Technology Introduction MPLS

VPLS

VPLS
Virtual Private LAN Service (VPLS), also called Transparent LAN Service (TLS) or virtual private switched network service, can deliver a point-to-multipoint L2VPN service over public networks. With VPLS, geographically-dispersed sites can interconnect and communicate over MAN or WAN as if they were on the same LAN. VPLS provides Layer 2 VPN services. However, it supports multipoint services, rather than the point-to-point services that traditional VPN supports. With VPLS, service providers can create on the PEs a series of virtual switches for customers, allowing customers to build their LANs across the Metropolitan Area Network (MAN) or Wide Area Network (WAN).

Operation of VPLS
I. Basic VPLS concepts

CE

Customer edge device that is directly connected with the service provider network.

PE

Provider edge device that connects one or more CEs to the service provider network. A PE maps and forwards packets between private networks and public network tunnels. A PE can be a UPE or NPE.

UPE

User facing provider edge device that functions as the user access convergence device.

NPE

Network provider edge device that functions as the network core PE. An NPE resides at the edge of a VPLS network core domain and provides transparent VPLS transport services between core networks.

VSI

Virtual switch instance that maps actual VPLS access links to virtual links.

PW

Pseudo wire that is the bidirectional virtual connection between VSIs. A PW consists of two unidirectional MPLS virtual circuits (VCs).

AC

Attachment circuit that connects the CE to the PE. It can use physical interfaces or virtual interfaces. Usually, all user packets on an AC, including Layer 2 and Layer 3

Technology Introduction MPLS

VPLS

protocol messages, must be forwarded to the peer site without being changed.

QinQ

802.1Q in 802.1Q, a tunneling protocol based on 802.1Q. It offers a point-to-multipoint L2VPN service mechanism. With QinQ, the private network VLAN tags of packets are encapsulated into the public network VLAN tags, allowing packets to be transmitted with two layers of tags across the service provider network. This provides a simpler Layer 2 VPN tunneling service.

Forwarders

A forwarder functions as the VPLS forwarding table. Once a PE receives a packet from an AC, the forwarder selects a PW for forwarding the packet.

Tunnel

A tunnel, usually an MPLS tunnel, is a direct channel between a local PE and the peer PE for transparent data transmission in-between. It is used to carry PWs. A tunnel can carry multiple PWs.

Encapsulation

Packets transmitted over a PW use the standard PW encapsulation formats and technologies: raw and tagged.

PW signaling

The PW signaling protocol is the fundament of VPLS. It is used for creating and maintaining PWs and automatically discovering VSI peer PE. Currently, there are two PW signaling protocols: LDP and BGP.

QoS

Quality of Service (QoS) is implemented by mapping the preference information in the packet header to the QoS preference information transferred on the public network. Figure 1 shows a typical VPLS networking scenario.

Technology Introduction MPLS

Site 1 Tunnel PW AC Site 2 Forwarder P CE 3 VPN 1 PE 1 PE 2 MPLS backbone VPN 1 CE 1 VPN 2 CE 2

VPLS

CE 4

PWSignaling

VPN 2 Site 3

Figure 1 Network diagram for VPLS

II. MAC address learning and flooding

VPLS provides reachability by MAC address learning. Each PE maintains a MAC address table. 1) Source MAC address learning

MAC address learning includes two parts:

Remote MAC address learning associated with PWs

A PW consists of two unidirectional VC LSPs. A PW is up only when both of the VC LSPs are up. When the inbound VC LSP learns a new MAC address, the PW needs to map the MAC address to the outbound VC LSP.

Local MAC address learning of interfaces directly connected with users

This refers to learning source MAC addresses from Layer 2 packets originated by CEs. This occurs on the corresponding VSI interfaces. Figure 2 shows the procedure of MAC address learning and flooding on PEs.

Technology Introduction MPLS

PE 1 VSI VPN 1 VPN 1 MAC A B PE 1 Port Vlan 10, port 1 PW 1 PE 3 ARP broadcast ARP reponse

VPLS

PW 2 MAC A IP 1.1.1.2 PW 1 PE 2 VSI VPN 1 VPN 1 MAC A B Port PW 1 Vlan 10, port 1 PE 2 VSI VPN 1 PW 2 PE 3 MAC A Port PW 2

MAC B IP 1.1.1.3

Figure 2 MAC learning and flooding on PEs 2) MAC address reclaim

Dynamic address learning must support refreshing and relearning. The VPLS draft defines a dynamic address learning method that uses the address reclaim message, which carries MAC TLV. Upon receiving such a message, a device removes MAC addresses or relearns them according to the specified parameters in the TLV. If NULL is specified, the device removes all MAC addresses of the VSI except for those learned from the PW that received the address reclaim message. The address reclaim message is very useful when the network topology changes and it is required to remove the learned MAC addresses quickly. There are two types of address reclaim messages: those with MAC address lists and those without MAC address lists. After a backup link becomes active and a message with relearning MAC entries arrives, a PE updates the corresponding MAC entries in the FIB table of the VPLS instance and sends the message to other PEs that are directly connected through LDP sessions. If the message contains a null MAC address TLV list, these PEs remove all MAC addresses from the specified VSI, except for those learned from the PW that sent the message. 3) MAC address aging

Remote MAC addresses learned by a PE that are related to VC labels but no more in use need to be aged out by an aging mechanism. The aging mechanism used here is the aging timer corresponding to the MAC address. When receiving a packet whose source MAC address has an aging timer started, the PE resets the aging timer.

Technology Introduction MPLS

VPLS

III. VPLS loop avoidance

In general, Layer 2 networks use the Spanning Tree Protocol (STP) to avoid loops. This is not applicable for users of VPLS network because they cannot sense the service provider network. Therefore, enabling STP in the private network has nothing to do with the service provider network. In VPLS, full mesh and horizontal split forwarding are used to avoid use of STP at the private network side. Two methods for VPLS loop avoidance are supported:

PEs are logically fully meshed (so are PWs), that is, each PE must create for each VPLS forwarding instance a tree to all the other PEs of the instance. Each PE must support horizontal split to avoid loops, that is, a PE cannot forward packets via PWs of the same VSI, because all the PEs of a VSI are directly connected. In other words, packets from PWs on the public network side cannot be forwarded to other PWs; they can only be forwarded to the private network side.

IV. Peer PE discovery and PW signaling protocol

For PE devices in the same VSI, you can configure the remote PE addresses or use an automatic discovery mechanism. Currently, LDP and BGP are used to automatically discover VSI peer PEs and function as the PW signaling protocol to create PWs.

The PW signaling protocol is designed to assign multiplex distinguishing flags (that is, VC labels) and advertise the assigned VC flags to the peer. In addition, the PW signaling protocol advertises VPLS system parameters such as PW ID, control word, and interface parameters. With the PW signaling protocol, fully meshed PWs can be established between PEs for VPLS services.

VPLS Packet Structure

I. Packet encapsulation on an AC
The packet encapsulation type of an AC depends on the user VSI access mode: VLAN, Ethernet.

VLAN access: The Ethernet header of a packet sent by a CE to a PE or sent by a PE to a CE includes a VLAN tag, which is added in the header as a service delimiter for the service provider network to identify the user. The tag is also called P-TAG.

Ethernet access: The Ethernet header of a packet upstream from the CE or downstream from the PE does not contain any service delimiter. If a header contains a VLAN tag, it is the internal VLAN tag of the user and means nothing to the PE. This kind of internal VLAN tag of the user is also called U-TAG.

You can specify the VSI access mode to be used.

Technology Introduction MPLS

VPLS

II. Packet encapsulation on a PW

The packet encapsulation type of a PW can be either raw or tagged.

In raw mode, P-TAG is not transferred on the PW. If a packet from a CE contains the service delimiter, the system removes the service delimiter and adds two levels of MPLS labels into the packet before sending the packet out. If no delimiter is contained, the system directly adds two levels of MPLS labels into the packet and then sends the packet out. For a packet sent from a PE downstream, whether the system adds the service delimiter into the packet depends on your configuration. However, rewriting and removing of any existing tags are not allowed.

In tagged mode, any packet to the PW must carry P-TAG. For a packet from a CE, if it contains the service delimiter, the system directly adds two levels of MPLS labels into the packet and sends the packet out. Otherwise, the system adds a null tag together with two levels of MPLS labels into the packet and sends the packet out. For a packet sent from a PE downstream, the system rewrites, removes, or retains the service delimiter depending on your configuration.

According to the protocol, the packet encapsulation type of a PW is tagged by default.

H-VPLS Implementation
Hierarchy of VPLS (H-VPLS) can extend the VPLS access range of a service provider and reduce costs.

I. Advantages of H-VPLS access

H-VPLS has lower requirements on the convergence device of multi-tenant unit switch (MTU-s). It has distinct hierarchies which fulfill definite tasks. H-VPLS reduces the logical complexity of fully meshed PEs and the configuration complexity.

II. Two H-VPLS access modes

1) H-VPLS LSP access
NPE 1 N-PW UPE N-PW N-PW U-PW NPE 3 CE 3

CE 1

CE 2

NPE 2

Figure 3 H-VPLS LSP access

Technology Introduction MPLS

VPLS

As shown in Figure 3, UPE functions as the convergence device MTU-s and establishes only a virtual link U-PW with NPE 1. It does not establish virtual links with any other peers. Data forwarding is as follows:

Upon receiving a packet from a CE, UPE tags the packet with the corresponding MPLS label, the multiplex distinguishing flag, and sends the packet to NPE 1. When receiving the packet, NPE 1 determines to which VSI the packet belongs by the label and, based on the destination MAC address of the packet, tags the packet with the multiplex distinguishing flag for N-PW, and forwards the packet.

Upon receiving the packet from N-PW, NPE 1 tags the packet with the multiplex distinguishing flag for U-PW and sends the packet to UPE, which forwards the packet to the CE.

For packets to be exchanged between CE 1 and CE 2, UPE can forward them directly without NPE 1 because it holds the bridging function by itself. For the first packet with an unknown destination MAC address or a broadcast packet, UPE broadcasts the packet to CE 2 through the bridging function and, at the same time, forwards it through U-PW to NPE 1, which replicates the packet and sends a copy to each peer CE. 2) H-VPLS QinQ access
PE 1 QinQ MTU PW PW PE 3 CE 3

CE 1

CE 2

QinQ

PW PE 2

Figure 4 H-VPLS QinQ access As shown in Figure 4, MTU is a standard bridging device and QinQ is enabled on its interfaces connected with CEs. Data forwarding is as follows:

Upon receiving a packet from a CE, MTU labels the packet with VLAN tag as the multiplex distinguishing flag, and transparently sends the packet to PE 1 through the QinQ tunnel.

When receiving the packet, PE 1 determines to which VSI the packet belongs by the VLAN tag and, based on the destination MAC address of the packet, tags the packet with the multiplex distinguishing flag (MPLS label) for PW. Then, it forwards the packet.

Technology Introduction MPLS

VPLS

Upon receiving the packet from PW, PE 1 determines to which VSI the packet belongs by the multiplex distinguishing flag (MPLS label) and, based on the destination MAC address of the packet, labels the packet with the VLAN tag. Then, it forwards the packet through the QinQ tunnel to MTU, which forwards the packet to the CE.

For packets to be exchanged between CE 1 and CE 2, MTU can forward them directly without PE 1 because it holds the bridging function by itself. For the first data packet with an unknown destination MAC address or a broadcast packet, MTU broadcasts the packet to CE 2 through the bridging function and, at the same time, forwards it through the QinQ tunnel to PE 1, which replicates the packet and sends a copy to each peer CE.

Hub-Spoke VPLS Implementation

In hub-spoke networking, one of the VPLS networking modes, there is one hub site and multiple spoke sites. The spoke sites (that is, the spoke-CEs) are not permitted to communicate with each other directly; data transmission between them depends on the hub site (that is, the hub-CE). The PE connecting the hub site is called the hub-PE, while the PEs connecting the spoke sites are called spoke-PEs.

I. Advantages of hub-spoke networking

In hub-spoke networking, all traffic between spoke sites must go through the hub site, facilitating centralized management of traffic.

II. Hub-Spoke networking

Hub-CE

Hub-PE

Spoke-PE 1

Spoke-PE 2

Spoke-CE 1

Spoke-CE 2

Figure 5 Hub-spoke networking As shown in Figure 5, the data forwarding procedure in a hub-spoke networking application is as follows:

Technology Introduction MPLS

VPLS

1)

Upon receiving a packet from Spoke-CE 1, Spoke-PE 1 inserts an MPLS label into the packet according to the VSI to which Spoke-CE 1 belongs and then forwards the packet to Hub-PE.

2) 3) 4)

Receiving the packet from the PW, Hub-PE determines by the MPLS label the VSI that the packet is for and forwards the packet to Hub-CE directly. Hub-CE has Layer 2 forwarding function. It processes the packet and then forwards the packet back to Hub-PE. Receiving the packet from the AC, Hub-PE determines by the VLAN tag the VSI that the packet is for, inserts an MPLS label to which the PW corresponds based on the destination MAC address, and forwards the packet to Spoke-PE 2.

When Spoke-PE 2 receives the packet from the PW, it determines by the MPLS label the VSI that the packet is for, and then forwards the packet to Spoke-CE 2.