Documente Academic
Documente Profesional
Documente Cultură
and ME3800X
Nicolas Breton Waris Sagheer
Product Manager Cisco TME Architect Cisco
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Agenda
Platform introduction
Design with Ethernet Virtual Circuit (EVC)
Quality of Services with ME3600X and ME3800X
Design with MPLS
Design with OAM
Platform Security
Scale Profiles
Case Studies
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Platform Introduction
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
What is the Access?
Residential
Unified Access
Distribution Core
U-PE Pre-AGG
STB
N-PE N-PE
CPE
IP/MPLS IP/MPLS
Business
Corporate
Applications
Service Provider Wireline
Mobile
Service Provider Mobile
Carrier Ethernet
ME36/3800 Roles in the
Network Enterprise Edge
CPE
UPE
Pre- Aggregation
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
What is the Access? Residential Services
Residential
High Speed Internet
Access Internet VOIP
IPTV, VoD
U-PE Pre-AGG
STB
N-PE
Business
Business
Corporate
Corporate
IP/MPLS
Business L2 Services
Mobile Mobile Backhaul Business L3 Services
E-LINE
L3VPN E-LAN
E-TREE
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Introducing ME3800 / 3600X
Flexible Service Delivery at 10G
Carrier Ethernet Switch Routers:
Access & Aggregation
Cisco ME 3800X
ME 3800X
10 GE
Cisco ME 3600X MPLS
Cisco ME 3600X 24CX ME 3800X
(Copper & Fiber) Aggregation
ME 3600X
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
ME 3600X Build for the Access
Access
Scale for the
Enterprise Pre- Aggregation Access MAC addresses 16,000
EFP 4,000
10GE
UNI Bridge Domains 4,000
ME3600X
IPv4 24,000 IPv4 routes
MPLS 512 PW
128 MPLS VPNs
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
ME 3800X in the aggregation
Scale for the
DSL Aggregation
10GE MPLS
MAC addresses 256,000
EFP 16,000
ME-3800X 7600
ASR9k Bridge Domains 8,000
MPLS 16,000 PW
2,000 MPLS VPN
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Comparing ME3600X Series and ME3800X Series
ME 3600X ME 3800X
ME3600X-24TS (Copper)
SKU ME3800X-24FS (Fiber)
ME3600X-24FS (Fiber)
Six Licenses
Two Licenses Metro Ethernet Services (Layer2 Only)
Licensing Metro IP Access ( IPv4 & Layer2) Metro IP Services (IP and Layer2)
Advanced Metro IP Acces (MPLS, IP & Layer2) Metro Aggregation Services (MPLS, IP and Layer 2)
Scaled Metro Ethernet, Metro IP and Metro Aggregation
Loopbacks H-QoS
802.1ah VPLS
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
ME3800X/3600X Architecture Overview
Cisco Carrier Ethernet ASIC
Unicast Life of a packet
1 Ingress Packet processing
Parsing packets Non Blocking ME3600X
QoS Classification 3
QoS Policing 1
Lookup operations 4
L2/L3/MPLS forwarding
2 24xGE 2x 10GE
Buffering
2.1
Multicast Replication
Multicast Life of a packet
3 ME3600X
Traffic management 2 Non Blocking ME3800X
Queuing 2.1
2.1
Scheduling
4 1 3 3
Egress Packet processing
Packets Rewrite
Performance with all Service enabled
4 4
24Gbps 24xGE 2x 10GE
36 Mpps
Presentation_ID Low latency/Jitter (<20us)
2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Design
with Ethernet Virtual Circuit (EVC)
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Cisco Ethernet Virtual Circuit (EVC) Framework
Enables Service Frame classification
Service Identification VLAN tag manipulation
Many Services on same port
Service Transport
Service Policies
Service Instance
associates:
EoMPLS PW
VPLS
EFP (Ethernet Flow Bridging
- Encapsulation
Point) or sub- EoMPLS PW
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Cisco Ethernet Virtual Circuit (EVC) Framework
Enables Service
Bridge Domain
Service Identification Ethernet over MPLS (VPWS)
Virtual Private Lan Services (VPLS)
Service Transport Many Transport Options
Routing
Service Policies L2 to L3 Option
Service Instance
associates:
EoMPLS PW
VPLS
EFP (Ethernet Flow Bridging
- Encapsulation
Point) or sub- EoMPLS PW
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Cisco Ethernet Virtual Circuit (EVC) Framework
Security
Enables Service QoS
ACL on EVC
Service Policies on EFP
Service Identification OAM
OAM Maintenance Point on EFP
Service Transport Fault Monitoring (802.1ag)
Performance Monitoring (Y.1731 2 Way Delay)
E-LMI
Service Policies
Service Instance
associates:
EoMPLS PW
VPLS
EFP (Ethernet Flow Bridging
- Encapsulation
Point) or sub- EoMPLS PW
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
EVC Implementation on ME3800X/3600X
Protocol Tuneling
Encapsulation Rewrite Bridge Domains
Per EFP
Up to 8,000 BD*
Untagged Pop 1 cdp, dtp, lacp, pagp,
Single tagged stp, vtp, udld, lldp
Pop 2 * With QoS, 4000 only Peer
Double tagged
None Tunnel
Default
Ethertype Translate
interface GigabitEthernet0/2
service instance 10 ethernet encapsulation dot1q 11
rewrite ingress tag pop 1 symmetric
bridge-domain 12
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Router Configuration W2-2
Topology
interface GigabitEthernet0/4 VC Label = 38
IGP Label = 18
switchport trunk allowed vlan none
Popped
(18)
switchport mode trunk
18
38
service instance 1 ethernet
Routed
Port Popped
encapsulation dot1q 10 etype ipv6 (38)
bridge-domain 2000 18 38
end
IPv6 traffic
Imposed(18,38)
Traffic Capture
interface Vlan2000
no ip address
end
100 %
LOSS
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
QinQ Configuration Example
EFP to Switchport
INGRESS UNI EGRESS NNI
interface GigabitEthernet0/1 interface GigabitEthernet0/2
switchport trunk allowed vlan none switchport mode trunk
switchport mode trunk
service instance 10 ethernet
encapsulation dot1q 10
bridge-domain 100
S-TAG
Gig 0/2 VLAN
Gig 0/1 100
Ingress TAG 10 Egress
EFP Switchport
VLAN 10 (C-TAG) Switch Push
VLAN 100 (S-TAG)
VLAN 10 (C-TAG)
Under Test Pop
ME3800X/ME3600X
Traffic Direction
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
S TAG
Double Tagged Frame
C TAG
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Selective QinQ
Ingress EFP to Egress Switchport
INGRESS UNI EGRESS NNI
interface GigabitEthernet0/1 interface GigabitEthernet0/2
switchport trunk allowed vlan none switchport mode trunk
switchport mode trunk
service instance 10 ethernet
encapsulation dot1q 10-20
bridge-domain 100
BD 5000
VLAN 1-50 Ingress EFP Egress EFP VLAN 100 (S-TAG)
(C-TAG) Gig 0/1
Switch Gig 0/2
VLAN 1-50 (C-TAG)
Under Test
ME3800X/ME3600X SWITCH
Traffic Direction
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
VLAN Translation
Summary table
Ingress Egress
Interface Interface
EFP Rewrite Rewrite EFP
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
UNI with 1:1 Translation
Ingress EFP to Egress EFP
INGRESS UNI EGRESS UNI
interface GigabitEthernet0/1 interface GigabitEthernet0/2
switchport trunk allowed vlan none switchport trunk allowed vlan none
switchport mode trunk switchport mode trunk
service instance 10 ethernet service instance 10 ethernet
encapsulation dot1q 10 encapsulation dot1q 20
rewrite ingress tag pop 1 symmetric rewrite ingress tag pop 1 symmetric
bridge-domain 10 bridge-domain 10
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
L2 Protocol Tunneling
Tunnel Option
interface GigabitEthernet0/4
service instance 20 ethernet
encapsulation untagged, dot1q 200 second-dot1q 300
l2protocol tunnel cdp stp vtp dtp pagp lacp udld lldp
bridge-domain 10
Protocols supported: cdp, dtp, lacp, pagp, stp, vtp udld lldp
If a protocol is not supported by L2PT, then it is dropped at the interface
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
L2 Protocol Tunneling
Forward Option
Core
1 GE 10GE ME3800X/ME3600 1 GE
ME3800X/ME3600X X
L2PT Forward Configuration
interface GigabitEthernet0/1
switchport trunk allowed vlan none L2PT Forward Option
switchport mode trunk
service instance 10 ethernet 3600-HL-1(config-if-srv)#l2protocol forward ?
encapsulation dot1q 10 second-dot1q 20 cdp Cisco Discovery Protocol
rewrite ingress tag pop 2 symmetric dtp Dynamic Trunking Protocol
l2protocol forward cdp stp lacp LACP Protocol
xconnect 5.5.5.5 1000 encapsulation mpls lldp Link Layer Discovery Protocol
mtu 1500 pagp Port Aggregation Protocol
stp Spanning Tree Protocol
udld UDLD Protocol
vtp Vlan Trunking Protocol
Why L2PT Forward?
Interop with Cisco devices which do not support L2PT tunnel (e.g. Cisco 7600)
Interop with Non Cisco devices to tunnel BPDUs
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
L2PT Summary
EFP with SVI
EFP with BD EFP with Xconnect
(Xconnect)
Default Drop all BPDU Drop all BPDU Drop all BPDU
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Quality of Service
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
QoS
General Information
All QoS configuration on the ME 3800X and 3600X switches is Modular QoS
CLI (MQC) compliant
QoS is always enabled. No concept of mls qos
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
QoS Overview
General Information
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Hierarchical QoS
General Information
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Switchport 3-Level H-QOS Policy
Channel, Subchannel, Queues policy-map Policy-B >>>> Port Level ( 3-Level)
class class-default
In the Policy-B mentioned above, shape average 10M
service-policy vlan
class class-default in Policy-B will
correspond to channels in the policy-map vlan >>> Vlan Level
ASIC, class vlan1
shape average 5M
Classes inside policy-map vlan will service-policy phb
class phb2
correspond to subchannels in the shape average 6M
ASIC service-policy phb
Classes inside policy-map phb will policy-map phb >>> Class Level
correspond to queues in the ASIC. class phb1
shape average 1M
class phb2
shape average 2M
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
EFP 2-level H-QOS Policy
A profile will be allocated from the respective profile policy-map phb >>> Class Level
tables class phb1
The new profile will be attached to the corresponding shape average 1M
ASIC entities, such as queues and subchannel. class phb2
shape average 2M
A policy in a EFP will correspond to separate queue-
subchannel hierarchy.
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
High-Level QoS Support
Voice Priority
3 level hierarchy
Ip prec=5
QoS Available on all ports 60%
VPN VLAN 10 150Mbps
Swichport, EVC, routed Ports Ip prec-3
Deep buffers Internet 20%
44MB on ME3600X Ip prec-0 500Mbps
352MB on ME3800X
VPN 70%
Large number of queues VLAN 15
Ip dscp=32 VLAN inner 2
Cisco standard MQC cli 20%
Data VLAN inner 100
QoS for Ethernet, IP and MPLS Ip dscp=8 CIR=75Mbps
PIR=100Mbps
Internet
10Mbps
Replication
Egress Queue/
Schedule
Classification Policing Marking Classification Policing Marking
Congestion
Control
QoS Actions at QoS Actions
Presentation_ID
Ingress at Egress
2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Classification Security Model
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Classification Security Model contd..
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
QoS Policy on Etherchannel
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
1st level 2nd level 3rd level
Ingress QoS Port (switchport) EFP/VLAN Cos inner/outer
VLAN inner/outer MAC ACL
interface GigabitEthernet0/3 DSCP/Prec
service instance 1 ethernet IPv4 ACL
encapsulation dot1q 200
rewrite ingress tag pop 1 symmetric MPLS exp
service-policy input vlan
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Default Propagation
Default COS propagation from Inner to Outer COS (Egress PUSH 1 &
Egress PUSH 2)
No COS propagation from Outer COS to Inner COS in case of Disposition
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Default COS Preservation with VLAN Translation
Test Cases Result
VLAN Translation 1:2 (EFP only) P bit Ingress = 4 and Egress = 4(S-VLAN), 4 (C-VLAN)
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
MPLS QOS
The EXP Marking actions (set mpls exp topmost, set mpls exp imposition)
modifies the EXP of the MPLS packet for only routed/MPLS-routed traffic.
The exp-value of the topmost outgoing label after these operations is available
for egress classification.
Long pipe, Short pipe, Pipe & Uniform modes are supported
Default behavior Short-Pipe mode.
Pipe mode need to be configured explicitly using IOS MQC CLI (QOS Group &
Discard Class)
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
MPLS/VPN QOS
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
EoMPLS QOS
The default behavior for the EoMPLS is to use a value of 0 in the EXP bits
of the VC and tunnel labels.
Ingress packet classification can be COS or DSCP/Prec
Default behavior can be changed by using set mpls experimental imposition
<imposed-exp-value> at ingress
EXP values are NOT automatically copied to COS bits
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
QoS treatment for CPU generated traffic
Egress
CPU generated traffic automatically classified as follow:
Classified As Protocols
Highest Priority EIGRP, HSRP, GRE, LDP, OSPF, RIP, WCCP, BFD, CFM, SAA, CDP, ISIS, DTP, IGRP,
Ether OAM, LACP, LLDP, UDLD, PAGP, STP, IKE, IKEv2, ICMP, BOOTP, RARP, IGMP,
MSDP, PIM, Telnet, SSH, RSVP, LSP ping, WCCP, GLBP, RGMP, HSRP, VRRP, BFD, BGP,
RIP, EIGRP
Normal Priority All other protocols.
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
QoS treatment for CPU generated traffic
Egress
Configuration
High Priority Normal Priority required
Classification Automatic Automatic No
Egress policing No policer is applied to CPU generated No policer is applied to CPU generated No
traffic traffic
Marking Takes place at the CPU and is specific to Takes place at the CPU and is specific to No
each protocol each protocol
Queueing One Separate queue per interface One separate queue per interface No
Queue limit is 100us Queue limit is 100us
Scheduling absolute priority Normal Priority No
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
3 level hierarchy
ME3600X#sh policy-map interface gigabitEthernet 0/1
QoS Scalability Service-policy input: ingress-stats-policer
Transmit and Drop Statistics: Packets, Bytes and Rates Per-queue, per-threshold
Shapers No limitation
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Design With IP/MPLS
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
IP and MPLS
IPv4 Unicast
IGP MPLS
OSPF L3VPN & L2VPN
ISIS
MPLS TE/FRR
EIGRP
BGP Unified MPLS
MPLS TP*
P2MP*
IPv6 Multicast
IPv4 Multicast
IGP
OSPFv3 Layer 2 Multicast
IGMP Snooping on Bridge Domain
ISISv6 IGMP Snooping on Pseudowire
* Roadmap
BGPv6
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Salient MPLS Features
Summary for MPLS capabilities
MPLS is enabled on all ports
Role in the MPLS network
Label Edge Router
Label Switch Router
Performance
TCAM Based Hardware Forwarding
Support of 5 MPLS Labels Push & 3 MPLS Labels Pop
NO performance degradation upon enabling multiple features at the same time
Support to enable Advanced MPLS features at the same time L3VPN, L2VPN, RFC 3107 & TE/FRR
NO performance degradation upon MPLS labels push or pop operation
Scale
Separate TCAM region for IPv4, IPv6, EVC & Multicast
Advertised scale numbers are multidimensional
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
MPLS Best Practices
Router ID, LDP Session Initialization, Label Filtering
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
MPLS Best Practices
Inbound and Outbound Label filtering
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
MPLS Best Practices
Default Route, Authentication, Purge, Dampening and Carrier Delay
6. Enable mpls on the default route using the following global command " mpls ip
default-route"
7. Configure MD5 Authentication
OSPF
BGP
ISIS
LDP
8. Enable "ip routing protocol purge interface" globally
9. Enable "dampening" & "carrier-delay msec 1" on the interface
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
MPLS Best Practices
Convergence
router ospf 1
ispf
log-adjacency-changes
timers throttle lsa all 10 20 5000
timers throttle spf 50 50 5000
timers lsa arrival 10
timers pacing flood 5
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
MPLS Best Practices
Fast Failure Detection and BFD
11.Enable BFD for fast failure detection in case of Loss of Light cannot be
detected
BFD is supported for the following interfaces
Port Mode
Switched Virtual Interface (SVI) - Requires global configuration "platform bfd allow-svi"
Port-Channel
Static
Per VRF
BFD Numbers
50 msec, 50 sessions supported
150 msec, 150 sessions supported
300 msec, 200 sessions supported
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
MPLS Best Practices
LDP Sessions
12. Use session protection for LDP and Targeted LDP
(when reducing IGP timers.)
Router(config)# mpls ldp session protection
mpls ldp session protection [vrf vpn-name] [for acl] [duration seconds]
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fssespro.html
13.Use LDP/IGP sync and reduce holddown timer
router ospf <num> / router isis <tag>
mpls ldp sync
Recommended to reduce the IGP sync holddown timer to a non-infinite time (a few
minutes or so) to avoid device isolation
mpls ldp igp sync holddown 600000
mpls ldp igp sync delay 10
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsldpsyn.html
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
MPLS Best Practices
BGP Sessions and Protection
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
MPLS Best Practices
MPLS VPN
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
MPLS Best Practices
HA in helper mode
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Subinterface Simulation on ME3800X/ME3600X
Recommendations
Subinterface is not supported on ME3800X/ME3600X, Cisco PABU is
recommending following to simulate subinterfaces behavior on
ME3800X/ME3600X platforms.
Unique SVIs on each switchport Trunk using switchport trunk allowed vlan X
To tag the native VLAN egress traffic and drop all untagged ingress traffic, enter
the global vlan dot1q tag native command
Remove MST
no spanning-tree mst configuration
no spanning-tree mode mst
no spanning-tree vlan 1-4094
Disable MAC learning
no mac address-table learning vlan X
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtual Private Wire Service (VPWS)
Currently available
U-PE in H-VPLS A MP2MP L2 bridging service. Provides broadcast domain for the customer networks
across the providers core network. But it supports only one PW from U-PE to N-PE. The PW
supports MAC learning.
VPWS tunnel selection Allows PW to be transported over a given path. Helpful in selecting MPLS-TE tunnels
through the provider core network to get better guarantees of SLAs to the customers.
PW over FRR Allows PW to be transported over FRR paths for failover protections due to failure in the
provider core network.
MPLS OAM for PW Debug and monitor end-to-end status of PW.
PW redundancy The backup PW path will be programmed by the control plane once the active PW goes
down. Allows disparate Ethernet network across the providers core network to be
connected using PW.
Auto-Sense Signaling This feature allows to remote PEs to negotiate VC type signaling.
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
VPWS
Configuration Example
Router Configuration W2-2
VC Label = 5657
interface GigabitEthernet0/4
IGP Label = 16
switchport trunk allowed vlan none
Popped 5657
switchport mode trunk (16) 16
! 16 5657
encapsulation dot1q 10
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
VPWS
Push the S-TAG
VPWS PW
Switch Router
PACKET CAPTURE interface GigabitEthernet0/14
Frame 18130: 1418 bytes on wire (11344 bits), 1418 bytes captured (11344 R-2 R-3 switchport trunk allowed vlan none
bits) G0/2 G0/2 switchport mode trunk
Ethernet II, Src: Cisco_e3:c9:42 (00:22:bd:e3:c9:42), Dst: Cisco_b9:a9:42 service instance 1 ethernet
(f4:ac:c1:b9:a9:42)
MultiProtocol Label Switching Header, Label: 25, Exp: 0, S: 0, TTL: 255
encapsulation dot1q 3200 second-dot1q 100
G0/3
rewrite ingress tag pop 1 symmetric
MultiProtocol Label Switching Header, Label: 34, Exp: 0, S: 1, TTL: 255
Ethernet II, Src: 00:00:00_00:00:14 (00:00:00:00:00:14), Dst:
G0/4 bridge-domain 1200
00:00:00_00:00:02 (00:00:00:00:00:02) !
802.1Q Virtual LAN, PRI: 5, CFI: 0, ID: 1200 interface Vlan1200
G0/2
no ip address
802.1Q Virtual LAN, PRI: 4, CFI: 0, ID: 100 G0/4 platform rewrite imposition tag push 1 symmetric
xconnect 200.1.1.11 100 encapsulation mpls
G0/4
interface GigabitEthernet0/4 R-4
switchport trunk allowed vlan none R-1 3800-H-2
switchport mode trunk
service instance 1 ethernet
encapsulation dot1q 3200 second-dot1q 100
rewrite ingress tag pop 1 symmetric
bridge-domain 1200
!
interface Vlan1200
no ip address
platform rewrite imposition tag push 1 symmetric
xconnect 200.1.1.12 100 encapsulation mpls
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Routed PW
Router Configuration ME3600-HL-3
Port based Routed PW interface TenGigabitEthernet0/1
switchport trunk allowed vlan 20
SVI based Routed PW switchport mode trunk
!
Routed VPLS interface Vlan20
ip address 1.1.1.1 255.255.255.0
Routed PW over FRR xconnect 10.10.10.2 10 encapsulation mpls
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multicast VPN
Introduction
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multicast VPN
VPN_B VPN_A
P
VPN_A
P VPN_B
VPN_B
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
MVPN
Limitations and Scale
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
IP Fast Reroute Overview
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
LFA and MPLS TE FRR
Comparing the two
LFA FRR MPLS TE FRR
Constraints based with BW guarantee and path
Repair Path Least cost
control
Control Plane Requirement None with Loop Free Alternate Required (or Capable?)
Network Topology Effective with mesh and small rings No dependency. Works on any survivable network.
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
IP FRR
Benefits
IP/LDP FRR
Sub 50 msec convergence without
using RSVP-TE. Configuration Simple CLI Simple CLI
Simple operation with minimal LDP
configuration; Control Plane
OSPF/ISIS OSPF/ISIS
Superior LFA scaling without tunnel
MPLS Network IP Network
requirement.
Incremental deployment with no inter-
operability req.
There is no change to the standard
based IGP protocols
IP FRR capability is internal to a
box.
Applicable to pure IP (IP FRR) and
MPLS (LDP FRR) networks
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
IP FRR
Protection mechanisms
Goal is to find alternative path to destination prefixes In same topology, may find some
Per-Prefix
1 SPF per neighbor prefixes though not for all.
Note: SPF calculations for LFAs are performed in background and pre-
empted in case of convergence event
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
What kinds of LFA do we have?
Directly Connected
Remote LFA (Ring Topology)
Need to tunnel the packet to the LFA
Need a smart tunnel
Objective:
We want to protect against the loss of the primary next-hop by
redirecting traffic to the pre-calculated LFA(s)
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Remote LFA
Description
In previous example, we just do not have neighbor that is also an LFA
Common with ring topology
Router B will loop back traffic destined to P/p
No LFA for node C
Solution
Use remote LFA
Accomplished by tunneling traffic to D to deliver to P/p
C
10
Protecting 10 E
P/p
Node Link
Failure
A
20
10
20
B D
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Unified MPLS
What is Unified MPLS?
Classical MPLS network with few additions
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Unified MPLS for Mobile Transport
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Label Switched Paths
Description
Static
Bidirectional
Co-routed (same forward and reverse paths)
In-band Generic Associated Channel (G-ACh)
Ultimate hop popping (no explicit/implicit null)
No ECMP
Contained within a tunnel
MPLS-TP LSP
MPLS-TP
G-ACh Tunnel
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enabling an MPLS TP network
No IP routing required in control and forwarding planes
Node will still source/terminate IP packets (e.g. SNMP, NTP)
Link numbers required on each MPLS-TP interface
MPLS-TP
Two interface configuration models
IP-enabled (uses ARP)
IP-less (no ARP)
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Design with OAM
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
OAM - Continuity Fault Management ( CFM)
Fault Management Protocols
Continuity Check Messages (CCM)
Linktrace (Ethernet tracetoute)
Loopback (Ethernet Ping)
Alarm Indication signal ( ETH AIS)
Remote Defect Indicator (ETH RDI)
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
OAM - Continuity Fault Management (CFM)
BD or xconnect
ethernet evc e2
Continuity Check
MEP 512
MEP 511 VLAN 20
Layer 2 Interface Layer 2 Interface
CE 1 UPE A NPE A NPE B UPE B CE 2
interface ten 0/1 interface ten 0/1
switchport mode trunk switchport mode trunk
Switchport trunk allowed vlan 2 Switchport trunk allowed vlan 2
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
OAM - Continuity Fault Management (CFM)
BD or xconnect
ethernet evc e2
Continuity Check
MEP 512
MEP 511 PW
Communicates
EVC status CE 1 UPE A
EVC attributes
Interworking
CE autoconfiguration
Link SP Cloud
Remote UNI status CE UPE
E-LMI to CFM BD ELMI CFM & BD
Standard: defined in MEF16
E-LMI to CFM Xconnect ELMI CFM EVC xconnect *
E-LMI to PW OAM ELMI EVC xconnect with MPLS OAM
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Performance Monitoring
Level 7
1731 PM Level 5
Supported on
CE 1 UPE A NPE A NPE B UPE B CE 2
Down MEP
UP MEP Performance Monitoring
Supported with Link CE - UPE SP Cloud
Delay/Jitter ETH DM DMM/DMR
EVC xconnect
Loss ETH SLM SLM/SLR
EVC BD E-LMI to PW OAM ELMI EVC xconnect with
MPLS OAM
EVC xconnect on Port Channel
EVC BD on Port Channel
*CFM SVI xconnect not supported
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Performance Monitoring MEP2
MEP 4
1731 PM Scale MEP 1 MEP 6
MEP 3 MEP 5
CE 1 PE1 PE2 CE 2
Number of actives CCM
100ms 250 Profile 1: 10sec CCM and 1sec DMM
#of local # of remote # of active CPU Max recommended
1s 1000 MEP MEP DMM Utilization
DOWN MEP
CCM CCM Filtering
Profile 2: 1sec CCM and 1sec DMM
#of local # of remote # of active CPU Max recommended
MEP MEP DMM Utilization
MIP
CCM CCM Filtering
Profile 3: 1sec CCM and 1sec DMM
# of local # of remote # of active CPU Max recommended
MEP MEP DMM Utilization
D S
Port level NNI UNI
Intrusive D S CPE
ME 3600X
Mac Swap Customer Site
A
VLAN level
Non intrusive Facility Terminal
Mac Swap Port Level Y Y
VLAN level Y Y
Per Mac Address loopback
Ingress QoS N Y
Egress QoS N Y
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Platform Security
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Port Router
Access Control List ACL ACL
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Control Plane Policing (COPP)
List of 20 CPU Queues
ME3600X
ME3800X
Queue used for CPU
1 Software forwarding
2 Routing Protocols
3 ICMP
4 Host
5 ACL logging Queue used for Control Plane Traffic Control Plane Traffic
11 Ingress Egress
6 STP CFM
7 12 Control
L2 Protocols
8 13 IP options
Multicast Control Plane
9 14 Multicast
Broadcast
10 15 Multicast Route
REP
16 Multicast mismatch
17 RPF Failed
18 Routing throttle
19 Multicast Queue
20 MPLS OAM
21 MPLS MTU
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Configuring Control Plane Policing (COPP)
ME3600X
ME3800X
Configure Control Plane Policing CPU
>> Ingress only
>> Use QoS ACL ( MAC, IP)
>> QoS ACL supports:
- Prec Control Plane Traffic Control Plane Traffic
-DSCP Ingress Egress
- Access group
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configuring Control Plane Policing (COPP)
Configure the control plane policer
ME3600X
ME3800X
Configure Control Plane Policing CPU
>> Ingress only
>> Use QoS ACL ( MAC, IP) Monitor Control Plane policers
>> QoS ACL supports:
- Prec Control Plane Traffic Control Plane Traffic
-DSCP Ingress Egress
- Access group
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Scale Profiles
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
L2VPN Scalability Profile
Number of TE tunnels
MST 1K
7600 7200
Traffic Traffic
REP
ASR9000 EoMPLS Pseudowire (SVI xconnect)
Primary tunnel
REP
ASR9000 EoMPLS Pseudowire (SVI xconnect)
Primary tunnel
MST
7600 7200
Traffic Traffic
REP
ASR9000 EoMPLS Pseudowire (SVI xconnect)
Primary tunnel
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Resiliency for Layer2 VPN Deployment
EoMPLS from the access Enabled on the U-PE Protection
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
L3VPN Resiliency with TE/FRR Tunnel
MPLS L3VPN design using MP-BGP
MP-BGP between UPE1, UPE2 and PE2 Link
LinkFailure
Failure Core
Corelink
link
failure
failure
PE1, PE3 and P act as LSR Failure 14msec
33ms 76msec
6sec
Traffic Flow
UPE1 Gi0/1 PE2 Te2/1 (VRF)
TE/FRR
Fast forConfiguration
Convergence link protection
Global Configuration
ip routing protocol purge interface
mpls ldp session protection
router ospf 1
Ispf
timers throttle lsa all 10 20 5000
timers throttle spf 50 50 5000
timers lsa arrival 10
timers pacing flood 5
int te0/1
carrier-delay msec 0
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Case Study: Carrier Ethernet Islands
Connectivity using BGP with Label
Distribution
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Carrier Ethernet Services
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Carrier Ethernet Islands
Connectivity Service
Access Carrier Ethernet Island Layer 3 Edge
Dotted line means a link to any device within green blocks
DSLAM
VLAN (HSI, VoIP, Video )
ME3400E (Business)
BRAS
PE (MPLS-VPN)
ME3600X (Mobile)
Distribution
Aggregation
Second Level 7609
Aggregation ME3800X
ME3800X
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
End-2-End MPLS LSP for L2 Targeted
transport
LDP over MPLS between AS
domains AGG1 DIST1 & DIST2
End-to-End Cisco 7600 AGG2
Inter-AS between two CSC-CE1 CSC-CE2
independent IGP clouds DIST1 CSC-PE1 CSC-PE2 DIST2
AS2
AS1 MPLS Backbone
Distribution = Border routers CsC Support in Label exchange between both domains
CSC-PE to CSC-CE protocol eBGP (15.1(2)EY) Send labels between CSC-CE and CSC-PE
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Design Validation
interface GigabitEthernet1/1
DIST1-7600
ip address 192.168.11.2 255.255.255.0
mpls bgp forwarding !! auto generated
!
router bgp 65100
neighbor <DIST2> remote-as 65100
neighbor <DIST2> update-source Loopback0
neighbor <AGG1> remote-as 65100
AGG1-ME3800X
router bgp 65100 neighbor <AGG1>update-source Loopback0
neighbor <DIST1> remote-as 65100 neighbor <PE1> remote-as 100
neighbor <DIST1> update-source Loopback0 !
neighbor <DIST2> remote-as 65100 address-family ipv4
neighbor <DIST2> update-source Loopback0 network <DIST1-Loopback> mask 255.255.255.255
! neighbor <DIST2> activate
address-family ipv4 neighbor <DIST2> send-community both
network <AGG1-Loopback> mask 255.255.255.255 neighbor <DIST2> next-hop-self
neighbor <DIST1> activate neighbor <DIST2> send-label
neighbor <DIST1> send-community both neighbor <AGG1> activate
neighbor <DIST1> send-label neighbor <AGG1> send-community both
neighbor <DIST2> activate neighbor <AGG1> next-hop-self
neighbor <DIST2> send-community both neighbor <AGG1> send-label
neighbor <DIST2> send-label neighbor <PE1> activate
maximum-paths ibgp 2 neighbor <PE1> send-community both
108
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved.
neighbor <PE1> send-label
Cisco Public
Design Validation contd..
interface GigabitEthernet1/1
PE1-7600
ip vrf forwarding ISLA-A
ip address 192.168.11.1 255.255.255.0
mpls bgp forwarding !! auto generated
end
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor <RR> remote-as 100
neighbor <RR> update-source Loopback0
!
address-family vpnv4 RR bgp 100
router
neighbor <RR> activate
no bgp default ipv4-unicast
neighbor <RR> send-community both
bgp log-neighbor-changes
exit-address-family
neighbor ibgp peer-group
!
neighbor ibgp remote-as 100
address-family ipv4 vrf ISLA-A
neighbor ibgp update-source Loopback0
no synchronization
neighbor <PE1> peer-group ibgp
neighbor <DIST1> remote-as 65100
neighbor <PE2> peer-group ibgp
neighbor <DIST1> activate
neighbor <PE4> peer-group ibgp
neighbor <DIST1> send-community both
!
neighbor <DIST1> as-override
address-family vpnv4
neighbor <DIST1> route-map soo in
neighbor ibgp send-community both
neighbor <DIST1> send-label neighbor ibgp route-reflector-client
exit-address-family neighbor <PE1> activate
! neighbor <PE2> activate
route-map soo permit 10 neighbor <PE4> activate
set extcommunity soo 100:1 exit-address-family Cisco Public
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. 109
Design Validation contd..
AGG1-ME3800X
interface GigabitEthernet0/1
switchport trunk allowed vlan none
switchport mode trunk
service instance 1 ethernet
AGG2-ME3800X
interface GigabitEthernet0/1
encapsulation dot1q 11 switchport trunk allowed vlan none
bridge-domain 1000 switchport mode trunk
! service instance 1 ethernet
interface Vlan1000 encapsulation dot1q 12
no ip address bridge-domain 1000
xconnect 5.5.5.5 300 encapsulation mpls !
OR interface Vlan1000
no ip address
interface Vlan1000
ip vrf forwarding dslam xconnect 6.6.6.6 300 encapsulation mpls
ip address 10.1.1.1 255.255.255.0 OR
interface Vlan1000
ip vrf forwarding dslam
110
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved.
ip address 20.1.1.1 255.255.255.0
Cisco Public
Public Sector MPLS Network Design
Internet
Partners
MPLS
Data Center
Partners
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Dual-Box Mobile Backhaul
Requirements
Fast Convergence (<500ms) Why ME3800X/ME3600X?
QoS (Voice, Marking)
Form Factor
ME3800X/ME3600X As Mid RAN H-QoS
MPLS VPN
Dual Box Solution Low latency
L3VPN with Unique RD per VRF Fast Convergence
Unique RD enables VPN Loadbalancing
BFD over SVI and HSRP
BFD on Backhaul Interfaces
IGP Fast Convergence
H-QOS
IP SLA
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Dual-Box Mobile Backhaul contd
ME-3600-1
ip vrf NodeB_1 interface Loopback0 ME-3600-1 ip vrf RNC C7609
ip vrfrdNodeB_1
65500:190 ip Loopback0
interface address 200.200.1.1 255.255.255.255 description "Test 3G RNC"
route-target
description "Testexport 65500:90
- Traffic NodeB1" ip address 200.200.1.2 255.255.255.255 rd 65500:500
rd 65500:90
route-target export 65500:90 ME-3600-1
G1/0/0 RNC
NodeB G2/38 GE0/9
GE0/24
GE0/5
G2/37 GE0/24 GE0/23
BACKHAUL G1/0/19
G2/39
C7606 G1/0/1
ME-3600-1
interface Vlan90 ME-3600-2 C7609
ip vrf forwarding NodeB_1
ip address 90.90.1.2 255.255.255.0 7609S#sh ip bgp vpnv4 all C7609
ME-3600-2
carrier-delay msec 0
interface
standbyVlan90
mac-refresh 5 Route Distinguisher: 65500:500 (default for vrf RNC)
ip vrf forwarding
standby 90 ipNodeB_1
90.90.1.1 Network Next Hop Metric LocPrf Weight Path
ip address
standby90.90.1.3
90 timers255.255.255.0
msec 200 msec 600 * i90.90.1.0/24 200.200.1.2 0 100 0 ?
carrier-delay msec 0
standby 90 priority 20 *>i 200.200.1.1 0 100 0 ?
standby mac-refresh
standby 5 delay reload 90
90 preempt
standby 90 ip
standby 9090.90.1.1
track GigabitEthernet0/
standby 90 timers msec 200 msec 600 Active to Stby [ms] Stby to Active [ms]
standby 90 priority 15 NodeB to RNC RNC to Node B NodeB to RNC RNC to NodeB
standby 90 preempt
Backhaul Failure - shutdown ME3600-1 62 67 0 13
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Cable Mobile Backhaul
Access
ME3600X Key Features Distribution Core
Pre-AGG
MPLS Backbone Vlan 10,20
N-PE
Dot1q packets from Cell Site to MSO
End to End PW from ME3600X to ASR9K
to carry dot1q packets IP/MPLS
QOS
Cost Effective
1RU Form Factor EoMPLS PW
Green
Vlan 10,20
End to End management
MSO CoS 4 to Exp 4 QoS mapping
+
Rate lImiting
class-map match-all match-cos4
match cos 4
policy-map mobile-cos
class match-cos4
police cir 50000000
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. conform-action
Cisco Publicset-mpls-exp-transmit 4 116
Designing with ME36/3800X
Summary
Diverse Applications
Technical Reference
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Complete Your Online
Session Evaluation
Give us your feedback and you
could win fabulous prizes.
Winners announced daily.
Receive 20 Passport points for each
session evaluation you complete.
Complete your session evaluation
online now (open a browser through
our wireless network to access our Dont forget to activate your
portal) or visit one of the Internet Cisco Live Virtual account for access to
stations throughout the Convention all session material, communities, and
on-demand and live activities throughout
Center. the year. Activate your account at the
Cisco booth in the World of Solutions or visit
www.ciscolive.com.
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Presentation_ID 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public