Upload
nthhtn
View
379
Download
22
Tags:
Embed Size (px)
Citation preview
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Deploying MPLS-based Layer 2 Virtual
Private Networks BRKMPL-2101
2
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Abstract
This breakout session covers the fundamental and advanced topics associated
with the deployment of Layer 2 VPNs over an MPLS network.
The material presents a technology overview with an emphasis on ethernet-
based point-to-point and multipoint VPNs. Session content then focuses on
deployment considerations including: Signaling/Auto-discovery, OAM,
Resiliency and Inter-AS.
The attendee can expect to see sample configurations (IOS and IOS-XR)
associated with the provisioning of L2VPNs.
This is an intermediate-level course that requires familiarity with MPLS.
Previous attendance of session BRKMPL-1101, "Introduction to MPLS," is
highly recommended.
This session is intended for service providers and enterprise customers
deploying L2VPNs over their MPLS network.
3
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Agenda
Layer 2 VPN Motivation and Overview
VPWS Reference Model
VPLS Reference Model
Pseudowire (PW) Signaling and PE Auto-Discovery
Advanced Topics
Use Cases
Summary
4
L2VPN Motivation and Overview
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Motivation for L2VPNs
Network Consolidation (circa 2000)
‒ Multiple access services (FR, ATM, TDM)
required multiple core technologies
Enterprise Ethernet WAN Connectivity
Services (circa 2005+)
‒ Ethernet well understood by Enterprise / SPs
‒ CAPEX (lower cost per bit) / Growth (100GE)
‒ Layer 2 VPN replacement to ATM/Frame Relay
‒ Layer 3 VPN access (CE to PE)
Data Center Interconnection (DCI)
Mobile Backhaul Evolution
‒ TDM /PDH to Dual/Hybrid to All-packet
(IP/Ethernet)
‒ Single (voice + data) IP/Ethernet mobile
backhaul universally accepted solution
Old and New Drivers
Access
IP/IPSec
FR/ATM
Broadband
TDM
IP/IPSec
FR/ATM
Broadband
TDM
IP or MPLS
ATM
SONET / SDH
Access
L1 service
L2 service
L3 service
Typical Service Provider (circa 2000)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Ethernet
Unmuxed UNI
Ethernet Private Line (EPL)
Ethernet Virtual Private Line (EVPL)
Ethernet Private LAN (EPLAN)
Ethernet Virtual Private LAN (EVPLAN)
Muxed UNI
Muxed UNI
Unmuxed UNI
Service Offerings L2VPN Transport Services
Muxed UNI
FR over Pseudowire
Frame Relay
Unmuxed UNI
PPP/HDLC over Pseudowire
PPP/HDLC
Virtual Private LAN
Service (VPLS)
ATM
Muxed UNI
AAL5 over Pseudowire
Cell Relay with Packing over Pseudowire
Muxed UNI
Virtual Private Wire Service (VPWS)
TDM
Muxed UNI
Circuit Emulation Service over PSN (CESoPSN)
Structure Agnostic TDM over Packet (SAToP)
Muxed UNI
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Layer 2 VPN Enabler
L2VPNs are built with Pseudowire
(PW) technology
PWs provide a common
intermediate format to transport
multiple types of network services
over a Packet Switched Network
(PSN)
PW technology provides Like-to-
Like transport and also
Interworking (IW)
The Pseudowire
Ethernet
ATM
TDM PPP/HDLC
FR
Pseudowire
Provider Edge
Packet
Switched
Network
Provider Edge
Virtual Private Wire Service (VPWS) Overview
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Pseudowire Reference Model
Any Transport Over MPLS (AToM) is Cisco’s implementation of VPWS for IP/MPLS networks
An Attachment Circuit (AC) is the physical or virtual circuit attaching a CE to a PE
Customer Edge (CE) equipment perceives a PW as an unshared link or circuit
Ref: RFC 3985 Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture, March 2005
Emulated Layer-2 Service
Pseudowire (PW)
PSN Tunnel
PE PE
CE
CE
CE
CE PW2
PW1
Native Service
Native Service
AC
AC
AC
AC
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Layer 2 Transport over MPLS
Targeted LDP session / BGP session / Static
‒ Used for VC-label negotiation, withdrawal, error notification
The “emulated circuit” has three (3) layers of encapsulation
Tunnel header (Tunnel Label)
‒ To get PDU from ingress to egress PE
‒ MPLS LSP derived through static configuration (MPLS-TP) or dynamic (LDP or
RSVP-TE)
Demultiplexer field (VC Label)
‒ To identify individual circuits within a tunnel
‒ Could be an MPLS label, L2TPv3 header, GRE key, etc.
Emulated VC encapsulation (Control Word)
‒ Information on enclosed Layer 2 PDU
‒ Implemented as a 32-bit control word
Demultiplexing Component
Tunnelling Component
Layer 2 Encapsulation
Control Connection
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Length Sequence Number 0 0 0 0 Flags
EXP TTL (Set to 2) 1 VC Label (VC)
EXP TTL 0 Tunnel Label (IGP-LDP or RSVP-TE)
Layer 2 PDU
0
0
FRG
VC Label
Tunnel Label
Control Word
VPWS Traffic Encapsulation
Three-level encapsulation
Packets switched between PEs using Tunnel label
VC label identifies PW
VC label signaled between PEs
Optional Control Word (CW) carries Layer 2 control bits
and enables sequencing
Control Word
Encap. Required
ATM N:1 Cell Relay
No
ATM AAL5 Yes
Ethernet No
Frame Relay
Yes
HDLC No
PPP No
SAToP Yes
CESoPSN Yes
2
0
2
3
3
1
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
MPLS
CE-2 CE-1
Pseudowire
P1 P2
PE1 PE2
Traffic direction
VPWS Forwarding Plane Processing
Payload
Push Push
Label = 34
Label = 28
Payload
VC and Tunnel
label imposition
VC Label
Tunnel Label
Label = 28
Payload
Pop
Penultimate Hop
Popping (PHP)
Payload
Pop
VC label
disposition
Label = 45
Label = 28
Payload
Swap
Tunnel label
swapping through
MPLS cloud
Virtual Private Wire Service (VPWS) Ethernet over MPLS (EoMPLS)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
How Are Ethernet Frames Transported?
Ethernet frames transported without Preamble, Start Frame Delimiter
(SFD) and FCS
Two (2) modes of operation supported:
‒ Ethernet VLAN mode (VC type 0x0004) – created for VLAN over MPLS application
‒ Ethernet Port / Raw mode (VC type 0x0005) – created for Ethernet port tunneling application
LSP Label
VC Label
Ethernet Header
Ethernet Payload
Ethernet Payload DA SA Length/Type
FCS Preamble 802.1q
tag
0x8847 DA’ SA’ FCS’
Original Ethernet Frame
MPLS
E-Type
Control Word
4B 4B 4B (optional)
MPLS-encapsulated Ethernet Frame
MPLS Stack AToM Header
6B 6B 4B (optional) 2B
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Ethernet PW VC Type Negotiation
Cisco devices by default will
generally attempt to bring up an
Ethernet PW using VC type 5
If rejected by remote PE, then VC
type 4 will be used
Alternatively, Cisco device can be
manually configured to use either
VC type 4 or 5
Cisco IOS
7604-2(config-pw-class)#interworking ?
ethernet Ethernet interworking
ip IP interworking
vlan VLAN interworking
7604-2#show running-config
pseudowire-class test-pw-class-VC4
encapsulation mpls
interworking vlan
!
pseudowire-class test-pw-class-VC5
encapsulation mpls
interworking ethernet
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Ethernet PW VC Type Negotiation
Cisco devices by default will
generally attempt to bring up an
Ethernet PW using VC type 5
If rejected by remote PE, then VC
type 4 will be used
Alternatively, Cisco device can be
manually configured to use either
VC type 4 or 5
Cisco IOS-XR
RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-
mpls)#transport-mode ?
ethernet Ethernet port mode
vlan Vlan tagged mode
RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-
mpls)#transport-mode vlan ?
passthrough passthrough incoming tags
RP/0/RSP0/CPU0:ASR9000-2#show running-config l2vpn
l2vpn
pw-class test-pw-class-VC4
encapsulation mpls
transport-mode vlan
pw-class test-pw-class-VC4-passthrough
encapsulation mpls
transport-mode vlan passthrough
pw-class test-pw-class-VC5
encapsulation mpls
transport-mode ethernet
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Introducing Cisco EVC Framework Functional Highlights
Service Abstraction
Multiplexed Forwarding services
Flexible Service
Mapping
EVC Framework
Advanced Frame
Manipulation
Flexible service delimiters
• Single-tagged, Double-tagged
• VLAN Lists, VLAN Ranges
• Header fields (COS, Ethertype)
Ethernet Service Layer • Ethernet Flow Point (EFP)
• Ethernet Virtual Circuit (EVC)
• Bridge Domain (BD)
• Local VLAN significance
VLAN Header operations -VLAN Rewrites
• POP
• PUSH
• SWAP
ANY service – ANY port
• Layer 2 Point-to-Point
• Layer 2 Multipoint
• Layer 3
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Encapsulation Adjustment Considerations
VLAN tags can be added, removed
or translated prior to VC label
imposition or after disposition
‒ Any VLAN tag(s), if retained, will
appear as payload to the VC
VC label imposition and service
delimiting tag are independent from
EVC VLAN tag operations
‒ Dummy VLAN tag – RFC 4448 (sec
4.4.1)
VC service-delimiting VLAN-ID is
removed before passing packet to
Attachment Circuit processing
EoMPLS PW VC Type and EVC VLAN Rewrites
19
MPLS Imposition
MPLS Disposition
PW
POP 1
VLAN tag
AC
EVC VLAN
Rewrite
(Egress)
MPLS Label
Disposition
VC
Type
5 4
AC PW
MPLS Label
Imposition
PUSH 1
VLAN tag
VC
Type
EVC VLAN
Rewrite
(Ingress)
5
4
Dummy
VLAN tag
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Encapsulation Adjustment Considerations VC 5 and EVC Rewrites
Single-tagged frame
Double-tagged frame
MPLS CE-1
PE1 104.104.104.104
PE2 102.102.102102 CE-2
l2vpn
pw-class class-VC5
encapsulation mpls
transport-mode ethernet
xconnect group Cisco-Live
p2p xc-sample-1
interface GigabitEthernet0/0/0/2.100
neighbor 102.102.102.102 pw-id 111
pw-class class-VC5
interface GigabitEthernet2/2
service instance 3 ethernet
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 111 encap mpls pw-class class-VC5
10
tag 10 tag
10
tag 10
Pseudowire VC Type 5
pseudowire-class class-VC5
encapsulation mpls
interworking ethernet
interface GigabitEthernet0/0/0/2.100 l2transport
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
IOS-XR
IOS •POP VLAN 10
•No Push of Dummy tag (VC 5)
•No service-delimiting vlan
expected (VC 5)
•PUSH VLAN 10
MPLS label
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Encapsulation Adjustment Considerations VC 4 and EVC Rewrites
Single-tagged frame
Double-tagged frame
MPLS CE-1
PE1 104.104.104.104
PE2 102.102.102102 CE-2
l2vpn
pw-class class-VC4
encapsulation mpls
transport-mode vlan
xconnect group Cisco-Live
p2p xc-sample-1
interface GigabitEthernet0/0/0/2.100
neighbor 102.102.102.102 pw-id 111
pw-class class-VC4
interface GigabitEthernet2/2
service instance 3 ethernet
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 111 encap mpls pw-class class-VC4
10
tag 10 tag
10
tag 10
Pseudowire VC Type 4
pseudowire-class class-VC4
encapsulation mpls
interworking vlan
interface GigabitEthernet0/0/0/2.100 l2transport
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
IOS-XR
IOS •POP VLAN 10
•Push Dummy tag (VC 4)
•POP service-delimiting
vlan (VC 4)
•PUSH VLAN 10
MPLS label
Dummy
Dummy
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
MTU Considerations
No payload fragmentation supported
Incoming PDU dropped
if MTU exceeds AC MTU
PEs exchange PW payload MTU as
part of PW signaling procedures
‒ Both ends must agree to use same
value for PW to come UP
‒ PW MTU derived from AC MTU
No mechanism to check Backbone
MTU
‒ MTU in the backbone must be large
enough to carry PW payload and
MPLS stack
22
MPLS
CE-1
Pseudowire
PE1 PE2
CE-2
AC MTU
PE MTU Intra
backbone
MTU
PW payload
MTU signaled
between PEs
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Ethernet MTU Considerations
Interface MTU configured as largest
ethernet payload size
‒ 1500B default
‒ Sub-interfaces / Service Instances
(EFPs) MTU always inherited from
main interface
PW MTU used during PW signaling
‒ By default, inherited from attachment circuit
MTU
‒ Submode configuration CLI allows MTU values
to be set per subinterface/EFP in xconnect
configuration mode (only for signaling
purposes)
‒ No MTU adjustments made for EFP rewrite
(POP/PUSH) operations
Cisco IOS
interface GigabitEthernet0/0/4
description Main interface
mtu 1600
interface GigabitEthernet0/0/4.1000
encapsulation dot1Q 1000
xconnect 106.106.106.106 111 encapsulation mpls
mtu 1500
ASR1004-1#show int gigabitEthernet 0/0/4.1000 | include MTU
MTU 1600 bytes, BW 100000 Kbit/sec, DLY 100 usec,
Sub-interface MTU
inherited from Main
interface
PW MTU used during
signaling can be
overwritten
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Ethernet MTU Considerations
Interface / sub-interface MTU
configured as largest frame size – FCS
(4B)
‒ 1514B default for main interfaces
‒ 1518B default for single-tagged
subinterfaces
‒ 1522B default for double-tagged
subinterfaces
PW MTU used during PW signaling
‒ AC MTU – 14B + Rewrite offset
‒ E.g. POP 1 ( - 4B), PUSH 1 (+ 4B)
Cisco IOS XR
interface GigabitEthernet0/0/0/2
description Main interface
mtu 9000
RP/0/RSP0/CPU0:PE1#show l2vpn xconnect neighbor 102.102.102.102 pw-
id 11
Group Cisco-Live, XC xc-sample-1, state is down; Interworking none
AC: GigabitEthernet0/0/0/2.100, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [100, 100]
MTU 1500; XC ID 0x840014; interworking none
Statistics:
(snip)
interface GigabitEthernet0/0/0/2.100 l2transport
encapsulation dot1q 100
rewrite ingress tag pop 1 symmetric
mtu 1518
XC MTU = 1518 – 14 – 4
= 1500B
By default, sub-interface
MTU inherited from Main
interface
Sub-interface MTU can
be overwritten to match
remote AC
Virtual Private Wire Service (VPWS) ATM / TDM over MPLS
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
ATM Transport over MPLS
Two (2) main requirements for the
transport of ATM across an MPLS
backbone
‒ AAL5 encapsulated frames
(RFC1483)
‒ ATM cells (Cell Relay)
Multiple modes of operation (RFC
4717)
‒ AAL5 Transport – VCC Mode
‒ Cell Relay – VCC / VPC / Port Mode
‒ Cell Packing / Concatenation
AAL5 Encapsulation details
‒ AAL5 SDUs are encapsulated
‒ PW Control Word required
Control word flags encapsulate transport
type, EFCI, CLP, C/R bit
‒ Service allows transport of OAM and
RM cells
26
PW Control
Word
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
ATM Transport over MPLS (cont.)
Cell Relay Encapsulation details
‒ Single ATM cell is encapsulated
‒ N-to-One (N >= 1) Cell Relay
(mandatory)
One or more VPC / VCC per PW
PW CW optional
‒ One-to-One Cell Relay (optional)
One VPC / VCC per PW
Cell Packing Encapsulation details
‒ Cell Concatenation (optional)
‒ Multiple ATM cells packed per MPLS
packet
‒ Packing controlled by max number
of cells and timer
27
ATM N-to-One (N=1) Cell Relay
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
TDM Transport over MPLS
Migrate TDM to Packet Based
Network using PW emulation
CEoP incorporates TDM bits into the
packets, encapsulate them into
appropriate header and sends
through PSN
Another side of CEoP restore TDM
bit stream from packets
Time Division Multiplexing (TDM)
frames can be transported using
Structured OR Unstructured Modes
VC Type
‒ SAToP E1 – 0x0011
‒ SAToP T1 – 0x0012
‒ SAToP E3 – 0x0013
‒ SAToP T3 – 0x0014
‒ CESoPSN – 0x0015 (Basic mode)
‒ CESoPSN – 0x0017 (TDM with CAS)
28
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
TDM Transport over MPLS (cont.)
Structured Mode
‒ CESoPSN – Circuit Emulation
Service over Packet Switched
Network (RFC 5086)
‒ Identifies framing and sends only
payload (e.g. T1s from DS3, DS0s
from T1)
Unstructured Mode
‒ SAToP – Structure Agnostic TDM
over Packet (RFC 4553)
‒ Sends bytes out as they arrive on
TDM line. Bytes do not have to be
aligned with any framing
29
Encapsulation header
CE Control (4 Bytes)
RTP (optional 12B)
CEoP Payload
Frame#1
Timeslots 1-N
Frame#2
Timeslots 1-N
Frame#3
Timeslots 1-N
Frame#m
Timeslots 1-N
Encapsulation header
CE Control (4 Bytes)
RTP (optional 12B)
CEoP Payload
Bytes 1-N
Virtual Private LAN Service (VPLS) Overview
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Virtual Private LAN Service
Defines Architecture to provide
Ethernet Multipoint connectivity
sites, as if they were connected
using a LAN
VPLS operation emulates an IEEE
Ethernet switch
Two (2) signaling methods
‒ RFC 4762 (LDP-Based VPLS)
‒ RFC 4761 (BGP-Based VPLS)
Overview
MPLS
CE-B1 CE-B3
CE-A1 CE-A3
CE-B2
CE-A2
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Virtual Private LAN Service
VFI (Virtual Forwarding Instance)
‒ Also called VSI (Virtual Switching Instance)
‒ Emulates L2 broadcast domain among ACs and VCs
‒ Unique per service. Multiple VFIs can exist same PE
AC (Attachment Circuit)
‒ Connect to CE device, it could be Ethernet physical
or logical port
‒ One or multiple ACs can belong to same VFI
VC (Virtual Circuit)
‒ EoMPLS data encapsulation, tunnel label used to
reach remote PE, VC label used to identify VFI
‒ One or multiple VCs can belong to same VFI
‒ PEs must have a full-mesh of PWs in the VPLS core
Reference Model
MPLS PE1
VFI
PE2
VFI
PE3
VFI
CE-B1 CE-B3 VFI VFI
VFI
CE-A1 CE-A3
CE-B2
CE-A2
Full-mesh of PWs
between VFIs
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Virtual Private LAN Service
Flooding / Forwarding
‒ Forwarding based on destination MAC
addresses
‒ Flooding (Broadcast, Multicast, Unknown
Unicast)
MAC Learning/Aging/Withdrawal
‒ Dynamic learning based on Source MAC
and VLAN
‒ Refresh aging timers with incoming packet
‒ MAC withdrawal upon topology changes
Split-Horizon and Full-Mesh of PWs for
loop-avoidance in core
‒ SP does not run STP in the core
Operation
U-PE B
Customer
Equipment
CE
CE
CE
Ethernet UNI Ethernet UNI
N-PE 3
N-PE 4 N-PE 2
N-PE 1
PW
Applies Split-
Horizon
Applies Split-
Horizon
Applies Split-
Horizon
U-PE B
Customer
Equipment
CE
CE
CE
Ethernet UNI Ethernet UNI
N-PE 3
N-PE 4 N-PE 2
N-PE 1
PW
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Why H-VPLS? Improved Scaling
Flat VPLS
‒ Potential signaling overhead
‒ Packet replication at the edge
‒ Full PW mesh end-end
Hierarchical-VPLS
‒ Minimizes signaling overhead
‒ Packet replication at the core only
‒ Full PW mesh in the core
34
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPLS Operation
Core PW – Split Horizon ON
Spoke PW – Split Horizon OFF
(default)
Split-Horizon Rules
‒ Forwarding between Spoke PWs
‒ Forwarding between Spoke and
Core PWs
‒ Forwarding between ACs and Core /
Spoke PWs
‒ Forwarding between ACs
‒ Blocking between Core PWs
Loop Prevention
PE
VFI
Spoke PWs
Core PWs
AC
X
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPLS Operation
Remove (flush) dynamic MAC
addresses upon Topology Changes
‒ Faster convergence – avoids blackholing
‒ Uses LDP Address Withdraw Message
(RFC 4762)
H-VPLS dual-home example
‒ U-PE detects failure of Primary PW
‒ U-PE activates Backup PW
‒ U-PE sends LDP MAC address withdrawal
request to new N-PE
‒ N-PE forwards the message to all PWs in
the VPLS core and flush its MAC address
table
MAC Address Withdrawal
36
MPLS
uPE1
PE1
VFI
PE2
VFI
PE3
VFI
CE-C
CE-A CE-B
MPLS
X
Backup PW
Primary PW
LDP MAC
Withdraw
Message
Pseudowire (PW) Signaling and PE Auto-
Discovery
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPWS / VPLS
Provisioning Model
‒ What information needs to be configured
and in what entities
‒ Semantic structure of the endpoint
identifiers (e.g. VC ID, VPN ID)
Discovery
‒ Provisioning information is distributed by a
"discovery process“
‒ Distribution of endpoint identifiers
Signaling
‒ When the discovery process is complete, a
signaling protocol is automatically invoked
to set up pseudowires (PWs)
An abstraction
38
Discovery
Signaling
Provisioning
Model
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPWS
VPWS Signaling
‒ LDP-based (RFC 4447)
‒ BGP-based (informational draft)
draft-kompella-l2vpn-l2vpn
VPWS with LDP-signaling and No
auto-discovery
‒ Most widely deployed solution
Auto-discovery for point-to-point
services not as relevant as for
multipoint
Discovery and Signaling Alternatives
39
Manual No Auto-Discovery
Border Gateway
Protocol (BGP)
Static No Signaling
BGP
Label
Distribution
Protocol (LDP)
VPN Discovery
Signaling
Most widely
deployed
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPLS
VPLS Signaling
‒ LDP-based (RFC 4762)
‒ BGP-based (RFC 4761)
VPLS with LDP-signaling and No
auto-discovery
‒ Most widely deployed solution
‒ Operational complexity for larger
deployments
BGP-based Auto-Discovery (BGP-
AD) (RFC 6074)
‒ Enables discovery of PE devices in a
VPLS instance
Discovery and Signaling Alternatives
40
Manual No Auto-Discovery
Border Gateway
Protocol (BGP)
Static No Signaling
BGP
Label
Distribution
Protocol (LDP)
VPN Discovery
Signaling
Most widely
deployed RFC
6074
RFC
4761
Pseudowire (PW) Signaling and PE Auto-
Discovery LDP-based Signaling
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
PW Control Plane Operation LDP Signaling
MPLS CE-1 CE-2
PE-1 PE-2
PW manually
provisioned – Remote
PE info included
1
Local_int = A
Remote PE = PE2_ip
VC-id <123>
Interface A
Local_int = B
Remote PE = PE1_ip
VC-id <123>
PW manually
provisioned – Remote
PE info included 1
New targeted LDP session between
PE routers established, in case one
does not already exist
2
4
PEs advertize local VC label using
LDP label-mapping message:
Label TLV + PW FEC TLV
PEs assigns
local VC label to
PW
Local Label X 3 Local Label Y 3
Remote Label Y
5
Remote Label X 5
PEs bind remote
label for PW with
matching VC-id
Interface B
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPWS (EoMPLS) LDP Signaling Cisco IOS (VLAN-based services)
43
MPLS Core CE2
GigabitEthernet2/4
PE1 106.106.106.106
PE2 102.102.102.102
PW VC id
CE1
GigabitEthernet2/5
111
hostname PE1
!
interface Loopback0
ip address 106.106.106.106 255.255.255.255
interface GigabitEthernet2/4.300
encapsulation dot1q 300
xconnect 102.102.102.102 111 encapsulation mpls
Sub-interface
based xconnect
interface GigabitEthernet2/4
service instance 10 ethernet
encapsulation dot1q 300
rewrite ingress tag pop 1 symmetric
xconnect 102.102.102.102 111 encapsulation mpls
Service-Instance
(EFP) based xconnect
OR
interface Vlan 300
xconnect 102.102.102.102 111 encapsulation mpls
!
interface GigabitEthernet2/4
switchport mode trunk
switchport trunk allowed vlan 300
Interface VLAN (SVI)
based xconnect +
Switchport trunk / access
OR
interface Vlan 300
xconnect 102.102.102.102 111 encapsulation mpls
!
interface GigabitEthernet2/4
service instance 10 ethernet
encapsulation dot1q 300
rewrite ingress tag pop 1 symmetric
bridge-domain 300
Interface VLAN (SVI)
based xconnect +
Service instance BD
OR
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
H-VPLS LDP Signaling / Manual provisioning Cisco IOS XR
44
MPLS Core
CE2
l2vpn
bridge group Cisco-Live
bridge-domain bd101
interface GigabitEthernet0/0/0/14.101
neighbor 192.0.0.5 pw-id 5555
neighbor 192.0.0.6 pw-id 5555
!
vfi vfi101
vpn-id 1111
neighbor 192.0.0.2 pw-id 1111
neighbor 192.0.0.3 pw-id 2222
neighbor 192.0.0.4 pw-id 3333
PE1 192.0.0.1
PE2 192.0.0.2
PE3 192.0.0.3
PE4 192.0.0.4
PW VC id
hostname PE1
!
interface Loopback0
ipv4 address 192.0.0.1 255.255.255.255
!
interface GigabitEthernet0/0/0/14.101 l2transport
encapsulation dot1q 101
rewrite ingress tag pop 1 symmetric
Core PWs
Full-mesh
2222
3333
1111
u-PE2 192.0.0.6
u-PE1 192.0.0.5
CE3
CE1
0/0/0/14
Spoke
PWs
5555
5555
VFI
Pseudowire (PW) Signaling and PE Auto-
Discovery BGP-based AutoDiscovery (BGP-AD)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
BGP Auto-Discovery (BGP-AD)
Eliminates need to manually provision
VPLS neighbors
Automatically detects when new PEs are
added / removed from the VPLS domain
Uses BGP Update messages to advertize
PE/VFI mapping (VPLS NLRI)
Typically used in conjunction with BGP
Route Reflectors to minimize iBGP full-
mesh peering requirements
Two (2) RFCs define use of BGP for
VPLS AD1
‒ RFC 6074 – when LDP used for PW signaling
‒ RFC 4761 – when BGP used for PW
signaling
46
MPLS
PE1
VFI
PE2
VFI
PE3
CE-A1 CE-A3
CE-A2
I am a new PE with ACs
on BLACK VFI Pseudowire
BGP RR
VFI
BGP session BGP Update
message with
VPLS NLRI
(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
Covered in
this section
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
What is Discovered? NLRI + Extended
Communities
47
MPLS CE-1 CE-2
PE-1 PE-2
BGP ASN = 100
BGP Rtr ID = 1.1.1.10
BGP neighbor = 2.2.2.20
L2VPN Rtr ID = 10.10.10.10
VPN ID = 111
RT = auto (100:111)
RD = auto (100:111)
VPLS-ID = auto (100:111)
Length = 14
Route Distinguisher = 100:111
L2VPN Router ID = 10.10.10.10
VPLS-ID = 100:111
Route Target = 100:111
Length = 14
Route Distinguisher = 100:111
L2VPN Router ID = 20.20.20.20
VPLS-ID = 100:111
Route Target = 100:111
Source Address = 1.1.1.10
Destination Address = 2.2.2.20
Source Address = 2.2.2.20
Destination Address = 1.1.1.10
BGP ASN = 100
BGP Rtr ID = 2.2.2.20
BGP neighbor = 1.1.1.10
L2VPN Rtr ID = 20.20.20.20
VPN ID = 111
RT = auto (100:111)
RD = auto (100:111)
VPLS-ID = auto (100:111)
NLRI
BGP Update Messages
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
What is Signaled?
48
MPLS CE-1 CE-2
PE-1 PE-2
BGP ASN = 100
BGP Rtr ID = 1.1.1.10
BGP neighbor = 2.2.2.20
L2VPN Rtr ID = 10.10.10.10
VPN ID = 111
RT = auto (100:111)
RD = auto (100:111)
VPLS-ID = auto (100:111)
BGP ASN = 100
BGP Rtr ID = 2.2.2.20
BGP neighbor = 1.1.1.10
L2VPN Rtr ID = 20.20.20.20
VPN ID = 111
RT = auto (100:111)
RD = auto (100:111)
VPLS-ID = auto (100:111)
FEC 129
LDP Generalized Pwid
FEC Element (FEC 129)
AGI = VPLS-ID = 100:111
SAII = Local L2VPN ID = 10.10.10.10
TAII = Remote L2VPN ID = 20.20.20.20
AGI = VPLS-ID = 100:111
SAII = Local L2VPN ID = 20.20.20.20
TAII = Remote L2VPN ID = 10.10.10.10
Local and Remote
(discovered) L2VPN router
ID and VPLS-ID used for
PW signaling
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPLS LDP Signaling and BGP-AD Cisco IOS
49
hostname PE1
!
interface Loopback0
ip address 102.102.102.102 255.255.255.255
!
router bgp 100
bgp router-id 102.102.102.102
neighbor 104.104.104.104 remote-as 100
neighbor 104.104.104.104 update-source Loopback0
!
address-family l2vpn vpls
neighbor 104.104.104.104 activate
neighbor 104.104.104.104 send-community extended
exit-address-family
l2 vfi sample-vfi autodiscovery
vpn id 300
vpls-id 100:300
!
interface Vlan300
xconnect vfi sample-vfi
BGP Auto-Discovery attributes
VPLS VFI attributes
Signaling attributes
interface GigabitEthernet2/4
service instance 333 ethernet
encapsulation dot1q 333
rewrite ingress tag pop 1 symmetric
bridge-domain 300
MPLS Core
CE1
GigabitEthernet2/4
PE1 102.102.102.102
PE2 104.104.104.104
PE3 192.0.0.3
PE4 192.0.0.4
PW VC id
100:300
100:300
100:300
BGP AS 100
BGP Auto-Discovery
interface GigabitEthernet2/4
switchport mode trunk
switchport trunk allowed vlan 300
VLAN/switchport-
based Configuration
Bridge Domain-
based Configuration OR
VFI
BGP L2VPN AF
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPLS LDP Signaling and BGP-AD Cisco IOS XR
50
l2vpn
bridge group Cisco-Live
bridge-domain bd101
interface GigabitEthernet0/0/0/2.101
vfi vfi101
vpn-id 11101
autodiscovery bgp
rd auto
route-target 100:101
signaling-protocol ldp
vpls-id 100:101
router bgp 100
bgp router-id 106.106.106.106
address-family l2vpn vpls-vpws
neighbor 110.110.110.110
remote-as 100
update-source Loopback0
address-family l2vpn vpls-vpws
BGP Auto-Discovery attributes
VPLS VFI attributes
Signaling attributes
hostname PE1
!
interface Loopback0
ipv4 address 106.106.106.106 255.255.255.255
!
interface GigabitEthernet0/0/0/2.101 l2transport
encapsulation dot1q 101
rewrite ingress tag pop 1 symmetric
MPLS Core
CE1
GigabitEthernet0/0/0/2.101
PE1 106.106.106.106
PE2 110.110.110.110
PE3 192.0.0.3
PE4 192.0.0.4
PW VC id
100:101
100:101
100:101
BGP AS 100
BGP Auto-Discovery
Full-mesh Core PWs
auto-discovered with BGP-AD
and signaled by LDP
PW ID = VPLS-id (100:101)
VFI BGP L2VPN AF
Pseudowire (PW) Signaling and PE Auto-
Discovery BGP-based Signaling and AutoDiscovery
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
BGP Signaling and Auto-Discovery
RFC 47611 defines use of BGP for
VPLS PE Auto-Discovery and Signaling
All PEs within a given VPLS are
assigned a unique VPLS Edge device
ID (VE ID)
A PE X wishing to send a VPLS update
sends the same label block information
to all other PEs using BGP VPLS NLRI
Each receiving PE infers the label
intended for PE X by adding its
(unique) VE ID to the label base
‒ Each receiving PE gets a unique label for
PE X for that VPLS
Overview
52
MPLS
PE1 VE_ID 1
VFI
PE2 VE_ID 2
VFI
PE X VE_ID X
CE-A1 CE-A3
CE-A2
I am PE X with ACs on
BLACK VFI
Here is my label block
for this VFI Pseudowire
BGP RR
VFI
BGP session
BGP Update
message with
VPLS NLRI
(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
BGP Signaling and Auto-Discovery
RFC 4761 is primarily based on the
concept of Label Blocks
‒ Contiguous set of local labels
‒ Label Block boundary advertised
using BGP VPLS NLRI
Label Base (LB) – start of label block
VE Block Size (VBS) – size of label
block
VE Block Offset (VBO) – start of
remote VE set
Label Blocks
53
LB
LB+VBS-1
Label Block
VBO
VBO+VBS-1
Remote VE set
VE ID (VBO + n) corresponds
to Label (LB + n)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPLS BGP Signaling and BGP-AD Cisco IOS XR
54
BGP Auto-Discovery attributes
VPLS VFI attributes
Signaling attributes
hostname PE1
!
interface Loopback0
ipv4 address 106.106.106.106 255.255.255.255
!
router bgp 100
bgp router-id 106.106.106.106
address-family l2vpn vpls-vpws
neighbor 110.110.110.110
remote-as 100
update-source Loopback0
address-family l2vpn vpls-vpws
l2vpn
bridge group Cisco-Live
bridge-domain bd102
interface GigabitEthernet0/0/0/2.102
vfi vfi102
vpn-id 11102
autodiscovery bgp
rd auto
route-target 100:102
signaling-protocol bgp
ve-id 5 VE-id must be
unique in a
VPLS instance
MPLS Core
CE1
GigabitEthernet0/0/0/2.102
PE1 106.106.106.106
PE2 110.110.110.110
PE3 192.0.0.3
PE4 192.0.0.4
ve-id 5
BGP AS 100
BGP Signaling and Auto-Discovery
ve-id 6
ve-id 7
ve-id 8
VFI
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPLS BGP Signaling and BGP-AD Cisco IOS (NEW Protocol-based CLI)
55
hostname PE1
!
interface Loopback0
ip address 102.102.102.102 255.255.255.255
!
router bgp 100
bgp router-id 102.102.102.102
neighbor 104.104.104.104 remote-as 100
neighbor 104.104.104.104 update-source Loopback0
!
address-family l2vpn vpls
neighbor 104.104.104.104 activate
neighbor 104.104.104.104 send-community extended
neighbor 104.104.104.104 suppress-signaling-protocol ldp
exit-address-family
MPLS Core
CE1
GigabitEthernet2/4
PE1 102.102.102.102
PE2 104.104.104.104
PE3 192.0.0.3
PE4 192.0.0.4
ve-id 5
BGP AS 100
BGP Signaling and Auto-Discovery
ve-id 6
ve-id 7
ve-id 8
l2vpn vfi context sample-vfi
vpn id 3300
autodiscovery bgp signaling bgp
ve id 5
ve range 10
bridge-domain 300
member vfi sample-vfi
member GigabitEthernet2/4 service instance 333
!
interface GigabitEthernet2/4
service instance 333 ethernet
encapsulation dot1q 300
rewrite ingress tag pop 1 symmetric
VE-id must be
unique in a
VPLS instance
Bridge Domain-
based Configuration
VFI
Advanced Topics Operations, Administration and Management
Virtual Circuit Connection Verification (VCCV)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Virtual Circuit Connection Verification (VCCV)
Provides end-to-end fault verification and detection for emulated PW
service (RFC 5085)
‒ MPLS LSP ping monitors PSN tunnel (PE-PE connectivity)
‒ VCCV sends control packets (intercepted by remote PE) in-band of PWs
VCCV capabilities negotiated during PW signaling phase
Disposition capabilities to identify VCCV packets are:
‒ Type 1: uses PW Control Word with 0001b as first nibble
‒ Type 2: uses MPLS Router Alert (RA) label
‒ Type 3: uses MPLS PW label with TTL == 1
Overview
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Pseudowire Connectivity Verification Cisco IOS 7604-2#ping mpls pseudowire 104.104.104.104 111000 ?
destination Destination address or address range
exp EXP bits in mpls header
interval Send interval between requests in msec
pad Pad TLV pattern
repeat Repeat count
reply Reply mode
revision Echo Packet TLV versioning
segment Segment of the MS-PW
size Packet size
source Source specified as an IP address
sweep Sweep range of sizes
timeout Timeout in seconds
verbose verbose output mode
7604-2#ping mpls pseudowire 104.104.104.104 111000
Sending 5, 100-byte MPLS Echos to 104.104.104.104,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Advanced Topics Operations, Administration and Management
Pseudowire Status Signaling
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
MPLS PW Status Signaling
PW Status Communication achieved via
‒ Label Withdraw method, or
‒ PW Status TLV method
Label Withdraw Method
‒ Label Mapping Message sent only when AC in UP
state
‒ PW status signaled by withdrawing labels
‒ Found in earlier implementations
PW Status TLV Method
‒ PW status signaled using a PW status TLV (labels
not withdrawn)
‒ Label Mapping Message sent when PW provisioned
(irrespective of AC status)
‒ Faster PWs setup as Label allocation processes
are independent from each other
60
MPLS
CE-1
Pseudowire
PE1 PE2
CE-2
LDP Notification
Message
PW Status TLV PW Status
Code
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
MPLS PW Status Signaling PW Status Codes
Bit Mask
Value
Status Description
0x00000000 Pseudowire forwarding (clear all failures)
0x00000001 Pseudowire Not Forwarding
0x00000002 Local Attachment Circuit (ingress) Receive Fault
0x00000004 Local Attachment Circuit (egress) Transmit Fault
0x00000008 Local PSN-facing PW (ingress) Receive Fault
0x00000010 Local PSN-facing PW (egress) Transmit Fault
0x00000020 PW Preferential Forwarding Status
0x00000040 PW Request Switchover Status
Defined in
RFC 4447
Used in PW redundancy
applications. Indicates PW in
Active or Standby state
MPLS
CE-1
Pseudowire
PE1 PE2
CE-2
LDP Notification
Message
PW Status TLV PW Status
Code
Defined in
draft-ietf-pwe3-redundancy-bit
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
MPLS PW Status Signaling Cisco IOS
62
7604-2#show mpls l2transport vc 2001 detail
Local interface: Gi2/4 up, line protocol up, Eth VLAN 2001 up
Destination address: 101.101.101.101, VC ID: 2001, VC status: up
Output interface: Gi2/2, imposed label stack {41}
Preferred path: not configured
Default path: active
Next hop: 10.10.2.101
Create time: 3d00h, last status change time: 3d00h
Signaling protocol: LDP, peer 101.101.101.101:0 up
Targeted Hello: 102.102.102.102(LDP Id) -> 101.101.101.101, LDP is UP
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
(snip)
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 33, remote 41
PWID: 70065
(snip)
7604-1#show mpls l2transport vc 2001 detail | include Status
Status TLV support (local/remote) : enabled/not supported
7604-2#show mpls l2transport vc 2001 detail | include Status
Status TLV support (local/remote) : disabled/supported
pseudowire-class no-status
encapsulation mpls
no status
Both Local /
Remote PEs
support Status TLV
Status TLV support ON by
default
Can be disabled on a per PW
class basis
Status TLV not supported
by Remote PE
Status TLV disabled on
Local PE
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
MPLS PW Status Signaling Cisco IOS-XR
63
RP/0/RSP0/CPU0:ASR9000-2#show l2vpn xconnect neighbor 102.102.102.102 pw-id 111 detail
Group Cisco-Live, XC xc-sample-1, state is up; Interworking none
AC: GigabitEthernet0/0/0/2.100, state is up
(snip)
PW: neighbor 102.102.102.102, PW ID 111, state is up ( established )
Encapsulation MPLS, protocol LDP
Source address 106.106.106.106
PW type Ethernet VLAN, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
------------ ------------------------------ -----------------------------
Label 16010 22
Group ID 0x4000140 0x0
Interface GigabitEthernet0/0/0/2.100 *** To ME3400-24TS-1 gig0/1 ***
MTU 1500 1500
Control word disabled disabled
PW type Ethernet VLAN Ethernet VLAN
VCCV CV type 0x2 0x12
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
------------ ------------------------------ -----------------------------
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
(snip)
Both Local /
Remote PEs
support Status TLV
RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn)#pw-status ?
disable Disable PW status
Status TLV support ON by
default
Can be disabled globally under
l2vpn configuration
Advanced Topics Resiliency
Pseudowire Redundancy
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
High Availability in L2VPN Networks
IP Fast Re-Route (FRR) / MPLS FRR ‒ PSN core failure
Pseudowire Redundancy: ‒ PSN end-to-end routing failure – Redundant PEs
‒ PE failure – Redundant PEs
‒ Attachment circuit failure – AC Diversity
‒ CE failure – Redundant CEs
Solutions
Site 2 Site1
CE2a
CE2b
Attachment
Circuits
Attachment
Circuit Redundant
Pseudowire
Packet Switched
Network
Primary
Pseudowire 3
1
4 5 2
PE1
CE1
PE2a
PE2b
2
3
4
5
1
3
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
One-Way Pseudowire Redundancy
Allows dual-homing of one local
PE to one or two remote PEs
Two pseudowires - primary &
backup provide redundancy for a
single AC
Faults on the primary PW cause
failover to backup PW
Multiple backup PWs (different
priorities) can be defined
Alternate LSPs (TE Tunnels) can
be used for additional redundancy
Overview
CE1
Site X
CE2a
Site Y
CE2b
PE1 PE2
IP/MPLS
Primary PW
Backup PW
CE1
Site X Site Y
CE2a
PE1
PE2
PE3 IP/MPLS
CE1
Site X
CE2a
Site Y
CE2b
PE1
PE2
PE3 IP/MPLS
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Extensions to PW status codes
‒ draft-ietf-pwe3-redundancy-bit
Allows PEs to signal local forwarding status of
the PW (Active or Standby)
A PW is selected for forwarding when
declared as Active by both PEs
Minimize service downtime during PW failover
‒ Backup PWs always signaled before failures and
held in Standby mode
Allows VCCV capability over a backup PW
‒ OAM over backup PWs
‒ SP monitors backup PWs prior to its usage
Pseudowire Redundancy Preferential Forwarding Status Bit
PE1
PE2
PE3 IP/MPLS
Active
Active
Standby
Active
Active Active
PW
Active Standby
Standby Active
Standby Standby
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
One-Way Pseudowire Redundancy
Failure 1 - Core failures handled by
IGP re-routing / IP/MPLS FRR do not
trigger pseudowire switchover
Failure 2 - Loss of route to remote PE
as notified by IGP (PE isolation)
Failure 3 - Loss of Remote PE
How to detect PE failures?
‒ LDP Fast Failure Detection (FFD) -
monitors IGP route availability of LDP peer
(2-3 sec or sub-sec with Fast IGP) (a.k.a.
Route-Watch)
‒ LDP session timeout (default = 3 x 30 sec)
‒ BFD timeout (multi-hop PE-to-PE BFD
session) (a.k.a. “xconnect client” feature)
Failure Protection Points
68
PE1
PE2
PE3 IP/MPLS
2 3
Multi-hop BFD
PE-PE
Monitor IGP route
1
LDP
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Configuring Pseudowire Redundancy Cisco IOS
interface GigabitEthernet2/4
service instance 170 ethernet
encapsulation dot1q 170
rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 170 encapsulation mpls
backup peer 106.106.106.106 170170
mtu 1500
CE1
Site X
CE2a
Site Y
CE2b
PE1 102.102.102.102
PE2 104.104.104.104
PE3 106.106.106.106
IP/MPLS
PW VC id
170
170170
7604-2#show xconnect peer 104.104.104.104 vcid 170
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP pri ac Gi2/4:170(Eth VLAN) UP mpls 104.104.104.104:170 UP
Primary PW in UP state
7604-2#show xconnect peer 106.106.106.106 vcid 170170
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
IA sec ac Gi2/4:170(Eth VLAN) UP mpls 106.106.106.106:170170 SB
Redundant PW in Standby state
hostname PE1
interface Loopback0
ip address 102.102.102.102 255.255.255.255
Redundant PW
configuration
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Configuring Pseudowire Redundancy Cisco IOS XR
l2vpn
xconnect group Cisco-Live
p2p xc-sample-6
interface GigabitEthernet0/0/0/2.180
neighbor 104.104.104.104 pw-id 180
pw-class sample-CW-ON
backup neighbor 102.102.102.102 pw-id 180180
pw-class sample-CW-ON
hostname PE1
interface Loopback0
ipv4 address 106.106.106.106 255.255.255.255
!
interface GigabitEthernet0/0/0/2.180 l2transport
encapsulation dot1q 180
rewrite ingress tag pop 1 symmetric
CE1
Site X
CE2a
Site Y
CE2b
PE1 106.106.106.106
PE2 104.104.104.104
PE3 102.102.102.102
IP/MPLS
PW VC id
180
180180
RP/0/RSP0/CPU0:ASR9000-2#show l2vpn xconnect group Cisco-Live xc xc-sample-6
Sun Apr 15 20:18:50.180 UTC
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
Cisco-Live xc-sample-6
UP Gi0/0/0/2.180 UP 104.104.104.104 180 UP
Backup
102.102.102.102 180180 SB
----------------------------------------------------------------------------------------
Primary PW in UP state
Redundant PW in Standby state
Redundant PW
configuration
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
PE1
PE2
PE3
PE4
Allows dual-homing of two local
PEs to two remote PEs
Four (4) pseudowires: 1 primary &
3 backup provide redundancy for
dual-homed devices
Two-Way PW redundancy coupled
with Multi-Chassis LAG (MC-LAG)
solution on the access side
‒ LACP state used to determine PW
AC state
‒ InterChassis Communication Protcol
(ICCP) used to synchronize LACP
states
Two-Way Pseudowire Redundancy Overview
CE1
Site X Site Y
CE2 IP/MPLS
Covered in BRKSPG-
2207, WED 12:30-2:30
ICCP ICCP
Advanced Topics Multi-Segment Pseudowires
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Multi-Segment Pseudowires
T-PE – Terminating Provider Edge
‒ Customer facing PE, hosting the first or last
segment of a MS-PW
S-PE – Switching Provider Edge
‒ Switches control / data planes of preceding and
succeeding segments
‒ Control Word, sequencing, or original packet
header not examined
‒ VC labels swapped
‒ VC Type, MTU should match end-to-end
‒ One or more S-PEs can be used depending on
number of segments
MS-PW uses same signaling procedures and
TLVs described in RFC 4447
Separate IGP processes (or areas) for
separate MPLS Access networks
Overview
73
CE1
T-PE1 IP/MPLS
S-PE T-PE2 IP/MPLS
CE2
T-PE1 IP/MPLS
S-PE 1
T-PE2 IP/MPLS
S-PE 2 IP/MPLS
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
MPLS
Multi-Segment Pseudowires
Push Push
Label = 34
Label = 28
Payload Payload Payload
Label = 28
Payload
Label = 45
Payload
Pop Pop
VC and Tunnel
label imposition
VC Label
Tunnel Label
Penultimate Hop
Popping (PHP) VC label
disposition
MPLS CE-2
CE-1
Pseudowire 1
T-PE1 T-PE2
Traffic direction
PW switching point
VC labels swapped, new
Tunnel label pushed
S-PE
Label = 19
Label = 45
Payload
Swap Push
Pop
Targeted-LDP Targeted-LDP RSVP-TE / LDP RSVP-TE / LDP
Pseudowire 2
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Configuring MS-PWs Cisco IOS
75
l2 vfi sample-ms-pw-1 point-to-point
neighbor 106.106.106.106 222190 encapsulation mpls
neighbor 102.102.102.102 111190 encapsulation mpls
7604-3#show xconnect peer 102.102.102.102 vcid 111190
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP mpls 106.106.106.106:222190 UP mpls 102.102.102.102:111190 UP
7604-3#show xconnect peer 102.102.102.102 vcid 111190 detail
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP mpls 106.106.106.106:222190 UP mpls 102.102.102.102:111190 UP
Local VC label 65536 Local VC label 65549
Remote VC label 16029 Remote VC label 47
pw-class: pw-class:
CE1
T-PE1 102.102.102.102
S-PE 104.104.104.104
T-PE2 106.106.106.106
CE2 PW VC id
111190 222190
hostname S-PE
interface Loopback0
ip address 104.104.104.104 255.255.255.255
S-PE labels for
each PW segment
MS-PW
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Configuring MS-PWs Cisco IOS XR
76
hostname S-PE
interface Loopback0
ipv4 address 106.106.106.106 255.255.255.255
l2vpn
xconnect group Cisco-Live
p2p xc-sample-8
neighbor 102.102.102.102 pw-id 111200
!
neighbor 104.104.104.104 pw-id 222200
RP/0/RSP0/CPU0:ASR9000-2#show l2vpn xconnect group Cisco-Live xc-name xc-sample-8
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
Cisco-Live xc-sample-8
UP 102.102.102.102 111200 UP 104.104.104.104 222200 UP
----------------------------------------------------------------------------------------
CE1
T-PE1 102.102.102.102
S-PE 106.106.106.106
T-PE2 104.104.104.104
CE2 PW VC id
111200 222200
MS-PW
Advanced Topics L2VPN Inter – Autonomous Systems (I-AS)
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
L2VPN Inter-AS
Three (3) deployment models
Option A
‒ No reachability information shared between AS
Option B
‒ Minimal reachability information shared
between AS
‒ ASBR configured as S-PEs (multi-segment
PWs)
‒ eBGP (IPv4 prefix + label) used to build PSN
tunnel between AS
Option C
‒ Significant reachability information shared
between AS
‒ Single-segment PW signaled across AS
boundary
PE1 IP/MPLS
ASBR1
PE2 IP/MPLS
ASBR2 AS X AS Y
Option C
LDP/RSVP-TE LDP/RSVP-TE eBGP (IPv4+Label)
Targeted-LDP
PE1 IP/MPLS
ASBR1
PE2 IP/MPLS
ASBR2 AS X AS Y
Option A
LDP/RSVP-TE LDP/RSVP-TE PW AC Native Ethernet
Targeted-LDP Targeted-LDP
PE1 IP/MPLS
ASBR1
PE2 IP/MPLS
ASBR2 AS X AS Y
Option B
LDP/RSVP-TE LDP/RSVP-TE eBGP (IPv4+Label)
Targeted-LDP Targeted-LDP Targeted-LDP
Use Cases Data Center Interconnect – Catalyst 6500
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Data Center Interconnect with VPLS
DC WAN Edge device (Catalyst 6500) implements VPLS with Advanced –VPLS (A-VPLS) for DCI
applications
A-VPLS provides:
‒ Single-Chassis (Virtual) Redundancy solution – Virtual Switching System (VSS)
‒ Multichassis EtherChannel (MEC)
‒ Flow-based load balancing over Pseudowire using Flow Label
‒ Simplified configuration
DC 1 DC 2
Access Agg
WAN Edge
WAN
Catalyst 6500
SiSi
SiSi
SiSi
SiSi
Catalyst 6500
Covered in BRKDCT-
2011, MON 8:00 - 9:30
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Data Center Interconnect with VPLS Sample Configuration – Catalyst 6500
83
Single PW per Vlan per
VSS pair
PE1 10.0.0.1
VSS
Note: Complete Virtual Switching System (VSS) / Multichassis EtherChannel (MEC) configuration not shown
SiSi
SiSi
SiSi
SiSi
VFI VFI
PE2 10.0.0.2
VFI VFI
PW VC id 80
Multichassis
EtherChannel
(MEC)
hostname PE1
!
interface Loopback0
ip address 10.0.0.1 255.255.255.255
!
pseudowire-class sample-class
encapsulation mpls
load-balance flow
flow-label enable
interface virtual-ethernet 1
transport vpls mesh
neighbor 10.0.0.2 pw-class sample-class
switchport
switchport mode trunk
switchport trunk allowed vlan 80,81
interface port-channel50
switchport
switchport mode trunk
switchport trunk allowed vlan 80,81
PE 1 hostname PE2
!
interface Loopback0
ip address 10.0.0.2 255.255.255.255
!
pseudowire-class sample-class
encapsulation mpls
load-balance flow
flow-label enable
interface virtual-ethernet 1
transport vpls mesh
neighbor 10.0.0.1 pw-class sample-class
switchport
switchport mode trunk
switchport trunk allowed vlan 80,81
interface port-channel50
switchport
switchport mode trunk
switchport trunk allowed vlan 80,81
PE 2
81
Virtual Ethernet interface
modeled as Switchport
trunk towards VFIs
Use Cases Mobile Backhaul – Legacy TDM / ATM Transport
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Mobile Backhaul over Converged Packet Networks
Incumbent Operators
‒ GSM and UMTS traffic remains on existing SDH transport
‒ Transport for HSPA, eHSPA, LTE deployed on packet-based infrastructure
‒ Legacy equipment upgraded/migrated to IP only due to traffic increase
Challengers
‒ Wanting to move from leasing SDH transport
‒ Migrate GSM (TDM) & UMTS (ATM) traffic to packet-based infrastructure
‒ TDM (SAToP, CESoPSN) and ATM (ATM PWE3) over MPLS used to support legacy interfaces
‒ Transport for HSPA, eHSPA, LTE deployed on packet-based infrastructure
Challengers or Incumbent Operators
‒ GSM traffic remains on existing SDH transport
‒ Leasing SDH transport acceptable with no expectancy of traffic growth
‒ All other transport (3G UMTS/ATM (PWE3), 3G UMTS/IP, HSPA, eHSPA, LTE) deployed on a packet-based
infrastructure
‒ NodeBs to IP NodeB upgrade will migrate from ATM PWE3 to native IP transport on same network
Migration Options
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
TDM / ATM PW Backhaul
87
Cell
Site
Access
Layer
Aggregation
Layer
GE Ring
BSC RNC
10 GE Ring
Aggregation node Distribution node
Cell site
Router
Pre-Aggregation
Layer
TDM (CESoPSN,SAToP) & ATM (VC,VP) PWE3
L2 Rings or Point-to-Point IP/MPLS
TDM & ATM PWE3
S-PE
MS-PW
10GE 10GE STM1 STM1 GE TDM / ATM
L2 P2P or rings
REP/MSTP/dot1q
L2 Rings or Point-to-Point
IP / MPLS IP/MPLS MS-PW
10GE 10GE STM1 STM1 GE TDM / ATM
IP / MPLS RAN Access
IP / MPLS
Multi-Segment PWs
deployed to minimize
reachability information
down to cell site router
TDM / ATM PW
Backhaul with Layer 2
(Ethernet) Access
TDM / ATM PW
Backhaul with MPLS in
Access
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Summary
Ethernet-based WAN services, Data Center Interconnect and Mobile
Backhaul are the key applications driving deployments of L2VPN today
MPLS-based Layer 2 VPNs are fairly mature and have been deployed by
Service Providers and Enterprises around the globe
L2VPNs can be deployed addressing key requirements including:
Resiliency, Auto-Discovery, OAM and Inter-AS
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Complete Your Online
Session Evaluation Give us your feedback and you
could win fabulous prizes.
Winners announced daily.
Receive 20 Passport points for each
session evaluation you complete.
Complete your session evaluation
online now (open a browser through
our wireless network to access our
portal) or visit one of the Internet
stations throughout the Convention
Center.
Don’t forget to activate your
Cisco Live Virtual account for access to
all session material, communities, and
on-demand and live activities throughout
the year. Activate your account at the
Cisco booth in the World of Solutions or visit
www.ciscolive.com.
89
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Final Thoughts
Get hands-on experience with the Walk-in Labs located in World of
Solutions, booth 1042
Come see demos of many key solutions and products in the main Cisco
booth 2924
Visit www.ciscoLive365.com after the event for updated PDFs, on-
demand session videos, networking, and more!
Follow Cisco Live! using social media:
‒ Facebook: https://www.facebook.com/ciscoliveus
‒ Twitter: https://twitter.com/#!/CiscoLive
‒ LinkedIn Group: http://linkd.in/CiscoLI
90
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Pseudowire (PW) Signaling and PE Auto-
Discovery LDP-based Signaling
Backup Slides
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPWS (EoMPLS) LDP Signaling Cisco IOS XR
93
hostname PE1
!
interface Loopback0
ipv4 address 106.106.106.106 255.255.255.255
l2vpn
xconnect group Cisco-Live
p2p xc-sample-1
interface GigabitEthernet0/0/0/2.100
neighbor 102.102.102.102 pw-id 111
p2p xc-sample-2
interface GigabitEthernet0/0/0/2.200
neighbor 102.102.102.102 pw-id 222
p2p xc-sample-3
interface GigabitEthernet0/0/0/6
neighbor 102.102.102.102 pw-id 333
interface GigabitEthernet0/0/0/2.100 l2transport
encapsulation dot1q 100
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/2.200 l2transport
encapsulation dot1q 999-1010
rewrite ingress tag push dot1q 888 symmetric
Single-tagged
VLAN traffic to PW Single-tagged
range VLAN traffic
to PW
interface GigabitEthernet0/0/0/6
l2transport
Entire port
traffic to PW
MPLS Core CE2
GigabitEthernet0/0/0/2
PE1 106.106.106.106
PE2 102.102.102.102
PW VC id
CE1
GigabitEthernet0/0/0/6
111
222 333
OR
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPLS LDP Signaling / Manual provisioning Cisco IOS XR
94
MPLS Core
CE1
GigabitEthernet0/0/0/14.101 l2vpn
bridge group Cisco-Live
bridge-domain bd101
interface GigabitEthernet0/0/0/14.101
vfi vfi101
vpn-id 1111
neighbor 192.0.0.2 pw-id 1111
neighbor 192.0.0.3 pw-id 2222
neighbor 192.0.0.4 pw-id 3333
PE1 192.0.0.1
PE2 192.0.0.2
PE3 192.0.0.3
PE4 192.0.0.4
PW VC id
VPN ID defined per VFI or
on a per-neighbor basis
2222
3333
1111
Protocol-based CLI:
EFPs, PWs and VFI
as members of
Bridge Domain
hostname PE1
!
interface Loopback0
ipv4 address 192.0.0.1 255.255.255.255
!
interface GigabitEthernet0/0/0/14.101 l2transport
encapsulation dot1q 101
rewrite ingress tag pop 1 symmetric VFI
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
hostname PE1
!
interface Loopback0
ip address 192.0.0.1 255.255.255.255
!
l2 vfi sample-vfi manual
vpn id 1111
neighbor 192.0.0.2 encapsulation mpls
neighbor 192.0.0.3 2222 encapsulation mpls
neighbor 192.0.0.4 3333 encapsulation mpls
!
interface Vlan300
xconnect vfi sample-vfi
VPLS LDP Signaling / Manual provisioning Cisco IOS
95
MPLS Core
CE1
GigabitEthernet2/4
PE1 192.0.0.1
PE2 192.0.0.2
PE3 192.0.0.3
PE4 192.0.0.4
PW VC id
2222
3333
1111
VPN ID defined per VFI or
on a per-neighbor basis
interface GigabitEthernet2/4
service instance 333 ethernet
encapsulation dot1q 333
rewrite ingress tag pop 1 symmetric
bridge-domain 300
interface GigabitEthernet2/4
switchport mode trunk
switchport trunk allowed vlan 300
Bridge-Domain or
VLAN/switchport
configurations
VFI associated to
VLAN interface (SVI)
via xconnect cmd
Core PWs
Full-mesh
OR
VFI
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
VPWS (EoMPLS) LDP Signaling Cisco IOS (Port-based services)
96
MPLS Core CE2
GigabitEthernet2/4
PE1 106.106.106.106
PE2 102.102.102.102
PW VC id
CE1
GigabitEthernet2/5
222
hostname PE1
!
interface Loopback0
ip address 106.106.106.106 255.255.255.255
interface GigabitEthernet2/5
service instance 1 ethernet
encapsulation default
xconnect 102.102.102.102 111 encapsulation mpls
interface GigabitEthernet2/5
xconnect 102.102.102.102 222 encapsulation mpls
interface Vlan 300
xconnect 102.102.102.102 111 encapsulation mpls
!
interface GigabitEthernet2/5
switchport mode dot1q-tunnel
switchport access vlan 300
interface Vlan 300
xconnect 102.102.102.102 111 encapsulation mpls
!
interface GigabitEthernet2/5
service instance 1 ethernet
encapsulation default
bridge-domain 300
Main interface
based xconnect
Service-Instance
(EFP) based xconnect
(encap default)
Interface VLAN (SVI)
based xconnect +
Switchport dot1q-tunnel
Interface VLAN (SVI)
based xconnect +
Service instance BD
OR
OR
OR
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
hostname PE1
!
interface Loopback0
ip address 192.0.0.1 255.255.255.255
!
l2 vfi sample-vfi manual
vpn id 1111
neighbor 192.0.0.2 encapsulation mpls
neighbor 192.0.0.3 2222 encapsulation mpls
neighbor 192.0.0.4 3333 encapsulation mpls
neighbor 192.0.0.5 5555 encapsulation mpls no-split-horizon
neighbor 192.0.0.6 5555 encapsulation mpls no-split-horizon
!
interface Vlan300
xconnect vfi sample-vfi
H-VPLS LDP Signaling / Manual provisioning Cisco IOS
97
MPLS Core
CE2
PE1 192.0.0.1
PE2 192.0.0.2
PE3 192.0.0.3
PE4 192.0.0.4
PW VC id
2222
3333
1111
u-PE2 192.0.0.6
u-PE1 192.0.0.5
CE3
CE1
2/4
Spoke
PWs
5555
5555
interface GigabitEthernet2/4
service instance 333 ethernet
encapsulation dot1q 333
rewrite ingress tag pop 1 symmetric
bridge-domain 300
interface GigabitEthernet2/4
switchport mode trunk
switchport trunk allowed vlan 300
Bridge-Domain or
VLAN/switchport
configurations
OR
VFI
Pseudowire (PW) Signaling and PE Auto-
Discovery BGP-based AutoDiscovery (BGP-AD)
Backup Slides
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
hostname PE1
!
interface Loopback0
ip address 102.102.102.102 255.255.255.255
!
l2 vfi sample-vfi autodiscovery
vpn id 300
vpls-id 100:300
neighbor 192.0.0.5 5555 encapsulation mpls no-split-horizon
neighbor 192.0.0.6 5555 encapsulation mpls no-split-horizon
H-VPLS LDP Signaling and BGP-AD / Manual provisioning
Cisco IOS
99
Manually
provisioned
Spoke PWs
MPLS Core
CE2
PE3 192.0.0.3
PE4 192.0.0.4
PW VC id
u-PE2 192.0.0.6
u-PE1 192.0.0.5
CE3
CE1
2/4
5555
5555
Manual
PE1 102.102.102.102
PE2 104.104.104.104
100:300
100:300
100:300
BGP AS 100
BGP Auto-Discovery
VFI
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
hostname PE1
!
l2vpn
bridge group Cisco-Live
bridge-domain bd101
interface GigabitEthernet0/0/0/2.101
!
neighbor 192.0.0.5 pw-id 5555
!
neighbor 192.0.0.6 pw-id 5555
!
vfi vfi101
vpn-id 11101
autodiscovery bgp
rd auto
route-target 100:101
signaling-protocol ldp
vpls-id 100:101
H-VPLS LDP Signaling and BGP-AD / Manual provisioning
Cisco IOS XR
100
Manually
provisioned
Spoke PWs
MPLS Core
CE2
PE3 192.0.0.3
PE4 192.0.0.4
PW VC id
100:101
100:101
u-PE2 192.0.0.6
u-PE1 192.0.0.5
CE3
CE1
0/0/0/2
5555
5555
Manual BGP AS 100
BGP Auto-Discovery
100:101
PE1 106.106.106.106
PE2 110.110.110.110
VFI
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
l2vpn vfi context sample-vfi
vpn id 300
autodiscovery bgp signaling ldp
vpls-id 100:300
!
bridge-domain 300
member vfi sample-vfi
member GigabitEthernet2/4 service instance 333
VPLS LDP Signaling and BGP-AD Cisco IOS (NEW Protocol-based CLI)
101
hostname PE1
!
interface Loopback0
ip address 102.102.102.102 255.255.255.255
!
router bgp 100
bgp router-id 102.102.102.102
neighbor 104.104.104.104 remote-as 100
neighbor 104.104.104.104 update-source Loopback0
!
address-family l2vpn vpls
neighbor 104.104.104.104 activate
neighbor 104.104.104.104 send-community extended
exit-address-family
BGP Auto-Discovery attributes
VPLS VFI attributes
Signaling attributes
interface GigabitEthernet2/4
service instance 333 ethernet
encapsulation dot1q 333
rewrite ingress tag pop 1 symmetric
MPLS Core
CE1
GigabitEthernet2/4
PE1 102.102.102.102
PE2 104.104.104.104
PE3 192.0.0.3
PE4 192.0.0.4
PW VC id
100:300
100:300
100:300
BGP AS 100
BGP Auto-Discovery Bridge Domain-
based Configuration
VFI
Advanced Topics Resiliency
Pseudowire Redundancy
Backup Slides
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Site 2 Site1
High Availability in L2VPN Networks
PSN core failure
PSN end-to-end routing failure (PE isolation)
PE failure (HW or SW fault)
Attachment circuit failure (line break)
CE failure (HW or SW fault)
Potential Faults
PE1
CE2a
CE1
PE2a
Attachment
Circuit
Attachment
Circuit
2 3 4 5
Packet Switched
Network
1
Pseudowire
2
3
4
5
1
3
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
One-Way Pseudowire Redundancy
Control is on dual-homed PE side, via
static configuration
Signaling:
‒ If PEs support LDP PW status per
RFC4447, backup PW is signaled (up in
control-plane, down in data-plane)
‒ If PEs do not support PW status, backup
PW is not signaled in the control-plane
Failover operation:
‒ Upon primary PW failure, failover is
triggered after a configurable delay
(seconds) – Initial delay
‒ Upon recovery, system reverts to primary
PW after configurable delay (seconds) –
Wait Time to Restore delay
Operation
104
PE1
PE2
PE3 PW switchover
2 3
Monitor Primary
PW failure
Primary
PW
Backup
PW
4
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Configuring Pseudowire Redundancy Cisco IOS – BFD-based Fast Failure Detection (FFD)
CE1
Site X
CE2a
Site Y
CE2b
PE1 102.102.102.102
PE2 104.104.104.104
PE3 106.106.106.106
IP/MPLS
170
170170
Single multi-hop BFD session
between pair of PEs
PE-PE BFD session
interface GigabitEthernet2/4
service instance 170 ethernet
encapsulation dot1q 170
rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 170 pw-class bfd-ffd
backup peer 106.106.106.106 170170
mtu 1500
bfd map ipv4 104.104.104.104/32
102.102.102.102/32 mh-sample
!
bfd-template multi-hop mh-sample
interval min-tx 200 min-rx 200 multiplier 3
!
pseudowire-class bfd-ffd
encapsulation mpls
monitor peer bfd
PE 1
bfd map ipv4 102.102.102.102/32
104.104.104.104/32 mh-sample
!
bfd-template multi-hop mh-sample
interval min-tx 200 min-rx 200 multiplier 3
!
pseudowire-class bfd-ffd
encapsulation mpls
monitor peer bfd
interface GigabitEthernet2/4
service instance 170 ethernet
encapsulation dot1q 170
rewrite ingress tag pop 1 symmetric
xconnect 102.102.102.102 170 pw-class bfd-ffd
PE 2
BFD template and BFD map
used to define session endpoints
PW-class defined to include
xconnect as client of BFD
session
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Customizing Timers Cisco IOS
106
7604-2#
Apr 15 20:28:06.922: %XCONNECT-5-PW_STATUS: MPLS peer 104.104.104.104 vcid 170,
VC state STANDBY
Apr 15 20:28:16.926: %XCONNECT-5-REDUNDANCY: Activating primary member
104.104.104.104:170
Apr 15 20:28:16.926: %XCONNECT-5-PW_STATUS: MPLS peer 106.106.106.106 vcid
170170, VC state STANDBY
Apr 15 20:28:16.926: %XCONNECT-5-PW_STATUS: MPLS peer 104.104.104.104 vcid 170,
VC state UP
7604-2(cfg-if-ether-vc-xconn)#backup delay ?
<0-180> Enable delay
7604-2(cfg-if-ether-vc-xconn)#backup delay 3 ?
<0-180> Disable delay
never Disallow disable
service instance 170 ethernet
encapsulation dot1q 170
rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 170 encapsulation mpls
backup peer 106.106.106.106 170170
backup delay 3 10
7604-2#
Apr 15 20:27:00.962: %XCONNECT-5-PW_STATUS: MPLS peer 104.104.104.104 vcid 170,
VC state DOWN, PW Err
Apr 15 20:27:03.962: %XCONNECT-5-REDUNDANCY: Activating secondary member
106.106.106.106:170170
Apr 15 20:27:03.962: %XCONNECT-5-PW_STATUS: MPLS peer 106.106.106.106 vcid
170170, VC state UP
CE1
Site X
CE2a
Site Y
CE2b
PE1 102.102.102.102
PE2 104.104.104.104
PE3 106.106.106.106
IP/MPLS
PW VC id
170
170170
Debounce Timer – how long to
wait before activating backup PW
(zero = immediately)
WTR Timer – how long to wait
before reverting back to primary
PW (zero = immediately; never =
non-revertive)
Primary PW failure:
Backup PW activated 3 sec after
Primary PW failure
Primary PW recovery:
Primary PW activated 10 sec
after its recovery
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
PW Redundancy – Manual Switchover Cisco IOS
107
7604-2#
Apr 15 21:29:33.717: %XCONNECT-5-REDUNDANCY: Activating secondary member
106.106.106.106:170170
Apr 15 21:29:33.717: %XCONNECT-5-PW_STATUS: MPLS peer 104.104.104.104 vcid 170,
VC state STANDBY
Apr 15 21:29:33.717: %XCONNECT-5-PW_STATUS: MPLS peer 106.106.106.106 vcid
170170, VC state UP
7604-2#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Gi2/4 Eth VLAN 170 106.106.106.106 170170 UP
7604-2#xconnect backup force-switchover peer 106.106.106.106 170170
7604-2#show mpls l2transport vc 170
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Gi2/4 Eth VLAN 170 104.104.104.104 170 UP
7604-2#show mpls l2transport vc 170170
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Gi2/4 Eth VLAN 170 106.106.106.106 170170 STANDBY
EXEC-level command issued to
force switchover to the Backup
PW
CE1
Site X
CE2a
Site Y
CE2b
PE1 102.102.102.102
PE2 104.104.104.104
PE3 106.106.106.106
IP/MPLS
PW VC id
170
170170
Backup PW activated
Primary PW in standby mode
Initial state:
Primary PW in UP state
Backup PW in Standby mode
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Two-Way Pseudowire Redundancy
VPWS / H-VPLS – Two-way Coupled
‒ When AC changes state to Active1,
both PWs will advertise Active
‒ When AC changes state to Standby1,
both PWs will advertise Standby
H-VPLS – Two-way Decoupled
‒ Regardless from AC state, Primary
PW and Backup PWs will advertise
Active state
For H-VPLS, all PWs in VFI (at nPE)
are Active simultaneously, for both
access & core PWs
Determining Pseudowire State
108
(1) Active / Standby AC states determined for example by mLACP
Active Active
Active
Standby Standby
Standby
pseudowire-class <class name>
encapsulation mpls
status peer topology dual-homed
Active Active
Active
Standby Active
Active
pseudowire-class <class name>
encapsulation mpls
status peer topology dual-homed
status decoupled
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
Two-Way Pseudowire Redundancy
VPLS – Two-way Coupled
‒ When at least 1 AC in VFI changes
state to Active, all PWs in VFI will
advertise Active
‒ When all ACs in VFI change state to
Standby, all PWs in VFI will advertise
Standby mode
VPLS – Two-way Decoupled
‒ Regardless from AC states, all PWs
in VFI will advertise Active state
Determining Pseudowire State (Cont.)
109
Default behavior – no extra CLI
Active
Active
Active
Active Standby
Standby
Standby
Standby
Standby
Standby
Standby Standby
Active
Active
Active
Active Standby
Standby
Standby
Standby
Standby
Active
Active
Active
l2 vfi <vfi name> manual
vpn id <vpn id>
status decoupled
neighbor <neighbor ip address>
neighbor <neighbor ip address>
Advanced Topics L2VPN and MPLS Traffic Engineering
Backup Slides
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
MPLS Traffic Engineering
Introduces explicit routing
‒ Uses RSVP-TE to establish LSPs
‒ Uses ISIS / OSPF extensions to
advertise link attributes
Supports constraint-based routing
Supports admission control
Provides protection capabilities
Multiple traffic selection options
Overview
TE LSP
IP/MPLS
Fish Problem
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
R2
R1
R8
IP/MPLS
R2
R1
R8
IP/MPLS
R2
R1
R8
IP/MPLS
R2
R1
R8
IP/MPLS
MPLS TE Deployment Models
Bandwidth Optimization Strategic Tactical
Protection Point-to-Point SLA
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
MPLS Traffic Engineering
Couples Layer-2 VPNs with MPLS
TE
Static mapping between PW and TE
Tunnel on PE
Implies PE-to-PE TE deployment
TE tunnel defined as preferred path
for pseudowire
Traffic could fall back to peer LSP if
tunnel goes down
AToM Tunnel Selection
Low Latency LSP
R2
R8
IP / MPLS
CE1a
CE2a
Protected LSP
CE1b
CE2b
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
7604-2(config-pw-class)#preferred-path interface ?
Tunnel Tunnel interface
Tunnel-tp MPLS Transport Profile interface
AToM Tunnel Selection Cisco IOS
114
pseudowire-class sample-Tunnel-select
encapsulation mpls
preferred-path interface Tunnel200
interface GigabitEthernet2/4
service instance 150 ethernet
encapsulation dot1q 150
rewrite ingress tag pop 1 symmetric
xconnect 106.106.106.106 150 encapsulation mpls pw-class sample-Tunnel-select
mtu 1500
Tunnel Selection preferred-path
interface configured under PW
class
7604-2#show mpls l2transport vc 150 detail
Local interface: Gi2/4 up, line protocol up, Eth VLAN 150 up
Interworking type is Ethernet
Destination address: 106.106.106.106, VC ID: 150, VC status: up
Output interface: Tu200, imposed label stack {65550 16025}
Preferred path: Tunnel200, active
Default path: ready
Next hop: point2point
Create time: 01:17:27, last status change time: 01:05:29
(snip)
PW in UP state and mapped to
an egress Tunnel interface
© 2012 Cisco and/or its affiliates. All rights reserved. BRKMPL-2101 Cisco Public
AToM Tunnel Selection Cisco IOS XR
115
l2vpn
pw-class sample-Tunnel-select
encapsulation mpls
preferred-path interface tunnel-te 200
xxx
RP/0/RSP0/CPU0:ASR9000-2#show l2vpn xconnect group Cisco-Live xc-name xc-sample-4 detail
Group Cisco-Live, XC xc-sample-4, state is up; Interworking none
AC: GigabitEthernet0/0/0/2.150, state is up
(snip)
PW: neighbor 102.102.102.102, PW ID 150, state is up ( established )
PW class sample-Tunnel-select, XC ID 0xc0000009
Encapsulation MPLS, protocol LDP
Source address 106.106.106.106
PW type Ethernet, control word enabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
Preferred path tunnel TE 200, fallback enabled
(snip)
PW in UP state and mapped to
an egress Tunnel interface
l2vpn
xconnect group Cisco-Live
p2p xc-sample-4
interface GigabitEthernet0/0/0/2.150
neighbor 102.102.102.102 pw-id 150
pw-class sample-Tunnel-select
RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-mpls)#preferred-path interface ?
tunnel-ip Specify IP tunnel interface name for preferred path
tunnel-te Specify TE tunnel interface name for preferred path
tunnel-tp Specify TP tunnel interface name for preferred path
Tunnel Selection preferred-path
interface configured under PW
class