systems, Inc. All rights reserved.
444Presentation_ID
VPNTypes, Layers and Implementations
VPN Type Layer ImplementationLeased Line 1 TDM/SDH/SONET
Frame Relay switching
2 DLCI
ATM switching 2 VC/VP
Ethernet/ATM/FR 2 VPWS/VPLS
GRE/UTI/L2TPv3 3 IP Tunnel
IP 3 MP-BGP/RFC2547
IP 3 IPSec
555Presentation_ID
VPN Deployments Today Technology & VPN Diversity
Access
IP/ IPsec
FR/ATMBroadband
Ethernet
Access
IP/ IPsec
FR/ATMBroadband
Ethernet
Only Partial IntegrationDifferent Core Solutions
Different Access Technologies
ATMATM
MPLS or IPMPLS or IP
SONETSONET
Multiple Access Services Require Multiple Core Technologies = $$$ High Costs / Complex Management
666Presentation_ID
Consolidated Core supports …
Access
IP/ IPsec
FR/ATMBroadband
Ethernet
Access
IP/ IPsec
FR/ATMBroadband
Ethernet
Different Access TechnologiesComplete Integration
MPLS or IPMPLS or IP
777Presentation_ID
Why is L2VPN needed?
• Allows SP to have a single infrastructure for both IP and legacy services
• Migration• Provisioning is incremental• Network Consolidation• Capital and Operational savings
• Customer can have their own routing, qos policies, security mechanisms, etc
• Layer 3 (IPv4, IPX, OSPF, BGP, etc …) on CE routers is transparent to MPLS core
• CE1 router sees CE2 router as next-hop• No routing involved with MPLS core
• Open architecture and vendor interoperability
888Presentation_ID
Layer 3 and Layer 2 VPN Characteristics
LAYER 3 VPNs1. Packet based forwarding
e.g. IP2. SP is involved (routing)3. IP specific4. Example: RFC 2547bis VPNs
(L3 MPLS-VPN)
LAYER 2 VPNs1. Frame Based forwarding e.g.
DLCI,VLAN, VPI/VCI2. No SP involvement (Routing)3. Multiprotocol support4. Example: FR—ATM—Ethernet
The Choice of L2VPN over L3VPN Will Depend on How Much Control the Enterprise Wants to Retain. L2 VPN Services Are Complementary to L3 VPN Services
999Presentation_ID
L2VPN Models
L2-VPN ModelsL2-VPN Models
IP Core (L2TPv3)IP Core (L2TPv3)MPLS Core (LDP)MPLS Core (LDP)
P2MP/MP2MPP2MP/MP2MP
PPP/HDLCPPP/HDLC
FRFR ATM AAL5/Cell
ATM AAL5/Cell
EthernetEthernet
Like-to-like -or-Any-to-Any. P2PLike-to-like -or-
Any-to-Any. P2P
VPWSVPWS VPLSVPLS
EthernetEthernet
FRFR ATM AAL5/Cell
ATM AAL5/Cell
EthernetEthernet
Like-to-like -or-Any-to-Any. P2PLike-to-like -or-
Any-to-Any. P2P
VPWSVPWS
PPP/HDLCPPP/HDLCTDMTDM
Pseudo Wire Reference Model
101010Presentation_ID
VegasSJC
AC3
Emulated Service
AC4
MPLS or IP coreAC1 AC2
Pseudo Wires
Customer Site
Customer Site
Customer Site
Customer Site
A pseudo-wire(PW) is a connection between two provider edge (PE) devices which connects two attachment circuits(ACs).
111111Presentation_ID
L2VPN – Label Stacking
Length Sequence NumberRsvd Flags
EXP TTL 1VC Label (VC)
EXP TTL0Tunnel Label (LDP/RSVP)
Layer 2 PDU
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
0 0
VC Label
Tunnel Label
Control Word
• Three Layers of Encapsulation• Tunnel Label – Determines path through network• VC Label – Identifies VC at endpoint • Control Word – Contains attributes of L2 payload (optional)
Encap. RequiredCR
EthFRHDLC
PPP
AAL5NoYes
Control Word
No
No
No
Yes
121212Presentation_ID
Generic Control Word:VC Information Fields
Control Word
Rsvd
bits 4
Length
8
Sequence Number
16
Flags
4
• Use of control word is optional
• Flags - Carries “flag” bits depending on encapsulation
(FR; FECN, BECN, C/R, DE, ATM; CLP, EFCI, C/R, etc)
• Length - Required for padding small frames when < interface MTU
• Sequence number – Used to detect out of order delivery of frames
131313Presentation_ID
PWE3 Signaling – Concepts
131313© 2004 Cisco Systems, Inc. All rights reserved.
141414Presentation_ID
Building Blocks for MPLS Based L2VPNs – Control Plane
1. Provision – Config VPN2. Auto-discovery – Advertise loopback & vpn members3. Signaling – Setup pseudowire4. Data Plane – Packet forwarding
CE2
MPLS
2. ControlPlane
3. ControlPlane
CE1
2. ControlPlane
3. ControlPlane
1. VPN101Config
4. Data Plane
1. VPN101Config
4. Data Plane
2. Auto-discovery (BGP)
3. Signaling (LDP)
PE2
Primary
PE1
Primary
151515Presentation_ID
L2VPN – Pseudo-Wire Label Binding
PE1P1 P3
P4
PrimaryPrimary
PE2
P2
Site1CE1
Site2CE2
1. Provision AC & PW
2. PE1 binds VCID to VC Label
VC Label TLVVC FEC TLV
Label Mapping Msg
3. PE2 matches its VCID to one received
4. PE2 repeats same steps
Uni-directional PW LSP Established
161616Presentation_ID
L2VPN Transports Service:Reference Model
CE-1CE-1
PE1PE1 PE2PE2
CE-2CE-2
Pair of Uni-directionalPW LSPs
Pair of Uni-directionalPW LSPs
End-to-end L2VPN VCsEnd-to-end L2VPN VCs
Pseudo Wire Emulated ServicePseudo Wire Emulated Service
Bi-directionalEthernet
ATMFR
PPPHDLC
Bi-directionalEthernet
ATMFR
PPPHDLC
Tunnel LSPTunnel LSP
Bi-directionalEthernet
ATMFR
PPPHDLC
Bi-directionalEthernet
ATMFR
PPPHDLC
• Pseudowire transport (across PEs) applications
• Local switching (within a PE) applications
171717Presentation_ID
VPLS – Architecture and Standards
171717© 2004 Cisco Systems, Inc. All rights reserved.
181818Presentation_ID
VPLS & VPWS Standards
• Virtual Private LAN Service (VPLS) is an IETF working group that describes multipoint Ethernet connectivity across an MPLS network
Emulates an Ethernet bridge
Several drafts in existence
VPLS: draft-ietf-l2vpn-vpls-ldp-00.txt (various + Cisco®)
VPLS: draft-ietf-l2vpn-vpls-bgp-00-txt (Juniper)
VPLS: Logical PE – no traction ( Nortel )
VPWS: draft-kompella-ppvpn-l2vpn ( Juniper )
VPWS: Draft-Martini-ppvpn-l2vpn ( Cisco )
191919Presentation_ID
VPLS Standards
IETF PWE3 WGPseudo Wire Emulation Edge to Edge
Focused on Point-to-Point “circuit” emulation for L2 transport over packet networks
PSN tunnel -> GRE, MPLS, L2TPService -> Ethernet, ATM, PPP, FR, HDLC and so forth
IETF L2VPN WGVirtual Private LAN Services (VPLS)
Emulate a big-fat virtual Layer-2 SwitchAlso builds on L2 pseudowiresMultipoint to multipointSource Address learning, MAC-based forwarding
Virtual Private Wire-Services (VPWS)Collection of L2 circuits or pseudowiresPoint to point service
202020Presentation_ID
VPLS Architectures
• VPLS defines two Architectures Non-Hierarchical (Single PE)
customer connected directly to PE
Hierarchical (Distributed PE)
802.1ad (aka QinQ) Access
MPLS Access
• Each Architecture has different scaling characteristics
212121Presentation_ID
What’s VPLS (Virtual Private LAN Services) ?
PE
MPLS
PE
• End-to-end architecture that allows IP/MPLS networks to provide multipoint Ethernet services
• Virtual – multiple instances of this services share the same SP physical infrastructure
• Private – each instance of the service is independent and isolated from one another
• LAN service – provides a multipoint connectivity among the participant endpoints across a MAN/WAN that looks like a LAN
CE CE
VC (virtual circuit)
PE
CE
222222Presentation_ID
VPLS Components (1)
• CE—Customer Edge Device; used to connect to the SP’s network• n-PE—Network facing-Provider Edge; acts as a gateway between the MPLS core and edge domain• VSI/VFI—Virtual Switching/Forwarding Instance; describes an Ethernet bridge function within the
n-PE; the VSI/VFI terminates the Pseudowire• PW—Pseudowire; a PW connects two VSI’s; Consists of a pair of MPLS uni-directional VC’s• AC—Attachment Circuit; a customer connection to the service provider; may be a physical port or
Ethernet VLAN• Tunnel LSP—Tunnel Label Switch Path is used to tunnel PW’s between VSI’s
Tunnel LSP Tunnel LSP
Tunnel LSP PW
IP/MPLS
PW
PW
n-PE
Attachment Circuit
CE CEn-PE n-PE
Attachment Circuit
Red VSI Red VSI
CE
Red VSILegend
VPLS Customer Perspective
232323Presentation_ID
• Multipoint-to-Multipoint Configuration• Forwarding of Frames based on Learned MAC addresses• Uses a Virtual Forwarding Instances (VFI, like VLAN) for customer
separation
CE1 CE3
All CEs appear connected on a common virtual switch
CE4CE2
Multipoint Bridging Requirements
242424Presentation_ID
VPLS simulate a virtual LAN service, it MUST operate like a traditional L2 LAN switch as well
• Flooding/Forwarding– Forwarding based on [VLAN, Destination MAC Address]
– Unknwon Ucast/Mcast/Broadcast – Flood to all ports (IGMP snooping can be used to constrict multicast flooding)
• MAC Learning/Aging/Withdrawal– Dynamic learning based on Source MAC and VLAN
– Refresh aging timers with incoming packet
– MAC withdrawal upon topology changes
• Loop Prevention– Split Horizon to avoid loop
– Spanning Tree (possible but not desirable)
252525Presentation_ID
Bridge-domain concept
• Bridge-domain refers to a Layer 2 broadcast domain consisting of a set of physical and/or virtual ports and VFIs/pseudo-wires.
• Data frames are switched within a bridge domain based on their destination mac address.
• Unknown Unicast, Multicast, Broadcast frames flooded within BD.
• Source Mac learning performed.
262626Presentation_ID
Bridge Domain Capabilities
VPLS Emulates the Operation of an Ethernet Switch• Flooding/forwarding:
MAC table instances per VPLS instance at each PEVFI will participate in learning, forwarding processACs to PWs (similar to AToM)ACs to ACs (local switching)
• Address learning/aging:MAC timers refreshed with incoming frames
• Loop prevention:Create full-mesh of EoMPLS VCs per VPLS – VC type 5Use “split horizon” concepts to prevent loops
272727Presentation_ID
VPLS—Flooding and Forwarding
U-PE B
CustomerEquipment
CE
CE
CE
Ethernet UNI Ethernet UNI
N-PE 3
N-PE 4N-PE 2
N-PE 1
PW
U-PE B
CustomerEquipment
CE
CE
CE
Ethernet UNI Ethernet UNI
N-PE 3
N-PE 4N-PE 2
N-PE 1
PW
• Flooding (Broadcast, Multicast, Unknown Unicast)
• Dynamic learning of MAC addresses on PHY and VCs
• ForwardingPhysical Port
Virtual Circuit
282828Presentation_ID
VPLS: Configuration Example PE PE
Create a L2 VFI with a full mesh of participating VPLS PE nodes
l2vpn
bridge-group 1
bridge-domain PE2-VPLS-A
interface g0/0
vfi 1
neighbor 1.1.1.1 pw-id 1
neighbor 3.3.3.3 pw-id 1
!
Interface loopback 0
ip address 2.2.2.2 255.255.255.255
l2vpn
bridge-group 1
bridge-domain PE1-VPLS-A
interface g0/0 ---AC
vfi 1
neighbor 2.2.2.2 pw-id 1 ---PW1
neighbor 3.3.3.3 pw-id 1 ---PW2
!
Interface loopback 0
ip address 1.1.1.1 255.255.255.255
l2vpn
bridge-group 1
bridge-domain PE3-VPLS-A
interface g0/0
vfi 1
neighbor 1.1.1.1 pw-id 1
neighbor 2.2.2.2 pw-id 1
!
Interface loopback 0
ip address 3.3.3.3 255.255.255.255
PE-1
MPLS
Network
PE-2
PE-3
2.2.2.2 / 32
3.3.3.3 / 32
1.1.1.1 / 32
292929Presentation_ID
VPLS: Configuration Example PE CE
interface GigabitEthernet0/0
l2transport ---AC interface
no ip address
no ip directed-broadcast
negotiation auto
no cdp enable
end
PE-1MPLS
Network
PE-2
PE-3
G0/0
G0/0G0/0CE1 CE2
CE3
interface GigabitEthernet0/0
l2transport
no ip address
no ip directed-broadcast
negotiation auto
no cdp enable
end
interface GigabitEthernet0/0
l2transport
no ip address
no ip directed-broadcast
negotiation auto
no cdp enable
303030Presentation_ID
VPLS – Forwarding
303030© 2004 Cisco Systems, Inc. All rights reserved.
313131Presentation_ID
VPLS Forwarding/MAC Learning Example
CE-2CE-1
N-PE ALo0 6.6.6.6/32
N-PE BLo0 1.1.1.1/32
N-PE CLo0 7.7.7.7/32
323232Presentation_ID
VPLS Forwarding/MAC LearningFollowing Are the Steps Involved during MACLearning and Forwarding of a VPLS Instance
Step 1: CE-1 Sends Unicast Frames to CE-2
To VC label 19
To VC label 23
VFI“VPLS_2000”
VFI“VPLS_2000”
VFI“VPLS_2000”
VLAN2000
Gig2/1
Gig3/1
VLAN 2000.1Q
Trunk
VLAN 2000.1Q
Trunk
VLAN2000
VLAN2000
To VC label 20
To VC label 23
VClabel
23
VClabel
19
VClabel
23
VClabel
20
VClabel
24
To VC label 24
To VC label 24VC
label24
VLAN 2000.1Q
Trunk
CE-2
CE-1
N-PE ALo0 6.6.6.6/32
N-PE BLo0 1.1.1.1/32
N-PE CLo0 7.7.7.7/32
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
dmacsmac
M1 M2
11
333333Presentation_ID
VPLS Forwarding/MAC LearningStep 2: N-PE A “Learns” CE-1 MAC AddressStep 3: Since M2 Is Unknown, N-PE A
“Replicates” the Frame to All the PWs
To VC label 19
To VC label 23
VFI“VPLS_2000”
VFI“VPLS_2000”
VFI“VPLS_2000”
VLAN2000
Gig2/1
Gig3/1
VLAN 2000.1Q
Trunk
VLAN 2000.1Q
Trunk
VLAN2000
VLAN2000
To VC label 20
To VC label 23
VClabel
23
VClabel
19
VClabel
23
VClabel
20
VClabel
24
To VC label 24
To VC label 24VC
label24
VLAN 2000.1Q
Trunk
CE-2
N-PE ALo0 6.6.6.6/32
N-PE BLo0 1.1.1.1/32
N-PE CLo0 7.7.7.7/32
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
M1 M233
M1 M233
M1 Gig2/122dmacsmac
dmacsmacCE-1
343434Presentation_ID
VPLS Forwarding/MAC LearningStep 4: Both N-PE B and N-PE C “Learn” CE-1
MAC Address (Note MAC Is Associated to the Remote VC Label)
Step 5: Since M2 Is Unknown, N-PE B/C “Flood” the Frame to All the Local Ports (and Not the PW)
To VC label 19
To VC label 23
VFI“VPLS_2000”
VFI“VPLS_2000”
VFI“VPLS_2000”
VLAN2000
Gig2/1
Gig3/1
VLAN 2000.1Q
Trunk
VLAN 2000.1Q
Trunk
VLAN2000
VLAN2000
To VC label 20
To VC label 23
VClabel
23
VClabel
19
VClabel
23
VClabel
20
VClabel
24
To VC label 24
To VC label 24VC
label24
VLAN 2000.1Q
Trunk
CE-2
CE-1
N-PE ALo0 6.6.6.6/32
N-PE BLo0 1.1.1.1/32
N-PE CLo0 7.7.7.7/32
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
M1 M255
M1 M255
M1 Gig2/1
M1
M1
44
44
dmacsmac
dmacsmac
6.6.6.6 (23)
6.6.6.6 (24)
353535Presentation_ID
VPLS Forwarding/MAC Learning
Step 6: CE-2 Replies back to CE-1Step 7: N-PE B “Learns” CE-2 MAC
Address
To VC label 19
To VC label 23
VFI“VPLS_2000”
VFI“VPLS_2000”
VFI“VPLS_2000”
VLAN2000
Gig2/1
Gig3/1
VLAN 2000.1Q
Trunk
VLAN 2000.1Q
Trunk
VLAN2000
VLAN2000
To VC label 20
To VC label 23
VClabel
23
VClabel
19
VClabel
23
VClabel
20
VClabel
24
To VC label 24
To VC label 24VC
label24
VLAN 2000.1Q
Trunk
CE-2
CE-1
N-PE ALo0 6.6.6.6/32
N-PE BLo0 1.1.1.1/32
N-PE CLo0 7.7.7.7/32
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
M1 Gig2/1
M1
M177
dmac smac
M2 Gig3/16.6.6.6 (23)
6.6.6.6 (24)
M1 M2 66
363636Presentation_ID
VPLS Forwarding/MAC LearningStep 8: N-PE B Inspects CAM and Forwards
Frame towards N-PE A (with Remote Label 23—Frame Not Sent to N-PE C)
Step 9: N-PE A “Learns” CE-2 MAC AddressStep 10: N-PE A Forwards Frame to CE-1
Step 11: N-PE C “Ages out” CAM Entry for CE-1
M1 M2
1010
dmac smac
To VC label 19
To VC label 23
VFI“VPLS_2000”
VFI“VPLS_2000”
VFI“VPLS_2000”
VLAN2000
Gig2/1
Gig3/1
VLAN 2000.1Q
Trunk
VLAN 2000.1Q
Trunk
VLAN2000
VLAN2000
To VC label 20
To VC label 23
VClabel
23
VClabel
19
VClabel
23
VClabel
20
VClabel
24
To VC label 24
To VC label 24VC
label24
VLAN 2000.1Q
Trunk
CE-2
CE-1
N-PE ALo0 6.6.6.6/32
N-PE BLo0 1.1.1.1/32
N-PE CLo0 7.7.7.7/32
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
VLAN 2000 CAM Table
MACPort/
Neighbor(Remote VC
label)
M1 Gig2/1
M1M2 Gig3/1
6.6.6.6 (23)
88
M1 M2dmac smac
M2 1.1.1.1 (19)99
1111
373737Presentation_ID
VPLS–Loop Free L2VPN
192.168.11.12/24
192.168.11.2/24
192.168.11.1/24
Broadcast Frame
PE-2
PE-3
PE-1
• Full Mesh of PW to guarantee frame delivery-No STP protocols in the Core
• Split-Horizon Forwarding-Packets coming on AC/PW area not sent back on the same AC/PW-Packets received on PW will not be replicated on other PWs in the same VFI
383838Presentation_ID
Packet format in VPLS path
DA SA VLAN DATAPR
I
L2 HDR MPLS HDRs DA SA DATA
PE –POP(PE-rs)CLE
CE
PE –POP(PE-rs)
DA SA VLAN DATA
dot1Q MPLS dot1QData Plane:
393939Presentation_ID
H-VPLS
393939© 2003, Cisco Systems, Inc. All rights reserved.Presentation_ID
404040Presentation_ID
Why H-VPLS?
VPLS H-VPLS
• Minimizes signaling overhead
• Full PW mesh among Core devices only
• Packet replication done in the Core only
• Partitions Node Discovery process
• Potential signaling overhead
• Full PW mesh from the Edge
• Packet replication done at the Edge
• Node Discovery and Provisioning extends end-to-end
414141Presentation_ID
IETF’s Way to Build a L2 Core:VPLS—Virtual Private LAN Services (L2VPN WG)
CustomerEquipment
CE
CE
CE
Ethernet UNI Ethernet UNI
N-PE 3
N-PE 4N-PE 2
N-PE 1
PWVPLS“ w/o Hierarchy
CE
CE
CE
N-PE 3
N-PE 4N-PE 2
N-PE 1
PW
U-PE A
U-PE B
U-PE C
CE
CE
CE
N-PE 3
N-PE 4N-PE 2
N-PE 1
PW
U-PE A
U-PE B
U-PE C
802.1ad 802.1ad
Layer 2 - 802.1adProvider BridgesAccess Network
Layer 3 MPLSAccess Network
PW
PW –AttachmentCircuit
“H-VPLS“ w/ EthernetAccess
-“H-VPLS“ w/ MPLS to the Edge
- Core vs Access PW- uPE connects nPE via Acess PW-Acess PW connects to BD directly-Packet from Access PW replicates to AC and Core PW in same BD domain
Flat VPLS – Ethernet access without QinQ
424242Presentation_ID
Ethernet.1Q or access
Ethernet.1Q or access
• Full Mesh – Pseudowires• LDP Signaling
Flat
• Full mesh of directed LDP sessions required between participating PEs• N*(N-1)/2 ; N = number of PE nodes• Limited scalability• Potential signaling and packet replication overhead• Suitable for smaller networks, simple provisioning• Customer VLAN tag is used as VPLS VFI service delimiter
434343Presentation_ID
H-VPLS with Ethernet Access QinQ
.1Q Q-in-Q .1QQ-in-Q• Full Mesh – Pseudowires• LDP Signaling
• Best for larger scale deployment• Reduction in packet replication and signaling overhead • Full mesh for Core tier (Hub) only• Expansion affects new nodes only (no re-configuring existing PEs)• QinQ frame in Ethernet access network. S-tag is used as VPLS VFI
service delimiter. Customer tag is invisible.
444444Presentation_ID
H-VPLS with MPLS Access
MPLS MPLS• Full Mesh – Pseudowires• LDP
IP / MPLS IP / MPLS
.1Q .1Q
H-VPLS with MPLS Access Split-Horizon Rule
454545Presentation_ID
N-PE3 N-PE4N-PE1U-PE3
MPLS MPLS
VFIVFIMPLS
VFI U-PE4
Split-horizon rule
Between no-split-horizon VCs forwardingBetween no-split-horizon VCs and split-horizon VCs forwardingBetween split-horizon VCs blockingBetween ACs and VCs forwardingBetween ACs forwarding
H-VPLS/VPLS Topology Comparison
464646Presentation_ID
Flat VPLS – Ethernet access without QinQ
H-VPLS – Ethernet access with QinQ
H-VPLS - MPLS access
Pros •Ethernet network benefit – simple, high bandwidth, cheap, efficient local switching and broadcast/multicast distribution
•Same Ethernet network benefit as flat VPLS
•Hierarchical support via QinQ at access
•Scalable customer VLANs
•Fast L3 IGP convergence
•MPLS TE and FRR (50msec convergence time)
•Advanced MPLS QoS
•Hierarchical support via spoke PW at access
• Spoke PE can have QinQattachment circuit for additional level of hierarchy
Cons •Not hierarchical, not scalable
•Customer VLAN can’t over lap (with exception of VLAN translation).
•High STP re-convergence time
•High STP re-convergence time (potentially improved by different L2 protocols)
•More complicated provisioning
•Requires MPLS to u-PE, potentially more expensive u-PE device
474747Presentation_ID
Flexible Design with H-VPLS (1)Node Redundancy
NYC
DC
MPLS VPLS VFI
• Site-to-site L2 circuit. One side have redundant PEs, the other side has single PE• Single PE side use H-VPLS configuration to have two active PWs going to redundant PEs. MAC learning and forwarding are involved• Redundant PE side use EoMPLS configuration, no MAC learning
PE CPEPECPE
484848Presentation_ID
Flexible Design with H-VPLS (2)VPLS-on-a-stick Design
• Use H-VPLS for spoke-and-hub topology, point-to-multipoint design
Remote site 1
DC
MPLS VPLS VFI
Remote site 2
Remote Site N
PE CPEPECPE
494949Presentation_ID
VPLS Auto Discovery
Two ways to establish VPLS PWs or instances:• LDP based signaling using FEC 128
–PWs need to be configured manually at each PE
• BGP based auto-discovery–Manual provisioning of VPLS neighbors not needed at each PE–LDP FEC 129 signaling required, VPN ID signaled in BGP NLRI–Uses Route Target based filtering
50© 2003 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID
MetroEthernet/L2VPNCase Studies
515151Presentation_ID
Agenda
L2VPN architectures
• VPLS for broadcast/multicast distribution
• Ethernet over MPLS for inter-regional ERS connectivity
• L2VPN for Cable Provider
• Inter-AS Pseudowire Stitching
Source: Placeholder for Notes is 14 points
525252Presentation_ID
VPLS for MCAST/BCAST distribution
Needs
Customer3
Customer1
Customer4
DistributionServer
Customer2• Application requires the
use of Broadcast (legacy) and Multicast to deliver information to customers
• Shared platform delivering MPLS VPN.
• Recovery must be rapid and reliable.
535353Presentation_ID
VPLS for MCAST/BCAST distribution
Solution
Customer3
MPLSCustomer1
Customer4
DistributionServer
Customer2
VPLS VFI
• Replace IP helper commands with VPLS VFI for broadcast and multicast traffic
• Tune the recovery using OSPF knobs to decrease to below original Spanning Tree timers.
• Provide internal and extranet VPN services on the same platform.
545454Presentation_ID
Agenda
L2VPN architectures
• VPLS for broadcast/multicast distribution
• Ethernet over MPLS for inter-regional ERS connectivity
• L2VPN for Cable Provider
• Inter-AS Pseudowire Stitching
Source: Placeholder for Notes is 14 points
555555Presentation_ID
Metro/DSL aggregation (Continued)
1GbRing
10GbRegional Ring
L3 CoreNetwork
Long Haul IP Backbone
RegionalDistribution
Network
AccessNetwork
1GbRing
1GbRing
RegionalDistribution
Network
10GbRegional Ring
Network Services
DSL Access (Voice/Video/Data-triple play services)
Ethernet direct fiber access
Layer 2 and Layer 3 VPN offering
Metro/DSL aggregation
565656Presentation_ID
1GbRing
10GbRegional Ring
L3 CoreNetwork
MPLSCore
RegionalDistribution
Network
AccessNetwork
1GbRing
1GbRing
RegionalDistribution
Network
10GbRegional Ring
Inter-Region EoMPLS
Q-in-Q accessL2 switched
Implemented for Direct Ethernet AccessL2VPN using layer 2 switching within region
Inter-regional connectivity via EoMPLS p2p connections
Layer 2/3 access on same port
QinQ access for E-LAN services
Metro/DSL aggregation
575757Presentation_ID
RegionalDistribution
Network
RegionalDistribution
Network
AccessNetwork
L3 CoreNetwork
10GbRegional Ring
Long Haul IP Backbone
10GbRegional Ring
DSL ServicesVideo using routed p2p SVI on a common VLAN per DSLAMSub-second convergence achieved through adjusting rpf and backoff timers.Data services bridge back to BRAS using l2 switching on ringMST instance defined for DSLAM VLANs
585858Presentation_ID
Agenda
L2VPN architectures
• VPLS for broadcast/multicast distribution
• Ethernet over MPLS for inter-regional ERS connectivity
• L2VPN for Cable Provider
• Inter-AS Pseudowire Stitching
Cable Network
595959Presentation_ID
• Residential servicesInternetVOIP
• Business ServicesLayer 2 E-Line, E-LAN, and bridged cable modemInternetVOIP
1GbRing
10GbRegional Ring
NationalBackbone
Long Haul IP Backbone
RegionalDistribution
NetworkAccessNetwork
606060Presentation_ID
Agenda
L2VPN architectures
• VPLS for broadcast/multicast distribution
• Ethernet over MPLS for inter-regional ERS connectivity
• L2VPN for Cable Provider
• Inter-AS Pseudowire Stitching
Source: Placeholder for Notes is 14 points
616161Presentation_ID
Customer Requirements
• L2VPN service needs to span two regional provider backbones
• Provisioning in a scalable and direct manner
• Should be able to support multipoint and point to point L2VPN provisioning.
626262Presentation_ID
The Solution Multi-segment Pseudowire (switching) with Interworking
Stitch intra-AS and inter-AS PWs
l2 vfi PW-SWITCH-POINT point-to-pointneighbor 172.17.255.1 100 encapsulation mplsneighbor 172.16.255.1 200 encapsulation mpls
IP/MPLS172.16.0.0AS65016
CE1
CE2PE1 PE2ASBR ASBR
IP/MPLS172.17.0.0AS65017
e0/0 e0/0
172.16.255.1
172.17.255.1
Pseudowire segment 1Pseudowire segment 2Pseudowire segment 3
172.17.255.2
S0/0 S0/0
172.16.255.2
Advertise loopback for directed LDP across AS boundaryAdvertise Label to eBGPpeer
Pseudowire switch point
636363Presentation_ID
BACKUP SLIDES
636363© 2003, Cisco Systems, Inc. All rights reserved.Presentation_ID
646464Presentation_ID
Signaling Standards – BGP v/s LDP
LDP BGPSignaling is Point – Point(uses directed LDP )
Broadcast (via RR or full Mesh )
Label Learning and Withdrawing is faster.
Slower ( Full Mesh and use label Block and new BGP Ext for MAC withdrawal )
Resetting Individual labels is more efficient in LDP.
Troublesome
Sequencing on PW is possible.
Not Possible ??
* source: IDC
656565Presentation_ID
Signaling LDP v/s BGP
• BGP requires a lot more messages to be processed than LDP for PtP specific info. Directed LDP requires only a single message to beprocessed by the receiving PE; however, in case of BGP, a singlemessage is sent to RR and the RR sends N messages to the PEs(member of a VPLS) and thus N messages need to be processed by NPEs.
• VPLS w/ BGP signaling still requires N^2 mesh of PWs where there is no mechanism to monitor them w/ BGP signaling; whereas, LDP signaling offers VCCV to monitor them.
• Label-block hack imposes additional constraints on PE in terms of local label assignment.
• Label-block hack requires over-provisioning and allocating labels for inactive PEs therefore consuming memory in FIBs where it could be used for L3VPN routes.
• Label-block hack can complicate redundancy and switch-over operation whereupon at PE restart, its old labels can be in use and thus the PE wants to use new labels to avoid confusion in case BGP update messages are not yet received by the PEs
666666Presentation_ID
Signaling LDP v/s BGP
• Using a single signaling mechanism (based on LDP) for MPLS will allow interoperability among different vendors and different service providers (even with different auto-discovery methods)
• If different signaling is used (e.g., both BGP and LDP is used), then interoperability is only possible when PWs are terminated at the VSIson the ASBRs
Termination of PWs on ASBRs will cause scalability issue for ASBRs
ASBRs need to support both signaling mechanismsASBRs now need to support VSI functionality and need to scale
for all data forwarding requirements between the two Ass
676767Presentation_ID
Signaling LDP v/s BGP
• LDP signaling provides more flexibility for VPLS because it allows different characteristic setting per PW such as:
QoS setting – e.g., different PWs can have different reserved BW
Sequencing: Sequencing is a PtP operation in nature. Sequence numbers among different PtP can have different “start” values. Also re-synching of sequence numbers are PtP operation. Furthermore, sequencing can be turned on/off on a per PW basis and allowing the operator finer control over it.
OAM: It is important to be able to check the health status of each PWseparately because one PW may affect the status of the whole set(Emulated VLAN). Directed LDP provides:
Hello messages to check the health of the associated PWsbetween two PEsSupport for VCCV OAM
686868Presentation_ID
Back UP
696969Presentation_ID
L2VPN EoMPLS –draft-ietf-pwe3-ethernet-encap-xx.txt
TunnelLabel
VCLabel
Ethernetheader
Ethernetpayload
payloadDA SA L FCS
Original Ethernet or VLAN Frame
Preamble 802.1q
0x8847DA’ SA’ FCS’
• VC type-0x0004 is used for VLAN over MPLS application
• VC type-0x0005 is used for Ethernet port tunneling application (port transparency)
707070Presentation_ID
H-VPLS MPLS access
• H-VPLS is a network topology proposal to reduce the number of pseudo wires within the MPLS network.
• reduces signaling and replication overhead to allow large scale deploy-ment. The VPLS core PWs (Hub) are augmented with access PWs (Spoke) to form a two tier Hierarchical VPLS (H-VPLS).
• Access-PW: uPE are connected to nPE bridge domain via Spoke or Access PWs. Split horizon concept modified: Packets coming on Access PW sent to all other PWs and ACs in the bridge domain. Spoke PWs can be created with no-split-horizon option to distinguish from Core PWs (IOS), or, contained directly in BD (not VFI)
717171Presentation_ID
H-VPLS MPLS access
• H-VPLS is a network topology proposal to reduce the number of pseudo wires within the MPLS network.
• reduces signaling and replication overhead to allow large scale deploy-ment. The VPLS core PWs (Hub) are augmented with access PWs (Spoke) to form a two tier Hierarchical VPLS (H-VPLS).
• Access-PW: uPE are connected to nPE bridge domain via Spoke or Access PWs. Split horizon concept modified: Packets coming on Access PW sent to all other PWs and ACs in the bridge domain. Spoke PWs can be created with no-split-horizon option to distinguish from Core PWs (IOS), or, contained directly in BD (not VFI)
H-VPLS with MPLS Access Exampleshow CLI
727272Presentation_ID
NPE3#sh mpls l2 vc 11
Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ----------VFI vpls11 VFI 10.0.0.1 11 UP VFI vpls11 VFI 10.0.0.4 11 UP VFI vpls11 VFI 10.0.0.7 11 UP
NPE3#sh vfi vpls11
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: vpls11, state: up, type: multipointVPN ID: 11Local attachment circuits:
Vlan11 Neighbors connected via pseudowires:Peer Address VC ID S10.0.0.1 11 Y10.0.0.4 11 Y10.0.0.7 11 N
H-VPLS with MPLS Access Exampleshow CLI
737373Presentation_ID
NPE3#sh mac-add vlan 11Legend: * - primary entry
age - seconds since last seenn/a - not available
vlan mac address type learn age ports------+----------------+--------+-----+----------+--------------------------
11 2222.2211.1111 dynamic Yes 0 10.0.0.1, 1111 2222.2233.3333 dynamic Yes 0 10.0.0.7, 11 spoke PW11 2222.2244.4444 dynamic Yes 0 10.0.0.4, 11
UPE3#sh mpl l2 vc 11
Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ----------Gi2/13 Ethernet 10.0.0.5 11 UP
H-VPLS with QinQ Access Example
747474Presentation_ID
93C-tag 11 C-tag C-tag C-tag
N-PE3 N-PE4
U-PE Configuration
! Interface connected to CE! It’s dot1q-tunnel portinterface GigabitEthernet2/13switchportswitchport access vlan 11switchport mode dot1q-tunnelspanning-tree bpdufilter enable
! Interface connected to N-PE! It’s regular dot1q trunk portinterface GigabitEthernet2/47switchportswitchport trunk encapsulation dot1qswitchport mode trunk
N-PE (3&4) Configuration
! Same VPLS VFI config as flat VPLS
! Attachment circuit has two config options
! Option 1 – dot.1q trunk if it connected to U-PE like N-PE3
interface GigabitEthernet5/1switchportswitchport trunk encapsulation dot1qswitchport mode trunk
! Option 2 – dot1q tunnel if it connected to CE directly, like N-PE4interface GigabitEthernet5/1switchportswitchport access vlan 11switchport mode dot1q-tunnel
Spanning-tree bpdufilter enable
VFI
VFI
VFI
N-PE1U-PE3
H-VPLS with MPLS Access Example
757575Presentation_ID
N-PE3 N-PE4N-PE1
U-PE3 Configuration
! Regular EoMPLS configuration on U-PE! Use port-mode in this example
interface GigabitEthernet2/13xconnect 10.0.0.3 11 encap mpls
! Uplink is MPLS/IP to support EoMPLS
interface GigabitEthernet2/47ip address 10.0.57.2 255.255.255.252mpls ip
U-PE3
84C-tag C-tag
MPLS MPLS
VFIVFI
U-PE4
MPLS
73 35
VFI
N-PE3 Configuration
! Define VPLS VFIl2 vfi vpls11 manualvpn id 11neighbor 10.0.0.1 encapsulation mplsneighbor 10.0.0.4 encapsulation mplsneighbor 10.0.0.7 encapsulation mpls no-split-horizon
! Attach VFI to VLAN interfaceinterface Vlan11xconnect vfi vpls11
! Attachment circuit is spoke PW for H-VPLS MPLS access! Downlink is MPLS/IP configuration to support H-VPLSinterface GigabitEthernet4/0/1ip address 10.0.57.1 255.255.255.252mpls ip
C-tag C-tag C-tag
Recommended