An Introduction To VPLS: Jeff Apcar, Distinguished Services Engineer APAC Technical Practices, Advanced Services

An Introduction to
VPLS
Jeff Apcar, Distinguished Services Engineer

APAC Technical Practices, Advanced Services
Presentation_ID
2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Agenda
VPLS Introduction
Pseudo Wire Refresher
VPLS Architecture
VPLS Configuration Example
VPLS Deployment
Summary
Presentation_ID
Cisco Confidential
Do you want to date VPLS?

VPLS is like having Paris
Hilton as your girlfriend.
The concept is fantastic, but
in reality the experience might
not be what you expected.
But were still willing to give
it a go as long as we can
understand/handle her
behaviour
Me, Just Then
Presentation_ID
Cisco Confidential
VPLS Introduction
Presentation_ID
Cisco Confidential
Virtual Private LAN Service (VPLS)

VPLS defines an architecture allows MPLS networks offer
Layer 2 multipoint Ethernet Services
SP emulates an IEEE Ethernet bridge network (virtual)
Virtual Bridges linked with MPLS Pseudo Wires
Data Plane used is same as EoMPLS (point-to-point)
VPLS is an Architecture
CE
PE
PE
CE
CE
Presentation_ID
Cisco Confidential
Virtual Private LAN Service

End-to-end architecture that allows MPLS networks to
provide Multipoint Ethernet services
It is Virtual because multiple instances of this service
share the same physical infrastructure
It is Private because each instance of the service is
independent and isolated from one another
It is LAN Service because it emulates Layer 2
multipoint connectivity between subscribers
Presentation_ID
Cisco Confidential
Why Provide A Layer 2 Service?

Customer have full operational control over their routing
neighbours
Privacy of addressing space - they do not have to be
shared with the carrier network
Customer has a choice of using any routing protocol
including non IP based (IPX, AppleTalk)
Customers could use an Ethernet switch instead of a
router as the CPE
A single connection could reach all other edge points
emulating an Ethernet LAN (VPLS)
Presentation_ID
Cisco Confidential
VPLS is defined in IETF

Application
VPWS, VPLS, IPLS
ISOC
General
IAB
Internet
L2VPN
L3VPN
PWE3
IETF
Ops and Mgmt
Routing
Security
As of 2-Nov-2006
Presentation_ID
Formerly PPVPN
workgroup
MPLS
BGP/MPLS VPNs (RFC 4364

was 2547bis)
IP VPNs using Virtual
Routers (RFC 2764)
CE based VPNs using IPsec
Pseudo Wire Emulation

edge-to-edge
Forms the backbone
transport for VPLS
Transport
Cisco Confidential
Classification of VPNs
VPN
Network
Based
Layer 2
Layer 3
VPLS
IPLS
MPLS
VPN
Virtual
Router
Layer 3
IPSec
GRE
Ethernet (P2MP)
Ethernet (MP2MP)
VPWS
Frame Relay
PPP/HDLC
ATM/Cell Relay
Ethernet (P2P)
Presentation_ID
P2P
Frame Relay
ATM
Ethernet
CPE
Based
Cisco Confidential
L2VPN Models
L2VPN
MPLS
IP
Like-to-Like
Like-to-Like
Any-to-Any
Any-to-Any
Like-to-Like
Like-to-Like
VPWS
Point-to-Point
PPP
HDLC
FR
L2TPv3
Point-to-Point
PPP
HDLC
ATM
AAL5/Cell
Ethernet
Presentation_ID
VPLS/IPLS
Multipoint
Ethernet
Cisco Confidential
Ethernet
ATM
AAL5/Cell
FR
10
IP LAN-Like Service (IPLS)

An IPLS is very similar to a VPLS except
The CE devices must be hosts or routers not switches
The service will only carry IPv4 or IPv6 packets
IP Control packets are also supported ARP, ICMP
Layer 2 packets that do not contain IP are not supported
IPLS is a functional subset of the VPLS service

MAC address learning and aging not required
Simpler mechanism to match MAC to CE can be used
Bridging operations removed from the PE
Simplifies hardware capabilities and operation
Defined in draft-ietf-l2vpn-ipls
Presentation_ID
Cisco Confidential
11
VPLS Components
Pseudo Wires within LSP
Attachment circuits
Port or VLAN mode
CE router
Virtual Switch Interface (VSI)

terminates PW and provides
Ethernet bridge function
Mesh of LSP between N-PEs
N-PE
N-PE
CE router
CE router
CE router
CE switch
CE switch
MPLS
Core
Targeted LDP between PEs to

exchange VC labels for Pseudo
Wires
CE router
CE switch
Attachment CE
can be a switch or
router
N-PE
Presentation_ID
Cisco Confidential
12
Virtual Switch Interface

Flooding / Forwarding
MAC table instances per customer (port/vlan) for each PE
VFI will participate in learning and forwarding process
Associate ports to MAC, flood unknowns to all other ports
Address Learning / Aging

LDP enhanced with additional MAC List TLV (label withdrawal)
MAC timers refreshed with incoming frames
Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS)
Unidirectional LSP carries VCs between pair of N-PE Per
A VPLS use split horizon concepts to prevent loops
Presentation_ID
Cisco Confidential
13
Pseudo Wire
Refresher
Presentation_ID
Cisco Confidential
14
Pseudo Wires in VPLS

IETF working group PWE3
Pseudo Wire Emulation Edge to Edge;
Requirements detailed in RFC3916
Architecture details in RFC3985
Develop standards for the encapsulation & service

emulation of Pseudo Wires
Across a packet switched backbone
A VPLS is based on a full mesh of Pseudo Wires
Presentation_ID
Cisco Confidential
15
Pseudo Wire Reference Model (RFC 3916)

Emulated Service
Pseudo Wire
Customer
Site
PSN Tunnel (LSP in MPLS)
CE
CE
Customer
Site
IP/MPLS
PW1
Attachment Circuit
PW2
Customer
Site
CE
PE1
PE2
Pseudo Wire
PDUs
CE
Customer
Site
Packet
Switched
Network (PSN)
IP or MPLS
A Pseudo Wire (PW) is a connection between two provider edge devices

connecting two attachment circuits (ACs)
In an MPLS core a Pseudo Wire uses two MPLS labels
Tunnel Label (LSP) identifying remote PE router
VC Label identifying Pseudo Wire circuit within tunnel
Presentation_ID
Cisco Confidential
16
Pseudo Wire Standards (Care for a Martini?)

RFC 4446 Numeric values for PW types
RFC 4447 Distribution mechanism for VC labels
Previously called draft-martini-l2circuit-trans-mpls
RFC 4448 Encapsulation for Ethernet using MPLS

Previously called draft-martini-l2circuit-encap-mpls
Other drafts are addressing different encapsulations

draft-ietf-pwe3-frame-relay/draft-ietf-pwe3-atm-encap
draft-ietf-pwe3-ppp-hdlc-encap-mpls
Originally part of draft-martini-l2circuit-encap-mpls
Presentation_ID
Cisco Confidential
17
MPLS PW Types (RFC 4446)

0x0001 Frame Relay DLCI ( Martini Mode )
0x0002 ATM AAL5 SDU VCC transport
0x000E ATM AAL5 PDU VCC transport

0x000F Frame-Relay Port mode
0x0003 ATM transparent cell transport
0x0010 SONET/SDH Circ. Emu. over Packet
0x0004 Ethernet Tagged Mode (VLAN)
0x0011 Structure-agnostic E1 over Packet
0x0005 Ethernet (Port)
0x0012 Structure-agnostic T1 over Packet
0x0006 HDLC
0x0013 Structure-agnostic E3 over Packet
0x0007 PPP
0x0014 Structure-agnostic T3 over Packet
0x0008 SONET/SDH Circuit Emulation
0x0015 CESoPSN basic mode
0x0009 ATM n-to-one VCC cell transport
0x0016 TDMoIP AAL1 Mode
0x000A ATM n-to-one VPC cell transport
0x0017 CESoPSN TDM with CAS
0x000B IP Layer2 Transport

0x000C ATM one-to-one VCC Cell Mode
0x0018 TDMoIP AAL2 Mode

0x0019 Frame Relay DLCI
0x000D ATM one-to-one VPC Cell Mode
Presentation_ID
Cisco Confidential
18
VC Information Distribution (RFC 4447)

VC labels are exchanged across a targeted LDP
session between PE routers
Generic Label TLV within LDP Label Mapping Message
LDP FEC element defined to carry VC information

Such PW Type (RFC 4446) and VCID
VC information exchanged using Downstream

Unsolicited label distribution procedures
Separate MAC List TLV for VPLS
Defined in draft-ietf-l2vpn-vpls-ldp
Use to withdraw labels associated with MAC addresses
Presentation_ID
Cisco Confidential
19
VC Distribution Mechanism using LDP

Directed LDP Session
between PE1 and PE2
Customer
Site
Tunnel Label(s) gets to PE router
Label Switch Path
CE
CE
Customer
Site
IP/MPLS
Customer
Site
CE
PE1
LSP created
using IGP+LDP
or RSVP-TE
PE2
CE
Customer
Site
VC Label identifies interface
Unidirectional Tunnel LSP between PE routers to transport PW

PDU from PE to PE using tunnel label(s)
Both LSPs combined to form single bi-directional Pseudo Wire
Directed LDP session between PE routers to exchange VC

information, such as VC label and control information
Presentation_ID
Cisco Confidential
20
PW Encapsulation over MPLS (RFC 4448)

Ethernet Pseudo Wires use 3 layers of encapsulation
Tunnel Encapsulation (zero, one or more MPLS Labels)
To get PDU from ingress to egress PE;
Could be an MPLS label (LDP, TE), GRE tunnel, L2TP tunnel
Pseudo Wire Demultiplexer (PW Label)
To identify individual circuits within a tunnel;
Obtained from Directed LDP session
Control Word (Optional)
The following is supported when carrying Ethernet
Provides the ability to sequence individual frames
Avoidance of equal-cost multiple-path load-balancing
Operations and Management (OAM) mechanisms
Control word format varies depending on transported PDU
Layer 2
PDU
Presentation_ID
Cisco Confidential
Control
Word
PW
Label
Tunnel
Label
21
Ethernet PW Tunnel Encapsulation

0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tunnel Label (LDP,RSVP,BGP)
Tunnel Encaps
VC Label (VC)
PW Demux
Control Word 0 0 0 0
Reserved
EXP
TTL
EXP
TTL (set to 2)
Sequence Number
Layer-2 PDU
Tunnel Encapsulation
One or more MPLS labels associated with the tunnel
Defines the LSP from ingress to egress PE router
Can be derived from LDP+IGP, RSVP-TE, BGP IPv4+Label
Presentation_ID
Cisco Confidential
22
Ethernet PW Demultiplexer
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tunnel Encaps
VC Label (VC)
PW Demux
Control Word 0 0 0 0
Reserved
EXP
EXP
TTL
TTL (set to 2)
Sequence Number
Layer-2 PDU
VC Label
Inner label used by receiving PE to determine the following
Egress interface for L2PDU forwarding (Port based)
Egress VLAN used on the CE facing interface (VLAN
Based)
EXP can be set to the values received in the L2 frame
Presentation_ID
Cisco Confidential
23
Ethernet PW Control Word

0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tunnel Encaps
EXP
TTL
VC Label (VC)
EXP
TTL (set to 2)
PW Demux
Control Word
0 0 0 0
Reserved
Sequence Number
Layer-2 PDU
Control Word is Optional (as per RFC)

0000
First nibble is 0x0 to prevent aliasing with IP

Packets over MPLS (MAC addresses that start
with 0x4 or 0x6)
Reserved
Should be all zeros, ignored on receive
Seq number
provides sequencing capability to detect out

of order packets - currently not in Ciscos
implementation processing is optional
Presentation_ID
Cisco Confidential
24
PW Operation and Encapsulation

Label 72
for PW1
Directed LDP Session

between PE1 and PE2
Lo0:
IP/MPLS
PW1
24LSP72 P2L2 PDU
P1 38
Customer
Site
CE
PE1
Label Pop
for Lo0:
Label 38
for Lo0:
Label 24
for Lo0:
LDP
Session
LDP
Session
LDP
Session
PE2
CE
Customer
Site
This process happens in both directions

(Example shows process for PE2 PE1 traffic)
Presentation_ID
Cisco Confidential
25
VPLS Architecture
Presentation_ID
Cisco Confidential
26
VPLS Standards
Architecture allows IEEE 802.1 bridge behaviour in SP plus:
Autodiscovery of other N-PE in same VPLS instance
Signaling of PWs to interconnect VPLS instances
Loop avoidance & MAC Address withdrawal
Two drafts have been approved by IETF L2VPN Working Group

draft-ietf-l2vpn-vpls-ldp
Uses LDP for signalling, agnostic on PE discovery method
Predominant support from carriers and vendors
Cisco supports this draft
draft-ietf-l2vpn-vpls-bgp
Uses BGP for signalling and autodiscovery
Presentation_ID
Cisco Confidential
27
Cisco VPLS Building Blocks

Layer 2 VPN
Point-to-Point
Layer 2 VPN
Multipoint
Layer 2 VPN
Layer 3 VPN
Forwarding
Mechanism
Interface-Based/
Sub-Interface
Ethernet
Switching (VFI)
IP Routing
L2VPN
Discovery
DNS
Centralised
Radius Directory Services
Distributed
BGP
NMS/OSS
Signaling
Label Distribution
Protocol
Tunnel
Protocol
MPLS
Hardware
Cisco 7600
Presentation_ID
IP
Catalyst 6500
Cisco Confidential
Cisco 12000
28
VPLS Auto-discovery & Signaling

VPN
Discovery
DNS
Centralised
Radius Directory Services
Distributed
BGP
Label Distribution
Protocol
Signaling
Draft-ietf-l2vpn-vpls-ldp
Does not mandate an auto-discovery protocol
Can be BGP, Radius, DNS, or Directory based
Uses Directed LDP for label exchange (VC) and PW signaling
PWs signal control information as well (for example, circuit state)
Cisco IOS supports Directed LDP for all VC signaling

Point-to-point Cisco IOS Any Transport over MPLS (AToM)
Multipoint Cisco IOS MPLS Virtual Private LAN Services
Presentation_ID
Cisco Confidential
29
VPLS Flooding & Forwarding

Unknown DA?
Data
SA
Pseudo Wire in LSP
DA?
Flooding (Broadcast, Multicast, Unknown Unicast)

Dynamic learning of MAC addresses on PHY and VCs
Forwarding
Physical Port
Virtual Circuit
Presentation_ID
Cisco Confidential
30
MAC Address Learning and Forwarding

Send me frames
using Label 102
MAC1
PE1
CE
Adj
MAC 2
170
MAC 1
E0/0
Use VC
Label 170
PE2
Data
102
MAC1 MAC2
MAC1 MAC2
MAC2
PE2
Use VC
Label 102
E0/0
MAC Address
Send me frames
using Label 170
Directed LDP
Data
170
CE
E0/1
MAC Address
Adj
MAC 2
E0/1
MAC 1
102
PE2
Broadcast, Multicast, and Unknown Unicast are learned via the

received label associations
Two LSPs associated with a VC (Tx & Rx)
If inbound or outbound LSP is down
Then the entire Pseudo Wire is considered down
Presentation_ID
Cisco Confidential
31
MAC Address Withdrawal Message

Directed LDP
MPLS
MPLS
MA
Withd C
ra w a
l
MAC wal
dra
With
Message speeds up convergence process

Otherwise PE relies on MAC Address Aging Timer
Upon failure PE removes locally learned MAC addresses

Send LDP Address Withdraw (RFC3036) to remote PEs in VPLS
(using the Directed LDP session)
New MAC List TLV is used to withdraw addresses
Presentation_ID
Cisco Confidential
32
VPLS Topology PE View

CEs
PEs
MPLS
MPLS
Full Mesh LDP

Ethernet PW to each peer
PE view
Each PE has a P2MP view of all other PEs it sees it self as a root
bridge with split horizon loop protection
Full mesh topology obviates STP in the SP network
Customer STP is transparent to the SP / Customer BPDUs are
forwarded transparently
Presentation_ID
Cisco Confidential
33
VPLS Topology CE View

CEs
PEs
MPLS
MPLS
VPLS
MPLS
MPLS
VPLSCore
Core
Full Mesh LDP

Ethernet PW to each peer
PE view
CE routers/switches see a logical Bridge/LAN

VPLS emulates a LAN but not exactly
This raises a few issues which are discussed later
Presentation_ID
Cisco Confidential
34
VPLS Architectures
VPLS defines two Architectures
Direct Attachment (Flat)
Described in section 4 of Draft-ietf-l2vpn-vpls-ldp
Hierarchical or H-VPLS comprising of two access methods
Ethernet Edge (EE-H-VPLS) QinQ tunnels
MPLS Edge (ME-H-VPLS) - PWE3 Pseudo Wires
(EoMPLS)
Described in section 10 of Draft-ietf-l2vpn-vpls-ldp
Each architecture has different scaling characteristics
Presentation_ID
Cisco Confidential
35
VPLS Functional Components

Customer
MxUs
CE
U-PE
Customer
MxUs
SP PoPs
N-PE
MPLS Core
N-PE
U-PE
CE
N-PE provides VPLS termination/L3 services

U-PE provides customer UNI
CE is the custome device
Presentation_ID
Cisco Confidential
36
Directed attachment (Flat) Characteristics

Suitable for simple/small implementations
Full mesh of directed LDP sessions required
N*(N-1)/2 Pseudo Wires required
Scalability issue a number of PE routers grows
No hierarchical scalability
VLAN and Port level support (no QinQ)
Potential signaling and packet replication overhead
Large amount of multicast replication over same physical
CPU overhead for replication
Presentation_ID
Cisco Confidential
37
Direct Attachment VPLS (Flat Architecture)

CE
N-PE
MPLS Core
Ethernet
(VLAN/Port
Data
MAC1 MAC2
Presentation_ID
Ethernet
(VLAN Port)
Full Mesh PWs + LDP

802.1q
Customer
Data
CE
N-PE
Data
MAC1 MAC2
Cisco Confidential
VC
PE
MAC1 MAC2
Pseudo Wire
SP Core
38
Hierarchical VPLS (H-VPLS)

Best for larger scale deployment
Reduction in packet replication and signaling overhead
Consists of two levels in a Hub and Spoke topology
Hub consists of full mesh VPLS Pseudo Wires in MPLS core
Spokes consist of L2/L3 tunnels connecting to VPLS (Hub) PEs
Q-in-Q (L2), MPLS (L3), L2TPv3 (L3)
Some additional H-VPLS terms
Presentation_ID
MTU-s
Multi-Tenant Unit Switch capable of bridging (U-PE)
PE-r
Non bridging PE router
PE-rs
Bridging and Routing capable PE
Cisco Confidential
39
Why H-VPLS?
VPLS
H-VPLS
PE
CE
PE
CE
CE
CE
PE-rs
PE
PE
PE
MTU-s
CE
CE
PE-rs
PE-rs
CE
PE
CE
PE
PE-rs
CE
PE-rs
CE
PE
Potential signaling overhead
PE-r
PE-rs
CE
CE
Minimizes signaling overhead
Full PW mesh from the Edge
Full PW mesh among Core devices
Packet replication done at the Edge
Packet replication done the Core
Node Discovery and Provisioning

extends end to end
Partitions Node Discovery process
Presentation_ID
Cisco Confidential
40
Ethernet Edge H-VPLS (EE-H-VPLS)

U-PE
MTU-s
CE
N-PE
PE-rs
802.1q
Access
QinQ
Tunnel
Data
Vlan
CE
2
CE
802.1q
Access
802.1q
Customer
Vlan Vlan
CE
SP
U-PE
MTU-s
QinQ
Tunnel
Full Mesh PWs + LDP
3
Presentation_ID
MPLS Core
MAC1 MAC2
Data
N-PE
PE-rs
MAC1 MAC2
Data
Cisco Confidential
Vlan
CE
QinQ
SP Edge
MAC1 MAC2
VC
PE
Pseudo Wire
SP Core
41
Bridge Capability in EE-H-VPLS

CE
U-PE
MTU-s
N-PE
PE-rs
Local edge traffic does not have to traverse N-PE

MTU-s can switch traffic locally
Saves bandwidth capacity on circuits to N-PE
Presentation_ID
Cisco Confidential
42
Ethernet Edge Topologies

Full
Service
CPE
Efficient
Access
U-PE
Large Scale Intelligent

Aggregation
Edge
PE-AGG
N-PE
Multiservice
Core
P
Intelligent
Edge
N-PE
Efficient
Access
U-PE
Full
Service
CPE
Si
Metro A
10/100/
1000 Mbps
User Facing Provider Edge (U-PE)

U-PE
Metro C
PE-AGG
GE Ring
Si
Hub and
10/100/
Spoke
1000 Mbps
U-PE
N-PE
MPLS VPLS
Metro B
N-PE
DWDM/
CDWM
10/100/
1000 Mbps
P
RPR
N-PE
U-PE
Network Facing Provider Edge (N-PE)
Presentation_ID
Cisco Confidential
U-PE
10/100/
1000 Mbps
Metro D
43
MPLS Edge H-VPLS

U-PE
PE-rs
CE
N-PE
PE-rs
MPLS Core
MPLS
Access
Data
2
MPLS
MPLSCore
Core
Vlan
CE
Data
Full Mesh PWs + LDP
MAC1 MAC2
3
Presentation_ID
Cisco Confidential
CE
802.1q
Access
Same VCID used in

Edge and core (Labels
may differ)
MAC1 MAC2 802.1q

Customer
Vlan
CE
MPLS
Pseudo
Wire
MPLS
Pseudo Wire
U-PE
PE-rs
MPLS
Access
802.1q
Access
N-PE
PE-rs
VC
Data
PE
Vlan
CE
MPLS PW
SP Edge
MAC1 MAC2
VC
PE
Pseudo Wire
SP Core
44
VFI and Split Horizon (VPLS, EE-H-VPLS)

This traffic will not be
replicated out PW #2 and
visa versa
CE
CE
Broadcast
/Multicast
N-PE2
Pseudo Wire #1
1
VFI
N-PE3
Pseudo Wire #2
3
N-PE1
Bridging Function
(.1Q or QinQ)
Local Switching
Virtual
Forwarding
Interface
Pseudo Wires
Split Horizon Active
Virtual Forwarding Interface is the VSI representation in IOS

Single interface terminates all PWs for that VPLS instance
This model applicable in direct attach and H-VPLS with Ethernet Edge
Presentation_ID
Cisco Confidential
45
VFI and NO Split Horizon (ME-H-VPLS)

CE
Split Horizon
disabled
U-PE
CE
Pseudo Wire #1
1
Pseudo Wire #3
3
VFI
N-PE2
Pseudo Wire #2
N-PE3
Unicast
N-PE1
Pseudo Wire
MPLS Based
NO Split Horizon
Virtual
Forwarding
Interface
Pseudo Wires
Split Horizon Active
This model applicable H-VPLS with MPLS Edge

PW #1, PW #2 will forward traffic to PW #3 (non split horizon port)
Presentation_ID
Cisco Confidential
46
VPLS Logical Topology Comparison

Pros
Direct Attach
H-VPLS QinQ tunnel
H-VPLS - MPLS PW
Simple access via

Ethernet
Simple access via Ethernet
Fast L3 IGP convergence
Hierarchical support via

QinQ at access
MPLS TE FRR <50msec
Scalable customer VLANs

(4K x 4K)
Hierarchical support via

MPLS PW at access
4K customers supported per

Ethernet Access Domain
Cons
No hierarchical
scalability
High STP re-convergence

time
More complicated
provisioning
Customer VLAN
cannot over lap
MAC is not scalable as

customer MAC still seen on
SP network
Requires MPLS to u-PE
4K customer VLAN
limit in Ethernet
access domain
Supported on SIP-600 only

as of 12.2(33)SRA
OSM/SIP-400/600 as U-PE
facing card on N-PE (for
7600)
High STP
reconvergence time
Presentation_ID
Cisco Confidential
47
Configuration
Examples
Presentation_ID
Cisco Confidential
48
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
Presentation_ID
Cisco Confidential
49
Direct Attachment Configuration (C7600)
1.1.1.1
CE1
PE1
pos4/1
MPLS
MPLSCore
Core
PE2
CE2
pos4/3
gi3/0
VLAN100
2.2.2.2
gi4/4
pos3/0
pos3/1
VLAN100
PE3
gi4/2
3.3.3.3
CE2
VLAN100
CEs are all part of same VPLS instance (VCID = 56)

CE router connects using VLAN 100 over sub-interface
Presentation_ID
Cisco Confidential
50
Direct Attachment CE router

Configuration
interface GigabitEthernet 2/1.100
encapsulation dot1q 100
ip address 192.168.20.1

ip address 192.168.20.2
CE1
CE2
Subnet
192.168.20.0/24
VLAN100
CE2
VLAN100

ip address 192.168.20.3
VLAN100
CE routers sub-interface on same VLAN

Can also be just port based (NO VLAN)
Presentation_ID
Cisco Confidential
51
Direct Attachment VSI Configuration

l2 vfi VPLS-A manual
vpn id 56
neighbor 2.2.2.2 encapsulation mpls
1.1.1.1
CE1
PE1
pos4/1

vpn id 56
MPLS
MPLSCore
Core
PE2
CE2
pos4/3
gi3/0
VLAN100
2.2.2.2
gi4/4
pos3/0
pos3/1
VLAN100
PE3
gi4/2
3.3.3.3
CE2
VLAN100

vpn id 56
Create the Pseudo Wires between N-PE routers

Presentation_ID
Cisco Confidential
52
Direct Attachment CE Router (VLAN Based)

Same set of commands on each PE
Configured on the CE facing interface
1.1.1.1
CE1
PE1
pos4/1
MPLS
MPLSCore
Core
gi3/0
pos3/0
3.3.3.3
VLAN100
This command associates the

VLAN with the VPLS instance
VLAN100 = VCID 56
CE2
pos4/3
gi4/4
VLAN100
Presentation_ID
PE2
2.2.2.2
Cisco Confidential
Interface
GigabitEthernet3/0VLAN100
pos3/1
switchport
switchport mode trunk
switchport
trunk encapsulation dot1q
PE3
gi4/2 switchport trunk allowed vlan 100
!
CE2
Interface vlan 100
no ip address
xconnect vfi VPLS-A
!
vlan 100
state active
53
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
54
Direct Attachment CE switch (Port Based)

If CE was a switch instead of a router then we can use QinQ
QinQ places all traffic (tagged/untagged) from switch into a VPLS
1.1.1.1
CE1
PE1
pos4/1
MPLS
MPLSCore
Core
gi3/0
pos3/0
3.3.3.3
All VLANs
This command associates the

VLAN with the VPLS instance
VLAN100 = VCID 56
CE2
pos4/3
gi4/4
All VLANs
Presentation_ID
PE2
2.2.2.2
Cisco Confidential
Interface
GigabitEthernet3/0
pos3/1
All VLANs
switchport
switchport mode dot1qtunnel
switchport
access vlan 100
PE3
gi4/2 l2protocol-tunnel stp
!
CE2
Interface vlan 100
no ip address
xconnect vfi VPLS-A
!
vlan 100
state active
55
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
56
H-VPLS Configuration (C7600/3750ME)
U-PE1
1.1.1.1
Cisco
3750ME
2.2.2.2
pos4/1
MPLS
MPLSCore
Core
Cisco
3750ME
pos4/3
gi3/0
gi4/4 gi1/1/1
pos3/0
N-PE1
CE1
U-PE2
pos3/1
CE1
gi4/2
CE2
U-PE3
CE1
Cisco 3750ME
fa1/0/1
N-PE2
N-PE3
3.3.3.3
CE2
4.4.4.4
CE2
U-PEs provide services to customer edge device

CE traffic then carried in QinQ or EoMPLS PW to N-PE
PW VSI mesh configuration is same as previous examples
Presentation_ID
Cisco Confidential
57
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
58
H-VPLS QinQ Tunnel (Ethernet Edge)

U-PE carries all traffic from CE using QinQ
Outer tag is VLAN100, inner tags are customers
U-PE1
Cisco
3750ME
1.1.1.1
2.2.2.2
pos4/1
MPLS
MPLSCore
Core
gi3/0
U-PE2
Cisco
3750ME
pos4/3
gi4/4 gi1/1/1
4.4.4.4
fa1/0/1
Interface GigabitEthernet4/4
switchport
pos3/0
pos3/1
N-PE1
N-PE2
switchport trunk encapsulation dot1q
CE1
switchport trunk allowed vlan
N-PE3
3.3.3.3100
CE1
CE2
CE2
!
interface FastEthernet1/0/1
gi4/2
Interface vlan 100
switchport
CE2
no ip address
switchport access vlan 100
U-PE3
xconnect vfi VPLS-A
switchport
mode dot1q-tunnel
Cisco
3750ME
CE1
!
switchport trunk allow vlan 1-1005
vlan 100
!
state active
interface GigabitEthernet 1/1/1
switchport
switchport allow vlan 1-1005
Presentation_ID
Cisco Confidential
59
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
60
H-VPLS EoMPLS PW Edge (VLAN Based)

CE interface on U-PE can be access or trunk port
xconnect per VLAN is required
U-PE1
Cisco
3750ME
1.1.1.1
2.2.2.2
pos4/1
MPLS
MPLSCore
Core
gi3/0
U-PE2
Cisco
3750ME
pos4/3
gi4/4 gi1/1/1
4.4.4.4
fa1/0/1
no switchport
pos3/0
pos3/1
N-PE1
N-PE2
ip address 156.50.20.1 255.255.255.252
CE1
mpls ip
!
N-PE3
3.3.3.3
CE1
CE2
CE2
gi4/2
switchport
vpn id 56
switchport access vlan 500
CE2
neighbor 1.1.1.1 encapsulation
mpls
U-PE3
!
Cisco
3750ME vlan500
interface
CE1
neighbor 4.4.4.4 encaps mpls no-split
xconnect 2.2.2.2 56 encapsulation mpls
!
interface GigabitEthernet1/1/1
Ensures CE traffic passed on
no switchport
ip address 156.50.20.2 255.255.255.252
PW to/from U-PE
mpls ip
Presentation_ID
Cisco Confidential
61
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
62
H-VPLS EoMPLS PW Edge (Port Based)

CE interface on U-PE can be access or trunk port
xconnect for entire PORT is required
U-PE1
Cisco
3750ME
1.1.1.1
2.2.2.2
pos4/1
MPLS
MPLSCore
Core
gi3/0
U-PE2
Cisco
3750ME
pos4/3
gi4/4 gi1/1/1
4.4.4.4
fa1/0/1
no switchport
pos3/0
pos3/1
N-PE1
N-PE2
ip address 156.50.20.1 255.255.255.252
CE1
mpls ip
!
N-PE3
3.3.3.3
CE1
CE2
CE2
l2 vfi PE1-VPLS-A manual
gi4/2
no switchport
vpn id 56
xconnect 2.2.2.2 56 encapsulation mpls
CE2
neighbor 1.1.1.1 encapsulation
mpls
U-PE3
!
Cisco
3750ME GigabitEthernet1/1/1
interface
CE1
neighbor 4.4.4.4 encaps mpls no-split
no switchport
ip address 156.50.20.2 255.255.255.252
mpls ip
Ensures CE traffic passed on

PW to/from U-PE
Presentation_ID
Cisco Confidential
63
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
64
show mpls l2 vc
U-PE1
1.1.1.1
Cisco
3750ME
2.2.2.2
pos4/1
MPLS
MPLSCore
Core
U-PE2
Cisco
3750ME
4.4.4.4
pos4/3
gi3/0
fa1/0/1
gi4/4 gi1/1/1
pos3/0
N-PE1
pos3/1
N-PE2
CE1
CE1
N-PE3
3.3.3.3
CE2
CE2
CE1
Presentation_ID
CE2
gi4/2
U-PE3
NPE-A#show mplsCisco
l2 vc
3750ME
Local intf
Local circuit Dest address
-------------
------------- ------------- ------ ------
VFI VPLS-A
VFI
1.1.1.1
10
UP
VFI VPLS-A
VFI
3.3.3.3
10
UP
Cisco Confidential
VC ID
Status
65
show mpls l2 vc detail
U-PE1
1.1.1.1
Cisco
3750ME
Use VC
Label 19
pos4/1
MPLS
MPLSCore
Core
Use VC
Label 23
2.2.2.2
U-PE2
Cisco
3750ME
4.4.4.4
pos4/3
gi3/0
fa1/0/1
gi4/4 gi1/1/1
pos3/0
N-PE1
pos3/1
N-PE2
CE1
CE1
3.3.3.3
NPE-2#show
mpls l2 N-PE3
vc detail
CE2
gi4/2
CE2
CE2
Local interface: VFI VPLS-A up
CE1
Destination address:
U-PE3 1.1.1.1, VC ID: 10, VC status: up
3750ME
Tunnel label:Cisco
imp-null,
next hop 156.50.20.1
Output interface: POS4/3, imposed label stack {19}

Create time: 1d01h, last status change time: 00:40:16
Signaling protocol: LDP, peer 1.1.1.1:0 up
MPLS VC labels: local 23, remote 19
Presentation_ID
Cisco Confidential
66
Deployment Issues
Presentation_ID
Cisco Confidential
67
Deployment Issues
MTU Size
Broadcast Handling
Router or a Switch CPE?
Ramblings of an Engineer
A Sample Problem
Presentation_ID
Cisco Confidential
68
Pseudo Wire Data Plane Overhead

At imposition, N-PE encapsulates CE Ethernet or VLAN
packet to route across MPLS cloud
These are the associated overheads
Transport Header is 6 bytes DA + 6 bytes SA + 2 bytes Etype +
OPTIONAL 4 Bytes of VLAN Tag (carried in Port based service)
At least 2 levels of MPLS header (Tunnel + VC) of 4 bytes each
There is an optional 4-Byte control word
L2 Header
Presentation_ID
Tunnel Header
VC Header
Outer Label
(32-bits)
Inner Label
(32-bits)
Cisco Confidential
Original Ethernet Frame
69
Calculating Core MTU Requirements

Core MTU Edge MTU + Transport Header + AToM Header + (MPLS
Label Stack * MPLS Header Size)
Edge MTU is the MTU configured in the CE-facing PE interface
Examples (all in Bytes):
Edge
Transport
AToM
MPLS
Stack
MPLS
Header
Total
EoMPLS Port Mode
1500
14
4 [0]
1526
[1522]
EoMPLS VLAN Mode
1500
18
4 [0]
1530
[1526]
EoMPLS Port w/ TE FRR
1500
14
4 [0]
1530
[1526]
Presentation_ID
Cisco Confidential
70
Beware the MTU It Can Get Real Big

Carrier Pseudowire Encapsulation
Enterprise MPLS Frame
Pre
SFD
DA
SA
Type
TE
Tu
Vc
Cntrl
DA
SA
TPID
TCI
Type
Data
Control Word
Cust Destination MAC
Cust Source MAC
VLAN Protocol ID = 8100
VLAN ID Info
Cust Type
Cust Packet
MTU Sizing
Packet size can get very large in backhaul due to

multiple tags and labels
Ensure core and access Ethernet interfaces are
configured with appropriate MTU size
Presentation_ID
Cisco Confidential
> 1500
4
FCS
Frame Check Sequence
EoMPLS VC Label
EoMPLS Tunnel Label
Traffic Engineer label
Ether type = 8847
Carrier Source
MAC
Carrier Dest
MAC
Start of Frame
Delimter
Preamble
Data portion may

be > 1500 if
carrying MPLS
labels
71
Broadcast/Multicast/Unknown Unicast Handling

VPLS relies on ingress replication
Ingress PE replicates the multicast packet to each egress Pseudo
Wire (PE neighbour)
Ethernet switches replicate broadcast/multicast flows once

per output interface
VPLS may duplicate packets over the same physical egress
interface for each PW that interface carriers
Unnecessary replication brings the risk of resource exhaustion
when the number of PWs increases
Some discussion on maybe using multicast for PWs

Rather than full mesh of P2P Pseudo Wires
Presentation_ID
Cisco Confidential
72
Switch or Router as CE device

Ethernet Switch as CE device
If directly attached SP allocates VLAN could be an issue in
customer network
SP UNI exposed to L2 network of customer
L2 PDUs must be tunnelled such as STP BPDUs
No visibility of network behind CE switch
Many MAC address can exists on UNI
High exposure to broadcast storms
Router as CE device
Single MAC Address exists (for interface of router)
No SPT interactions
Router controls broadcast issues (multicast still happens)
Presentation_ID
Cisco Confidential
73
VPLS Caveats (Ramblings of an Engineer)

VPLS may introduce non-deterministic behaviour in SP Core
Case in point learning of VPN routes
An MPLS-VPN provides ordered manner to learn VPNv4 routers using
MP-BGP unknown addresses are dropped
In VPLS, learning is achieved through flooding MAC address
Excessive number of Unknown, Broadcast and Multicast frames could
behave as a series of packet bombs
Solution: Ingress Threshold Filters (on U-PE or N-PE)

How to selectively choose which Ethernet Frames to discard?
How to avoid dropping Routing and Keepalives (control)
May cause more problems in customer network
How many MAC addresses allowed?
Does SP really want to take this responsibility?
Presentation_ID
Cisco Confidential
74
VPLS Caveats (Ramblings of an Engineer)

DoS attack has a higher probability of manifesting
Whether intentional or by mis-configuration
Since traffic is carried at layer 2, a lot of chatter could be

traversing the MPLS core unnecessarily.
For example, status requests for printers
How is CoS applied across for a VPLS service?

Should all frames on a VPLS interface be afforded the same class of
service?
Should there be some sort of differentiation?
Presentation_ID
Cisco Confidential
75
A Common VPLS Problem

Protocols expect LAN behaviour
VPLS is viewed as an Ethernet network
Although it does not necessarily behave like one
VPLS is virtual in its LAN service
There are some behaviours which differ from a real LAN
An example
The OSPF designated router problem
Presentation_ID
Cisco Confidential
76
OSPF Designated Router Problem

VPLS View
Router A is the DR, Router B is the BDR
Router C sees both A and B via Pseudo Wires
OSPF DR
(A)
OSPF
Backup DR
(B)
Pseudo Wires
OSPF Neighbour
(C)
Router View
Router A, B and C behave like they are on a LAN

OSPF DR
(A)
OSPF
Backup DR
(B)
Presentation_ID
OSPF Neighbour
(C)
Cisco Confidential
77
OSPF Designated Router Problem

Assume PW between A and B loses connectivity
Router A and Router B cannot see each other
Router C can still see both the Router A and Router B
No arbitration available between
Router A and Router B
OSPF
Backup DR
(B)
OSPF DR
(A)
Pseudo Wires
OSPF Neighbour
(C)
Ethernet frames travel along discrete paths a VPLS

Therefore Router C can see both Router A and B
But Router A and Router B cannot see each other!
Router B assumes A has failed and becomes the DR

Router C now see two DRs on same LAN segment Problem!
Presentation_ID
Cisco Confidential
78
Summary
Presentation_ID
Cisco Confidential
79
Summary
VPLS has its advantages and benefits
Non-IP protocols supported, customers do not have routing
interaction etc..
Use routers as the CE device

Understand their multicast requirements
Then again, maybe MPLS-VPN could do the job?
Avoid switches as CPE

Otherwise understand customers network requirements
Devices, applications (broadcast/multicast vs unicast)
Presentation_ID
Cisco Confidential
80
Q&A
Presentation_ID
Cisco Confidential
81
Presentation_ID
Cisco Confidential
82

An Introduction To VPLS: Jeff Apcar, Distinguished Services Engineer APAC Technical Practices, Advanced Services

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

An Introduction To VPLS: Jeff Apcar, Distinguished Services Engineer APAC Technical Practices, Advanced Services

Uploaded by

Copyright:

Available Formats

An Introduction to

Jeff Apcar, Distinguished Services Engineer

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

Do you want to date VPLS?

Me, Just Then

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

Virtual Private LAN Service (VPLS)

2006 Cisco Systems, Inc. All rights reserved.

Virtual Private LAN Service

2006 Cisco Systems, Inc. All rights reserved.

Why Provide A Layer 2 Service?

2006 Cisco Systems, Inc. All rights reserved.

VPLS is defined in IETF

VPWS, VPLS, IPLS

Ops and Mgmt

BGP/MPLS VPNs (RFC 4364

Pseudo Wire Emulation

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

IP LAN-Like Service (IPLS)

IPLS is a functional subset of the VPLS service

2006 Cisco Systems, Inc. All rights reserved.

Virtual Switch Interface (VSI)

Mesh of LSP between N-PEs

Targeted LDP between PEs to

2006 Cisco Systems, Inc. All rights reserved.

Virtual Switch Interface

Address Learning / Aging

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

Pseudo Wires in VPLS

Develop standards for the encapsulation & service

A VPLS is based on a full mesh of Pseudo Wires

2006 Cisco Systems, Inc. All rights reserved.

Pseudo Wire Reference Model (RFC 3916)

PSN Tunnel (LSP in MPLS)

A Pseudo Wire (PW) is a connection between two provider edge devices

2006 Cisco Systems, Inc. All rights reserved.

Pseudo Wire Standards (Care for a Martini?)

RFC 4448 Encapsulation for Ethernet using MPLS

Other drafts are addressing different encapsulations

2006 Cisco Systems, Inc. All rights reserved.

MPLS PW Types (RFC 4446)

0x000E ATM AAL5 PDU VCC transport

0x0003 ATM transparent cell transport

0x0010 SONET/SDH Circ. Emu. over Packet

0x0004 Ethernet Tagged Mode (VLAN)

0x0011 Structure-agnostic E1 over Packet

0x0005 Ethernet (Port)

0x0012 Structure-agnostic T1 over Packet

0x0013 Structure-agnostic E3 over Packet

0x0014 Structure-agnostic T3 over Packet

0x0008 SONET/SDH Circuit Emulation

0x0015 CESoPSN basic mode

0x0009 ATM n-to-one VCC cell transport

0x0016 TDMoIP AAL1 Mode

0x000A ATM n-to-one VPC cell transport

0x0017 CESoPSN TDM with CAS

0x000B IP Layer2 Transport

0x0018 TDMoIP AAL2 Mode