Deploying MPLS-Based Layer 2 Virtual

© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public

Deploying MPLS-based Layer 2 Virtual

Private Networks BRKMPL-2101

2


Abstract

This breakout session covers the fundamental and advanced topics associated

with the deployment of Layer 2 VPNs over an MPLS network.

The material presents a technology overview with an emphasis on ethernet-

based point-to-point and multipoint VPNs. Session content then focuses on

deployment considerations including: Signaling/Auto-discovery, OAM,

Resiliency and Inter-AS.

The attendee can expect to see sample configurations (IOS and IOS-XR)

associated with the provisioning of L2VPNs.

This is an intermediate-level course that requires familiarity with MPLS.

Previous attendance of session BRKMPL-1101, "Introduction to MPLS," is

highly recommended.

This session is intended for service providers and enterprise customers

deploying L2VPNs over their MPLS network.

3


Agenda

Layer 2 VPN Motivation and Overview

VPWS Reference Model

VPLS Reference Model

Pseudowire (PW) Signaling and PE Auto-Discovery

Advanced Topics

Use Cases

Summary

4

L2VPN Motivation and Overview


Motivation for L2VPNs

Network Consolidation (circa 2000)

‒ Multiple access services (FR, ATM, TDM)

required multiple core technologies

Enterprise Ethernet WAN Connectivity

Services (circa 2005+)

‒ Ethernet well understood by Enterprise / SPs

‒ CAPEX (lower cost per bit) / Growth (100GE)

‒ Layer 2 VPN replacement to ATM/Frame Relay

‒ Layer 3 VPN access (CE to PE)

Data Center Interconnection (DCI)

Mobile Backhaul Evolution

‒ TDM /PDH to Dual/Hybrid to All-packet

(IP/Ethernet)

‒ Single (voice + data) IP/Ethernet mobile

backhaul universally accepted solution

Old and New Drivers

Access

IP/IPSec

FR/ATM

Broadband

TDM

IP/IPSec

FR/ATM

Broadband

TDM

IP or MPLS

ATM

SONET / SDH

Access

L1 service

L2 service

L3 service

Typical Service Provider (circa 2000)


Ethernet

Unmuxed UNI

Ethernet Private Line (EPL)

Ethernet Virtual Private Line (EVPL)

Ethernet Private LAN (EPLAN)

Ethernet Virtual Private LAN (EVPLAN)

Muxed UNI

Muxed UNI

Unmuxed UNI

Service Offerings L2VPN Transport Services

Muxed UNI

FR over Pseudowire

Frame Relay

Unmuxed UNI

PPP/HDLC over Pseudowire

PPP/HDLC

Virtual Private LAN

Service (VPLS)

ATM

Muxed UNI

AAL5 over Pseudowire

Cell Relay with Packing over Pseudowire

Muxed UNI

Virtual Private Wire Service (VPWS)

TDM

Muxed UNI

Circuit Emulation Service over PSN (CESoPSN)

Structure Agnostic TDM over Packet (SAToP)

Muxed UNI


Layer 2 VPN Enabler

L2VPNs are built with Pseudowire

(PW) technology

PWs provide a common

intermediate format to transport

multiple types of network services

over a Packet Switched Network

(PSN)

PW technology provides Like-to-

Like transport and also

Interworking (IW)

The Pseudowire

Ethernet

ATM

TDM PPP/HDLC

FR

Pseudowire

Provider Edge

Packet

Switched

Network

Provider Edge

Virtual Private Wire Service (VPWS) Overview


Pseudowire Reference Model

Any Transport Over MPLS (AToM) is Cisco’s implementation of VPWS for IP/MPLS networks

An Attachment Circuit (AC) is the physical or virtual circuit attaching a CE to a PE

Customer Edge (CE) equipment perceives a PW as an unshared link or circuit

Ref: RFC 3985 Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture, March 2005

Emulated Layer-2 Service

Pseudowire (PW)

PSN Tunnel

PE PE

CE

CE

CE

CE PW2

PW1

Native Service

Native Service

AC

AC

AC

AC


Layer 2 Transport over MPLS

Targeted LDP session / BGP session / Static

‒ Used for VC-label negotiation, withdrawal, error notification

The “emulated circuit” has three (3) layers of encapsulation

Tunnel header (Tunnel Label)

‒ To get PDU from ingress to egress PE

‒ MPLS LSP derived through static configuration (MPLS-TP) or dynamic (LDP or

RSVP-TE)

Demultiplexer field (VC Label)

‒ To identify individual circuits within a tunnel

‒ Could be an MPLS label, L2TPv3 header, GRE key, etc.

Emulated VC encapsulation (Control Word)

‒ Information on enclosed Layer 2 PDU

‒ Implemented as a 32-bit control word

Demultiplexing Component

Tunnelling Component

Layer 2 Encapsulation

Control Connection


Length Sequence Number 0 0 0 0 Flags

EXP TTL (Set to 2) 1 VC Label (VC)

EXP TTL 0 Tunnel Label (IGP-LDP or RSVP-TE)

Layer 2 PDU

0

0

FRG

VC Label

Tunnel Label

Control Word

VPWS Traffic Encapsulation

Three-level encapsulation

Packets switched between PEs using Tunnel label

VC label identifies PW

VC label signaled between PEs

Optional Control Word (CW) carries Layer 2 control bits

and enables sequencing

Control Word

Encap. Required

ATM N:1 Cell Relay

No

ATM AAL5 Yes

Ethernet No

Frame Relay

Yes

HDLC No

PPP No

SAToP Yes

CESoPSN Yes

2

0

2

3

3

1


MPLS

CE-2 CE-1

Pseudowire

P1 P2

PE1 PE2

Traffic direction

VPWS Forwarding Plane Processing

Payload

Push Push

Label = 34

Label = 28

Payload

VC and Tunnel

label imposition

VC Label

Tunnel Label

Label = 28

Payload

Pop

Penultimate Hop

Popping (PHP)

Payload

Pop

VC label

disposition

Label = 45

Label = 28

Payload

Swap

Tunnel label

swapping through

MPLS cloud

Virtual Private Wire Service (VPWS) Ethernet over MPLS (EoMPLS)


How Are Ethernet Frames Transported?

Ethernet frames transported without Preamble, Start Frame Delimiter

(SFD) and FCS

Two (2) modes of operation supported:

‒ Ethernet VLAN mode (VC type 0x0004) – created for VLAN over MPLS application

‒ Ethernet Port / Raw mode (VC type 0x0005) – created for Ethernet port tunneling application

LSP Label

VC Label

Ethernet Header

Ethernet Payload

Ethernet Payload DA SA Length/Type

FCS Preamble 802.1q

tag

0x8847 DA’ SA’ FCS’

Original Ethernet Frame

MPLS

E-Type

Control Word

4B 4B 4B (optional)

MPLS-encapsulated Ethernet Frame

MPLS Stack AToM Header

6B 6B 4B (optional) 2B


Ethernet PW VC Type Negotiation

Cisco devices by default will

generally attempt to bring up an

Ethernet PW using VC type 5

If rejected by remote PE, then VC

type 4 will be used

Alternatively, Cisco device can be

manually configured to use either

VC type 4 or 5

Cisco IOS

7604-2(config-pw-class)#interworking ?

ethernet Ethernet interworking

ip IP interworking

vlan VLAN interworking

7604-2#show running-config

pseudowire-class test-pw-class-VC4

encapsulation mpls

interworking vlan

!

pseudowire-class test-pw-class-VC5

encapsulation mpls

interworking ethernet


Ethernet PW VC Type Negotiation

Cisco devices by default will

generally attempt to bring up an

Ethernet PW using VC type 5

If rejected by remote PE, then VC

type 4 will be used

Alternatively, Cisco device can be

manually configured to use either

VC type 4 or 5

Cisco IOS-XR

RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-

mpls)#transport-mode ?

ethernet Ethernet port mode

vlan Vlan tagged mode

RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-

mpls)#transport-mode vlan ?

passthrough passthrough incoming tags

RP/0/RSP0/CPU0:ASR9000-2#show running-config l2vpn

l2vpn

pw-class test-pw-class-VC4

encapsulation mpls

transport-mode vlan

pw-class test-pw-class-VC4-passthrough

encapsulation mpls

transport-mode vlan passthrough

pw-class test-pw-class-VC5

encapsulation mpls

transport-mode ethernet


Introducing Cisco EVC Framework Functional Highlights

Service Abstraction

Multiplexed Forwarding services

Flexible Service

Mapping

EVC Framework

Advanced Frame

Manipulation

Flexible service delimiters

• Single-tagged, Double-tagged

• VLAN Lists, VLAN Ranges

• Header fields (COS, Ethertype)

Ethernet Service Layer • Ethernet Flow Point (EFP)

• Ethernet Virtual Circuit (EVC)

• Bridge Domain (BD)

• Local VLAN significance

VLAN Header operations -VLAN Rewrites

• POP

• PUSH

• SWAP

ANY service – ANY port

• Layer 2 Point-to-Point

• Layer 2 Multipoint

• Layer 3


Encapsulation Adjustment Considerations

VLAN tags can be added, removed

or translated prior to VC label

imposition or after disposition

‒ Any VLAN tag(s), if retained, will

appear as payload to the VC

VC label imposition and service

delimiting tag are independent from

EVC VLAN tag operations

‒ Dummy VLAN tag – RFC 4448 (sec

4.4.1)

VC service-delimiting VLAN-ID is

removed before passing packet to

Attachment Circuit processing

EoMPLS PW VC Type and EVC VLAN Rewrites

19

MPLS Imposition

MPLS Disposition

PW

POP 1

VLAN tag

AC

EVC VLAN

Rewrite

(Egress)

MPLS Label

Disposition

VC

Type

5 4

AC PW

MPLS Label

Imposition

PUSH 1

VLAN tag

VC

Type

EVC VLAN

Rewrite

(Ingress)

5

4

Dummy

VLAN tag


Encapsulation Adjustment Considerations VC 5 and EVC Rewrites

Single-tagged frame

Double-tagged frame

MPLS CE-1

PE1 104.104.104.104

PE2 102.102.102102 CE-2

l2vpn

pw-class class-VC5

encapsulation mpls

transport-mode ethernet

xconnect group Cisco-Live

p2p xc-sample-1

interface GigabitEthernet0/0/0/2.100

neighbor 102.102.102.102 pw-id 111

pw-class class-VC5

interface GigabitEthernet2/2

service instance 3 ethernet

encapsulation dot1q 10

rewrite ingress tag pop 1 symmetric

xconnect 104.104.104.104 111 encap mpls pw-class class-VC5

10

tag 10 tag

10

tag 10

Pseudowire VC Type 5

pseudowire-class class-VC5

encapsulation mpls

interworking ethernet

interface GigabitEthernet0/0/0/2.100 l2transport



IOS-XR

IOS •POP VLAN 10

•No Push of Dummy tag (VC 5)

•No service-delimiting vlan

expected (VC 5)

•PUSH VLAN 10

MPLS label


Encapsulation Adjustment Considerations VC 4 and EVC Rewrites

Single-tagged frame

Double-tagged frame

MPLS CE-1

PE1 104.104.104.104

PE2 102.102.102102 CE-2

l2vpn

pw-class class-VC4

encapsulation mpls

transport-mode vlan


p2p xc-sample-1


neighbor 102.102.102.102 pw-id 111

pw-class class-VC4





xconnect 104.104.104.104 111 encap mpls pw-class class-VC4

10

tag 10 tag

10

tag 10

Pseudowire VC Type 4

pseudowire-class class-VC4

encapsulation mpls

interworking vlan




IOS-XR

IOS •POP VLAN 10

•Push Dummy tag (VC 4)

•POP service-delimiting

vlan (VC 4)

•PUSH VLAN 10

MPLS label

Dummy

Dummy


MTU Considerations

No payload fragmentation supported

Incoming PDU dropped

if MTU exceeds AC MTU

PEs exchange PW payload MTU as

part of PW signaling procedures

‒ Both ends must agree to use same

value for PW to come UP

‒ PW MTU derived from AC MTU

No mechanism to check Backbone

MTU

‒ MTU in the backbone must be large

enough to carry PW payload and

MPLS stack

22

MPLS

CE-1

Pseudowire

PE1 PE2

CE-2

AC MTU

PE MTU Intra

backbone

MTU

PW payload

MTU signaled

between PEs


Ethernet MTU Considerations

Interface MTU configured as largest

ethernet payload size

‒ 1500B default

‒ Sub-interfaces / Service Instances

(EFPs) MTU always inherited from

main interface

PW MTU used during PW signaling

‒ By default, inherited from attachment circuit

MTU

‒ Submode configuration CLI allows MTU values

to be set per subinterface/EFP in xconnect

configuration mode (only for signaling

purposes)

‒ No MTU adjustments made for EFP rewrite

(POP/PUSH) operations

Cisco IOS

interface GigabitEthernet0/0/4

description Main interface

mtu 1600

interface GigabitEthernet0/0/4.1000

encapsulation dot1Q 1000

xconnect 106.106.106.106 111 encapsulation mpls

mtu 1500

ASR1004-1#show int gigabitEthernet 0/0/4.1000 | include MTU

MTU 1600 bytes, BW 100000 Kbit/sec, DLY 100 usec,

Sub-interface MTU

inherited from Main

interface

PW MTU used during

signaling can be

overwritten


Ethernet MTU Considerations

Interface / sub-interface MTU

configured as largest frame size – FCS

(4B)

‒ 1514B default for main interfaces

‒ 1518B default for single-tagged

subinterfaces

‒ 1522B default for double-tagged

subinterfaces

PW MTU used during PW signaling

‒ AC MTU – 14B + Rewrite offset

‒ E.g. POP 1 ( - 4B), PUSH 1 (+ 4B)

Cisco IOS XR

interface GigabitEthernet0/0/0/2

description Main interface

mtu 9000

RP/0/RSP0/CPU0:PE1#show l2vpn xconnect neighbor 102.102.102.102 pw-

id 11

Group Cisco-Live, XC xc-sample-1, state is down; Interworking none

AC: GigabitEthernet0/0/0/2.100, state is up

Type VLAN; Num Ranges: 1

VLAN ranges: [100, 100]

MTU 1500; XC ID 0x840014; interworking none

Statistics:

(snip)




mtu 1518

XC MTU = 1518 – 14 – 4

= 1500B

By default, sub-interface

MTU inherited from Main

interface

Sub-interface MTU can

be overwritten to match

remote AC

Virtual Private Wire Service (VPWS) ATM / TDM over MPLS


ATM Transport over MPLS

Two (2) main requirements for the

transport of ATM across an MPLS

backbone

‒ AAL5 encapsulated frames

(RFC1483)

‒ ATM cells (Cell Relay)

Multiple modes of operation (RFC

4717)

‒ AAL5 Transport – VCC Mode

‒ Cell Relay – VCC / VPC / Port Mode

‒ Cell Packing / Concatenation

AAL5 Encapsulation details

‒ AAL5 SDUs are encapsulated

‒ PW Control Word required

Control word flags encapsulate transport

type, EFCI, CLP, C/R bit

‒ Service allows transport of OAM and

RM cells

26

PW Control

Word


ATM Transport over MPLS (cont.)

Cell Relay Encapsulation details

‒ Single ATM cell is encapsulated

‒ N-to-One (N >= 1) Cell Relay

(mandatory)

One or more VPC / VCC per PW

PW CW optional

‒ One-to-One Cell Relay (optional)

One VPC / VCC per PW

Cell Packing Encapsulation details

‒ Cell Concatenation (optional)

‒ Multiple ATM cells packed per MPLS

packet

‒ Packing controlled by max number

of cells and timer

27

ATM N-to-One (N=1) Cell Relay


TDM Transport over MPLS

Migrate TDM to Packet Based

Network using PW emulation

CEoP incorporates TDM bits into the

packets, encapsulate them into

appropriate header and sends

through PSN

Another side of CEoP restore TDM

bit stream from packets

Time Division Multiplexing (TDM)

frames can be transported using

Structured OR Unstructured Modes

VC Type

‒ SAToP E1 – 0x0011

‒ SAToP T1 – 0x0012

‒ SAToP E3 – 0x0013

‒ SAToP T3 – 0x0014

‒ CESoPSN – 0x0015 (Basic mode)

‒ CESoPSN – 0x0017 (TDM with CAS)

28


TDM Transport over MPLS (cont.)

Structured Mode

‒ CESoPSN – Circuit Emulation

Service over Packet Switched

Network (RFC 5086)

‒ Identifies framing and sends only

payload (e.g. T1s from DS3, DS0s

from T1)

Unstructured Mode

‒ SAToP – Structure Agnostic TDM

over Packet (RFC 4553)

‒ Sends bytes out as they arrive on

TDM line. Bytes do not have to be

aligned with any framing

29

Encapsulation header

CE Control (4 Bytes)

RTP (optional 12B)

CEoP Payload

Frame#1

Timeslots 1-N

Frame#2

Timeslots 1-N

Frame#3

Timeslots 1-N

Frame#m

Timeslots 1-N

Encapsulation header

CE Control (4 Bytes)

RTP (optional 12B)

CEoP Payload

Bytes 1-N

Virtual Private LAN Service (VPLS) Overview


Virtual Private LAN Service

Defines Architecture to provide

Ethernet Multipoint connectivity

sites, as if they were connected

using a LAN

VPLS operation emulates an IEEE

Ethernet switch

Two (2) signaling methods

‒ RFC 4762 (LDP-Based VPLS)

‒ RFC 4761 (BGP-Based VPLS)

Overview

MPLS

CE-B1 CE-B3

CE-A1 CE-A3

CE-B2

CE-A2



VFI (Virtual Forwarding Instance)

‒ Also called VSI (Virtual Switching Instance)

‒ Emulates L2 broadcast domain among ACs and VCs

‒ Unique per service. Multiple VFIs can exist same PE

AC (Attachment Circuit)

‒ Connect to CE device, it could be Ethernet physical

or logical port

‒ One or multiple ACs can belong to same VFI

VC (Virtual Circuit)

‒ EoMPLS data encapsulation, tunnel label used to

reach remote PE, VC label used to identify VFI

‒ One or multiple VCs can belong to same VFI

‒ PEs must have a full-mesh of PWs in the VPLS core

Reference Model

MPLS PE1

VFI

PE2

VFI

PE3

VFI

CE-B1 CE-B3 VFI VFI

VFI

CE-A1 CE-A3

CE-B2

CE-A2

Full-mesh of PWs

between VFIs



Flooding / Forwarding

‒ Forwarding based on destination MAC

addresses

‒ Flooding (Broadcast, Multicast, Unknown

Unicast)

MAC Learning/Aging/Withdrawal

‒ Dynamic learning based on Source MAC

and VLAN

‒ Refresh aging timers with incoming packet

‒ MAC withdrawal upon topology changes

Split-Horizon and Full-Mesh of PWs for

loop-avoidance in core

‒ SP does not run STP in the core

Operation

U-PE B

Customer

Equipment

CE

CE

CE

Ethernet UNI Ethernet UNI

N-PE 3

N-PE 4 N-PE 2

N-PE 1

PW

Applies Split-

Horizon

Applies Split-

Horizon

Applies Split-

Horizon

U-PE B

Customer

Equipment

CE

CE

CE

Ethernet UNI Ethernet UNI

N-PE 3

N-PE 4 N-PE 2

N-PE 1

PW


Why H-VPLS? Improved Scaling

Flat VPLS

‒ Potential signaling overhead

‒ Packet replication at the edge

‒ Full PW mesh end-end

Hierarchical-VPLS

‒ Minimizes signaling overhead

‒ Packet replication at the core only

‒ Full PW mesh in the core

34


VPLS Operation

Core PW – Split Horizon ON

Spoke PW – Split Horizon OFF

(default)

Split-Horizon Rules

‒ Forwarding between Spoke PWs

‒ Forwarding between Spoke and

Core PWs

‒ Forwarding between ACs and Core /

Spoke PWs

‒ Forwarding between ACs

‒ Blocking between Core PWs

Loop Prevention

PE

VFI

Spoke PWs

Core PWs

AC

X


VPLS Operation

Remove (flush) dynamic MAC

addresses upon Topology Changes

‒ Faster convergence – avoids blackholing

‒ Uses LDP Address Withdraw Message

(RFC 4762)

H-VPLS dual-home example

‒ U-PE detects failure of Primary PW

‒ U-PE activates Backup PW

‒ U-PE sends LDP MAC address withdrawal

request to new N-PE

‒ N-PE forwards the message to all PWs in

the VPLS core and flush its MAC address

table

MAC Address Withdrawal

36

MPLS

uPE1

PE1

VFI

PE2

VFI

PE3

VFI

CE-C

CE-A CE-B

MPLS

X

Backup PW

Primary PW

LDP MAC

Withdraw

Message

Pseudowire (PW) Signaling and PE Auto-

Discovery


VPWS / VPLS

Provisioning Model

‒ What information needs to be configured

and in what entities

‒ Semantic structure of the endpoint

identifiers (e.g. VC ID, VPN ID)

Discovery

‒ Provisioning information is distributed by a

"discovery process“

‒ Distribution of endpoint identifiers

Signaling

‒ When the discovery process is complete, a

signaling protocol is automatically invoked

to set up pseudowires (PWs)

An abstraction

38

Discovery

Signaling

Provisioning

Model


VPWS

VPWS Signaling

‒ LDP-based (RFC 4447)

‒ BGP-based (informational draft)

draft-kompella-l2vpn-l2vpn

VPWS with LDP-signaling and No

auto-discovery

‒ Most widely deployed solution

Auto-discovery for point-to-point

services not as relevant as for

multipoint

Discovery and Signaling Alternatives

39

Manual No Auto-Discovery

Border Gateway

Protocol (BGP)

Static No Signaling

BGP

Label

Distribution

Protocol (LDP)

VPN Discovery

Signaling

Most widely

deployed


VPLS

VPLS Signaling

‒ LDP-based (RFC 4762)

‒ BGP-based (RFC 4761)

VPLS with LDP-signaling and No

auto-discovery

‒ Most widely deployed solution

‒ Operational complexity for larger

deployments

BGP-based Auto-Discovery (BGP-

AD) (RFC 6074)

‒ Enables discovery of PE devices in a

VPLS instance

Discovery and Signaling Alternatives

40

Manual No Auto-Discovery

Border Gateway

Protocol (BGP)

Static No Signaling

BGP

Label

Distribution

Protocol (LDP)

VPN Discovery

Signaling

Most widely

deployed RFC

6074

RFC

4761


Discovery LDP-based Signaling


PW Control Plane Operation LDP Signaling

MPLS CE-1 CE-2

PE-1 PE-2

PW manually

provisioned – Remote

PE info included

1

Local_int = A

Remote PE = PE2_ip

VC-id <123>

Interface A

Local_int = B

Remote PE = PE1_ip

VC-id <123>

PW manually

provisioned – Remote

PE info included 1

New targeted LDP session between

PE routers established, in case one

does not already exist

2

4

PEs advertize local VC label using

LDP label-mapping message:

Label TLV + PW FEC TLV

PEs assigns

local VC label to

PW

Local Label X 3 Local Label Y 3

Remote Label Y

5

Remote Label X 5

PEs bind remote

label for PW with

matching VC-id

Interface B


VPWS (EoMPLS) LDP Signaling Cisco IOS (VLAN-based services)

43

MPLS Core CE2

GigabitEthernet2/4

PE1 106.106.106.106

PE2 102.102.102.102

PW VC id

CE1

GigabitEthernet2/5

111

hostname PE1

!

interface Loopback0

ip address 106.106.106.106 255.255.255.255

interface GigabitEthernet2/4.300



Sub-interface

based xconnect






Service-Instance

(EFP) based xconnect

OR

interface Vlan 300


!


switchport mode trunk

switchport trunk allowed vlan 300

Interface VLAN (SVI)

based xconnect +

Switchport trunk / access

OR

interface Vlan 300


!





bridge-domain 300


based xconnect +

Service instance BD

OR


H-VPLS LDP Signaling / Manual provisioning Cisco IOS XR

44

MPLS Core

CE2

l2vpn

bridge group Cisco-Live

bridge-domain bd101


neighbor 192.0.0.5 pw-id 5555


!

vfi vfi101

vpn-id 1111




PE1 192.0.0.1

PE2 192.0.0.2

PE3 192.0.0.3

PE4 192.0.0.4

PW VC id

hostname PE1

!

interface Loopback0

ipv4 address 192.0.0.1 255.255.255.255

!




Core PWs

Full-mesh

2222

3333

1111

u-PE2 192.0.0.6

u-PE1 192.0.0.5

CE3

CE1

0/0/0/14

Spoke

PWs

5555

5555

VFI


Discovery BGP-based AutoDiscovery (BGP-AD)


BGP Auto-Discovery (BGP-AD)

Eliminates need to manually provision

VPLS neighbors

Automatically detects when new PEs are

added / removed from the VPLS domain

Uses BGP Update messages to advertize

PE/VFI mapping (VPLS NLRI)

Typically used in conjunction with BGP

Route Reflectors to minimize iBGP full-

mesh peering requirements

Two (2) RFCs define use of BGP for

VPLS AD1

‒ RFC 6074 – when LDP used for PW signaling

‒ RFC 4761 – when BGP used for PW

signaling

46

MPLS

PE1

VFI

PE2

VFI

PE3

CE-A1 CE-A3

CE-A2

I am a new PE with ACs

on BLACK VFI Pseudowire

BGP RR

VFI

BGP session BGP Update

message with

VPLS NLRI

(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values

Covered in

this section


What is Discovered? NLRI + Extended

Communities

47

MPLS CE-1 CE-2

PE-1 PE-2

BGP ASN = 100

BGP Rtr ID = 1.1.1.10

BGP neighbor = 2.2.2.20

L2VPN Rtr ID = 10.10.10.10

VPN ID = 111

RT = auto (100:111)

RD = auto (100:111)

VPLS-ID = auto (100:111)

Length = 14

Route Distinguisher = 100:111

L2VPN Router ID = 10.10.10.10

VPLS-ID = 100:111

Route Target = 100:111

Length = 14

Route Distinguisher = 100:111

L2VPN Router ID = 20.20.20.20

VPLS-ID = 100:111

Route Target = 100:111

Source Address = 1.1.1.10

Destination Address = 2.2.2.20

Source Address = 2.2.2.20

Destination Address = 1.1.1.10

BGP ASN = 100

BGP Rtr ID = 2.2.2.20


L2VPN Rtr ID = 20.20.20.20

VPN ID = 111

RT = auto (100:111)

RD = auto (100:111)


NLRI

BGP Update Messages


What is Signaled?

48

MPLS CE-1 CE-2

PE-1 PE-2

BGP ASN = 100

BGP Rtr ID = 1.1.1.10


L2VPN Rtr ID = 10.10.10.10

VPN ID = 111

RT = auto (100:111)

RD = auto (100:111)


BGP ASN = 100

BGP Rtr ID = 2.2.2.20


L2VPN Rtr ID = 20.20.20.20

VPN ID = 111

RT = auto (100:111)

RD = auto (100:111)


FEC 129

LDP Generalized Pwid

FEC Element (FEC 129)

AGI = VPLS-ID = 100:111

SAII = Local L2VPN ID = 10.10.10.10

TAII = Remote L2VPN ID = 20.20.20.20

AGI = VPLS-ID = 100:111

SAII = Local L2VPN ID = 20.20.20.20

TAII = Remote L2VPN ID = 10.10.10.10

Local and Remote

(discovered) L2VPN router

ID and VPLS-ID used for

PW signaling


VPLS LDP Signaling and BGP-AD Cisco IOS

49

hostname PE1

!

interface Loopback0

ip address 102.102.102.102 255.255.255.255

!

router bgp 100

bgp router-id 102.102.102.102

neighbor 104.104.104.104 remote-as 100

neighbor 104.104.104.104 update-source Loopback0

!

address-family l2vpn vpls

neighbor 104.104.104.104 activate

neighbor 104.104.104.104 send-community extended

exit-address-family

l2 vfi sample-vfi autodiscovery

vpn id 300

vpls-id 100:300

!

interface Vlan300

xconnect vfi sample-vfi

BGP Auto-Discovery attributes

VPLS VFI attributes

Signaling attributes





bridge-domain 300

MPLS Core

CE1

GigabitEthernet2/4

PE1 102.102.102.102

PE2 104.104.104.104

PE3 192.0.0.3

PE4 192.0.0.4

PW VC id

100:300

100:300

100:300

BGP AS 100

BGP Auto-Discovery




VLAN/switchport-

based Configuration

Bridge Domain-

based Configuration OR

VFI

BGP L2VPN AF


VPLS LDP Signaling and BGP-AD Cisco IOS XR

50

l2vpn


bridge-domain bd101


vfi vfi101

vpn-id 11101

autodiscovery bgp

rd auto

route-target 100:101

signaling-protocol ldp

vpls-id 100:101

router bgp 100

bgp router-id 106.106.106.106

address-family l2vpn vpls-vpws

neighbor 110.110.110.110

remote-as 100

update-source Loopback0



VPLS VFI attributes


hostname PE1

!

interface Loopback0

ipv4 address 106.106.106.106 255.255.255.255

!




MPLS Core

CE1

GigabitEthernet0/0/0/2.101

PE1 106.106.106.106

PE2 110.110.110.110

PE3 192.0.0.3

PE4 192.0.0.4

PW VC id

100:101

100:101

100:101

BGP AS 100

BGP Auto-Discovery

Full-mesh Core PWs

auto-discovered with BGP-AD

and signaled by LDP

PW ID = VPLS-id (100:101)

VFI BGP L2VPN AF


Discovery BGP-based Signaling and AutoDiscovery


BGP Signaling and Auto-Discovery

RFC 47611 defines use of BGP for

VPLS PE Auto-Discovery and Signaling

All PEs within a given VPLS are

assigned a unique VPLS Edge device

ID (VE ID)

A PE X wishing to send a VPLS update

sends the same label block information

to all other PEs using BGP VPLS NLRI

Each receiving PE infers the label

intended for PE X by adding its

(unique) VE ID to the label base

‒ Each receiving PE gets a unique label for

PE X for that VPLS

Overview

52

MPLS

PE1 VE_ID 1

VFI

PE2 VE_ID 2

VFI

PE X VE_ID X

CE-A1 CE-A3

CE-A2

I am PE X with ACs on

BLACK VFI

Here is my label block

for this VFI Pseudowire

BGP RR

VFI

BGP session

BGP Update

message with

VPLS NLRI

(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values



RFC 4761 is primarily based on the

concept of Label Blocks

‒ Contiguous set of local labels

‒ Label Block boundary advertised

using BGP VPLS NLRI

Label Base (LB) – start of label block

VE Block Size (VBS) – size of label

block

VE Block Offset (VBO) – start of

remote VE set

Label Blocks

53

LB

LB+VBS-1

Label Block

VBO

VBO+VBS-1

Remote VE set

VE ID (VBO + n) corresponds

to Label (LB + n)


VPLS BGP Signaling and BGP-AD Cisco IOS XR

54


VPLS VFI attributes


hostname PE1

!

interface Loopback0

ipv4 address 106.106.106.106 255.255.255.255

!

router bgp 100

bgp router-id 106.106.106.106


neighbor 110.110.110.110

remote-as 100

update-source Loopback0


l2vpn


bridge-domain bd102


vfi vfi102

vpn-id 11102

autodiscovery bgp

rd auto


signaling-protocol bgp

ve-id 5 VE-id must be

unique in a

VPLS instance

MPLS Core

CE1

GigabitEthernet0/0/0/2.102

PE1 106.106.106.106

PE2 110.110.110.110

PE3 192.0.0.3

PE4 192.0.0.4

ve-id 5

BGP AS 100


ve-id 6

ve-id 7

ve-id 8

VFI


VPLS BGP Signaling and BGP-AD Cisco IOS (NEW Protocol-based CLI)

55

hostname PE1

!

interface Loopback0

ip address 102.102.102.102 255.255.255.255

!

router bgp 100

bgp router-id 102.102.102.102



!




neighbor 104.104.104.104 suppress-signaling-protocol ldp

exit-address-family

MPLS Core

CE1

GigabitEthernet2/4

PE1 102.102.102.102

PE2 104.104.104.104

PE3 192.0.0.3

PE4 192.0.0.4

ve-id 5

BGP AS 100


ve-id 6

ve-id 7

ve-id 8

l2vpn vfi context sample-vfi

vpn id 3300

autodiscovery bgp signaling bgp

ve id 5

ve range 10

bridge-domain 300

member vfi sample-vfi

member GigabitEthernet2/4 service instance 333

!





VE-id must be

unique in a

VPLS instance

Bridge Domain-

based Configuration

VFI

Advanced Topics Operations, Administration and Management

Virtual Circuit Connection Verification (VCCV)


Virtual Circuit Connection Verification (VCCV)

Provides end-to-end fault verification and detection for emulated PW

service (RFC 5085)

‒ MPLS LSP ping monitors PSN tunnel (PE-PE connectivity)

‒ VCCV sends control packets (intercepted by remote PE) in-band of PWs

VCCV capabilities negotiated during PW signaling phase

Disposition capabilities to identify VCCV packets are:

‒ Type 1: uses PW Control Word with 0001b as first nibble

‒ Type 2: uses MPLS Router Alert (RA) label

‒ Type 3: uses MPLS PW label with TTL == 1

Overview


Pseudowire Connectivity Verification Cisco IOS 7604-2#ping mpls pseudowire 104.104.104.104 111000 ?

destination Destination address or address range

exp EXP bits in mpls header

interval Send interval between requests in msec

pad Pad TLV pattern

repeat Repeat count

reply Reply mode

revision Echo Packet TLV versioning

segment Segment of the MS-PW

size Packet size

source Source specified as an IP address

sweep Sweep range of sizes

timeout Timeout in seconds

verbose verbose output mode

7604-2#ping mpls pseudowire 104.104.104.104 111000

Sending 5, 100-byte MPLS Echos to 104.104.104.104,

timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface,

'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,

'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,

'P' - no rx intf label prot, 'p' - premature termination of LSP,

'R' - transit router, 'I' - unknown upstream index,

'l' - Label switched with FEC change, 'd' - see DDMAP for return code,

'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Advanced Topics Operations, Administration and Management

Pseudowire Status Signaling


MPLS PW Status Signaling

PW Status Communication achieved via

‒ Label Withdraw method, or

‒ PW Status TLV method

Label Withdraw Method

‒ Label Mapping Message sent only when AC in UP

state

‒ PW status signaled by withdrawing labels

‒ Found in earlier implementations

PW Status TLV Method

‒ PW status signaled using a PW status TLV (labels

not withdrawn)

‒ Label Mapping Message sent when PW provisioned

(irrespective of AC status)

‒ Faster PWs setup as Label allocation processes

are independent from each other

60

MPLS

CE-1

Pseudowire

PE1 PE2

CE-2

LDP Notification

Message

PW Status TLV PW Status

Code


MPLS PW Status Signaling PW Status Codes

Bit Mask

Value

Status Description

0x00000000 Pseudowire forwarding (clear all failures)

0x00000001 Pseudowire Not Forwarding

0x00000002 Local Attachment Circuit (ingress) Receive Fault

0x00000004 Local Attachment Circuit (egress) Transmit Fault

0x00000008 Local PSN-facing PW (ingress) Receive Fault

0x00000010 Local PSN-facing PW (egress) Transmit Fault

0x00000020 PW Preferential Forwarding Status

0x00000040 PW Request Switchover Status

Defined in

RFC 4447

Used in PW redundancy

applications. Indicates PW in

Active or Standby state

MPLS

CE-1

Pseudowire

PE1 PE2

CE-2

LDP Notification

Message

PW Status TLV PW Status

Code

Defined in

draft-ietf-pwe3-redundancy-bit


MPLS PW Status Signaling Cisco IOS

62

7604-2#show mpls l2transport vc 2001 detail

Local interface: Gi2/4 up, line protocol up, Eth VLAN 2001 up

Destination address: 101.101.101.101, VC ID: 2001, VC status: up

Output interface: Gi2/2, imposed label stack {41}

Preferred path: not configured

Default path: active

Next hop: 10.10.2.101

Create time: 3d00h, last status change time: 3d00h

Signaling protocol: LDP, peer 101.101.101.101:0 up

Targeted Hello: 102.102.102.102(LDP Id) -> 101.101.101.101, LDP is UP

Status TLV support (local/remote) : enabled/supported

LDP route watch : enabled

Label/status state machine : established, LruRru

(snip)

Last local LDP TLV status sent: No fault

Last remote LDP TLV status rcvd: No fault

Last remote LDP ADJ status rcvd: No fault

MPLS VC labels: local 33, remote 41

PWID: 70065

(snip)

7604-1#show mpls l2transport vc 2001 detail | include Status

Status TLV support (local/remote) : enabled/not supported

7604-2#show mpls l2transport vc 2001 detail | include Status

Status TLV support (local/remote) : disabled/supported

pseudowire-class no-status

encapsulation mpls

no status

Both Local /

Remote PEs

support Status TLV

Status TLV support ON by

default

Can be disabled on a per PW

class basis

Status TLV not supported

by Remote PE

Status TLV disabled on

Local PE


MPLS PW Status Signaling Cisco IOS-XR

63

RP/0/RSP0/CPU0:ASR9000-2#show l2vpn xconnect neighbor 102.102.102.102 pw-id 111 detail

Group Cisco-Live, XC xc-sample-1, state is up; Interworking none


(snip)

PW: neighbor 102.102.102.102, PW ID 111, state is up ( established )

Encapsulation MPLS, protocol LDP

Source address 106.106.106.106

PW type Ethernet VLAN, control word disabled, interworking none

PW backup disable delay 0 sec

Sequencing not set

PW Status TLV in use

MPLS Local Remote

------------ ------------------------------ -----------------------------

Label 16010 22

Group ID 0x4000140 0x0

Interface GigabitEthernet0/0/0/2.100 *** To ME3400-24TS-1 gig0/1 ***

MTU 1500 1500

Control word disabled disabled

PW type Ethernet VLAN Ethernet VLAN

VCCV CV type 0x2 0x12

(LSP ping verification) (LSP ping verification)

VCCV CC type 0x6 0x6

(router alert label) (router alert label)

(TTL expiry) (TTL expiry)

------------ ------------------------------ -----------------------------

Incoming Status (PW Status TLV):

Status code: 0x0 (Up) in Notification message

Outgoing Status (PW Status TLV):

Status code: 0x0 (Up) in Notification message

(snip)

Both Local /

Remote PEs

support Status TLV

RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn)#pw-status ?

disable Disable PW status

Status TLV support ON by

default

Can be disabled globally under

l2vpn configuration

Advanced Topics Resiliency

Pseudowire Redundancy


High Availability in L2VPN Networks

IP Fast Re-Route (FRR) / MPLS FRR ‒ PSN core failure

Pseudowire Redundancy: ‒ PSN end-to-end routing failure – Redundant PEs

‒ PE failure – Redundant PEs

‒ Attachment circuit failure – AC Diversity

‒ CE failure – Redundant CEs

Solutions

Site 2 Site1

CE2a

CE2b

Attachment

Circuits

Attachment

Circuit Redundant

Pseudowire

Packet Switched

Network

Primary

Pseudowire 3

1

4 5 2

PE1

CE1

PE2a

PE2b

2

3

4

5

1

3


One-Way Pseudowire Redundancy

Allows dual-homing of one local

PE to one or two remote PEs

Two pseudowires - primary &

backup provide redundancy for a

single AC

Faults on the primary PW cause

failover to backup PW

Multiple backup PWs (different

priorities) can be defined

Alternate LSPs (TE Tunnels) can

be used for additional redundancy

Overview

CE1

Site X

CE2a

Site Y

CE2b

PE1 PE2

IP/MPLS

Primary PW

Backup PW

CE1

Site X Site Y

CE2a

PE1

PE2

PE3 IP/MPLS

CE1

Site X

CE2a

Site Y

CE2b

PE1

PE2

PE3 IP/MPLS


Extensions to PW status codes

‒ draft-ietf-pwe3-redundancy-bit

Allows PEs to signal local forwarding status of

the PW (Active or Standby)

A PW is selected for forwarding when

declared as Active by both PEs

Minimize service downtime during PW failover

‒ Backup PWs always signaled before failures and

held in Standby mode

Allows VCCV capability over a backup PW

‒ OAM over backup PWs

‒ SP monitors backup PWs prior to its usage

Pseudowire Redundancy Preferential Forwarding Status Bit

PE1

PE2

PE3 IP/MPLS

Active

Active

Standby

Active

Active Active

PW

Active Standby

Standby Active

Standby Standby



Failure 1 - Core failures handled by

IGP re-routing / IP/MPLS FRR do not

trigger pseudowire switchover

Failure 2 - Loss of route to remote PE

as notified by IGP (PE isolation)

Failure 3 - Loss of Remote PE

How to detect PE failures?

‒ LDP Fast Failure Detection (FFD) -

monitors IGP route availability of LDP peer

(2-3 sec or sub-sec with Fast IGP) (a.k.a.

Route-Watch)

‒ LDP session timeout (default = 3 x 30 sec)

‒ BFD timeout (multi-hop PE-to-PE BFD

session) (a.k.a. “xconnect client” feature)

Failure Protection Points

68

PE1

PE2

PE3 IP/MPLS

2 3

Multi-hop BFD

PE-PE

Monitor IGP route

1

LDP


Configuring Pseudowire Redundancy Cisco IOS






backup peer 106.106.106.106 170170

mtu 1500

CE1

Site X

CE2a

Site Y

CE2b

PE1 102.102.102.102

PE2 104.104.104.104

PE3 106.106.106.106

IP/MPLS

PW VC id

170

170170

7604-2#show xconnect peer 104.104.104.104 vcid 170

Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State

UP=Up DN=Down AD=Admin Down IA=Inactive

SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware

XC ST Segment 1 S1 Segment 2 S2

------+---------------------------------+--+---------------------------------+--

UP pri ac Gi2/4:170(Eth VLAN) UP mpls 104.104.104.104:170 UP

Primary PW in UP state






------+---------------------------------+--+---------------------------------+--

IA sec ac Gi2/4:170(Eth VLAN) UP mpls 106.106.106.106:170170 SB

Redundant PW in Standby state

hostname PE1

interface Loopback0

ip address 102.102.102.102 255.255.255.255

Redundant PW

configuration


Configuring Pseudowire Redundancy Cisco IOS XR

l2vpn


p2p xc-sample-6


neighbor 104.104.104.104 pw-id 180

pw-class sample-CW-ON

backup neighbor 102.102.102.102 pw-id 180180

pw-class sample-CW-ON

hostname PE1

interface Loopback0

ipv4 address 106.106.106.106 255.255.255.255

!




CE1

Site X

CE2a

Site Y

CE2b

PE1 106.106.106.106

PE2 104.104.104.104

PE3 102.102.102.102

IP/MPLS

PW VC id

180

180180

RP/0/RSP0/CPU0:ASR9000-2#show l2vpn xconnect group Cisco-Live xc xc-sample-6

Sun Apr 15 20:18:50.180 UTC

Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,

SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2

Group Name ST Description ST Description ST

------------------------ ----------------------------- -----------------------------

Cisco-Live xc-sample-6

UP Gi0/0/0/2.180 UP 104.104.104.104 180 UP

Backup

102.102.102.102 180180 SB

----------------------------------------------------------------------------------------


Redundant PW in Standby state

Redundant PW

configuration


PE1

PE2

PE3

PE4

Allows dual-homing of two local

PEs to two remote PEs

Four (4) pseudowires: 1 primary &

3 backup provide redundancy for

dual-homed devices

Two-Way PW redundancy coupled

with Multi-Chassis LAG (MC-LAG)

solution on the access side

‒ LACP state used to determine PW

AC state

‒ InterChassis Communication Protcol

(ICCP) used to synchronize LACP

states

Two-Way Pseudowire Redundancy Overview

CE1

Site X Site Y

CE2 IP/MPLS

Covered in BRKSPG-

2207, WED 12:30-2:30

ICCP ICCP

Advanced Topics Multi-Segment Pseudowires


Multi-Segment Pseudowires

T-PE – Terminating Provider Edge

‒ Customer facing PE, hosting the first or last

segment of a MS-PW

S-PE – Switching Provider Edge

‒ Switches control / data planes of preceding and

succeeding segments

‒ Control Word, sequencing, or original packet

header not examined

‒ VC labels swapped

‒ VC Type, MTU should match end-to-end

‒ One or more S-PEs can be used depending on

number of segments

MS-PW uses same signaling procedures and

TLVs described in RFC 4447

Separate IGP processes (or areas) for

separate MPLS Access networks

Overview

73

CE1

T-PE1 IP/MPLS

S-PE T-PE2 IP/MPLS

CE2

T-PE1 IP/MPLS

S-PE 1

T-PE2 IP/MPLS

S-PE 2 IP/MPLS


MPLS

Multi-Segment Pseudowires

Push Push

Label = 34

Label = 28

Payload Payload Payload

Label = 28

Payload

Label = 45

Payload

Pop Pop

VC and Tunnel

label imposition

VC Label

Tunnel Label

Penultimate Hop

Popping (PHP) VC label

disposition

MPLS CE-2

CE-1

Pseudowire 1

T-PE1 T-PE2

Traffic direction

PW switching point

VC labels swapped, new

Tunnel label pushed

S-PE

Label = 19

Label = 45

Payload

Swap Push

Pop

Targeted-LDP Targeted-LDP RSVP-TE / LDP RSVP-TE / LDP

Pseudowire 2


Configuring MS-PWs Cisco IOS

75

l2 vfi sample-ms-pw-1 point-to-point

neighbor 106.106.106.106 222190 encapsulation mpls







------+---------------------------------+--+---------------------------------+--

UP mpls 106.106.106.106:222190 UP mpls 102.102.102.102:111190 UP

7604-3#show xconnect peer 102.102.102.102 vcid 111190 detail





------+---------------------------------+--+---------------------------------+--

UP mpls 106.106.106.106:222190 UP mpls 102.102.102.102:111190 UP

Local VC label 65536 Local VC label 65549

Remote VC label 16029 Remote VC label 47

pw-class: pw-class:

CE1

T-PE1 102.102.102.102

S-PE 104.104.104.104

T-PE2 106.106.106.106

CE2 PW VC id

111190 222190

hostname S-PE

interface Loopback0

ip address 104.104.104.104 255.255.255.255

S-PE labels for

each PW segment

MS-PW


Configuring MS-PWs Cisco IOS XR

76

hostname S-PE

interface Loopback0

ipv4 address 106.106.106.106 255.255.255.255

l2vpn


p2p xc-sample-8

neighbor 102.102.102.102 pw-id 111200

!

neighbor 104.104.104.104 pw-id 222200

RP/0/RSP0/CPU0:ASR9000-2#show l2vpn xconnect group Cisco-Live xc-name xc-sample-8

Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,

SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect Segment 1 Segment 2

Group Name ST Description ST Description ST

------------------------ ----------------------------- -----------------------------

Cisco-Live xc-sample-8

UP 102.102.102.102 111200 UP 104.104.104.104 222200 UP

----------------------------------------------------------------------------------------

CE1

T-PE1 102.102.102.102

S-PE 106.106.106.106

T-PE2 104.104.104.104

CE2 PW VC id

111200 222200

MS-PW

Advanced Topics L2VPN Inter – Autonomous Systems (I-AS)


L2VPN Inter-AS

Three (3) deployment models

Option A

‒ No reachability information shared between AS

Option B

‒ Minimal reachability information shared

between AS

‒ ASBR configured as S-PEs (multi-segment

PWs)

‒ eBGP (IPv4 prefix + label) used to build PSN

tunnel between AS

Option C

‒ Significant reachability information shared

between AS

‒ Single-segment PW signaled across AS

boundary

PE1 IP/MPLS

ASBR1

PE2 IP/MPLS

ASBR2 AS X AS Y

Option C

LDP/RSVP-TE LDP/RSVP-TE eBGP (IPv4+Label)

Targeted-LDP

PE1 IP/MPLS

ASBR1

PE2 IP/MPLS

ASBR2 AS X AS Y

Option A

LDP/RSVP-TE LDP/RSVP-TE PW AC Native Ethernet

Targeted-LDP Targeted-LDP

PE1 IP/MPLS

ASBR1

PE2 IP/MPLS

ASBR2 AS X AS Y

Option B

LDP/RSVP-TE LDP/RSVP-TE eBGP (IPv4+Label)

Targeted-LDP Targeted-LDP Targeted-LDP

Use Cases Data Center Interconnect – Catalyst 6500


Data Center Interconnect with VPLS

DC WAN Edge device (Catalyst 6500) implements VPLS with Advanced –VPLS (A-VPLS) for DCI

applications

A-VPLS provides:

‒ Single-Chassis (Virtual) Redundancy solution – Virtual Switching System (VSS)

‒ Multichassis EtherChannel (MEC)

‒ Flow-based load balancing over Pseudowire using Flow Label

‒ Simplified configuration

DC 1 DC 2

Access Agg

WAN Edge

WAN

Catalyst 6500

SiSi

SiSi

SiSi

SiSi

Catalyst 6500

Covered in BRKDCT-

2011, MON 8:00 - 9:30


Data Center Interconnect with VPLS Sample Configuration – Catalyst 6500

83

Single PW per Vlan per

VSS pair

PE1 10.0.0.1

VSS

Note: Complete Virtual Switching System (VSS) / Multichassis EtherChannel (MEC) configuration not shown

SiSi

SiSi

SiSi

SiSi

VFI VFI

PE2 10.0.0.2

VFI VFI

PW VC id 80

Multichassis

EtherChannel

(MEC)

hostname PE1

!

interface Loopback0

ip address 10.0.0.1 255.255.255.255

!

pseudowire-class sample-class

encapsulation mpls

load-balance flow

flow-label enable

interface virtual-ethernet 1

transport vpls mesh

neighbor 10.0.0.2 pw-class sample-class

switchport


switchport trunk allowed vlan 80,81

interface port-channel50

switchport



PE 1 hostname PE2

!

interface Loopback0

ip address 10.0.0.2 255.255.255.255

!

pseudowire-class sample-class

encapsulation mpls

load-balance flow

flow-label enable

interface virtual-ethernet 1

transport vpls mesh

neighbor 10.0.0.1 pw-class sample-class

switchport



interface port-channel50

switchport



PE 2

81

Virtual Ethernet interface

modeled as Switchport

trunk towards VFIs

Use Cases Mobile Backhaul – Legacy TDM / ATM Transport


Mobile Backhaul over Converged Packet Networks

Incumbent Operators

‒ GSM and UMTS traffic remains on existing SDH transport

‒ Transport for HSPA, eHSPA, LTE deployed on packet-based infrastructure

‒ Legacy equipment upgraded/migrated to IP only due to traffic increase

Challengers

‒ Wanting to move from leasing SDH transport

‒ Migrate GSM (TDM) & UMTS (ATM) traffic to packet-based infrastructure

‒ TDM (SAToP, CESoPSN) and ATM (ATM PWE3) over MPLS used to support legacy interfaces

‒ Transport for HSPA, eHSPA, LTE deployed on packet-based infrastructure

Challengers or Incumbent Operators

‒ GSM traffic remains on existing SDH transport

‒ Leasing SDH transport acceptable with no expectancy of traffic growth

‒ All other transport (3G UMTS/ATM (PWE3), 3G UMTS/IP, HSPA, eHSPA, LTE) deployed on a packet-based

infrastructure

‒ NodeBs to IP NodeB upgrade will migrate from ATM PWE3 to native IP transport on same network

Migration Options


TDM / ATM PW Backhaul

87

Cell

Site

Access

Layer

Aggregation

Layer

GE Ring

BSC RNC

10 GE Ring

Aggregation node Distribution node

Cell site

Router

Pre-Aggregation

Layer

TDM (CESoPSN,SAToP) & ATM (VC,VP) PWE3

L2 Rings or Point-to-Point IP/MPLS

TDM & ATM PWE3

S-PE

MS-PW

10GE 10GE STM1 STM1 GE TDM / ATM

L2 P2P or rings

REP/MSTP/dot1q

L2 Rings or Point-to-Point

IP / MPLS IP/MPLS MS-PW

10GE 10GE STM1 STM1 GE TDM / ATM

IP / MPLS RAN Access

IP / MPLS

Multi-Segment PWs

deployed to minimize

reachability information

down to cell site router

TDM / ATM PW

Backhaul with Layer 2

(Ethernet) Access

TDM / ATM PW

Backhaul with MPLS in

Access


Summary

Ethernet-based WAN services, Data Center Interconnect and Mobile

Backhaul are the key applications driving deployments of L2VPN today

MPLS-based Layer 2 VPNs are fairly mature and have been deployed by

Service Providers and Enterprises around the globe

L2VPNs can be deployed addressing key requirements including:

Resiliency, Auto-Discovery, OAM and Inter-AS


Complete Your Online

Session Evaluation Give us your feedback and you

could win fabulous prizes.

Winners announced daily.

Receive 20 Passport points for each

session evaluation you complete.

Complete your session evaluation

online now (open a browser through

our wireless network to access our

portal) or visit one of the Internet

stations throughout the Convention

Center.

Don’t forget to activate your

Cisco Live Virtual account for access to

all session material, communities, and

on-demand and live activities throughout

the year. Activate your account at the

Cisco booth in the World of Solutions or visit

www.ciscolive.com.

89

http://www.ciscolive.com


Final Thoughts

Get hands-on experience with the Walk-in Labs located in World of

Solutions, booth 1042

Come see demos of many key solutions and products in the main Cisco

booth 2924

Visit www.ciscoLive365.com after the event for updated PDFs, on-

demand session videos, networking, and more!

Follow Cisco Live! using social media:

‒ Facebook: https://www.facebook.com/ciscoliveus

‒ Twitter: https://twitter.com/#!/CiscoLive

‒ LinkedIn Group: http://linkd.in/CiscoLI

90

http://www.ciscolive365.com/

https://www.facebook.com/ciscoliveus

https://twitter.com/

http://linkd.in/CiscoLI

© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public


Discovery LDP-based Signaling

Backup Slides


VPWS (EoMPLS) LDP Signaling Cisco IOS XR

93

hostname PE1

!

interface Loopback0

ipv4 address 106.106.106.106 255.255.255.255

l2vpn


p2p xc-sample-1


neighbor 102.102.102.102 pw-id 111

p2p xc-sample-2


neighbor 102.102.102.102 pw-id 222

p2p xc-sample-3


neighbor 102.102.102.102 pw-id 333





encapsulation dot1q 999-1010

rewrite ingress tag push dot1q 888 symmetric

Single-tagged

VLAN traffic to PW Single-tagged

range VLAN traffic

to PW


l2transport

Entire port

traffic to PW

MPLS Core CE2

GigabitEthernet0/0/0/2

PE1 106.106.106.106

PE2 102.102.102.102

PW VC id

CE1

GigabitEthernet0/0/0/6

111

222 333

OR


VPLS LDP Signaling / Manual provisioning Cisco IOS XR

94

MPLS Core

CE1

GigabitEthernet0/0/0/14.101 l2vpn


bridge-domain bd101


vfi vfi101

vpn-id 1111




PE1 192.0.0.1

PE2 192.0.0.2

PE3 192.0.0.3

PE4 192.0.0.4

PW VC id

VPN ID defined per VFI or

on a per-neighbor basis

2222

3333

1111

Protocol-based CLI:

EFPs, PWs and VFI

as members of

Bridge Domain

hostname PE1

!

interface Loopback0

ipv4 address 192.0.0.1 255.255.255.255

!



rewrite ingress tag pop 1 symmetric VFI


hostname PE1

!

interface Loopback0

ip address 192.0.0.1 255.255.255.255

!

l2 vfi sample-vfi manual

vpn id 1111

neighbor 192.0.0.2 encapsulation mpls



!

interface Vlan300


VPLS LDP Signaling / Manual provisioning Cisco IOS

95

MPLS Core

CE1

GigabitEthernet2/4

PE1 192.0.0.1

PE2 192.0.0.2

PE3 192.0.0.3

PE4 192.0.0.4

PW VC id

2222

3333

1111

VPN ID defined per VFI or

on a per-neighbor basis





bridge-domain 300




Bridge-Domain or

VLAN/switchport

configurations

VFI associated to

VLAN interface (SVI)

via xconnect cmd

Core PWs

Full-mesh

OR

VFI


VPWS (EoMPLS) LDP Signaling Cisco IOS (Port-based services)

96

MPLS Core CE2

GigabitEthernet2/4

PE1 106.106.106.106

PE2 102.102.102.102

PW VC id

CE1

GigabitEthernet2/5

222

hostname PE1

!

interface Loopback0

ip address 106.106.106.106 255.255.255.255



encapsulation default




interface Vlan 300


!


switchport mode dot1q-tunnel

switchport access vlan 300

interface Vlan 300


!



encapsulation default

bridge-domain 300

Main interface

based xconnect

Service-Instance

(EFP) based xconnect

(encap default)


based xconnect +

Switchport dot1q-tunnel


based xconnect +

Service instance BD

OR

OR

OR


hostname PE1

!

interface Loopback0

ip address 192.0.0.1 255.255.255.255

!

l2 vfi sample-vfi manual

vpn id 1111

neighbor 192.0.0.2 encapsulation mpls



neighbor 192.0.0.5 5555 encapsulation mpls no-split-horizon


!

interface Vlan300


H-VPLS LDP Signaling / Manual provisioning Cisco IOS

97

MPLS Core

CE2

PE1 192.0.0.1

PE2 192.0.0.2

PE3 192.0.0.3

PE4 192.0.0.4

PW VC id

2222

3333

1111

u-PE2 192.0.0.6

u-PE1 192.0.0.5

CE3

CE1

2/4

Spoke

PWs

5555

5555





bridge-domain 300




Bridge-Domain or

VLAN/switchport

configurations

OR

VFI


Discovery BGP-based AutoDiscovery (BGP-AD)

Backup Slides


hostname PE1

!

interface Loopback0

ip address 102.102.102.102 255.255.255.255

!

l2 vfi sample-vfi autodiscovery

vpn id 300

vpls-id 100:300



H-VPLS LDP Signaling and BGP-AD / Manual provisioning

Cisco IOS

99

Manually

provisioned

Spoke PWs

MPLS Core

CE2

PE3 192.0.0.3

PE4 192.0.0.4

PW VC id

u-PE2 192.0.0.6

u-PE1 192.0.0.5

CE3

CE1

2/4

5555

5555

Manual

PE1 102.102.102.102

PE2 104.104.104.104

100:300

100:300

100:300

BGP AS 100

BGP Auto-Discovery

VFI


hostname PE1

!

l2vpn


bridge-domain bd101


!


!


!

vfi vfi101

vpn-id 11101

autodiscovery bgp

rd auto


signaling-protocol ldp

vpls-id 100:101

H-VPLS LDP Signaling and BGP-AD / Manual provisioning

Cisco IOS XR

100

Manually

provisioned

Spoke PWs

MPLS Core

CE2

PE3 192.0.0.3

PE4 192.0.0.4

PW VC id

100:101

100:101

u-PE2 192.0.0.6

u-PE1 192.0.0.5

CE3

CE1

0/0/0/2

5555

5555

Manual BGP AS 100

BGP Auto-Discovery

100:101

PE1 106.106.106.106

PE2 110.110.110.110

VFI


l2vpn vfi context sample-vfi

vpn id 300

autodiscovery bgp signaling ldp

vpls-id 100:300

!

bridge-domain 300

member vfi sample-vfi

member GigabitEthernet2/4 service instance 333

VPLS LDP Signaling and BGP-AD Cisco IOS (NEW Protocol-based CLI)

101

hostname PE1

!

interface Loopback0

ip address 102.102.102.102 255.255.255.255

!

router bgp 100

bgp router-id 102.102.102.102



!




exit-address-family


VPLS VFI attributes






MPLS Core

CE1

GigabitEthernet2/4

PE1 102.102.102.102

PE2 104.104.104.104

PE3 192.0.0.3

PE4 192.0.0.4

PW VC id

100:300

100:300

100:300

BGP AS 100

BGP Auto-Discovery Bridge Domain-

based Configuration

VFI

Advanced Topics Resiliency

Pseudowire Redundancy

Backup Slides


Site 2 Site1

High Availability in L2VPN Networks

PSN core failure

PSN end-to-end routing failure (PE isolation)

PE failure (HW or SW fault)

Attachment circuit failure (line break)

CE failure (HW or SW fault)

Potential Faults

PE1

CE2a

CE1

PE2a

Attachment

Circuit

Attachment

Circuit

2 3 4 5

Packet Switched

Network

1

Pseudowire

2

3

4

5

1

3



Control is on dual-homed PE side, via

static configuration

Signaling:

‒ If PEs support LDP PW status per

RFC4447, backup PW is signaled (up in

control-plane, down in data-plane)

‒ If PEs do not support PW status, backup

PW is not signaled in the control-plane

Failover operation:

‒ Upon primary PW failure, failover is

triggered after a configurable delay

(seconds) – Initial delay

‒ Upon recovery, system reverts to primary

PW after configurable delay (seconds) –

Wait Time to Restore delay

Operation

104

PE1

PE2

PE3 PW switchover

2 3

Monitor Primary

PW failure

Primary

PW

Backup

PW

4


Configuring Pseudowire Redundancy Cisco IOS – BFD-based Fast Failure Detection (FFD)

CE1

Site X

CE2a

Site Y

CE2b

PE1 102.102.102.102

PE2 104.104.104.104

PE3 106.106.106.106

IP/MPLS

170

170170

Single multi-hop BFD session

between pair of PEs

PE-PE BFD session





xconnect 104.104.104.104 170 pw-class bfd-ffd

backup peer 106.106.106.106 170170

mtu 1500

bfd map ipv4 104.104.104.104/32

102.102.102.102/32 mh-sample

!

bfd-template multi-hop mh-sample

interval min-tx 200 min-rx 200 multiplier 3

!

pseudowire-class bfd-ffd

encapsulation mpls

monitor peer bfd

PE 1

bfd map ipv4 102.102.102.102/32

104.104.104.104/32 mh-sample

!

bfd-template multi-hop mh-sample

interval min-tx 200 min-rx 200 multiplier 3

!

pseudowire-class bfd-ffd

encapsulation mpls

monitor peer bfd





xconnect 102.102.102.102 170 pw-class bfd-ffd

PE 2

BFD template and BFD map

used to define session endpoints

PW-class defined to include

xconnect as client of BFD

session


Customizing Timers Cisco IOS

106

7604-2#

Apr 15 20:28:06.922: %XCONNECT-5-PW_STATUS: MPLS peer 104.104.104.104 vcid 170,

VC state STANDBY

Apr 15 20:28:16.926: %XCONNECT-5-REDUNDANCY: Activating primary member

104.104.104.104:170

Apr 15 20:28:16.926: %XCONNECT-5-PW_STATUS: MPLS peer 106.106.106.106 vcid

170170, VC state STANDBY


VC state UP

7604-2(cfg-if-ether-vc-xconn)#backup delay ?

<0-180> Enable delay

7604-2(cfg-if-ether-vc-xconn)#backup delay 3 ?

<0-180> Disable delay

never Disallow disable





backup peer 106.106.106.106 170170

backup delay 3 10

7604-2#


VC state DOWN, PW Err

Apr 15 20:27:03.962: %XCONNECT-5-REDUNDANCY: Activating secondary member

106.106.106.106:170170


170170, VC state UP

CE1

Site X

CE2a

Site Y

CE2b

PE1 102.102.102.102

PE2 104.104.104.104

PE3 106.106.106.106

IP/MPLS

PW VC id

170

170170

Debounce Timer – how long to

wait before activating backup PW

(zero = immediately)

WTR Timer – how long to wait

before reverting back to primary

PW (zero = immediately; never =

non-revertive)

Primary PW failure:

Backup PW activated 3 sec after

Primary PW failure

Primary PW recovery:

Primary PW activated 10 sec

after its recovery


PW Redundancy – Manual Switchover Cisco IOS

107

7604-2#

Apr 15 21:29:33.717: %XCONNECT-5-REDUNDANCY: Activating secondary member

106.106.106.106:170170


VC state STANDBY


170170, VC state UP

7604-2#show mpls l2transport vc

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------

Gi2/4 Eth VLAN 170 106.106.106.106 170170 UP

7604-2#xconnect backup force-switchover peer 106.106.106.106 170170

7604-2#show mpls l2transport vc 170


------------- -------------------------- --------------- ---------- ----------

Gi2/4 Eth VLAN 170 104.104.104.104 170 UP

7604-2#show mpls l2transport vc 170170


------------- -------------------------- --------------- ---------- ----------

Gi2/4 Eth VLAN 170 106.106.106.106 170170 STANDBY

EXEC-level command issued to

force switchover to the Backup

PW

CE1

Site X

CE2a

Site Y

CE2b

PE1 102.102.102.102

PE2 104.104.104.104

PE3 106.106.106.106

IP/MPLS

PW VC id

170

170170

Backup PW activated

Primary PW in standby mode

Initial state:


Backup PW in Standby mode


Two-Way Pseudowire Redundancy

VPWS / H-VPLS – Two-way Coupled

‒ When AC changes state to Active1,

both PWs will advertise Active

‒ When AC changes state to Standby1,

both PWs will advertise Standby

H-VPLS – Two-way Decoupled

‒ Regardless from AC state, Primary

PW and Backup PWs will advertise

Active state

For H-VPLS, all PWs in VFI (at nPE)

are Active simultaneously, for both

access & core PWs

Determining Pseudowire State

108

(1) Active / Standby AC states determined for example by mLACP

Active Active

Active

Standby Standby

Standby

pseudowire-class <class name>

encapsulation mpls

status peer topology dual-homed

Active Active

Active

Standby Active

Active

pseudowire-class <class name>

encapsulation mpls

status peer topology dual-homed

status decoupled


Two-Way Pseudowire Redundancy

VPLS – Two-way Coupled

‒ When at least 1 AC in VFI changes

state to Active, all PWs in VFI will

advertise Active

‒ When all ACs in VFI change state to

Standby, all PWs in VFI will advertise

Standby mode

VPLS – Two-way Decoupled

‒ Regardless from AC states, all PWs

in VFI will advertise Active state

Determining Pseudowire State (Cont.)

109

Default behavior – no extra CLI

Active

Active

Active

Active Standby

Standby

Standby

Standby

Standby

Standby

Standby Standby

Active

Active

Active

Active Standby

Standby

Standby

Standby

Standby

Active

Active

Active

l2 vfi <vfi name> manual

vpn id <vpn id>

status decoupled

neighbor <neighbor ip address>

neighbor <neighbor ip address>

Advanced Topics L2VPN and MPLS Traffic Engineering

Backup Slides


MPLS Traffic Engineering

Introduces explicit routing

‒ Uses RSVP-TE to establish LSPs

‒ Uses ISIS / OSPF extensions to

advertise link attributes

Supports constraint-based routing

Supports admission control

Provides protection capabilities

Multiple traffic selection options

Overview

TE LSP

IP/MPLS

Fish Problem


R2

R1

R8

IP/MPLS

R2

R1

R8

IP/MPLS

R2

R1

R8

IP/MPLS

R2

R1

R8

IP/MPLS

MPLS TE Deployment Models

Bandwidth Optimization Strategic Tactical

Protection Point-to-Point SLA


MPLS Traffic Engineering

Couples Layer-2 VPNs with MPLS

TE

Static mapping between PW and TE

Tunnel on PE

Implies PE-to-PE TE deployment

TE tunnel defined as preferred path

for pseudowire

Traffic could fall back to peer LSP if

tunnel goes down

AToM Tunnel Selection

Low Latency LSP

R2

R8

IP / MPLS

CE1a

CE2a

Protected LSP

CE1b

CE2b


7604-2(config-pw-class)#preferred-path interface ?

Tunnel Tunnel interface

Tunnel-tp MPLS Transport Profile interface

AToM Tunnel Selection Cisco IOS

114

pseudowire-class sample-Tunnel-select

encapsulation mpls

preferred-path interface Tunnel200





xconnect 106.106.106.106 150 encapsulation mpls pw-class sample-Tunnel-select

mtu 1500

Tunnel Selection preferred-path

interface configured under PW

class

7604-2#show mpls l2transport vc 150 detail

Local interface: Gi2/4 up, line protocol up, Eth VLAN 150 up

Interworking type is Ethernet

Destination address: 106.106.106.106, VC ID: 150, VC status: up

Output interface: Tu200, imposed label stack {65550 16025}

Preferred path: Tunnel200, active

Default path: ready

Next hop: point2point

Create time: 01:17:27, last status change time: 01:05:29

(snip)

PW in UP state and mapped to

an egress Tunnel interface


AToM Tunnel Selection Cisco IOS XR

115

l2vpn

pw-class sample-Tunnel-select

encapsulation mpls

preferred-path interface tunnel-te 200

xxx

RP/0/RSP0/CPU0:ASR9000-2#show l2vpn xconnect group Cisco-Live xc-name xc-sample-4 detail

Group Cisco-Live, XC xc-sample-4, state is up; Interworking none


(snip)

PW: neighbor 102.102.102.102, PW ID 150, state is up ( established )

PW class sample-Tunnel-select, XC ID 0xc0000009

Encapsulation MPLS, protocol LDP

Source address 106.106.106.106

PW type Ethernet, control word enabled, interworking none

PW backup disable delay 0 sec

Sequencing not set

Preferred path tunnel TE 200, fallback enabled

(snip)

PW in UP state and mapped to

an egress Tunnel interface

l2vpn


p2p xc-sample-4


neighbor 102.102.102.102 pw-id 150

pw-class sample-Tunnel-select

RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-mpls)#preferred-path interface ?

tunnel-ip Specify IP tunnel interface name for preferred path

tunnel-te Specify TE tunnel interface name for preferred path

tunnel-tp Specify TP tunnel interface name for preferred path

Tunnel Selection preferred-path

interface configured under PW

class

Documents

Deploying MPLS-Based Layer 2 Virtual