Documente Academic
Documente Profesional
Documente Cultură
Cisco Public 1
Abstract
This session covers the fundamental and advanced topics associated with the
deployment of Layer 2 VPNs over an MPLS network.
The material presents a technology overview with an emphasis on ethernet-
based point-to-point and multipoint VPNs. Session content then focuses on
deployment considerations including: Signaling/Auto-discovery, OAM,
Resiliency and Inter-AS.
The attendee can expect to see sample configurations (IOS and IOS-XR)
associated with the provisioning of L2VPNs.
This session is intended for service providers and enterprise customers
deploying L2VPNs over their MPLS network.
Cisco Public 2
1
9/27/16
Agenda
Cisco Public 3
2
9/27/16
Service Offerings
L2VPN Transport Services
Circuit Emulation AAL5 over Pseudowire FR over Pseudowire Ethernet Virtual Ethernet Private
Service over PSN Private Line (EVPL) LAN (EPLAN)
(CESoPSN)
PPP/HDLC
Cisco Public
3
9/27/16
(PW) technology
PWs provide a common Packet
Switched
intermediate format to transport Provider
Edge Network
multiple types of network services
over a Packet Switched Network
(PSN)
Pseudowire
PW technology provides Like-to-
Like transport and also ATM
FR
Interworking (IW)
TDM
PPP/HDLC
Ethernet
Cisco Public
4
9/27/16
AC PW2 AC
CE PE PE CE
AC AC
CE CE
Ref:
RFC 3985
Pseudo
W ire
Emulation
Edge-to-Edge
(PWE3)
Architecture,
March
2005
Cisco Public
5
9/27/16
Pseudowire
Traffic direction
Tunnel label
swapping through Penultimate Hop
Popping (PHP) VC label
VC and Tunnel MPLS cloud disposition
label imposition
Push Swap Pop Pop
Push
Cisco Public
6
9/27/16
7
9/27/16
7604-2#show running-config
If rejected by remote PE, then VC pseudowire-class test-pw-class-VC4
encapsulation mpls
type 4 will be used interworking vlan
!
VC type 4 or 5
Cisco Public
pw-class test-pw-class-VC5
encapsulation mpls
transport-mode ethernet
Cisco Public
8
9/27/16
9
9/27/16
Pseudowire
VC Type 5
Single-tagged frame 10 10
Double-tagged frame 10 tag tag 10 tag
IOS-XR
No service-delimiting vlan
POP VLAN 10
expected (VC 5)
l2vpn No Push of Dummy tag (VC 5) IOS
pw-class class-VC5
PUSH VLAN 10
encapsulation mpls pseudowire-class class-VC5
transport-mode ethernet encapsulation mpls
interworking ethernet
xconnect group Cisco-Live
p2p xc-sample-1 interface GigabitEthernet2/2
interface GigabitEthernet0/0/0/2.100 service instance 3 ethernet
neighbor 102.102.102.102 pw-id 111 encapsulation dot1q 10
pw-class class-VC5 rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 111 encap mpls pw-class class-VC5
interface GigabitEthernet0/0/0/2.100 l2transport
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
MPLS label
Cisco Public
Pseudowire
VC Type 4
IOS-XR
POP service-delimiting
POP VLAN 10
vlan (VC 4)
l2vpn Push Dummy tag (VC 4) IOS
pw-class class-VC4
PUSH VLAN 10
encapsulation mpls pseudowire-class class-VC4
transport-mode vlan encapsulation mpls
interworking vlan
xconnect group Cisco-Live
p2p xc-sample-1 interface GigabitEthernet2/2
interface GigabitEthernet0/0/0/2.100 service instance 3 ethernet
neighbor 102.102.102.102 pw-id 111 encapsulation dot1q 10
pw-class class-VC4 rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 111 encap mpls pw-class class-VC4
interface GigabitEthernet0/0/0/2.100 l2transport
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
MPLS label
Cisco Public
10
9/27/16
MTU Considerations
PW payload
No payload fragmentation supported MTU signaled
between PEs
Incoming PDU dropped
if MTU exceeds AC MTU PE1 PE2
11
9/27/16
Cisco Public
12
9/27/16
Cisco Public
Cisco Public
13
9/27/16
addresses CE
CE
Flooding (Broadcast, Multicast, Unknown
PW
Unicast) CE
U-PE B
N-PE 2 Applies N-PE 4Applies
Split-
MAC Learning/Aging/Withdrawal Ethernet UNI Horizon
Split-
Horizon Ethernet UNI
Cisco Public
Flat VPLS
Potential signaling overhead
Packet replication at the edge
Full PW mesh end-end
Hierarchical-VPLS
Minimizes signaling overhead
Packet replication at the core only
Full PW mesh in the core
Cisco Public 28
14
9/27/16
VPLS Operation
Loop Prevention
Split-Horizon Rules
VFI X
Forwarding between Spoke PWs
Forwarding between Spoke and
Core PWs
Forwarding between ACs and Core /
Spoke PWs Spoke PWs
Forwarding between ACs
Blocking between Core PWs
Cisco Public
VPLS Operation
MAC Address Withdrawal
Cisco Public 30
15
9/27/16
VPWS / VPLS
An abstraction
Cisco Public 32
16
9/27/16
VPWS
Discovery and Signaling Alternatives
Cisco Public 33
VPLS
Discovery and Signaling Alternatives
17
9/27/16
2
New targeted LDP session between
PE routers established, in case one
does not already exist
PE-1 PE-2
1 Interface A Interface B
18
9/27/16
Cisco Public 38
19
9/27/16
l2vpn CE1
PE1
xconnect group Cisco-Live 106.106.106.106 PW VC id PE2
p2p xc-sample-1
interface GigabitEthernet0/0/0/2.100 111 MPLS Core102.102.102.102
neighbor 102.102.102.102 pw-id 111 CE2
p2p xc-sample-3
interface GigabitEthernet0/0/0/6
Single-tagged neighbor 102.102.102.102 pw-id 333
VLAN traffic to PW Single-tagged
Entire port
range VLAN traffic OR traffic to PW
interface GigabitEthernet0/0/0/2.100 l2transport to PW
encapsulation dot1q 100
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/6
interface GigabitEthernet0/0/0/2.200 l2transport
l2transport
encapsulation dot1q 999-1010
rewrite ingress tag push dot1q 888 symmetric
Cisco Public 39
Cisco Public 40
20
9/27/16
Cisco Public 41
Bridge-Domain or Spoke
VLAN/switchport PWs
configurations
interface GigabitEthernet2/4
interface GigabitEthernet2/4
service instance 333 ethernet
switchport mode trunk
encapsulation dot1q 333
rewrite ingress tag pop 1 symmetric OR
Cisco Public 42
21
9/27/16
u-PE1
hostname PE1 192.0.0.5 PE2
CE2 192.0.0.2
!
interface Loopback0
5555
ipv4 address 192.0.0.1 255.255.255.255 PE1
PW VC id
! 192.0.0.1
interface GigabitEthernet0/0/0/14.101 l2transport CE1
1111
encapsulation dot1q 101 0/0/0/14 PE3
rewrite ingress tag pop 1 symmetric MPLS Core 192.0.0.3
u-PE2 VFI
192.0.0.6
CE3 2222
5555 PE4
3333 192.0.0.4
l2vpn
bridge group Cisco-Live
bridge-domain bd101
interface GigabitEthernet0/0/0/14.101
neighbor 192.0.0.5 pw-id 5555 Spoke
neighbor 192.0.0.6 pw-id 5555
!
PWs
vfi vfi101
vpn-id 1111
neighbor 192.0.0.2 pw-id 1111
neighbor 192.0.0.3 pw-id 2222 Core PWs
neighbor 192.0.0.4 pw-id 3333 Full-mesh
Cisco Public 43
22
9/27/16
Length = 14 Length = 14
Cisco Public 46
23
9/27/16
Cisco Public 47
interface GigabitEthernet2/4
service instance 333 ethernet
encapsulation dot1q 333
rewrite ingress tag pop 1 symmetric
Cisco Public 48
24
9/27/16
l2vpn
bridge group Cisco-Live
bridge-domain bd101 Full-mesh Core PWs
interface GigabitEthernet0/0/0/2.101 auto-discovered with BGP-AD
vfi vfi101
and signaled by LDP
BGP AS 100
vpn-id 11101 BGP Auto-Discovery
autodiscovery bgp
rd auto PW ID = VPLS-id (100:101)
route-target 100:101
signaling-protocol ldp
vpls-id 100:101
Cisco Public 49
Manually
provisioned
Spoke PWs
BGP AS 100
Manual BGP Auto-Discovery
Cisco Public 50
25
9/27/16
u-PE1
192.0.0.5 PE2
CE2 110.110.110.110
hostname PE1
! 5555
l2vpn PE1
PW VC id
bridge group Cisco-Live 106.106.106.106
bridge-domain bd101 CE1
100:101
interface GigabitEthernet0/0/0/2.101 0/0/0/2 PE3
! MPLS Core 192.0.0.3
u-PE2 VFI
neighbor 192.0.0.5 pw-id 5555
192.0.0.6
! CE3 100:101
neighbor 192.0.0.6 pw-id 5555 5555 PE4
! 100:101 192.0.0.4
vfi vfi101
vpn-id 11101
autodiscovery bgp Manually
rd auto provisioned
route-target 100:101
signaling-protocol ldp
Spoke PWs
vpls-id 100:101 Manual BGP AS 100
BGP Auto-Discovery
Cisco Public 51
26
9/27/16
(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
Cisco Public 53
ve-id 5 PE4
192.0.0.4 ve-id 7
l2vpn GigabitEthernet0/0/0/2.102
bridge group Cisco-Live
bridge-domain bd102
interface GigabitEthernet0/0/0/2.102 ve-id 8
vfi vfi102
vpn-id 11102
autodiscovery bgp BGP AS 100
rd auto
route-target 100:102 BGP Signaling and Auto-Discovery
signaling-protocol bgp
ve-id 5 VE-id must be
unique in a
VPLS instance
Cisco Public 54
27
9/27/16
bridge-domain 300
member vfi sample-vfi
member GigabitEthernet2/4 service instance 333 Bridge Domain-
!
interface GigabitEthernet2/4 based Configuration
service instance 333 ethernet
encapsulation dot1q 300
rewrite ingress tag pop 1 symmetric Cisco Public 55
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
28