9/27/16

Deploying MPLS L2VPN

Nurul Islam Roman (nurul@apnic.net)

Cisco Public 1

Abstract

This session covers the fundamental and advanced topics associated with the
deployment of Layer 2 VPNs over an MPLS network.
The material presents a technology overview with an emphasis on ethernet-
based point-to-point and multipoint VPNs. Session content then focuses on
deployment considerations including: Signaling/Auto-discovery, OAM,
Resiliency and Inter-AS.
The attendee can expect to see sample configurations (IOS and IOS-XR)
associated with the provisioning of L2VPNs.
This session is intended for service providers and enterprise customers
deploying L2VPNs over their MPLS network.

Cisco Public 2

1
 9/27/16

Agenda

Layer 2 VPN Motivation and Overview

VPWS Reference Model
VPLS Reference Model
Pseudowire (PW) Signaling and PE Auto-Discovery
Advanced Topics
Summary

Cisco Public 3

L2VPN Motivation and Overview

2
 9/27/16

Motivation for L2VPNs

Old and New Drivers
Network Consolidation
Multiple access services (FR, ATM, TDM)
required multiple core technologies
Access Access
Enterprise Ethernet WAN Connectivity L3 service
Services IP/IPSec IP or MPLS IP/IPSec
Ethernet well understood by Enterprise / SPs
CAPEX (lower cost per bit) / Growth (100GE)
L2 service
Layer 2 VPN replacement to ATM/Frame Relay FR/ATM FR/ATM
Broadband ATM Broadband
Internet / Layer 3 VPN access (CE to PE)
Data Center Interconnection (DCI)
Mobile Backhaul Evolution L1 service
SONET / SDH
TDM /PDH to Dual/Hybrid to All-packet TDM TDM
(IP/Ethernet)
Single (voice + data) IP/Ethernet mobile
backhaul universally accepted solution Typical Service Provider (circa 2000)
Cisco Public

Service Offerings
L2VPN Transport Services

TDM ATM Frame Relay Ethernet

Virtual Private LAN
Virtual Private Wire Service (VPWS)
Service (VPLS)

Circuit Emulation AAL5 over Pseudowire FR over Pseudowire Ethernet Virtual Ethernet Private
Service over PSN Private Line (EVPL) LAN (EPLAN)
(CESoPSN)

Muxed UNI Muxed UNI Muxed UNI Muxed UNI Unmuxed

Structure Agnostic TDM
over Packet (SAToP)
UNI
Cell Relay with Packing
over Pseudowire Ethernet Virtual
PPP/HDLC over Ethernet Private
Pseudowire Private LAN (EVPLAN)
Line (EPL)

Muxed UNI Muxed UNI

Muxed
Unmuxed UNI Unmuxed UNI UNI

PPP/HDLC
Cisco Public

3
 9/27/16

Layer 2 VPN Enabler

The Pseudowire

L2VPNs are built with Pseudowire Provider Edge

(PW) technology
PWs provide a common Packet
Switched
intermediate format to transport Provider Edge Network
multiple types of network services
over a Packet Switched Network
(PSN)
Pseudowire
PW technology provides Like-to-
Like transport and also ATM
FR

Interworking (IW)
TDM
PPP/HDLC
Ethernet

Cisco Public

Virtual Private Wire Service (VPWS)

Overview

4
 9/27/16

Pseudowire Reference Model

Any Transport Over MPLS (AToM) is Ciscos implementation of VPWS for IP/MPLS
networks
An Attachment Circuit (AC) is the physical or virtual circuit attaching a CE to a PE
Customer Edge (CE) equipment perceives a PW as an unshared link or circuit

Emulated Layer-2 Service

Pseudowire (PW)
Native Native
Service PSN Service
Tunnel
PW1

AC PW2 AC
CE PE PE CE
AC AC

CE CE
Ref: RFC 3985 Pseudo W ire Emulation Edge-to-Edge (PWE3) Architecture, March 2005
Cisco Public

Layer 2 Transport over MPLS

Control Targeted LDP session / BGP session / Static

Connection Used for VC-label negotiation, withdrawal, error notification

The emulated circuit has three (3) layers of encapsulation

Tunnel header (Tunnel Label)
Tunnelling To get PDU from ingress to egress PE
Component
MPLS LSP derived through static configuration (MPLS-TP) or dynamic (LDP or
RSVP-TE)

Demultiplexing Demultiplexer field (VC Label)

Component To identify individual circuits within a tunnel
Could be an MPLS label, L2TPv3 header, GRE key, etc.

Emulated VC encapsulation (Control Word)

Layer 2
Encapsulation Information on enclosed Layer 2 PDU
Implemented as a 32-bit control word
Cisco Public

5
 9/27/16

VPWS Traffic Encapsulation

0 2 2 3
0 0 3 1

Tunnel Label Tunnel Label (IGP-LDP o r RSVP-TE) EXP 0 TTL

VC Label VC Label (VC) EXP 1 TTL (Set to 2)

Control Word 0 0 0 0 Flags FRG Length Sequence N umber Control Word

Encap. Required
Layer 2 PDU ATM N:1
No
Cell Relay

Three-level encapsulation ATM A AL5 Yes

Ethernet No
Packets switched between PEs using Tunnel label Frame
Yes
Relay
VC label identifies PW HDLC No

VC label signaled between PEs PPP No

SAToP Yes
Optional Control Word (CW) carries Layer 2 control bits CESoPSN Yes
and enables sequencing
Cisco Public

VPWS Forwarding Plane Processing

PE1 PE2
CE-1 CE-2
P1 P2
MPLS

Pseudowire

Traffic direction
Tunnel label
swapping through Penultimate Hop
Popping (PHP) VC label
VC and Tunnel MPLS cloud disposition
label imposition
Push Swap Pop Pop
Push

Tunnel Label Label = 34 Label = 45

VC Label Label = 28 Label = 28 Label = 28

Payload Payload Payload Payload Payload

Cisco Public

6
 9/27/16

Virtual Private Wire Service (VPWS)

Ethernet over MPLS (EoMPLS)

How Are Ethernet Frames Transported?

Ethernet frames transported without Preamble, Start Frame Delimiter

(SFD) and FCS
Two (2) modes of operation supported:
Ethernet VLAN mode (VC type 0x0004) created for VLAN over MPLS application
Ethernet Port / Raw mode (VC type 0x0005) created for Ethernet port tunneling application

Original Ethernet Frame

802.1q Length
Preamble DA SA Ethernet Payload FCS
tag /Type
6B 6B 4B (optional) 2B
MPLS
E-Type
MPLS-encapsulated Ethernet Frame
LSP VC Ethernet
DA SA 0x8847 Control Word Ethernet Payload FCS
Label Label Header
4B 4B 4B (optional)

MPLS Stack AToM Header

Cisco Public

7

Ethernet PW VC Type Negotiation
Cisco IOS
Cisco devices by default will
generally attempt to bring up an
Ethernet PW using VC type 5
If rejected by remote PE, then VC
type 4 will be used
Alternatively, Cisco device can be
manually configured to use either
VC type 4 or 5
Ethernet PW VC Type Negotiation
Cisco IOS-XR
Cisco devices by default will
generally attempt to bring up an
Ethernet PW using VC type 5
If rejected by remote PE, then VC
type 4 will be used
Alternatively, Cisco device can be
manually configured to use either
VC type 4 or 5
9/27/16
7604-2(config-pw-class)#interworking ?
ethernet Ethernet interworking
ip IP interworking
vlan VLAN interworking
7604-2#show running-config
pseudowire-class test-pw-class-VC4
encapsulation mpls
interworking vlan
!
pseudowire-class test-pw-class-VC5
encapsulation mpls
interworking ethernet
Cisco Public
RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-
mpls)#transport-mode ?
ethernet Ethernet port mode
vlan Vlan tagged mode
RP/0/RSP0/CPU0:ASR9000-2(config-l2vpn-pwc-
mpls)#transport-mode vlan ?
passthrough passthrough incoming tags
RP/0/RSP0/CPU0:ASR9000-2#show running-config l2vpn
l2vpn
pw-class test-pw-class-VC4
encapsulation mpls
transport-mode vlan
pw-class test-pw-class-VC4-passthrough
encapsulation mpls
transport-mode vlan passthrough
pw-class test-pw-class-VC5
encapsulation mpls
transport-mode ethernet
Cisco Public
8
 9/27/16

Introducing Cisco EVC Framework

Functional Highlights
Ethernet Service Layer
Ethernet Flow Point (EFP)
Ethernet Virtual Circuit (EVC)
Flexible service delimiters Bridge Domain (BD)
Single-tagged, Double-tagged Local VLAN significance
Service
Abstraction
VLAN Lists, VLAN Ranges
Header fields (COS, Ethertype) VLAN Header operations -
Flexible EVC Advanced
VLAN Rewrites
Service Framework Frame
Mapping Manipulation POP
PUSH
SWAP
ANY service ANY port Multiplexed
Forwarding services
Layer 2 Point-to-Point
Layer 2 Multipoint
Layer 3
Cisco Public

Encapsulation Adjustment Considerations

EoMPLS PW VC Type and EVC VLAN Rewrites Dummy
VLAN tag
MPLS Imposition
VLAN tags can be added, removed
or translated prior to VC label PUSH 1
VLAN tag
imposition or after disposition 4
EVC VLAN
Any VLAN tag(s), if retained, will Rewrite VC 5 MPLS Label
(Ingress) Type Imposition
appear as payload to the VC
AC PW
VC label imposition and service
delimiting tag are independent from MPLS Disposition
EVC VLAN tag operations POP 1
VLAN tag
Dummy VLAN tag RFC 4448 (sec
4.4.1) 4 EVC VLAN
MPLS Label VC 5 Rewrite
Disposition Type
VC service-delimiting VLAN-ID is (Egress)

removed before passing packet to PW AC

Attachment Circuit processing
Cisco Public 18

9
 9/27/16

Encapsulation Adjustment Considerations

VC 5 and EVC Rewrites PE1 PE2
CE-1 104.104.104.104 102.102.102102 CE-2
MPLS

Pseudowire
VC Type 5

Single-tagged frame 10 10
Double-tagged frame 10 tag tag 10 tag

IOS-XR
No service-delimiting vlan
POP VLAN 10
expected (VC 5)
l2vpn No Push of Dummy tag (VC 5) IOS
pw-class class-VC5
PUSH VLAN 10
encapsulation mpls pseudowire-class class-VC5
transport-mode ethernet encapsulation mpls
interworking ethernet
xconnect group Cisco-Live
p2p xc-sample-1 interface GigabitEthernet2/2
interface GigabitEthernet0/0/0/2.100 service instance 3 ethernet
neighbor 102.102.102.102 pw-id 111 encapsulation dot1q 10
pw-class class-VC5 rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 111 encap mpls pw-class class-VC5
interface GigabitEthernet0/0/0/2.100 l2transport
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
MPLS label
Cisco Public

Encapsulation Adjustment Considerations

VC 4 and EVC Rewrites PE1 PE2
CE-1 104.104.104.104 102.102.102102 CE-2
MPLS

Pseudowire
VC Type 4

Single-tagged frame 10 Dummy 10

Double-tagged frame 10 tag Dummy tag 10 tag

IOS-XR
POP service-delimiting
POP VLAN 10
vlan (VC 4)
l2vpn Push Dummy tag (VC 4) IOS
pw-class class-VC4
PUSH VLAN 10
encapsulation mpls pseudowire-class class-VC4
transport-mode vlan encapsulation mpls
interworking vlan
xconnect group Cisco-Live
p2p xc-sample-1 interface GigabitEthernet2/2
interface GigabitEthernet0/0/0/2.100 service instance 3 ethernet
neighbor 102.102.102.102 pw-id 111 encapsulation dot1q 10
pw-class class-VC4 rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 111 encap mpls pw-class class-VC4
interface GigabitEthernet0/0/0/2.100 l2transport
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
MPLS label
Cisco Public

10
 9/27/16

MTU Considerations
PW payload
No payload fragmentation supported MTU signaled
between PEs
Incoming PDU dropped
if MTU exceeds AC MTU PE1 PE2

PEs exchange PW payload MTU as AC MTU MPLS

part of PW signaling procedures Pseudowire

Both ends must agree to use same

value for PW to come UP
PW MTU derived from AC MTU PE MTU
Intra
CE-1 backbone CE-2
No mechanism to check Backbone MTU
MTU
MTU in the backbone must be large
enough to carry PW payload and
MPLS stack
Cisco Public 21

Ethernet MTU Considerations

Cisco IOS
interface GigabitEthernet0/0/4
Interface MTU configured as largest description Main interface
ethernet payload size mtu 1600

ASR1004-1#show int gigabitEthernet 0/0/4.1000 | include MTU

1500B default MTU 1600 bytes, BW 100000 Kbit/sec, DLY 100 usec,

Sub-interfaces / Service Instances

(EFPs) MTU always inherited from Sub-interface MTU
main interface inherited from Main
interface
PW MTU used during PW signaling
By default, inherited from attachment circuit
interface GigabitEthernet0/0/4.1000
MTU encapsulation dot1Q 1000
xconnect 106.106.106.106 111 encapsulation mpls
Submode configuration CLI allows MTU values mtu 1500
to be set per subinterface/EFP in xconnect
configuration mode (only for signaling
purposes) PW MTU used during
No MTU adjustments made for EFP rewrite signaling can be
overwritten
(POP/PUSH) operations
Cisco Public

11
 9/27/16

Ethernet MTU Considerations

Cisco IOS XR
interface GigabitEthernet0/0/0/2
Interface / sub-interface MTU description Main interface
configured as largest frame size FCS mtu 9000

(4B) interface GigabitEthernet0/0/0/2.100 l2transport

encapsulation dot1q 100
rewrite ingress tag pop 1 symmetric
1514B default for main interfaces mtu 1518

1518B default for single-tagged

subinterfaces
By default, sub-interface Sub-interface MTU can
1522B default for double-tagged MTU inherited from Main be overwritten to match
subinterfaces interface remote AC

PW MTU used during PW signaling

RP/0/RSP0/CPU0:PE1#show l2vpn xconnect neighbor 102.102.102.102 pw-
AC MTU 14B + Rewrite offset id 11
Group Cisco-Live, XC xc-sample-1, state is down; Interworking none
E.g. POP 1 ( - 4B), PUSH 1 (+ 4B) AC: GigabitEthernet0/0/0/2.100, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [100, 100]
MTU 1500; XC ID 0x840014; interworking none
XC MTU = 1518 14 4 Statistics:
= 1500B (snip)

Cisco Public

Virtual Private LAN Service (VPLS)

Overview

12
 9/27/16

Virtual Private LAN Service

Overview

Defines Architecture to provide

Ethernet Multipoint connectivity CE-A1 CE-A3
MPLS
sites, as if they were connected
CE-B3
using a LAN CE-B1

VPLS operation emulates an IEEE

Ethernet switch
Two (2) signaling methods
CE-A2

RFC 4762 (LDP-Based VPLS)

CE-B2
RFC 4761 (BGP-Based VPLS)

Cisco Public

Virtual Private LAN Service

Reference Model

VFI (Virtual Forwarding Instance)

Also called VSI (Virtual Switching Instance) CE-A3
CE-A1
PE1 MPLS PE3
Emulates L2 broadcast domain among ACs and VCs
Unique per service. Multiple VFIs can exist same PE VFI VFI CE-B3
CE-B1

AC (Attachment Circuit) VFI VFI

Connect to CE device, it could be Ethernet physical

or logical port PE2

One or multiple ACs can belong to same VFI Full-mesh of PWs

VFI
between VFIs
VC (Virtual Circuit) VFI
CE-A2

EoMPLS data encapsulation, tunnel label used to

CE-B2
reach remote PE, VC label used to identify VFI
One or multiple VCs can belong to same VFI
PEs must have a full-mesh of PWs in the VPLS core

Cisco Public

13
 9/27/16

Virtual Private LAN Service

Operation
Applies
Flooding / Forwarding Customer
Split-
Horizon

Forwarding based on destination MAC Equipment N-PE 1 N-PE 3

addresses CE

CE
Flooding (Broadcast, Multicast, Unknown
PW
Unicast) CE
U-PE B
N-PE 2 Applies N-PE 4Applies
Split-
MAC Learning/Aging/Withdrawal Ethernet UNI Horizon
Split-
Horizon Ethernet UNI

Dynamic learning based on Source MAC

and VLAN Customer
Equipment N-PE 1 N-PE 3
Refresh aging timers with incoming packet
CE
MAC withdrawal upon topology changes CE

Split-Horizon and Full-Mesh of PWs for CE

U-PE B
PW

loop-avoidance in core Ethernet UNI

N-PE 2 N-PE 4
Ethernet UNI

SP does not run STP in the core

Cisco Public

Why H-VPLS? Improved Scaling

Flat VPLS
Potential signaling overhead
Packet replication at the edge
Full PW mesh end-end
Hierarchical-VPLS
Minimizes signaling overhead
Packet replication at the core only
Full PW mesh in the core

Cisco Public 28

14
 9/27/16

VPLS Operation
Loop Prevention

Core PW Split Horizon ON AC PE

Spoke PW Split Horizon OFF
(default) Core PWs

Split-Horizon Rules
VFI X
Forwarding between Spoke PWs
Forwarding between Spoke and
Core PWs
Forwarding between ACs and Core /
Spoke PWs Spoke PWs
Forwarding between ACs
Blocking between Core PWs

Cisco Public

VPLS Operation
MAC Address Withdrawal

Remove (flush) dynamic MAC

addresses upon Topology Changes
PE1 PE3
Faster convergence avoids blackholing CE-A
MPLS
CE-B

Uses LDP Address Withdraw Message

VFI VFI
(RFC 4762)
H-VPLS dual-home example Primary PW X PE2
U-PE detects failure of Primary PW uPE1
MPLS

U-PE activates Backup PW

VFI
U-PE sends LDP MAC address withdrawal
request to new N-PE CE-C
LDP MAC Backup PW
N-PE forwards the message to all PWs in Withdraw
Message
the VPLS core and flush its MAC address
table

Cisco Public 30

15
 9/27/16

Pseudowire (PW) Signaling and PE Auto-

Discovery

VPWS / VPLS
An abstraction

Provisioning Model Provisioning

What information needs to be configured Model
and in what entities
Semantic structure of the endpoint
identifiers (e.g. VC ID, VPN ID)
Discovery Discovery
Provisioning information is distributed by a
"discovery process
Distribution of endpoint identifiers
Signaling
Signaling
When the discovery process is complete, a
signaling protocol is automatically invoked
to set up pseudowires (PWs)

Cisco Public 32

16
 9/27/16

VPWS
Discovery and Signaling Alternatives

VPWS Signaling VPN Discovery

LDP-based (RFC 4447)
Manual Border Gateway
BGP-based (informational draft) No Auto-Discovery Protocol (BGP)
draft-kompella-l2vpn-l2vpn
Most widely
VPWS with LDP-signaling and No deployed
auto-discovery Signaling
Most widely deployed solution
Label
Auto-discovery for point-to-point Static
Distribution BGP
No Signaling
services not as relevant as for Protocol (LDP)
multipoint

Cisco Public 33

VPLS
Discovery and Signaling Alternatives

VPLS Signaling VPN Discovery

LDP-based (RFC 4762)
Manual Border Gateway
BGP-based (RFC 4761) No Auto-Discovery Protocol (BGP)

VPLS with LDP-signaling and No

Most widely
auto-discovery deployed RFC
RFC 4761
Most widely deployed solution Signaling 6074

Operational complexity for larger

deployments Label
Static
Distribution BGP
No Signaling
BGP-based Auto-Discovery (BGP- Protocol (LDP)
AD) (RFC 6074)
Enables discovery of PE devices in a
VPLS instance
Cisco Public 34

17
 9/27/16

Pseudowire (PW) Signaling and PE Auto-

Discovery
LDP-based Signaling and Manual Provisioning

PW Control Plane Operation

LDP Signaling PEs advertize local VC label using
LDP label-mapping message:
4 Label TLV + PW FEC TLV

2
New targeted LDP session between
PE routers established, in case one
does not already exist
PE-1 PE-2

CE-1 MPLS CE-2

1 Interface A Interface B

PW manually Local_int = A Local_int = B

provisioned Remote Remote PE = PE2_ip Remote PE = PE1_ip PW manually
provisioned Remote
PE info included VC-id <123> PEs assigns VC-id <123>
PE info included
1
local VC label to
PW

5 PEs bind remote

label for PW with Local Label X 3 Local Label Y 3
matching VC-id Remote Label Y 5 Remote Label X
Cisco Public

18
 9/27/16

VPWS (EoMPLS) LDP Signaling

Cisco IOS (VLAN-based services)
hostname PE1
!
interface Loopback0 Sub-interface
ip address 106.106.106.106 255.255.255.255 based xconnect GigabitEthernet2/5
interface GigabitEthernet2/4.300
CE1
encapsulation dot1q 300 OR PE1
xconnect 102.102.102.102 111 encapsulation mpls 106.106.106.106
PE2
interface GigabitEthernet2/4 MPLS Core102.102.102.102
service instance 10 ethernet
Service-Instance CE2
encapsulation dot1q 300 (EFP) based xconnect
rewrite ingress tag pop 1 symmetric 111
PW VC id
xconnect 102.102.102.102 111 encapsulation mpls
OR GigabitEthernet2/4
interface Vlan 300
xconnect 102.102.102.102 111 encapsulation mpls
! Interface VLAN (SVI)
interface GigabitEthernet2/4 based xconnect +
switchport mode trunk
switchport trunk allowed vlan 300
Switchport trunk / access
interface Vlan 300
OR
xconnect 102.102.102.102 111 encapsulation mpls
!
interface GigabitEthernet2/4 Interface VLAN (SVI)
service instance 10 ethernet based xconnect +
encapsulation dot1q 300 Service instance BD
rewrite ingress tag pop 1 symmetric
bridge-domain 300
Cisco Public 37

VPWS (EoMPLS) LDP Signaling

Cisco IOS (Port-based services)
hostname PE1
! Main interface
interface Loopback0
ip address 106.106.106.106 255.255.255.255
based xconnect
GigabitEthernet2/5

interface GigabitEthernet2/5 CE1

xconnect 102.102.102.102 222 encapsulation mpls OR PE1
106.106.106.106
PE2
Service-Instance MPLS Core102.102.102.102
interface GigabitEthernet2/5 CE2
service instance 1 ethernet
(EFP) based xconnect
encapsulation default (encap default)
222
xconnect 102.102.102.102 111 encapsulation mpls PW VC id

interface Vlan 300 OR GigabitEthernet2/4

xconnect 102.102.102.102 111 encapsulation mpls

!
Interface VLAN (SVI)
interface GigabitEthernet2/5
switchport mode dot1q-tunnel based xconnect +
switchport access vlan 300 Switchport dot1q-tunnel
interface Vlan 300
OR
xconnect 102.102.102.102 111 encapsulation mpls
!
interface GigabitEthernet2/5 Interface VLAN (SVI)
service instance 1 ethernet based xconnect +
encapsulation default Service instance BD
bridge-domain 300

Cisco Public 38

19
 9/27/16

VPWS (EoMPLS) LDP Signaling

Cisco IOS XR
hostname PE1
!
interface Loopback0
ipv4 address 106.106.106.106 255.255.255.255 GigabitEthernet0/0/0/6

l2vpn CE1
PE1
xconnect group Cisco-Live 106.106.106.106 PW VC id PE2
p2p xc-sample-1
interface GigabitEthernet0/0/0/2.100 111 MPLS Core102.102.102.102
neighbor 102.102.102.102 pw-id 111 CE2

p2p xc-sample-2 222

interface GigabitEthernet0/0/0/2.200 333
neighbor 102.102.102.102 pw-id 222 GigabitEthernet0/0/0/2

p2p xc-sample-3
interface GigabitEthernet0/0/0/6
Single-tagged neighbor 102.102.102.102 pw-id 333
VLAN traffic to PW Single-tagged
Entire port
range VLAN traffic OR traffic to PW
interface GigabitEthernet0/0/0/2.100 l2transport to PW
encapsulation dot1q 100
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/6
interface GigabitEthernet0/0/0/2.200 l2transport
l2transport
encapsulation dot1q 999-1010
rewrite ingress tag push dot1q 888 symmetric

Cisco Public 39

VPLS LDP Signaling / Manual provisioning

Cisco IOS
hostname PE1
! PE2
interface Loopback0 VPN ID defined per VFI or 192.0.0.2
ip address 192.0.0.1 255.255.255.255 on a per-neighbor basis
!
PE1
l2 vfi sample-vfi manual PW VC id
192.0.0.1
vpn id 1111
1111
neighbor 192.0.0.2 1111 encapsulation mpls Core PWs CE1
PE3
neighbor 192.0.0.3 2222 encapsulation mpls
Full-mesh VFI
MPLS Core 192.0.0.3
neighbor 192.0.0.4 3333 encapsulation mpls
!
interface Vlan300 2222
xconnect vfi sample-vfi PE4
3333 192.0.0.4
GigabitEthernet2/4

VFI associated to Bridge-Domain or

VLAN interface (SVI) VLAN/switchport
via xconnect cmd configurations

interface GigabitEthernet2/4 interface GigabitEthernet2/4

service instance 333 ethernet switchport mode trunk
encapsulation dot1q 333 OR
rewrite ingress tag pop 1 symmetric

Cisco Public 40

20
 9/27/16

VPLS LDP Signaling / Manual provisioning

Cisco IOS XR

hostname PE1 PE2

! 192.0.0.2
interface Loopback0
ipv4 address 192.0.0.1 255.255.255.255 PE1
PW VC id
! 192.0.0.1
interface GigabitEthernet0/0/0/14.101 l2transport 1111
CE1
encapsulation dot1q 101 PE3
rewrite ingress tag pop 1 symmetric MPLS Core 192.0.0.3
VFI
2222
PE4
3333 192.0.0.4
l2vpn GigabitEthernet0/0/0/14.101
bridge group Cisco-Live
bridge-domain bd101
interface GigabitEthernet0/0/0/14.101 Protocol-based CLI:
vfi vfi101
EFPs, PWs and VFI
vpn-id 1111
neighbor 192.0.0.2 pw-id 1111 as members of
neighbor 192.0.0.3 pw-id 2222 Bridge Domain
neighbor 192.0.0.4 pw-id 3333

VPN ID defined per VFI or

on a per-neighbor basis

Cisco Public 41

H-VPLS LDP Signaling / Manual provisioning

Cisco IOS
hostname PE1 u-PE1
! 192.0.0.5 PE2
interface Loopback0 CE2 192.0.0.2
ip address 192.0.0.1 255.255.255.255
! 5555
PE1
l2 vfi sample-vfi manual PW VC id
192.0.0.1
vpn id 1111 CE1
1111
neighbor 192.0.0.2 encapsulation mpls
neighbor 192.0.0.3 2222 encapsulation mpls 2/4 PE3
MPLS Core 192.0.0.3
neighbor 192.0.0.4 3333 encapsulation mpls u-PE2 VFI
neighbor 192.0.0.5 5555 encapsulation mpls no-split-horizon 192.0.0.6
CE3 2222
neighbor 192.0.0.6 5555 encapsulation mpls no-split-horizon
5555 PE4
!
3333 192.0.0.4
interface Vlan300
xconnect vfi sample-vfi

Bridge-Domain or Spoke
VLAN/switchport PWs
configurations

interface GigabitEthernet2/4
interface GigabitEthernet2/4
service instance 333 ethernet
switchport mode trunk
encapsulation dot1q 333
rewrite ingress tag pop 1 symmetric OR

Cisco Public 42

21
 9/27/16

H-VPLS LDP Signaling / Manual provisioning

Cisco IOS XR

u-PE1
hostname PE1 192.0.0.5 PE2
CE2 192.0.0.2
!
interface Loopback0
5555
ipv4 address 192.0.0.1 255.255.255.255 PE1
PW VC id
! 192.0.0.1
interface GigabitEthernet0/0/0/14.101 l2transport CE1
1111
encapsulation dot1q 101 0/0/0/14 PE3
rewrite ingress tag pop 1 symmetric MPLS Core 192.0.0.3
u-PE2 VFI
192.0.0.6
CE3 2222
5555 PE4
3333 192.0.0.4
l2vpn
bridge group Cisco-Live
bridge-domain bd101
interface GigabitEthernet0/0/0/14.101
neighbor 192.0.0.5 pw-id 5555 Spoke
neighbor 192.0.0.6 pw-id 5555
!
PWs
vfi vfi101
vpn-id 1111
neighbor 192.0.0.2 pw-id 1111
neighbor 192.0.0.3 pw-id 2222 Core PWs
neighbor 192.0.0.4 pw-id 3333 Full-mesh

Cisco Public 43

Pseudowire (PW) Signaling and PE Auto-

Discovery
BGP-based AutoDiscovery (BGP-AD) and LDP
Signaling

22
 9/27/16

BGP Auto-Discovery (BGP-AD)

Eliminates need to manually provision
BGP Update
VPLS neighbors BGP session message with
VPLS NLRI
Automatically detects when new PEs are PE1 BGP RR PE3
added / removed from the VPLS domain CE-A1 CE-A3

Uses BGP Update messages to advertize VFI VFI

PE/VFI mapping (VPLS NLRI) MPLS

Typically used in conjunction with BGP PE2

I am a new PE with ACs
Route Reflectors to minimize iBGP full- Pseudowire on BLACK VFI
mesh peering requirements VFI

Two (2) RFCs define use of BGP for CE-A2

VPLS AD1 Covered in
this section
RFC 6074 when LDP used for PW signaling
RFC 4761 when BGP used for PW
signaling
(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
Cisco Public 45

What is Discovered? NLRI + Extended

Communities
BGP Update Messages
BGP ASN = 100 BGP ASN = 100
BGP Rtr ID = 1.1.1.10 PE-1 PE-2 BGP Rtr ID = 2.2.2.20
BGP neighbor = 2.2.2.20
CE-1 MPLS BGP neighbor = 1.1.1.10
CE-2

L2VPN Rtr ID = 10.10.10.10 L2VPN Rtr ID = 20.20.20.20

VPN ID = 111 VPN ID = 111
RT = auto (100:111) RT = auto (100:111)
RD = auto (100:111) RD = auto (100:111)
VPLS-ID = auto (100:111) VPLS-ID = auto (100:111)

Source Address = 1.1.1.10 Source Address = 2.2.2.20

Destination Address = 2.2.2.20 Destination Address = 1.1.1.10

Length = 14 Length = 14

NLRI Route Distinguisher = 100:111 Route Distinguisher = 100:111

L2VPN Router ID = 10.10.10.10 L2VPN Router ID = 20.20.20.20

VPLS-ID = 100:111 VPLS-ID = 100:111

Extended
Communities Route Target = 100:111 Route Target = 100:111

Cisco Public 46

23
 9/27/16

BGP Auto-Discovery attributes

VPLS LDP Signaling and BGP-AD VPLS VFI attributes

Signaling attributes
Cisco IOS
PE2
104.104.104.104
hostname PE1
!
interface Loopback0 PE1
PW VC id
102.102.102.102
ip address 102.102.102.102 255.255.255.255
! CE1 100:300
router bgp 100 PE3
MPLS Core 192.0.0.3
bgp router-id 102.102.102.102 VFI
neighbor 104.104.104.104 remote-as 100
neighbor 104.104.104.104 update-source Loopback0 100:300
! PE4
100:300 192.0.0.4
address-family l2vpn vpls BGP L2VPN AF GigabitEthernet2/4
neighbor 104.104.104.104 activate
neighbor 104.104.104.104 send-community extended
exit-address-family

l2 vfi sample-vfi autodiscovery

vpn id 300 BGP AS 100
vpls-id 100:300
Bridge Domain- OR VLAN/switchport- BGP Auto-Discovery
!
interface Vlan300 based Configuration based Configuration
xconnect vfi sample-vfi

interface GigabitEthernet2/4 interface GigabitEthernet2/4

service instance 333 ethernet switchport mode trunk
encapsulation dot1q 333 switchport trunk allowed vlan 300
rewrite ingress tag pop 1 symmetric
bridge-domain 300

Cisco Public 47

BGP Auto-Discovery attributes

VPLS LDP Signaling and BGP-AD VPLS VFI attributes

Signaling attributes
Cisco IOS (NEW Protocol-based CLI)
PE2
104.104.104.104
hostname PE1
!
interface Loopback0 PE1
PW VC id
102.102.102.102
ip address 102.102.102.102 255.255.255.255
! CE1 100:300
router bgp 100 PE3
MPLS Core 192.0.0.3
bgp router-id 102.102.102.102
VFI
neighbor 104.104.104.104 remote-as 100
neighbor 104.104.104.104 update-source Loopback0 100:300
! PE4
address-family l2vpn vpls 100:300 192.0.0.4
GigabitEthernet2/4
neighbor 104.104.104.104 activate
neighbor 104.104.104.104 send-community extended
exit-address-family
l2vpn vfi context sample-vfi
vpn id 300 BGP AS 100
autodiscovery bgp signaling ldp
vpls-id 100:300 Bridge Domain- BGP Auto-Discovery
! based Configuration
bridge-domain 300
member vfi sample-vfi
member GigabitEthernet2/4 service instance 333

interface GigabitEthernet2/4
service instance 333 ethernet
encapsulation dot1q 333
rewrite ingress tag pop 1 symmetric
Cisco Public 48

24
 9/27/16

BGP Auto-Discovery attributes

VPLS LDP Signaling and BGP-AD VPLS VFI attributes

Signaling attributes
Cisco IOS XR
hostname PE1
!
interface Loopback0 PE2
ipv4 address 106.106.106.106 255.255.255.255 110.110.110.110
!
interface GigabitEthernet0/0/0/2.101 l2transport
PE1
encapsulation dot1q 101 PW VC id
106.106.106.106
rewrite ingress tag pop 1 symmetric
CE1 100:101
router bgp 100 PE3
MPLS Core 192.0.0.3
bgp router-id 106.106.106.106 VFI
address-family l2vpn vpls-vpws BGP L2VPN AF
neighbor 110.110.110.110 100:101
remote-as 100 PE4
100:101 192.0.0.4
update-source Loopback0 GigabitEthernet0/0/0/2.101
address-family l2vpn vpls-vpws

l2vpn
bridge group Cisco-Live
bridge-domain bd101 Full-mesh Core PWs
interface GigabitEthernet0/0/0/2.101 auto-discovered with BGP-AD
vfi vfi101
and signaled by LDP
BGP AS 100
vpn-id 11101 BGP Auto-Discovery
autodiscovery bgp
rd auto PW ID = VPLS-id (100:101)
route-target 100:101
signaling-protocol ldp
vpls-id 100:101
Cisco Public 49

H-VPLS LDP Signaling and BGP-AD / Manual provisioning

Cisco IOS
u-PE1
192.0.0.5 PE2
CE2 104.104.104.104
hostname PE1
!
5555
interface Loopback0 PE1
PW VC id
ip address 102.102.102.102 255.255.255.255 102.102.102.102
! CE1 100:300
l2 vfi sample-vfi autodiscovery PE3
2/4 MPLS Core
vpn id 300 192.0.0.3
u-PE2 VFI
vpls-id 100:300
neighbor 192.0.0.5 5555 encapsulation mpls no-split-horizon 192.0.0.6
CE3 100:300
neighbor 192.0.0.6 5555 encapsulation mpls no-split-horizon PE4
5555
100:300 192.0.0.4

Manually
provisioned
Spoke PWs
BGP AS 100
Manual BGP Auto-Discovery

Cisco Public 50

25
 9/27/16

H-VPLS LDP Signaling and BGP-AD / Manual provisioning

Cisco IOS XR

u-PE1
192.0.0.5 PE2
CE2 110.110.110.110
hostname PE1
! 5555
l2vpn PE1
PW VC id
bridge group Cisco-Live 106.106.106.106
bridge-domain bd101 CE1
100:101
interface GigabitEthernet0/0/0/2.101 0/0/0/2 PE3
! MPLS Core 192.0.0.3
u-PE2 VFI
neighbor 192.0.0.5 pw-id 5555
192.0.0.6
! CE3 100:101
neighbor 192.0.0.6 pw-id 5555 5555 PE4
! 100:101 192.0.0.4
vfi vfi101
vpn-id 11101
autodiscovery bgp Manually
rd auto provisioned
route-target 100:101
signaling-protocol ldp
Spoke PWs
vpls-id 100:101 Manual BGP AS 100
BGP Auto-Discovery

Cisco Public 51

Pseudowire (PW) Signaling and PE Auto-

Discovery
BGP-based AutoDiscovery (BGP-AD) and BGP
Signaling

26
 9/27/16

BGP Signaling and Auto-Discovery

Overview
BGP Update
RFC 47611 defines use of BGP for BGP session message with
VPLS NLRI
VPLS PE Auto-Discovery and Signaling PE1 PE X
VE_ID 1 BGP RR VE_ID X
All PEs within a given VPLS are CE-A1 CE-A3
assigned a unique VPLS Edge device VFI VFI
ID (VE ID) MPLS

A PE X wishing to send a VPLS update PE2 I am PE X with ACs on

sends the same label block information VE_ID 2 BLACK VFI
Pseudowire Here is my label block
to all other PEs using BGP VPLS NLRI for this VFI
VFI
Each receiving PE infers the label
intended for PE X by adding its CE-A2

(unique) VE ID to the label base

Each receiving PE gets a unique label for
PE X for that VPLS

(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
Cisco Public 53

BGP Auto-Discovery attributes

VPLS BGP Signaling and BGP-AD VPLS VFI attributes

Signaling attributes
Cisco IOS XR
hostname PE1
!
interface Loopback0 PE2
ipv4 address 106.106.106.106 255.255.255.255 110.110.110.110
!
router bgp 100
PE1
bgp router-id 106.106.106.106
106.106.106.106
address-family l2vpn vpls-vpws ve-id 6
neighbor 110.110.110.110 CE1
PE3
remote-as 100 MPLS Core
VFI 192.0.0.3
update-source Loopback0
address-family l2vpn vpls-vpws

ve-id 5 PE4
192.0.0.4 ve-id 7
l2vpn GigabitEthernet0/0/0/2.102
bridge group Cisco-Live
bridge-domain bd102
interface GigabitEthernet0/0/0/2.102 ve-id 8
vfi vfi102
vpn-id 11102
autodiscovery bgp BGP AS 100
rd auto
route-target 100:102 BGP Signaling and Auto-Discovery
signaling-protocol bgp
ve-id 5 VE-id must be
unique in a
VPLS instance
Cisco Public 54

27
 9/27/16

VPLS BGP Signaling and BGP-AD

PE2
Cisco IOS (NEW Protocol-based CLI) 104.104.104.104
hostname PE1
! PE1
interface Loopback0 102.102.102.102
ve-id 6
ip address 102.102.102.102 255.255.255.255 CE1
! PE3
MPLS Core 192.0.0.3
router bgp 100
bgp router-id 102.102.102.102
VFI
neighbor 104.104.104.104 remote-as 100
neighbor 104.104.104.104 update-source Loopback0 GigabitEthernet2/4 ve-id 5 PE4
! 192.0.0.4 ve-id 7
address-family l2vpn vpls
neighbor 104.104.104.104 activate
neighbor 104.104.104.104 send-community extended
neighbor 104.104.104.104 suppress-signaling-protocol ldp ve-id 8
exit-address-family
l2vpn vfi context sample-vfi
vpn id 3300 VE-id must be
BGP AS 100
autodiscovery bgp signaling bgp unique in a BGP Signaling and Auto-Discovery
ve id 5
ve range 10
VPLS instance

bridge-domain 300
member vfi sample-vfi
member GigabitEthernet2/4 service instance 333 Bridge Domain-
!
interface GigabitEthernet2/4 based Configuration
service instance 333 ethernet
encapsulation dot1q 300
rewrite ingress tag pop 1 symmetric Cisco Public 55

2013 Cisco and/or its affiliates. All rights reserved. Cisco Public

28