Atom

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

AToM Training

1www.cisco.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

http://www.cisco.com

http://www.pdffactory.com


L2 VPN àWhy ???

§ Quote from draft-ietf-pwe3-framework-00.txt:“ Although Internet traffic is the fastest growing traffic segment, it does not generate the highest revenue per bit. For example, Frame Relay traffic currently generates a higher revenue per bit than do native IP services. ”




L2 VPN àWhy ???§ Traditional Service Providers:

Ø Migration to packet based IP/MPLS network with minimal impact to their L2 customer baseØ Leverage one network infrastructure and provide new services (Internet Access & VPN)Ø Decouple Edge and Core L2 technologyØ Core Bandwidth Increase

§ ISP/MPLS-VPN Providers: Ø Leverage an existing MPLS network to offer L2 services in addition to L3 servicesØ Transparent to customer’s IGP




L2 Transport

§§ L2 transport is standardized by IETFL2 transport is standardized by IETF’’s PWE3 working s PWE3 working groupgroup§§ PWE3: Pseudo Wire Edge to Edge Emulation PWE3: Pseudo Wire Edge to Edge Emulation ØØ Service emulation over a pseudoService emulation over a pseudo--wire where the wire where the

service is (service is (FR, ATM, Ethernet, PPP, HDLCFR, ATM, Ethernet, PPP, HDLC) and the ) and the pseudo wire is (pseudo wire is (MPLS, L2TP, GREMPLS, L2TP, GRE))

ØØ Implementation details for providing l2 transport such Implementation details for providing l2 transport such as encapsulation & signaling necessary for extending as encapsulation & signaling necessary for extending a L1/L2 circuit over a packeta L1/L2 circuit over a packet--based networkbased network




L2 Transport: PWE3 Reference Model

IP Network

IP/MPLS Core

PWESPWES

PWESPWES

PWESPWES

Site1A

Site 2A

PWESPWESPE1 Site1B

Site 2B

PE2

|<|<------------------------ emulated service(ES) emulated service(ES) ------------------------>|>||<|<------------ pseudopseudo--wire(PW) wire(PW) ---------->|>|

PseudoPseudo--Wire Reference ModelWire Reference Model

SE 1A

SE 2A

SE 1B

SE 2B

|<|<----EndEnd---->| >| ServiceService

|<|<----EndEnd---->| >| ServiceService

PWES PWES àà PseudoPseudo--Wire End ServicesWire End ServicesPE PE àà PseudoPseudo--Wire Endpoint or Provider EdgeWire Endpoint or Provider EdgePSN Tunnel PSN Tunnel àà Packet Switched Network TunnelPacket Switched Network TunnelSE SE àà Service Endpoint or Customer Edge (CE)Service Endpoint or Customer Edge (CE)

PSN Tunnel




Standards: IETF Working Groups à PWE3•• Standards/Drafts:Standards/Drafts:

ØØ CiscoCisco’’s AToM: s AToM: -- draftdraft--martinimartini--l2circuitl2circuit--transtrans--mplsmpls--**.txt **.txt -- draftdraft--martinimartini--l2circuitl2circuit--encapencap--mplsmpls--**.txt**.txt

ØØ CiscoCisco’’s L2TPv3: s L2TPv3: -- draftdraft--ietfietf--l2tpextl2tpext--l2tpl2tp--basebase--**.txt**.txt




L2VPN§§ Traditional L2VPNs are built with leased lines, virtual circuitsTraditional L2VPNs are built with leased lines, virtual circuits such as such as

ATM ATM PVCsPVCs or FR or FR DLCIsDLCIs

§§ L2VPN can now be built using L2 transport mechanisms standardizeL2VPN can now be built using L2 transport mechanisms standardized by d by IETFIETF’’ss PWE3 working group (PWE3 working group (akaaka AToM or L2TPv3)AToM or L2TPv3)

§§ Similar to L3VPN service except that packet forwarding is based Similar to L3VPN service except that packet forwarding is based on L2 on L2 information rather than L3 information rather than L3

§§ L2 VPN is a service model for interconnecting multiple customersL2 VPN is a service model for interconnecting multiple customers sites sites using L2 circuits or L2 transports, taking into consideration fausing L2 circuits or L2 transports, taking into consideration factors such ctors such as management, QoS, security, provisioning, etc.as management, QoS, security, provisioning, etc.




Standards: IETF Working Groups à PPVPN

§§ L2VPNs are standardized by L2VPNs are standardized by IETFIETF’’ss PPVPN working groupPPVPN working group§§ PPVPN: Provider Provisioned Virtual Private NetworkPPVPN: Provider Provisioned Virtual Private NetworkØ Implementation & scalability aspects of Implementation & scalability aspects of VPNsVPNsØØ Standards/Drafts:Standards/Drafts:

•• L3VPNs (RFC2547bis)L3VPNs (RFC2547bis)•• L2VPNs leveraging the L2 transport work from PWE3L2VPNs leveraging the L2 transport work from PWE3

-- draftdraft--rosenrosen--ppvpnppvpn--l2vpnl2vpn--**.txt (**.txt (VPWSVPWS))-- draftdraft--sajassisajassi--vplsvpls--architecturesarchitectures--**.txt (**.txt (VPLSVPLS))-- draftdraft--lasserrelasserre--vkompellavkompella--ppvpnppvpn--vplsvpls--**.txt(**.txt(VPLSVPLS))




L2-VPN ModelsL2-VPN ModelsL2-VPN Models

IP coreIP core

Any-to-any servicePoint-to-Point

Any-to-any servicePoint-to-Point

MPLS CoreMPLS Core

P2MP/MP2MPP2MP/

MP2MP

PPP/HDLCPPP/HDLC

FRFR ATM AAL5/Cell

ATM AAL5/Cell

EthernetEthernet

Like-to-like -or-Any-to-Any

Point-to-Point

Like-to-like -or-Any-to-Any

Point-to-Point

VPWSVPWS VPLSVPLS

EthernetEthernet

PPP/HDLCPPP/HDLC

FRFR ATM AAL5/Cell

ATM AAL5/Cell

EthernetEthernet

AToMAToM L2TPv3L2TPv3




L2VPN Components(Draft-ietf-ppvpn-l2vpn)

PE

Service Provider Backbone

CE-1

Attachments VCs Emulated VCs Attachments VCs

Tunnel Circuit




L2VPN Types

§ If the relationship between Attachment VCs and Emulated VCs is fixed, then L2VPN is VPWS

§ If the relationship between Attachment VCs and Emulated VCs is dynamic and it determined by DA MAC or DA MAC + VLAN, then L2VPN is VPLS




What is VPLS?

§ A Virtual Private LAN Services (VPLS) is a multipoint Layer 2 VPN that connects two or more customer devices using Ethernet bridging techniques

§ VPLS is an ARCHITECTURE defined within IETF Draft-lasserre-vkompella-ppvpn-vpls-02.txt

§ A VPLS emulates an Ethernet Switch with each EMS being analogous to a VLAN




What VPLS is Not?

§ …a service§ …a complete solution§ …as scalable as L3VPNs§ …a standard§ …a proven market§ …about End-to-End Ethernet§ …cheap to install and maintain because it’s Ethernet




How did we arrive at VPLS?§ IETF definition of pseudo-wires enabled the concept of forwarding Ethernet frames over

MPLS LSPsMartini Draft

§ By linking Virtual Switches using Pseudo-wires, virtual LAN services are possibleRiverstone’s draft-lasserre-ppvpn-vpls

§ Several competing drafts were then presented that described Hierarchical VPLS to address shortfalls within draft-lasserre

Notably draft-sajassi-vpls-architectures & draft-khandakhar-ppvpn-hvpls

§ The latest VPLS Draft-lasserre-vkompella-ppvpn-vpls-02 is a merger of draft-lasserre-ppvpn-vplsdraft-khandekhar-ppvpn-hvpls, and draft-sajassi-vpls-architectures

§ Most other drafts have now expired although new ones have been proposed




The IEEE and VPLS

§ IEEE have engaged informally with the IETF to ensure compatibility between the IETF definition of a bridge and the IEEE’s definition§ IEEE have also agreed a PAR (802.1ad) authorising investigation

of an IEEE Metro Ethernet standard§ Some areas of investigation are

Tag Stacking (QinQ) standardisationLayer 2 OAM (L2Trace and L2PING)




New VPLS Drafts

§ Draft-shah-ppvpn-ipls-00Cisco co-authored (Eric Rosen)Addresses MAC learning challenged devices such as routersH-VPLS addresses these devices too

§ Draft-sajassi-mvpls-00Cisco Authored (Ali Sajassi)Uses Multicast to discover address locations and auto-discovery

§ Draft-sodder-ppvpn-vhls-xxProposes MAC-in-MAC as a transportExpanded 802.1q “like” field - 24 bit VLAN indexSimilar to Nortel’s Logical PE




New VPLS Drafts – MAC-in-MAC

§ Draft-sodder-ppvpn-vhls-01 is attracting some attention as it “simplifies” the core requirements for MAC address learning and also addresses VLAN index scaling

§ The draft addresses the problem at the expense of the edge device in terms of complexity and scaling

Edge device must hold SP and Customer MAC addressesMust impose/dispose of SP MAC headersObviates the need for an MPLS core and pseudo-wiresDoes not address flooding considerationsSolution breaks 802.1q, .1w/s bridges

§ Little traction within the IETF or IEEE as the draft either breaks or overlaps with existing implementations




Cisco’s Commitment to Standards

§ Cisco 7600 has implemented VPLS as per draft-sajassi-vpls-architecture§ Committed to delivering H-VPLS as per draft-lasserre-vkompella-ppvpn-vpls-

01§ H-VPLS on 12000, 7600, 6500, 3750 Metro§ MAC-in-MAC is being investigated§ Cisco is active within the IETF PPVPN working group (Ali Sajassi)§ Cisco is active within the IEEE 802.1ad committee (Norm Finn)§ Cisco is active within the Metro Ethernet Forum (Bob Klessig)



© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1919www.cisco.com

VPLS Operation





VPN & VPLS Desirable Characteristics

§ Auto-discovery of VPN membershipReduces VPN configuration and errors associated with configuration

§ Signaling of connections between PE devices associated with a VPN§ Forwarding of frames

AToM uses Interface based forwardingVPLS uses IEEE 802.1q Ethernet Bridging techniques

§ Loop preventionMPLS core will use a full mesh of PWs and “split-horizon”forwardingH-VPLS edge domain may use IEEE 802.1s Spanning Tree, RPR, or SONET Protection



© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21A Comprehensive Solution: Robust, Flexible, Scalable, Manageable

Point-to-PointLayer 2 VPN

Layer 2 VPN

NMS/OSS

MultipointLayer 2 VPN

ForwardingMechanism

TunnelProtocol

Hardware

Interface-Based/Sub-Interface

Ethernet Switching (VFI)

Cisco 7600 Catalyst 6500

MPLS IP

VPN Discovery

Signaling

CentralizedDNS Radius Directory Services

DistributedBGP

Label DistributionProtocol

Layer 3 VPN

IP Routing

Cisco VPLS Building Blocks

Cisco 12000




VPLS Auto-discovery & Signaling

§ Draft-ietf-l2vpn-vpls-ldp-xx does not mandate an auto-discovery protocolCan be BGP, Radius, DNS, AD based

§ Draft-ietf-l2vpn-vpls-ldp-01 describes using Targeted LDP for Label exchange and PW signaling

PWs signal other information such as Attachment Circuit State, Sequencing information, etcCisco IOS supports Targeted LDP for AToM and Virtual Private LAN Services

VPN Discovery

Signaling


DistributedBGP





VPLS Components

n-PE

n-PE

n-PE

PW

PW

PW

CE

CE

CE

CE

CE

CE

CE

CE

Tunn

el L

SPTunnel LSP

Tunnel LSP

Green VSI

Blue VSI

Red VSI

Green VSI

Blue VSI

Red VSI

Red VSI

Blue VSILegend

CE - Customer Edge Devicen-PE - network facing-Provider EdgeVSI - Virtual Switch InstancePW - Pseudo-WireTunnel LSP - Tunnel Label Switch Path that

provides PW transport

Attachment Circuit

Full Mesh of PWsbetween VSIs

Directed LDP session between participating PEs




VPLS: Layer 2 Forwarding InstanceRequirements

Flooding / Forwarding: § MAC table instances per customer and per customer VLAN (L2-VRF

idea) for each PE§ VSI will participate in learning, forwarding process§ Uses Ethernet VC-Type defined in pwe3-control-protocol-xx

Address Learning / Aging:§ Self Learn Source MAC to port associations§ Refresh MAC timers with incoming frames§ New additional MAC TLV to LDP for MAC withdrawal* ß Not Req.

Loop Prevention:§ Create partial or full-mesh of EoMPLS VCs per VPLS§ Use “split horizon” concepts to prevent loops§ Announce EoMPLS VPLS VC tunnels

A Virtual Switch MUST operate like a conventional L2 switch!




VPLS Overview:Flooding & Forwarding

§ Flooding (Broadcast, Multicast, Unknown Unicast)

§ Dynamic learning of MAC addresses on PHY and VCs

§ ForwardingPhysical portVirtual circuit

Data SA ?

???




VPLS Overview:MAC Address Learning

§ Broadcast, Multicast, and unknown Unicast are learned via the received label associations

§ Two LSPs associated with an VC (Tx & Rx)

§ If inbound or outbound LSP is down, then the entire circuit is considered down

PE1 PE2

Send me traffic with Label 201Send me traffic Send me traffic with Label 201with Label 201

VC Label 102 ßTxTxà VC Label 201

Send me traffic with Label 102Send me traffic Send me traffic with Label 102with Label 102

CECE

Data MAC 1 MAC 2 201

DataMAC 1 MAC 2102

E0/0 E0/1

MAC 2 E0/1MAC Address Adj

MAC 1 102MAC x xxx

MAC 2 201MAC Address Adj

MAC 1 E0/0MAC x xxx




VPLS Overview:MAC Address Withdrawal

§ Primary link can cause MAC Address Withdrawal by:§ Sending a sending a notification message:

– PE removes any locally learned MAC addresses and sends LDP address withdrawal (RFC3036) to remote PEs in VPLS– Done via newly defined MAC TLV

§ Or, wait for regular address timeouts (default, 300 seconds)

X

LDP Address Withdrawal




VPLS Overview:VPLS Loop Prevention

§ Each PE has a P2MP view of all other PEs it sees it self as a root bridge, split horizon loop protection§ Full mesh topology obviates STP requirements in the service provider

network§ Customer STP is transparent to the SP / customer BPDUs are

forwarded transparently§ Traffic received from the network will not be forwarded back to the

network

PEs MPLS Network

CEs

PE view

- LDP between VPLS members

- EoMPLS PW to each peer




VPLS Architecture





VPLS & H-VPLS

§ H-VPLSTwo Tier HierarchyMPLS or Ethernet EdgeMPLS Core

§ VPLSSingle Flat HierarchyMPLS to the Edge192.168.11.1/24

192.168.11.2/24

192.168.11.12/24

192.168.11.11/24192.168.11.25/24

MPLS EdgeMPLS Core

PW

n-PEPE-POP

PE-rs

u-PEPE-CLEMTU-s

u-PEPE-CLEMTU-s

n-PEPE-POP

PE-rsGE

Ethernet EdgePoint-to-Point or Ring

VPLS

H-VPLS




VPLS Architecture:Characteristics - Direct Attachment (Flat)

Overview:§ Okay for small customer implementations§ Simple provisioning§ Full mesh of directed LDP sessions required between participating PEs§ VLAN and Port level support (no QinQ)

Drawbacks:§ No hierarchical scalability§ Scaling issues:

PE packet replicationFull mesh causes classic - N*(N-1) / 2 concerns




VPLS & H-VPLS

§ H-VPLSTwo Tier HierarchyMPLS or Ethernet EdgeMPLS Core

§ VPLSSingle Flat HierarchyMPLS to the Edge192.168.11.1/24

192.168.11.2/24

192.168.11.12/24

192.168.11.11/24192.168.11.25/24

MPLS EdgeMPLS Core

PW

n-PEPE-POP

PE-rs

u-PEPE-CLEMTU-s

u-PEPE-CLEMTU-s

n-PEPE-POP

PE-rsGE

Ethernet EdgePoint-to-Point or Ring

VPLS

H-VPLS




VPLS Architecture:Characteristics – H-VPLS

Benefits:§ Best for larger scale deployment§ Reduction in packet replication and signaling overhead on PEs§ Full mesh for core tier (Hub) only§ Attachment VCs “virtual switch ports” effected through Layer 2 tunneling

mechanisms (AToM, L2TPv3, QinQ)§ Expansion affects new nodes only (no re-configuring existing PEs)

Drawbacks:§ More complicated provisioning§ MPLS Edge H-VPLS requires MPLS to u-PE

Complex operational supportComplex network designExpensive Hardware support




MPLS Network

CE1

CE2a

n-PEFull Mesh LDP

VPLS Architecture:Architecture – Ethernet Edge H-VPLS

u-PE n-PE

n-PE

QinQ

7600s3550s

.1Q

CE4

CE2b

802.3

101102

VPLS functioning between

participating PEs

400

401

Customer applied VLAN Tags for

WG isolation (CE-VLAN)

Data 401

SP applied VLAN Tags for Customer isolation (PE-VLAN)

SA102 DAEther Type

Dot1q Tunneling




SP applied VLAN Tags for Customer isolation (PE-VLAN)

MPLS Network

CE1

CE2a

n-PE-PoP

Full Mesh LDP

VPLS Architecture:Architecture – Ethernet Edge H-VPLS

u-PE n-PE

n-PE

QinQ

7600s3550s

.1Q

CE4

CE2b

802.3

101102


participating PEs

400

401

Customer applied VLAN Tags for

WG isolation (CE-VLAN)

Data SA401 DAEtherType 25 47

PW – VC Label is imposed at VSI




MPLS Network

CE1

CE2a

PE-PoPFull Mesh LDP

PE-CLE PE-PoP

PE-PoP

AToM or

L2TPv3

7600sL2VPNRouter

.1Q

CE4

CE2b

802.3


participating PEs

400

401

Customer applied VLAN Tags for WG isolation (CE-VLAN)

Data SA401 DAEther Type

VPLS Architecture:Architecture – MPLS Edge H-VPLS

PSN

SP applied VC-Label & Tunnel LSP Label

1000 33




MPLS Network

CE1

CE2a

n-PEFull Mesh LDP

u-PE n-PE

n-PE

AToM or

L2TPv3

7600sL2VPNRouter

.1Q

CE4

CE2b

802.3


participating PEs

400

401

Customer applied VLAN Tags for WG isolation (CE-VLAN)

Data SA401 DAEther Type

VPLS Architecture:Architecture – MPLS Edge H-VPLS

PSN

AToM or L2TPv3 Header is now

removed.PW – VC & Tunnel labels are imposed

25 47




VPLS Enabled Services





Summary of Ethernet-based Services

PointPoint--toto--PointPoint MultipointMultipoint

Layer 2Layer 2 Layer 3Layer 3Layer 1Layer 1

EthernetEthernet--Based ServicesBased Services

EthernetPrivate

Line

EthernetEthernetPrivatePrivate

LineLine

Analogous to Private Line

EthernetWire

Service

EthernetEthernetWireWire

ServiceService

Similar to ERS only w/ VLAN transparency

EthernetRelay

Service

EthernetEthernetRelayRelay

ServiceService

Analogous to Frame Relay

Hybrid ERS+EMS

EthernetRelay

MultipointService

EthernetEthernetRelayRelay

MultipointMultipointServiceService

MPLSVPN

MPLSMPLSVPNVPN

EthernetMultipoint

Service

EthernetEthernetMultipointMultipoint

ServiceService

Transparent LAN Service/Emulated LAN




Ethernet Multipoint Service (EMS)

Multipoint Port-Based Service

CustomerEquipmentCustomerEquipment

ArchitectureArchitecture

Ethernet VirtualConnection


ServiceCharacteristics


Router Bridge

VLANTransparency Bundling L2 PDU

Transparency

VPWS

ServiceMultiplexing

VPLS EoS/xWDM

P2P MP




Ethernet Multipoint Service (EMS)

§ Multipoint service where all devices are direct peers§ No Service Multiplexing—all VLANs are presented to all sites (“all-to-one”

bundling)§ Transparent to Customer BPDUs§ Also called Transparent LAN Service (TLS), E-LAN, or VPLS§ Routers and/or Switches as CE Devices




Ethernet Relay Multipoint Service (ERMS)

Multipoint VLAN-Based Service

CustomerEquipmentCustomerEquipment

ArchitectureArchitecture





Router

VPWS VPLS EoS/xWDM

P2P MP

ServiceMultiplexing

VLANTransparency Bundling L2 PDU

Transparency

Bridge




Ethernet Relay Multipoint Service (ERMS)

§ Both P2P and MP2MP Services can coexist on the same UNI§ Service multiplexed UNI (e.g. 802.1Q trunk)§ Recommend Routers as CE Devices




VPLS Deployment Scenarios





VPLS Deployment:SMB Connectivity

§ New Layer 2 multipoint service offering§ Enterprise maintains routing and administrative autonomy§ Layer 3 protocol independence § Full mesh between customer sites

MPLS NetworkCE-SITE1 CE-SITE2

SFO-PE NYC-PE

DFW-PE

CE-SITE3




§ SP-As PEs appear back to back and packets are forwarded§ No LDP or Route exchange with transit provider§ Provides optimal traffic path to carrier’s PE§ Doesn’t require full mesh provisioning for transit provider

VPLS Deployment:Layer 2 Multipoint Transit Provider

Transit Provider Network

SP-A SP-A

CE-1

CE-1

AToM / L2TPv3LDP

VPLS




AToM Concepts & Protocol Overview




What is AToM ?

§ Defines Cisco’s approach for L2 transport over MPLS (Point to Point transport)

§ Based on Martini drafts for encapsulation & Transport of Layer 2PDUs

§ Currently in Deployed in 7200/7500/7600/12000




Any Transport = …

§ ATM AAL5 PDU

§ ATM cells (non AAL5 mode)

§ FR PDU

§ Ethernet

§ 802.1Q (Ethernet VLAN)

§ Cisco-HDLC

§ PPP

§ TDM

draft-martini-l2circuit-trans-mpls-xx.txtdraft-martini-l2circuit-encap-mpls-xx.txt

draft-anavi-tdmoip-xx.txt draft-malis-sonet-ces-mpls-xx.txt




AToM Idea

§ The Layer 2 transport service over MPLS is implemented through the use of two level label switching between the edge routers

Very similar to RFC2547 (MPLS-VPN)§ The label used to route the packet over the MPLS backbone to the

destination PE is called the “tunnel label”§ The label used to determine the egress interface is referred to as the VC

label§ The egress PE allocates a VC label and binds the Layer 2 egress

interface to the VC in question, then it signals this label to the ingress PE via the targeted LDP session




AToM

VC

Tunnel LSP Could Be TE LSP or LDP LSPTunnel LSP Could Be TE LSP or LDP LSP

VC LDP

LSP

VC

LDPLDPLDPLDP

LDPLDP

Loopback 0Loopback 0

Loopback 0Loopback 0

LDPLDPLSP




AToM: Label Bindings

§ VC Label= ‘L27’ in this example, cf later

§ VC Label= ‘L27’ in this example, cf later

VC L-27

L20L20

L25L25

L30L30

PopPop




CC VC info lengthVC info length

Group IDGroup ID

VC IDVC ID

Interface ParametersInterface Parameters

AToM: Virtual Circuit FEC Element

C: Control Word (1 bit) – Control word present if bit setVC-type (15 bits) - Type of VC e.g FR, ATM, VLAN, Ethernet, PPP, HDLCVC info length (8 bits) – Length of VCID field and interface parametersGroup ID (32 bits) – Represents a groups of VCs. Can be used for mass label

withdrawalVC ID (32 bits) – Connection identifier used in conjunction with the VC-type to

identify a particular VCInterface Parameters (Variable) – Edge facing interface parameters, such as MTU

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

VCVC--typetypeVC TLV (0x80)VC TLV (0x80)

Courtesy: Jim Courtesy: Jim GuichardGuichard




LDP Label Mapping Exchange

LDP Label Mapping Message (Specified in RFC 3036)

FEC TLV Header(Specified in RFC 3036)

Virtual Circuit FEC Element(Specified in draft-martini-l2circuit-trans-mpls)

Label TLV Header(Specified in RFC 3036)

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|0| Label Mapping (0x0400) | Message Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Message ID |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|0|0| FEC (0x0100) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| VC tlv (0x80) |C| VC Type |VC info Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Group ID |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VC ID |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Interface parameters || " |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|0|0| Generic Label (0x0200) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Label |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Optional Parameters | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+




AToM: Label ForwardingFrom Left to Right

dlci 101dlci 101

L27

dlci 202dlci 202

L27L27

L27L27

L27 L30

L25L20




AToM: Control Word

LengthLength Sequence NumberSequence Number00000000 FlagsFlags

EXP TTLLabel (LSP)

L2 PDU

ATM TELC Transport Type, EFCI, CLP, C/RC/R

FR BFDC BECN, FECN, DE, C/R

Label (VC) EXP 1 TTL

0




AToM Terminology§ Emulated Service or the end-to-end L2 connectivity between customer sites offered by

AToM can be described in terms of…<Attachment VC, Emulated VC, Attachment VC>

< CE1 <−> PE1, PE1 <−> PE2, PE2 <−> CE2>

§ AVC is identified by a L2 circuit identifier such as– FR DLCI, Ethernet VLAN, ATM PVC etc

§ EVC is identified by a VC Identifier with a corresp. ‘VC Label’

§ EVC is carried in an MPLS Tunnel between the PEs

§ Tunnel can be an MPLS LSP or RSVP-TE with corresp. Tunnel labels

§ Multiple EVCs from multiple customers can be multiplexed onto the same Tunnel between the PEs

IP Network

TunnelTunnel

AVCAVC

AVCAVC

AVCAVC

AVCAVC

EVCEVC

MPLSMPLSCoreCore




AToM Protocol§ Protocols necessary to implement the Emulated service can be categorized

as..Ø Control Plane Functions (Signaling)Ø Emulated VC signaling à LDP draft-martini-l2circuit-trans-mpls

Ø MPLS Tunnel signaling à LDP/TDP(LSP) or RSVP(TE)

Ø Data Plane Functions (Encapsulation)Ø Attachment VC termination à draft-martini-l2circuit-encap-mpls

Ø Emulated VC termination à draft-martini-l2circuit-encap-mpls

Ø Emulated VC tunneling à draft-martini-l2circuit-encap-mpls




AToM: Control Plane (Signaling)

§ Need for Emulated VC and Tunnel Signaling:AToM/L2 transport is implemented using two level label switchingbetween the PEs (similar to RF2547/L3VPNs) Distribution of Tunnel Labels (LDP or TDP) for Tunnel setupDistribution of VC Labels (LDP only) for Emulated VC setup




AToM: Control Plane (Signaling)

§ Emulated VC signaling must be done via LDPDirected LDP session between PEsExisting Label mapping messages usedNew VC FEC element =128 created for distributing VC labels

§ Tunnel Signaling outside the scope of draft-martini-l2circuit-trans-mpls




AToM: Control Plane Example

IP Network

MPLS Core

DLCI 555DLCI 555

DLCI 556DLCI 556DLCI 956DLCI 956

Site1A

Site 2A

DLCI 955DLCI 955

1.55

Site1B

Site 2B

PE2CE 1A

CE 2A

CE 1B

CE 2B

TUNNEL LSPTUNNEL LSP

Directed LDP sessionDirected LDP sessioninterface s1/0encapsulation frame-relayerame-relay interface-type dce

connect s1/0 555 l2transportmpls l2 route 10.13.1.96 10555955

1.96

PE1

interface s2/0encapsulation frame-relayerame-relay interface-type dce

connect s1/0 955 l2transportmpls l2 route 10.13.1.55 10555955”

Step1: Step1: ‘‘mpls l2 route 10.13.1.96 10555955mpls l2 route 10.13.1.96 10555955’’ added to PE1added to PE1àà1.55 1.55 Step2: Step2: TargettedTargetted Hellos to 10.13.1.96Hellos to 10.13.1.96Step3: Directed LDP session setup with 10.13.1.96 and ready to Step3: Directed LDP session setup with 10.13.1.96 and ready to

exchange VC labelsexchange VC labels




AToM: Discovery PhaseRSP-PE-STHEAST-5#sh mpls ldp discovery detailLocal LDP Identifier:

10.13.1.55:0Discovery Sources:

Interfaces:POS11/0/0 (tdp): xmit/recv

TDP Id: 10.13.1.58:0Src IP addr: 10.13.5.41; Transport IP addr: 10.13.1.58

FastEthernet10/0/0.441 (tdp): xmit/recvTDP Id: 10.13.1.59:0

Src IP addr: 10.13.5.65; Transport IP addr: 10.13.1.59FastEthernet10/0/1.432 (tdp): xmit/recv

TDP Id: 10.13.1.58:0Src IP addr: 10.13.5.61; Transport IP addr: 10.13.1.58

Targeted Hellos:10.13.1.55 -> 10.13.1.96 (ldp): active/passive, xmit/recvLDP Id: 10.13.1.96:0

Src IP addr: 10.13.1.96; Transport IP addr: 10.13.1.96




AToM: Targetted LDP session§ RSP-PE-STHEAST-5#sh mpls ldp neighbor 10.13.1.96

Peer LDP Ident: 10.13.1.96:0; Local LDP Ident 10.13.1.55:0TCP connection: 10.13.1.96.11014 - 10.13.1.55.646State: Oper; Msgs sent/rcvd: 2773/2779; DownstreamUp time: 1d10hLDP discovery sources:Targeted Hello 10.13.1.55 -> 10.13.1.96, active, passive

Addresses bound to peer LDP Ident:10.13.1.96 10.13.9.30 10.13.9.46 10.13.0.96 10.13.9.66

§ RSP-PE-STHEAST-5#





IP Network

MPLS Core

DLCI 555DLCI 555


Site1A

Site 2A

DLCI 955DLCI 955

1.55

Site1B

Site 2B

PE2CE 1A

CE 2A

CE 1B

CE 2B


Directed LDP sessionDirected LDP session

1.96

PE1

Step 4A: PEStep 4A: PE--CE interface on PE1 is CE interface on PE1 is ‘‘no no shutdshutd’…’…-- PE1 will allocate a VC label for DLCI 555PE1 will allocate a VC label for DLCI 555-- binds it to VC ID: 10555955binds it to VC ID: 10555955-- encodes the VC Label TLV with the VC label encodes the VC Label TLV with the VC label -- encodes the VC FEC TLV with the VC IDencodes the VC FEC TLV with the VC ID-- advertises the label to 10.13.1.96 advertises the label to 10.13.1.96


connect s1/0 555 l2transportmpls l2 route 10.13.1.96 10555955


connect s1/0 955 l2transportmpls l2 route 10.13.1.55 10555955”




AToM: Label Mapping§ RSP-PE-STHEAST-5#debug mpls l2transport signaling message

*Apr 24 17:14:10.374 EDT: AToM LDP [10.13.1.96]: Sending label m*Apr 24 17:14:10.374 EDT: AToM LDP [10.13.1.96]: Sending label mapping msg vc type 1, cbit 1, vc id apping msg vc type 1, cbit 1, vc id 10555955, group id 33, vc label 180, status 0, mtu 150010555955, group id 33, vc label 180, status 0, mtu 1500

§ RSP-PE-STHEAST-5#sh mpls l2transport binding 10555955Destination Address: 10.13.1.96, VC ID: 10555955

Local Label: 180Cbit: 1, VC Type: FR DLCI, GroupID: 33MTU: 1500, Interface Desc: n/a

Remote Label: unassigned

§ RSP-PE-STHEAST-5#sh mpls l2transport vc 10555955 detailLocal interface: Se8/0/0/2:0 up, line protocol up, FR DLCI 555 up

Destination address: 10.13.1.96, VC ID: 10555955, VC status: downTunnel label: not ready, LFIB entry presentOutput interface: unknown, imposed label stack {}

Create time: 20:36:57, last status change time: 00:31:21Signaling protocol: LDP, peer 10.13.1.96:0 up

MPLS VC labels: local 180, remote unassignedGroup ID: local 33, remote unknownMTU: local 1500, remote unknownRemote interface description:

Sequencing: receive disabled, send disabledVC statistics:

packet totals: receive 0, send 0byte totals: receive 0, send 0packet drops: receive 0, send 0





IP Network

MPLS Core

DLCI 555DLCI 555


Site1A

Site 2A

DLCI 955DLCI 955

1.55

Site1B

Site 2B

PE2CE 1A

CE 2A

CE 1B

CE 2B



“mpls l2 route 10.13.1.96 10555955”

1.96

PE1

“mpls l2 route 10.13.1.55 10555955”

Step 4B: PEStep 4B: PE--CE interface on PE2 is CE interface on PE2 is ‘‘no no shutdshutd’…’…-- PE2 will allocate a VC label for DLCI 955PE2 will allocate a VC label for DLCI 955-- binds it to VC ID: 10555955binds it to VC ID: 10555955-- encodes the VC Label TLV with the VC label encodes the VC Label TLV with the VC label -- encodes the VC FEC TLV with the VC IDencodes the VC FEC TLV with the VC ID-- advertises the label to 10.13.1.55 advertises the label to 10.13.1.55




AToM: Label Mapping§ RSP-PE-STHEAST-5#debug mpls l2transport signaling message

Apr 24 17:24:53.700 EDT: AToM LDP [10.13.1.55]: Sending label maApr 24 17:24:53.700 EDT: AToM LDP [10.13.1.55]: Sending label ma pping msg pping msg vc type 1, cbit 1, vc id 10555955, group id 37, vc label 204, stvc type 1, cbit 1, vc id 10555955, group id 37, vc label 204, st atus 0, mtu 1500atus 0, mtu 1500

§ RSP-PE-NTHEAST-6#sh mpls l2transport binding 10555955 Destination Address: 10.13.1.55, VC ID: 10555955

Local Label: 204Cbit: 1, VC Type: FR DLCI, GroupID: 37MTU: 1500, Interface Desc: n/a

Remote Label: 180Cbit: 1, VC Type: FR DLCI, GroupID: 33MTU: 1500, Interface Desc: n/a

§ RSP-PE-NTHEAST-6#sh mpls l2transport vc 10555955 detailLocal interface: Se2/0/0/2:0 up, line protocol up, FR DLCI 955 up

Destination address: 10.13.1.55, VC ID: 10555955, VC status: upTunnel label: 56, next hop 10.13.9.29Output interface: Gi1/0/0.412, imposed label stack {56 180}


MPLS VC labels: local 204, remote 180Group ID: local 37, remote 33MTU: local 1500, remote 1500Remote interface description:

Sequencing: receive disabled, send disabledVC statistics:

packet totals: receive 718402, send 718100byte totals: receive 86086987, send 93226156packet drops: receive 0, send 390





IP Network

MPLS Core

DLCI 555DLCI 555


Site1A

Site 2A

DLCI 955DLCI 955

1.55

Site1B

Site 2B

PE2CE 1A

CE 2A

CE 1B

CE 2B



“mpls l2 route 10.13.1.96 10555955”

1.96

PE1

“mpls l2 route 10.13.1.55 10555955”

Step 5a: PEStep 5a: PE--CE interface on PE1 is CE interface on PE1 is ‘‘shutdshutd’…’…-- PE1 will send a Label Withdrawal message to 10.13.1.96PE1 will send a Label Withdrawal message to 10.13.1.96-- status of the VC is down status of the VC is down

Step 5b: PEStep 5b: PE--CE interface on PE2 is CE interface on PE2 is ‘‘shutdshutd’…’…-- PE2 will send a Label Withdrawal message to 10.13.1.55PE2 will send a Label Withdrawal message to 10.13.1.55-- status of the VC is same as in (5a)status of the VC is same as in (5a)




AToM: Label Withdrawal§ RSP-PE-STHEAST-5#debug mpls l2transport signaling message

RSPRSP--PEPE--STHEASTSTHEAST--5(config5(config--if)#shif)#sh*Apr 24 17:51:57.260 EDT: AToM LDP [10.13.1.96]: Sending label w*Apr 24 17:51:57.260 EDT: AToM LDP [10.13.1.96]: Sending label withdraw msg ithdraw msg vc type 1, cbit 1, vc id 10555955, group id 33, vc label 180, stvc type 1, cbit 1, vc id 10555955, group id 33, vc label 180, status 0, mtu 1500atus 0, mtu 1500

§ RSP-PE-NTHEAST-6#sh mpls l2transport binding 10555955Destination Address: 10.13.1.96, VC ID: 10555955Local Label: unassigned.Remote Label: 204

Cbit: 1, VC Type: FR DLCI, GroupID: 37MTU: 1500, Interface Desc: n/a

§ RSP-PE-STHEAST-5#sh mpls l2transport vc 10555955 detailLocal interface: Se8/0/0/2:0 admin down, line protocol down, FR DLCI 555 admin downDestination address: 10.13.1.96, VC ID: 10555955, VC status: downTunnel label: not ready, LFIB entry presentOutput interface: unknown, imposed label stack {}


MPLS VC labels: local unassigned, remote 204Group ID: local unknown, remote 37MTU: local unknown, remote 1500Remote interface description:

Sequencing: receive disabled, send disabledVC statistics:packet totals: receive 14131, send 14897byte totals: receive 1617117, send 1854556packet drops: receive 0, send 0




Why LDP signaling is useful between PEs

To transport circuit status

– eg. FR: If PE1 sees an issue with dlci 555, it withdraws the VC label so that PE2 can signal the issue on the right via LMI

– useful for FR, ATM, HDLC, Ethernet…

§ In-Sequence delivery

– Required for ATM and FR. If Ethernet used for non-IP applications, in-sequence delivery is also required

– PE1 and PE2 can use LDP to synch their sequence numbers after reload/reboot…

§ Explicit Goal for PEW3 IETF WG




AToM: Data Plane (Martini Encapsulation)

LengthLength Sequence numberSequence numberRsvdRsvd FlagsFlags

EXPEXP TTLTTL11VC Label VC Label

EXPEXP TTLTTL00Tunnel LabelTunnel Label

L2 PDUL2 PDU

00 00

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

VC labelVC label

Tunnel labelTunnel label

Control WordControl Word

L2 FrameL2 Frame




AToM: Data Plane (Martini Encapsulation) Tunnel Label




L2 PDUL2 PDU

00 00

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

VC labelVC label


Control Word(Optional)Control Word(Optional)

L2 FrameL2 Frame

Tunnel Label: Ø IGP or Outer label that can be distributed by any of the existing mechanisms and is outside the scope of martini draftØ label associated with the tunnel i.e. MPLS LSP or RSVP-TE used to deliver the packet from the ingress PE to egress PE




AToM: Data Plane (Martini Encapsulation) VC Label




L2 PDUL2 PDU

00 00

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

VC labelVC label



L2 FrameL2 Frame

VC Label: VC Label: Ø Inner label that is used by receiving PE to determine the following information and do disposition on the received packet…

Ø egress or CE facing interface that the packet should be forwarded toØ L2 ID such as VLAN or DLCI or PVC used on the CE facing interface

Ø can use static labels (not done in Cisco implementation) or if signaling is used, LDP must be used using downstream unsolicited mode.

EXP EXP can be set to the values received in the L2 frame, ATM CLP or FR DE bit or it can be set by the PE via CLI or as a result of some QoS policy

TTL TTL is recommended to be set to ‘2’




AToM: Data Plane (Martini Encapsulation) Control Word




L2 PDUL2 PDU

00 00

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

VC labelVC label



L2 FrameL2 Frame

Control Word (CW): Control Word (CW): ØØ Optional or Mandatory depending on the type of L2 transportØ Rsvd: Reserved for future useØ Sequence number:

- provides sequencing capability to detect out of order packets if needed - currently not in Cisco’s implementation- Optional

Flags: to carry control bits (ATM CLP, FR DE) in the recvd. L2 frame across the MPLS networkLength: used to indicate the actual packet length if any padding was done to the packet




AToM: Data Plane (Martini Encapsulation) Control Word

§§ Control Word (CW) whether used or not must be indicated to both Control Word (CW) whether used or not must be indicated to both PEs(localPEs(local & & remote) either by manual configuration or using signalingremote) either by manual configuration or using signaling§§ Mandatory: CW Field must be present whether its used or notMandatory: CW Field must be present whether its used or not

-- Frame Relay (use is optional)• FECN/BECN/DE & C/R bits are transported in the 4 bit FLAG field of the control word• Above values can be modified from ‘0’à ‘1’ to indicate congestion in the transport network but not vice-versa

- AAL5 (use is optional though desirable)• First Flag bit indicates whether the packet contains an ATM Cell or a AAL5 CPCS-SDU• EFCI and CLP bit is transported in the 4 bit FLAG field

§§ Optional: CW Field can be present and maybe used Optional: CW Field can be present and maybe used -- If used, then the CW Flag bits must be set to ‘0’ and must be ignored by the receiving or egress PE- Ethernet (VLAN and PORT based)- ATM Cell Relay- PPP- HDLC




Configuration & Packet Flows




Configuration Guidelines§ VC Ids must match on either side§ MTUs on the PE-CE link on both the local and remote

ends must match on either side§ VC Ids must be unique between a pair of routers § Attachment Circuit Ids(FR DLCI, AAL5 PVC, Ethernet

VLAN) does not need to match




AToM

Transport of Ethernet over MPLS(7600 focus)




EoMPLS Implementation based on Martini Draft

• Three main requirements for transport of Ethernet frames

802.1q VLAN to 802.1q VLAN transport;802.1q VLAN port to port transport;Ethernet port to port transport; (all traffic)

• Phase 1 of AToM supports 802.1q VLAN to VLAN transport ONLY (i.e. EoMPLS)

VC-type 0x0004 within draft-martini-l2circuit-trans-mpls;

Support for VC-type 0x0005 port-to-port Ethernet trunking & port-to-port VLAN trunkingISL encapsulation is NOT supported




Draft-martini

Cisco’s implementation of MPLS based Layer 2 VPNs uses draft-martini-l2circuit-* drafts.

The basic idea is to tunnel L2 packets through the MPLS cloud using an LSP tunnel (similar to RFC2547 VPNs)

A Layer 2 “circuit” is allocated a label and LDP is used to distribute the label-circuit mapping.




Draft-martini

Directed LDP sessions are used between the LSRs. The mode is set to downstream unsolicited.

If there is an existing session (only platform label space is permitted for directed sessions, anyway) , there isn’t a need to create a new session.




EoMPLS Implementation based on Martini Draft

• Martini VC Types used in EoMPLSVC type 4 = Ethernet VLAN = All Pkts are tagged and VLANID is constant.

VC type 5 = Ethernet = Pkts are untagged and tagged(VLANID changes).

© 2001, Cisco Systems, Inc. All rights reserved. 82© 2001, Cisco Systems, Inc. All rights reserved. 82© 2001, Cisco Systems, Inc. All rights reserved. 82PS-5422884_05_2001_c4




Packet Format from CE to CE throughEoMPLS cloud.




VC LABEL BINDING MESSAGE

VC label bindings are distributed using the LDP downstream unsolicited mode

VC TLV VC Type Group ID VC ID Interface Parameters…….VC Info Len

Format of LDP Binding Message

•VC TypeØC bit – Control Word (0 for Ethernet/VLAN)Ø0x0004 – Ethernet VLANØ0x0005 – Ethernet Port-Based

•VC Info LengthØLength of VC ID and Variable Interface Parameters field

•Group IDØUsed to manage a group of VCs common to an LSP(No need to match)

•VC ID •Interface Parameters

ØMTU of ‘Customer’ Facing Interface (VLAN)

LABEL MAPPING MESSAGE CONTAINS VC Forward Equivalence Class (FEC) ELEMENT TYPE 0X80(128)

And Associated LABEL




DA SA

Packet Format CE — LER

8100 Pbits Cbit VLAN ID Ethernet Frame

DA SA 8000 V HL TOS ….Original Ethernet Frame

VLAN Encapsulated Frame

DA SA 8000 V HL TOS …

4 Byte 802.1q Header • 2 Byte EtherType Field (8100)• 3 P bits• C bit• 12 bit VID

PE2

TDP/LDP

Core-1 Core-3 PE4

CE1CE2

TDP/LDP

11.10.128.201/3211.10.128.204/32

GE2/1




DA SA 8847 MPLS LSEs

Packet Format LER—LSR VLAN Encapsulated Frame

MPLS Labeled Packet

DA SA 8100 Pbits Cbit VLAN ID Ethernet Frame

DA SA 8100 Pbits Cbit VLAN ID Ethernet Frame

LSE (Label Stack Entries)• 20 Bit Label• 3 Bit Experimental Field (Exp)• 1 Bit Bottom of Stack Indicator (S)• 1 Byte TTL

PE2

TDP/LDP

Core-1 Core-3 PE4

CE1CE2

TDP/LDP

11.10.128.201/3211.10.128.204/32

GE2/1




Packet Format LER—LSR (Cont.)

DA SA 8847 00037 0 FE 00012 1 02

MPLS Labeled Packet

• Tunnel Label Entry - Label 55 (37)- Exp = 0- S = 0- TTL = FE

• VC Label- Label 18 (12)- Exp = 0- S=1- TTL = 02

DA SA …

PE2

TDP/LDP

Core-1 Core-3 PE4

CE1CE2

TDP/LDP

11.10.128.201/3211.10.128.204/32

GE2/1

Detailed packet header explanation at:http://www-tac.cisco.com/Teams/NSA/MPLS/EOMPLS/pac1.htm


http://www-tac.cisco.com/Teams/NSA/MPLS/EOMPLS/pac1.htm



Packet Format LSR—LSR

DA SA 8847 00088 0 FD 00012 1 02

MPLS Labeled Packet

• Tunnel Label Entry - Label 136 (88)- Exp/S = 0- TTL = FD

• VC Label- Label 18 (12)- Exp/S = 1- TTL = 02

DA SA …

PE2

TDP/LDP

Core-1 Core-3 PE4

CE1CE2

TDP/LDP

11.10.128.201/3211.10.128.204/32

GE2/1




Packet Format LSR—LER

DA SA 8847 00012 1 01

MPLS Labeled Packet

•VC Label- Label 18 (12)- Exp/S = 1- TTL = 01

DA SA …

PE2

TDP/LDP

Core-1 Core-3 PE4

CE1CE2

TDP/LDP

11.10.128.201/3211.10.128.204/32

GE2/1




Configuring EoMPLS

Basic EoMPLS TopologyScenario OverviewIOS Configuration for EoMPLS on 7600Verifying configuration




Scenario Overview

§ 2 Cisco 7600 routers, used to initiate the EoMPLS tunnel§ 6 Cisco 12410 routers, representing the SP core routers§ 2 Cisco 6509 Layer-2 switches where the clients attach§ 2 Cisco 4000 Layer-2 switches where PC attach




Basic EoMPLS Scenario




Brief overview for EoMPLS Case Study

All inter-router connections are Gigabit-Ethernet based. Each 7600 attaches to a GSR via a Gigabit Ethernet WAN OSR module, and the GSR routers are connected in a “back-to-back” using POS. Each PC is on VLAN 1. Both 6509 switches connect to the 7600 routers via 802.1q trunks, where VLAN 25 exists.




IOS EoMPLS Configuration for 7600A

7600Alo 1.1.1.1/32

6509A

4000A

PC1

25.25.25.1

dot1q1/2

dot1q2/1

dot1q1/1




IOS EoMPLS Configuration for 7600B

mpls label protocol ldpmpls ldp loop-detectiontag-switching tdp router-id Loopback0!interface Loopback0ip address 1.1.1.2 255.255.255.255ip router isis EPGNisis circuit-type level-2-only!interface GE-WAN3/1 OSM Moduleip address 10.80.10.1 255.255.255.0ip router isis EPGNmpls label protocol ldptag-switching mtu 1548tag-switching ipisis circuit-type level-2-only!interface Vlan1mpls l2transport route 1.1.1.1 1 ßto 7600A!router isis EPGNnet 49.0000.0000.0222.00is-type level-2-only




Verify EoMPLS Connection 1st step ?

§ 7600A_MSFC2#sho mpls ldp neighbor§ Peer LDP Ident: 1.1.1.2:0; Local LDP Ident 1.1.1.1:0§ TCP connection: 1.1.1.2.11002 - 1.1.1.1.646§ State: Oper; Msgs sent/rcvd: 4297/4296; Downstream§ Up time: 2d13h§ LDP discovery sources:§ Targeted Hello 1.1.1.1 -> 1.1.1.2, active, passive§ Addresses bound to peer LDP Ident:§ 1.1.1.2 127.0.0.12 10.90.10.1 25.25.25.2




Verify EoMPLS Tunnel




EoMPLS icmp ping test

§ PC-1#ping 25.25.25.2§ Type escape sequence to abort.§ Sending 5, 100-byte ICMP Echos to 25.25.25.2, timeout is 2 seconds:§ .!!!!§ Success rate is 80 percent (4/5), round-trip min/avg/max = 2/38/142 ms§ PC-1#




7600A Verify ARP Table§ 7600A_MSFC2#sho arp§ Protocol Address Age (min) Hardware Addr Type Interface§ Internet 25.25.25.1 - 0007.0d0f.6bfc ARPA Vlan1§ Internet 25.25.25.3 101 0007.0d0f.6bff ARPA Vlan1§ Internet 25.25.25.2 41 0007.0d0d.d3fc ARPA Vlan1§ Internet 25.25.25.4 100 0005.dded.afff ARPA Vlan1§ Internet 10.80.10.1 - 0007.0d0f.6bfc ARPA GE-WAN3/1§ Internet 10.80.10.2 160 0004.de57.2840 ARPA GE-WAN3/1




Basic EoMPLS Scenario




EoMPLS Encapsulation Details• Ethernet PDUs are transported without the preamble,

SFD and FCSbut including all VLAN information such as VCID

• The control word is optionalC bit is set by default in Cisco implementation (except 7600)

• If the control word is used then the flags must be set to zero

The VLAN tag is transmitted unchanged but may be overwritten by the egress PE router

LengthLength Sequence numberSequence numberRsvdRsvd 0 0 0 00 0 0 0

Ethernet PDUEthernet PDU

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

00 00 OptionalOptional




EoMPLS Transport Formats

PreamblePreamble SFDSFD DADA SASA TPIDTPID TCITCI EthertypeEthertype DataData FCSFCS

PreamblePreamble SFDSFD DADA SASA TPIDTPID TCITCI LengthLength AAAA--AAAA--0303 OUI OUI 0x000x00--0000--0000 EthertypeEthertype DataData FCSFCS

<7 octets> <1 octet> <6 octets> <2 octets> <46-1500><6 octets> <4 octets>

Ethernet II EncapsulationEthernet II Encapsulation<2 octets> <2 octets>

<1 octet> <6 octets> <2 octets> <46-1492><6 octets> <2 octets> <2 octets>

802.3/802.2/SNAP Encapsulation802.3/802.2/SNAP Encapsulation

<3 octets> <2 octets><3 octets><7 octets> <4 octets>

Transported using AToM




INTRODUCTION TO PSEUDOWIRE SWITCHING AND BGP-BASED VPLS AUTO DISCOVERY




Pseudowire Switching




Inter-Autonomous System PseudowireIntroduction

AS10 AS20Provider BProvider A

• We will refer to Inter-Autonomus System (Inter AS) provider model when a pseudowire spans across 2 different service provider or administrative domains.

Problem

• End to end pseudowire deployment not possible across multiple ASeswith our current implementation

• Changes in the control and data plane code are required for inter-working them across multiple ASes




Inter-Autonomous System PseudowireIntroduction (Cont)

AS10 AS20Provider BProvider A

• Pseudowire switching solves this problem by inter-connecting pseudowires belonging to different autonomous systems and thus providing an end-2-end path

• Switch point refers to the ASBR where pseudowire switching is performed

• Achieved through inter-working of data and control planes at the switch point

Switch Points




• Based upon draft-ietf-pwe3-segmented-pw-xx

• The Pseudowires that comprise the end-to-end solution can be of the same (L2TPv3-to-L2TPv3) or different types (L2TPv3-to-AToM)

• Each pseudo wire segment can independently employ draft- martini or L2TPv3 signaling and encapsulations

• The ASBRs are responsible for "cross-connecting" the pseudowire control channels and pseudowire data planes

Pseudowire Switching Model

AS 1AS 2

attached-circuit 1

Pwvc 112

pwvc 111

attached-circuit 3

attached-circuit 4 attached-circuit 6

pwvc 11

pwvc 12 ASBR-1 ASBR-2 pwvc 152

pwvc 151PE-1

PE-2

PE-3

PE-4

pseudo-wire pseudo-wireattached-circuit Pseudo-wire attached-circuit

L2 signalling (UNI) LDP / L2TPv3 LDP / L2TPv3LDP/L2TPv3 L2 signalling (UNI)

VPWS VPWSVPWS




Pseudowire Switching Model (cont)Pros

•Per-AS pseudowire control and encapsulation independence

•BGP-enabled policy control of inter-AS pseudowire reduces pseudowire control channel burden on PE. This reduces the number of required Inter-AS pseudowire control channels

• Security model : light trustiness (LDP, IGP cross boundary of SP’s but is limited to neighbour ASBR)

• Link between ASBR’s is independent of attached-circuit media, on same link, we could have ATM, FR, Ethernet pseudowire, and/or other services (IP, MPLS-VPN, …)

Cons•ASBR nodes must store ALL L2VPN NLRIs as well as maintain attachment circuit state for each pseudowire domain that it straddles.

•QoS Model: Functions such as shaping and policing on per pseudo wire basis will be required




Packet Handling at Switch Point

VC label handling• Swapping the incoming VC label in the packet with the outgoing VC label, imposing new IGP labels, and adding new L2 encapsulation

Outgoing VC label TTL value

• Decrement incoming VC label TTL by one and copy it to outgoing VC label TTL field (ingress PE sets TTL to 255, used to be 2)

Outgoing VC label EXP bits

• Copy incoming VC label EXP into outgoing VC label EXP field

AToM control word processing

• AToM control word is not processed and sequence number not validated

MTU

• End to end attachment circuit MTU must match and are passed transparently through switch point




PE_Agg_1

Lpbk: 3.3.3.3VCID 1: 1000VCID 2: 3000

Lpbk: 5.5.5.5VCID 1: 2000VCID 2: 3000

Lpbk: 6.6.6.6VCID: 2000Lpbk: 2.2.2.2

VCID: 1000 PE_Agg_2

AS 100 AS 200 PE2PE1

Pseudowire Switching Configuration Steps

Step #1: Configure Inter-AS with “ send label ” at the ASBRs (PE_Agg_1/2) so VC label can be exchanged across the AS boundary.

Step #2: Configure the ACs and PWs on PE1 and PE2

Step #3: Configure L2 VFIs on ASBRs (PE_Agg_1/2)

60.60.60.0/30

.1 .2




PE_Agg_1

Lpbk: 3.3.3.3VCID 1: 1000VCID 2: 3000

Lpbk: 5.5.5.5VCID 1: 2000VCID 2: 3000

Lpbk: 6.6.6.6VCID: 2000Lpbk: 2.2.2.2

VCID: 1000 PE_Agg_2


Step #1 Configure Inter-AS with “ send label ”at the ASBRs

60.60.60.0/30

.1 .2

!router bgp 200no synchronizationbgp log-neighbor-changesnetwork 60.60.60.0 mask 255.255.255.252neighbor 60.60.60.1 remote-as 100neighbor 60.60.60.1 send-labelno auto-summary

!router bgp 200no synchronizationbgp log-neighbor-changesnetwork 60.60.60.0 mask 255.255.255.252neighbor 60.60.60.1 remote-as 100neighbor 60.60.60.1 send-labelno auto-summary

PE_Agg_1 PE_Agg_2

!router bgp 100no synchronizationbgp log-neighbor-changesnetwork 60.60.60.0 mask 255.255.255.252neighbor 60.60.60.2 remote-as 200 neighbor 60.60.60.2 send-labelno auto-summary

!router bgp 100no synchronizationbgp log-neighbor-changesnetwork 60.60.60.0 mask 255.255.255.252neighbor 60.60.60.2 remote-as 200 neighbor 60.60.60.2 send-labelno auto-summary




PE_Agg_1

Lpbk: 3.3.3.3VCID 1: 1000VCID 2: 3000

Lpbk: 5.5.5.5VCID 1: 2000VCID 2: 3000

Lpbk: 6.6.6.6VCID: 2000Lpbk: 2.2.2.2

VCID: 1000 PE_Agg_2


Step #2 Configure the ACs and PWs on PE1 and PE2

60.60.60.0/30

.1 .2

pseudowire-class ip_modeencapsulation mpls!interface ATM3/3no ip address no ip directed-broadcastatm clock INTERNALno atm enable-ilmi-trapno atm ilmi-keepalivepvc 100/100 l2transport encapsulation aal5snapxconnect 3.3.3.3 1000 pw-class ip_mode!

pseudowire-class ip_modeencapsulation mpls!interface ATM3/3no ip address no ip directed-broadcastatm clock INTERNALno atm enable-ilmi-trapno atm ilmi-keepalivepvc 100/100 l2transport encapsulation aal5snapxconnect 3.3.3.3 1000 pw-class ip_mode!

PE1 pseudowire-class ip_modeencapsulation mpls!interface ATM3/3no ip addressno ip directed-broadcastatm clock INTERNALno atm enable-ilmi-trapno atm ilmi-keepalivepvc 100/100 l2transport encapsulation aal5snapxconnect 5.5.5.5 2000 pw-class ip_mode!

pseudowire-class ip_modeencapsulation mpls!interface ATM3/3no ip addressno ip directed-broadcastatm clock INTERNALno atm enable-ilmi-trapno atm ilmi-keepalivepvc 100/100 l2transport encapsulation aal5snapxconnect 5.5.5.5 2000 pw-class ip_mode!

PE2




PE_Agg_1

Lpbk: 3.3.3.3VCID 1: 1000VCID 2: 3000

Lpbk: 5.5.5.5VCID 1: 2000VCID 2: 3000

Lpbk: 6.6.6.6VCID: 2000Lpbk: 2.2.2.2

VCID: 1000 PE_Agg_2


Step #3 Configure L2 VFIs on ASBRs(PE_Agg_1/2)

60.60.60.0/30

.1 .2

PE1_Agg_1#sh run | b l2 vfil2 vfi tac-training point-to-pointneighbor 2.2.2.2 1000 encapsulation mplsneighbor 5.5.5.5 3000 encapsulation mpls


PE_Agg_1PE1_Agg_2#sh run | b l2 vfil2 vfi tac-training point-to-pointneighbor 6.6.6.6 2000 encapsulation mplsneighbor 3.3.3.3 3000 encapsulation mpls


PE_Agg_2




Availability – PW Switching

§ Shipping on the Cisco 12000 in 12.0(31)S - E2, E3, E4+, E5 and E6 supported

§ Planned for Cisco 7600 in the Barracuda release




VPLS Configuration




Virtual Private LAN Services (VPLS)

§ VPLS defines an architecture that delivers Ethernet multipoint services over an MPLS network

§ VPLS operation emulates an IEEE Ethernet bridge

§ Cisco implementation is based upon draft-ietf-l2vpn-vpls-ldp-xx

PEMPLS

Network

PECE CE

VPLS Is an Architecture

CE




VPLS Components

Full Mesh of PWsBetween VSIs

Directed LDP Session Between Participating PEs

n-PE

n-PE

n-PE

PW

PW

PW

CE

CE

CE

CE

CE

CE

CE

CE

Tunn

elLS

PTunnel LSP

Tunnel LSP

Green VSIBlue VSI

Red VSI

Green VSIBlue VSI

Red VSI

Red VSIBlue VSI

LEGENDCE - Customer Edge Devicen-PE - network facing-Provider EdgeVSI - Virtual Switch InstancePW - Pseudo-WireTunnel LSP - Tunnel Label Switch Path that

provides PW transport

Attachment Circuit




VPLS Overview

§ A VPLS instance has two components:– A set of filtering databases called VSIs among the participating PEs (one VSI per PE)– A full-mesh of PWs among the participating PEs

§ The full-mesh of PWs represent a broadcast domain (e.g. VLAN) in bridge world

§ A VSI represent a filtering DB in the bridge world

§ A VPLS as defined corresponds to a bridge in which each broadcast domain is associated with its own filtering DB in a PE




VPLS and H-VPLS

§ H-VPLS- Two (or More) Tier

Hierarchy- MPLS or

Ethernet Edge- MPLS Core

§ VPLS- Single flat hierarchy- MPLS to the EDGE

VPLS

H-VPLS

MPLS EDGEMPLS CORE

PW

n-PEPE-POPPE-rs

u-PEPE-CLEMTU-s

u-PEPE-CLEMTU-s

n-PEPE-POPPE-rsGE

ETHERNET EDGEPoint-to-Point or Ring

192.168.11.1/24

192.168.11.2/24

192.168.11.11/24

192.168.11.25/24

© 2006 Cisco Systems, Inc. All rights reserved.AGG-1001




VPLS: Configuration Example (Manual Mode)

PE-1

MPLS Network

PE-2

PE-3

Create a L2 VFI with a Full Mesh of Participating VPLS PE Nodes

2.2.2.2 / 32

3.3.3.3 / 32

1.1.1.1 / 32

l2 vfi Customer-A manual

vpn id 100

neighbor 2.2.2.2 encapsulation mpls


!

Interface loopback 0

ip address 1.1.1.1 255.255.255.255l2 vfi Customer-A manual

vpn id 100



!


ip address 3.3.3.3 255.255.255.255

l2 vfi Customer-A manual

vpn id 100



!


ip address 2.2.2.2 255.255.255.255




VPLS: Configuration Example PE à CE

PE-1

MPLS Network

PE-2

PE-3

FE0/0

FE0/1

FE0/0CE1 CE1

CE1

Interface fastethernet0/0

switchport

switchport mode dot1qtunnel

switchport access vlan 100

!

Interface vlan 100

no ip address

xconnect vfi Customer-A

!

vlan 100

state active


switchport



!

Interface vlan 100

no ip address


!

vlan 100

state active


switchport



!

Interface vlan 100

no ip address





Cual es el problema con VPLS?




VPLS Auto Discovery




VPLS Auto-Discovery and Signaling

§ Draft-ietf-l2vpn-vpls-ldp-xx does not mandate an auto-discovery protocol

Can be BGP, RADIUS, DNS, AD based

§ Draft-ietf-l2vpn-vpls-ldp-xx describes using Targeted LDP for Label exchange and PW signaling

PWs signal other information such as attachment circuit state, sequencing information, etc.Cisco IOS supports targeted LDP for AToM and virtual private LAN services

VPN Discovery

Signaling


DistributedBGP





CE3

CE2

Auto Provisioning: A Series of Associations

Associate an AC with a VPN(id)(and Authenticate the AC if needed)

Association 1: AC/CE to VPN(id)

Associate a set of PEs with a VPN(id)

Association 2: PE to VPN(id)

Associate PW transport and control parameters (p) to the

corresponding AC pair

Association 3: PWPE-VPN(id) Parameters

PE2 PE3

PE4

PE5PE6

Create and maintain PWPE-VPN(id)

PW Signaling

VPN(a)

VPN(a)

...QoSLDP

...QoSLDP




BGP-based Auto-Discovery: Summary• There is no need to create an explicit list of PEs and

associate them with a given VPN

• When a VPLS instance is created by “l2 vfi” command on that PE, the corresponding VPN-id is distributed by that PE via MP iBGP updates and all the other PEs will become aware of it

• The formats for RD are BGP-ASN:VFI-VPN-ID (default), ASN:nn or IP-address:nn

• Each VSI must have an import and export RT. By default, the RT for each VFI will have the same value as the RD.

• There is only a single broadcast domain per filtering DB (e.g., there is one-to-one correspondence)

• After distribution of PW related parameters, the PWs are setup through targeted LDP signaling




Configuration Steps (Auto Discovery)

1. Establish BGP sessions & activate it for the L2VPN/VPLS address-family

2. Create VPLS instance & Associated I/Fs to it

3. Establish import/export rules (or use the default mode)




VPLS: Configuration Example (BGP Auto Discovery)

PE-1

MPLS Network

PE-2

PE-3

2.2.2.2 / 32

3.3.3.3 / 32

1.1.1.1 / 32

router BGP 1

no bgp default ipv4-unicast

neighbor 1.1.1.1 remote-as 1

neighbor 1.1.1.1 update-source loopback0

neighbor 1.1.1.1 activate

<snip>

address-family l2vpnneighbor 1.1.1.1 activate

neighbor 1.1.1.1 send-community extended<snip>

exit-address-family!

! Activation of Standard IPv4 BGP Session

router BGP 1







neighbor 3.3.3.3 activate!

! AF Configuration for L2VPN Route Exchangeaddress-family l2vpnneighbor 2.2.2.2 activate

neighbor 2.2.2.2 send-community extendedneighbor 3.3.3.3 activate

neighbor 3.3.3.3 send-community extendedexit-address-family!

! Activation of Standard IPv4 BGP Session

router BGP 1







neighbor 3.3.3.3 activate!

! AF Configuration for L2VPN Route Exchangeaddress-family l2vpnneighbor 1.1.1.1 activate

neighbor 1.1.1.1 send-community extendedneighbor 3.3.3.3 activate

neighbor 3.3.3.3 send-community extendedexit-address-family!




VPLS: Configuration Example PE à PE

PE-1

MPLS Network

PE-2

PE-3

2.2.2.2 / 32

3.3.3.3 / 32

1.1.1.1 / 32

l2 vfi Customer-A discovery

vpn id 100

!


ip address 1.1.1.1 255.255.255.255


vpn id 100

!


ip address 3.3.3.3 255.255.255.255


vpn id 100

!


ip address 2.2.2.2 255.255.255.255

Neighbor statements are no longer used to identify PE VPLS peers




VPLS: Configuration Example PE à CE

PE-1

MPLS Network

PE-2

PE-3

FE0/0

FE0/1

FE0/0CE1 CE1

CE1


switchport



!

Interface vlan 100

no ip address


!

vlan 100

state active


switchport



!

Interface vlan 100

no ip address


!

vlan 100

state active


switchport



!

Interface vlan 100

no ip address





Standard Track

§ Framework for Layer 2 Virtual Private Networks (L2VPNs) (draft-ietf-l2vpn-l2-framework-05.txt)

§ Provisioning, Autodiscovery, and Signaling in L2VPNs (draft-ietf-l2vpn-signaling-06.txt)

§ Using RADIUS for PE-Based VPN Discovery (draft-ietf-l2vpn-radius-pe-discovery-02.txt)




Caveats

§ Since Split Horizon is enabled for PW built between Auto-discovered neighbors, Auto-Discovery of H-VPLS nodes (u-PE’s) is not supported (manual configuration is required for H-VPLS) § Tunnel Selection is not supported (i.e. multiple TE Tunnels are not

discovered nor is a preferred path selected)§ The same discovery mechanism must be used to build a PW

between two PE peers (i.e. it is NOT vaild for PE A to be manually configured for PE B and PE B be dynamically configured to discover PE A§ BGP Peering via direct peer definition and Route Reflectors is

supported. BGP Confederations are NOT supported.




Availability – BGP-Based VPLS Auto Discovery

§ Insertion platform is Cisco 7600 in Barracuda release

§ Cisco 12000 support is TBD




Q & A






Documents

Atom