You are on page 1of 56

Implementation and Utilization of Layer 2 VPN Technologies

BRKAGG-2000

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

2

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

1

General Prerequisites
ƒ Spanning Tree problems and Data Center knowledge ƒ Why L2VPN technology is becoming ever important to service providers and enterprise ƒ Good understanding of L2VPN technology pseudowires (PWs) operation (AToM, L2TPv3) ƒ Basic understanding of network design principles ƒ Familiarity with quality of service principles; application will be discussed, with examples ƒ Basic understanding of MPLS traffic engineering (MPLS-TE) concepts
BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

3

L2VPN Deployment Objectives
ƒ Quick review of the motivating factors for L2VPN adoption ƒ Outline common service requirements for L2VPN and how they are being addressed by Service Providers and Enterprise ƒ Quick overview EoMPLS and VPLS ƒ Using Traffic Engineering with Layer 2 VPN ƒ Position Layer 2 VPN for Data Center

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

4

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

2

Summary Technology
ƒ AToM/L2TPv3 ƒ EoMPLS ƒ VPLS ƒ Traffic—Engineering

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

5

Deployment Objectives

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

6

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

3

Why Is L2VPN Needed?
ƒ It allows SP and Enterprise to have a single infrastructure for both IP and legacy services
For SP Move legacy ATM/FR traffic to MPLS/IP core without interrupting current services Enterprise allow them to build better DataCenter and spam across L2 AC across WAN/MPLS and provide better HA

ƒ Help SP provide new P2P Layer 2 tunnelling services
Customer can have its own routing, QoS policy, etc.

ƒ A migration step towards IP/MPLS VPN

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

7

Benefits for L2VPNs
ƒ New service opportunities:
Virtual leased line service Offer “PVC-like” Layer 2-based service

ƒ Reduced cost—consolidate multiple core technologies into a single packet-based network infrastructure ƒ Simplify services—Layer 2 transport provides options for service providers who need to provide L2 connectivity and maintain customer autonomy ƒ Protect existing investments—Greenfield networks to extend customer access to existing Layer 2 networks without deploying a new separate infrastructure ƒ Feature support—through the use of Cisco IOS features such as IPsSec, QoS, and Traffic Engineering, L2 transport can be tailored to meet customer requirements
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

8

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

4

L2VPN Models
L2VPN Models

Local Switching

MPLS Core

IP Core

CE-TDM VPWS AToM Like-to-Like OR Any-to-Any Point-to-Point P2MP/ MP2MP VPLS L2TPv3 Any-to-Any Service Point-to-Point

T1/E1

Ethernet FR ATM AAL5/Cell PPP/ HDLC FR ATM AAL5/Cell PPP/ HDLC

Ethernet
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

Ethernet
9

Motivation for L2VPNs

I’ve Really Got to Consolidate These Networks

IP/IPSec

MPLS or IP

IP/IPSec

FR/ATM Broadband ATM Ethernet

FR/ATM Broadband

Ethernet

SONET

Access

Access

Multiple Access Services Require Multiple Core Technologies = $$$ High Costs/Complex Management
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

10

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

5

Generic L2 VPN Architecture
Emulated VC/PW
L2

VC PSN

Attachment Circuit

Tunnel VC

Emulated VC

L2

ƒ Tunnels (MPLS, L2TPv3, GRE, IPSec, etc.) ƒ Emulated VCs (pseudowires) inside tunnels (many-to-one)

Attachment Circuit

ƒ Attachment VCs (e.g., FR DLCI, PPP) mapped to emulated VCs
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

11

Motivation for L2VPNs
New Service Growth

How Can I Leverage My Packet Infrastructure?
Edge Packet Switched Network

Existing Infrastructure
Ethernet

MSE MPLS/IP

Broadband Access

Frame Relay ATM

Trunk Replacement

ƒ Reduce overlapping core expense; consolidate trunk lines ƒ Offer multiservice/common interface (i.e. Ethernet MUX = L2, L3 and Internet) ƒ Maintain existing revenues from legacy services
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

12

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

6

New Evolution for Circuit Emulation
Radio Access Network Backbone Network
MSC BSC/RNC MGW
SS7oIP

BTS/NodeB

RAN Edge

GMSC

PSTN

ITP
Pre-Aggregation Site

IP/MPLS Backbone Pseudo Wires

Broadband Ethernet Backhaul

MSC Server

Abis/Iub Optimization

MGW IP POP at cellsite PW/Abis/Iub IP/MPLS
SONET/SDH/Ethernet/DSL
BRKAGG-2000 14555_04_2008_c1

SGSN

Internet

GGSN

FR/ATM IP/MPLS SONET/SDH
Cisco Public

© 2008 Cisco Systems, Inc. All rights reserved.

13

L2VPN Deployment

Laying the Groundwork for Successful Deployment
ƒ The “Need to Knows” of Your Infrastructure: ƒ What is the aggregate bandwidth requirements for converged services? ƒ What are the minimum platform requirements to run the planned services? ƒ What software features will be required to meet all of my planned needs?—such as:
L2VPN functionality (like-to-like, any-to-any, etc.) VPLS functionality (point-to-multipoint) Q-in-Q OAM requirements IGP, EGP, and TE requirements Cisco Express Forwarding (CEF, dCEF)
BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

14

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

7

Ethernet over MPLS Overview

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

15

EoMPLS Reference Model
Physical Connectivity
Customer A
10720 Switch MPLS Enabled PE P Targeted LDP Session Between PE Routers 12000 MPLS Enabled PE 10720

Customer A
Switch

Site#1

Site#2

Logical Connectivity
Switch BPDUs, VTP Messages Switch

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

16

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

8

A Typical Configuration: EoMPLS VLAN
R201 10.0.0.201 R202 10.0.0.202 R203 10.0.0.203 e0/0.10 R200 CE e0/0.10 PE
dot1Q 10 10.10.10.200/24

e1/0

e1/0 P LDP Targeted LDP

e2/0

e2/0 PE

e0/0.10 e0/0.10
dot1Q 10 10.10.10.204/24

10.1.1.0/24

10.1.2.0/24

R204 CE

LDP

hostname R201 ! ip cef mpls ip mpls label protocol ldp mpls ldp router-id Loopback0 force ! interface Loopback0 ip address 10.0.0.201 255.255.255.255 ! interface Ethernet0/0.10 description *** To R200 *** encapsulation dot1Q 10 no ip directed-broadcast no cdp enable xconnect 10.0.0.203 10 encapsulation mpls

hostname R203 ! ip cef mpls ip mpls label protocol ldp mpls ldp router-id Loopback0 force ! interface Loopback0 ip address 10.0.0.203 255.255.255.255 ! pseudowire-class eompls encapsulation mpls ! interface Ethernet0/0.10 description *** To R204 encapsulation dot1Q 10 no ip directed-broadcast no cdp enable xconnect 10.0.0.201 10 pw-class eompls

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

17

Calculating MTU Requirements for the Core
ƒ Core MTU ≥ Edge MTU + Transport Header + AToM Header + (MPLS Label Stack * MPLS Header Size) ƒ Edge MTU is the MTU configured in the CE-facing PE’s interface ƒ Examples (all in bytes):
Edge Transport AToM MPLS Stack MPLS Header Total

EoMPLS Port Mode

1500

14

4 [0]

2

4

1526 [1522] 1530 [1526] 1530 [1526]

EoMPLS VLAN Mode

1500

18

4 [0]

2

4

EoMPLS Port w/ TE FRR

1500

14

4 [0]

3

4

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

18

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

9

L2 VPN Interworking

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

19

Interworking Modes and Features
ƒ The AC are terminated locally!!! ƒ There are two types of Interworking (a.k.a. any-2-any)
Ethernet (AKA bridged)—Ethernet frames are extracted from the AC and sent over the PW; VLAN Tag is removed; CEs can run Ethernet, BVI, or RBE IP (a.k.a. routed)—IP packets are extracted from the AC and sent over the PW
AToM Frame Relay to Ethernet/VLAN Frame Relay to PPP Frame Relay to ATM AAL5 Ethernet/VLAN to ATM AAL5 Ethernet to VLAN
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

L2TPv3
Yes Yes No No Yes

IP Mode
Yes Yes Yes Yes Yes

Ethernet
Yes No No Yes Yes
20

Yes Yes Yes Yes Yes

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

10

Configuration Example Frame-Relay to Ethernet
Frame Link frame-relay switching ! pseudowire-class atom_fr_vlan encapsulation mpls interworking ip ! interface POS3/0 encapsulation frame-relay clock source internal frame-relay lmi-type ansi frame-relay intf-type dce ! connect fr-vlan POS3/0 210 l2transport xconnect 192.168.200.2 210 pw-class atom_fr_vlan Ethernet/VLAN Link frame-relay switching ! pseudowire-class atom_vlan_fr encapsulation mpls interworking ip ! interface GigabitEthernet4/0.310 encapsulation dot1Q 310 xconnect 192.168.200.1 210 pw-class atom_vlan_fr

MPLS/IP

VLAN 310 DLCI 210

interface POS5/0.210 point-to-point ip address 172.16.1.1 255.255.255.0 frame-relay interface-dlci 210

interface GigabitEthernet6/0.310 encapsulation dot1Q 310 ip address 172.16.1.2 255.255.255.0

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

21

Local Switching InterWorking
interface Serial1/0/1:0 encapsulation frame-relay MFR100 ! interface Serial1/0/2:0 encapsulation frame-relay MFR100 ! interface Serial1/0/3:0 encapsulation frame-relay MFR100 ! interface MFR100 frame-relay lmi-type ansi frame-relay intf-type dce ! interface GigabitEthernet0/1.10 encapsulation dot1Q 10

connect FR_to_Ether MFR100 Ethernet0/1.10 interworking ip

Ethernet0/1.20 speed 100

PE1
PPP/HDLC

MFR
T1/E1 Total 6.144 Mbps CE
Ethernet0/1.10 speed 100

CE3

CE2-HUB

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

22

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

11

VPLS Introduction

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

23

ƒ VPLS Introduction ƒ Pseudo Wire Refresher ƒ VPLS Architecture ƒ VPLS Configuration Example ƒ VPLS Deployment ƒ Summary

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

24

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

12

Virtual Private LAN Service (VPLS)
ƒ VPLS defines an architecture allows MPLS networks offer Layer 2 multipoint Ethernet Services ƒ SP emulates an IEEE Ethernet bridge network (virtual) ƒ Virtual Bridges linked with MPLS Pseudo Wires
Data Plane used is same as EoMPLS (point-to-point)
VPLS is an Architecture

CE

PE

PE

CE

CE
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

25

Virtual Private LAN Service
ƒ End-to-end architecture that allows MPLS networks to provide Multipoint Ethernet services ƒ It is “Virtual” because multiple instances of this service share the same physical infrastructure ƒ It is “Private” because each instance of the service is independent and isolated from one another ƒ It is “LAN Service” because it emulates Layer 2 multipoint connectivity between subscribers

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

26

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

13

Why Provide a Layer 2 Service?
ƒ Customer have full operational control over their routing neighbours ƒ Privacy of addressing space - they do not have to be shared with the carrier network ƒ Customer has a choice of using any routing protocol including non IP based (IPX, AppleTalk) ƒ Customers could use an Ethernet switch instead of a router as the CPE ƒ A single connection could reach all other edge points emulating an Ethernet LAN (VPLS)

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

27

VPLS Is Defined in IETF
VPWS, VPLS, IPLS Application ISOC

General

L2VPN Formerly PPVPN workgroup

IAB Internet

L3VPN BGP/MPLS VPNs (RFC 4364 was 2547bis) IP VPNs using Virtual Routers (RFC 2764) CE based VPNs using IPsec

PWE3 IETF Ops and Mgmt

Routing

MPLS Pseudo Wire Emulation edge-to-edge Forms the backbone transport for VPLS

Security

Transport As of 2-Nov-2006
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

28

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

14

VPLS Components
Pseudo Wires within LSP Virtual Switch Interface (VSI) terminates PW and provides Ethernet bridge function Attachment circuits Port or VLAN mode Mesh of LSP between N-PEs

CE router

N-PE

N-PE

CE router

CE router

CE router

CE switch

MPLS Core

CE switch

Targeted LDP between PEs to exchange VC labels for Pseudo Wires

CE router CE switch

Attachment CE can be a switch or router

BRKAGG-2000 14555_04_2008_c1

N-PE
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

29

Virtual Switch Interface
ƒ Flooding/Forwarding
MAC table instances per customer (port/vlan) for each PE VFI will participate in learning and forwarding process Associate ports to MAC, flood unknowns to all other ports

ƒ Address Learning/Aging
LDP enhanced with additional MAC List TLV (label withdrawal) MAC timers refreshed with incoming frames

ƒ Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS) Unidirectional LSP carries VCs between pair of N-PE Per A VPLS use “split horizon” concepts to prevent loops
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

30

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

15

VPLS Architecture

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

31

VPLS Topology—PE View
CEs

PEs

MPLS
Full Mesh LDP Ethernet PW to each peer

PE view

ƒ Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection ƒ Full mesh topology obviates STP in the SP network ƒ Customer STP is transparent to the SP/Customer BPDUs are forwarded transparently
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

32

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

16

VPLS Topology—CE View
CEs

PEs

MPLS
Full Mesh LDP Ethernet PW to each peer

PE view

ƒ CE routers/switches see a logical Bridge/LAN ƒ VPLS emulates a LAN – but not exactly…
This raises a few issues which are discussed later

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

33

VPLS Functional Components
Customer MxUs SP PoPs Customer MxUs

CE

U-PE

N-PE

MPLS Core

N-PE

U-PE

CE

ƒ N-PE provides VPLS termination/L3 services ƒ U-PE provides customer UNI ƒ CE is the customer device
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

34

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

17

Why H-VPLS?
VPLS
PE CE CE PE PE CE PE-rs MTU-s

H-VPLS

CE CE PE PE CE PE-rs PE-rs

CE CE PE PE PE-rs PE-rs PE-rs CE PE CE PE-r

CE

CE

ƒ Potential signaling overhead ƒ Full PW mesh from the Edge ƒ Packet replication done at the Edge ƒ Node Discovery and Provisioning extends end to end
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

ƒ Minimizes signaling overhead ƒ Full PW mesh among Core devices ƒ Packet replication done the Core ƒ Partitions Node Discovery process
35

Ethernet Edge Topologies
Full Service CPE Efficient Access U-PE Large Scale Aggregation PE-AGG Intelligent Edge N-PE Multiservice Core P Intelligent Edge N-PE Efficient Access U-PE Full Service CPE

Si

Metro A

User Facing Provider Edge (U-PE) U-PE PE-AGG Hub and Spoke
Si

Metro C

10/100/ 1000 Mbps

GE Ring

10/100/ 1000 Mbps

P

P N-PE

U-PE

MPLS VPLS Metro B N-PE P DWDM/ CDWM P RPR
10/100/ 1000 Mbps

N-PE U-PE Network Facing Provider Edge (N-PE)
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

10/100/ 1000 Mbps

U-PE Metro D

36

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

18

VFI and Split Horizon (VPLS, EE-H-VPLS)
This traffic will not be replicated out PW #2 and visa versa

CE
1 1 1 1

1

1

1

1

1

3

3

3

3

Pseudo Wire #1 1 2 1 2 1 3 3 3 3 3

N-PE2

CE
2 2 2 2

VFI
3 3 3 3 3 2 2 2 2 2

3

3

3

3

Pseudo Wire #2

N-PE3
3 3

Broadcast /Multicast

N-PE1
Virtual Forwarding Interface

3

3

3

Bridging Function (.1Q or QinQ)

Pseudo Wires

Local Switching

Split Horizon Active

ƒ Virtual Forwarding Interface is the VSI representation in IOS
Single interface terminates all PWs for that VPLS instance This model applicable in direct attach and H-VPLS with Ethernet Edge
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

37

VFI and No Split Horizon (ME-H-VPLS)
CE
Split Horizon disabled

1

1

1

1

1

Pseudo Wire #1

U-PE CE

N-PE2
3 3

1

2

1

2

1

3

3

3

Pseudo Wire #3 3 3 3 3 3

VFI
2 2 2 2 2

Pseudo Wire #2
Unicast

N-PE3

N-PE1
Virtual Forwarding Interface

Pseudo Wire MPLS Based

Pseudo Wires

NO Split Horizon

Split Horizon Active

ƒ This model applicable H-VPLS with MPLS Edge
PW #1, PW #2 will forward traffic to PW #3 (non split horizon port)

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

38

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

19

VPLS Configuration Example

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

39

Configuration Examples
ƒ Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)

ƒ H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)

ƒ Sample Output
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

40

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

20

Direct Attachment Configuration (C7600)

1.1.1.1

2.2.2.2

CE1
gi3/0 VLAN100

PE1
pos4/1

MPLS Core
pos4/3

PE2

CE2
gi4/4

pos3/0

pos3/1

VLAN100

PE3
gi4/2 3.3.3.3 VLAN100

CE2

ƒ CEs are all part of same VPLS instance (VCID = 56)
CE router connects using VLAN 100 over sub-interface
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

41

Direct Attachment CE Router Configuration
interface GigabitEthernet 2/1.100 encapsulation dot1q 100 ip address 192.168.20.1 interface GigabitEthernet 1/3.100 encapsulation dot1q 100 ip address 192.168.20.2

CE1

CE2

Subnet 192.168.20.0/24
VLAN100 VLAN100

interface GigabitEthernet 2/0.100 encapsulation dot1q 100 ip address 192.168.20.3

CE2
VLAN100

ƒ CE routers sub-interface on same VLAN
Can also be just port based (NO VLAN)
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

42

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

21

Direct Attachment VSI Configuration
l2 vfi VPLS-A manual vpn id 56 neighbor 2.2.2.2 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls l2 vfi VPLS-A manual vpn id 56 neighbor 1.1.1.1 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls

1.1.1.1

2.2.2.2

CE1
gi3/0 VLAN100

PE1
pos4/1

MPLS Core
pos4/3

PE2

CE2
gi4/4

pos3/0

pos3/1

VLAN100

PE3
gi4/2 3.3.3.3 VLAN100

CE2

l2 vfi VPLS-A manual vpn id 56 neighbor 2.2.2.2 encapsulation mpls neighbor 1.1.1.1 encapsulation mpls

ƒ Create the Pseudo Wires between N-PE routers
BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

43

Direct Attachment CE Router (VLAN Based)
ƒ Same set of commands on each PE ƒ Configured on the CE facing interface
1.1.1.1 2.2.2.2

CE1
gi3/0 VLAN100

PE1
pos4/1

MPLS Core
pos4/3

PE2

CE2
gi4/4

pos3/0

3.3.3.3 VLAN100

Interface GigabitEthernet3/0 pos3/1 switchport switchport mode trunk switchport trunk encapsulation dot1q switchport trunk allowed vlan 100 ! PE3 Interface vlan 100 gi4/2no ip address xconnect vfi VPLS-A CE2 ! vlan 100 state active

VLAN100

This command associates the VLAN with the VPLS instance VLAN100 = VCID 56

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

44

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

22

Configuration Examples
ƒ Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)

ƒ H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)

ƒ Sample Output
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

45

Direct Attachment CE Switch (Port Based)
ƒ If CE was a switch instead of a router then we can use QinQ ƒ QinQ places all traffic (tagged/untagged) from switch into a VPLS
1.1.1.1 2.2.2.2

CE1
gi3/0 All VLANs

PE1
pos4/1

MPLS Core
pos4/3

PE2

CE2
gi4/4

pos3/0

3.3.3.3 All VLANs

Interface GigabitEthernet3/0 pos3/1 switchport switchport mode dot1qtunnel switchport access vlan 100 l2protocol-tunnel stp ! PE3 Interface vlan 100 gi4/2 no ip address xconnect vfi VPLS-A ! CE2 vlan 100 state active

All VLANs

This command associates the VLAN with the VPLS instance VLAN100 = VCID 56

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

46

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

23

Configuration Examples
ƒ Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)

ƒ H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)

ƒ Sample Output
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

47

H-VPLS Configuration (C7600/3750ME)

U-PE1
Cisco 3750ME

1.1.1.1

2.2.2.2

U-PE2
Cisco 3750ME 4.4.4.4

MPLS Core
pos4/1 gi3/0 pos3/0 pos3/1 pos4/3 gi4/4 gi1/1/1 fa1/0/1

N-PE1

N-PE2 CE1

CE1

CE2 CE2 CE1

3.3.3.3 gi4/2

N-PE3

CE2

Cisco 3750ME

U-PE3

ƒ U-PEs provide services to customer edge device
CE traffic then carried in QinQ or EoMPLS PW to N-PE PW VSI mesh configuration is same as previous examples
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

48

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

24

Configuration Examples
ƒ Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)

ƒ H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)

ƒ Sample Output
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

49

H-VPLS QinQ Tunnel (Ethernet Edge)
ƒ U-PE carries all traffic from CE using QinQ
Outer tag is VLAN100, inner tags are customer’s
U-PE1
Cisco 3750ME 1.1.1.1 2.2.2.2

U-PE2
Cisco 3750ME 4.4.4.4

MPLS Core
pos4/1 pos4/3 gi4/4 gi1/1/1 pos3/0 pos3/1 fa1/0/1 gi3/0

Interface GigabitEthernet4/4 switchport switchport mode trunk N-PE1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 100 ! Interface vlan 100 no CE1 ip address CE2 xconnect vfi VPLS-A ! vlan 100 CE2 state active

N-PE2 CE1

3.3.3.3 gi4/2

N-PE3
interface FastEthernet1/0/1 switchport switchport access vlan 100 switchport mode dot1q-tunnel U-PE3 switchport trunk allow vlan 1-1005 Cisco 3750ME ! interface GigabitEthernet 1/1/1 switchport switchport mode trunk switchport allow vlan 1-1005

CE2

CE1

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

50

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

25

Configuration Examples
ƒ Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)

ƒ H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)

ƒ Sample Output
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

51

H-VPLS EoMPLS PW Edge (VLAN Based)
ƒ CE interface on U-PE can be access or trunk port
xconnect per VLAN is required
U-PE1
Cisco 3750ME 1.1.1.1 2.2.2.2

U-PE2
Cisco 3750ME 4.4.4.4

MPLS Core
pos4/1 pos4/3 gi4/4 gi1/1/1 pos3/0 pos3/1 fa1/0/1 gi3/0

Interface GigabitEthernet4/4 no switchport ip address 156.50.20.1 255.255.255.252 N-PE1 mpls ip ! l2 vfi VPLS-A manual vpn id 56 neighbor encapsulation mpls CE1 1.1.1.1 CE2 neighbor 3.3.3.3 encapsulation mpls neighbor 4.4.4.4 encaps mpls no-split

N-PE2 CE1

3.3.3.3 gi4/2

CE2 CE1

N-PE3 FastEthernet1/0/1 interface switchport switchport access vlan 500 ! interface vlan500 U-PE3 xconnect 2.2.2.2 56 encapsulation mpls Cisco 3750ME ! interface GigabitEthernet1/1/1 no switchport ip address 156.50.20.2 255.255.255.252 mpls ip

CE2

Ensures CE traffic passed on PW to/from U-PE

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

52

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

26

Configuration Examples
ƒ Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)

ƒ H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)

ƒ Sample Output
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

53

H-VPLS EoMPLS PW Edge (Port Based)
ƒ CE interface on U-PE can be access or trunk port
xconnect for entire PORT is required
U-PE1
Cisco 3750ME 1.1.1.1 2.2.2.2

U-PE2
Cisco 3750ME 4.4.4.4

MPLS Core
pos4/1 pos4/3 gi4/4 gi1/1/1 pos3/0 pos3/1 fa1/0/1 gi3/0

Interface GigabitEthernet4/4 no switchport ip address 156.50.20.1 255.255.255.252 N-PE1 mpls ip ! l2 vfi PE1-VPLS-A manual vpn id 56 neighbor encapsulation mpls CE1 1.1.1.1 CE2 neighbor 3.3.3.3 encapsulation mpls neighbor 4.4.4.4 encaps mpls no-split

N-PE2 CE1

3.3.3.3 gi4/2

CE2 CE1

N-PE3 FastEthernet1/0/1 interface no switchport xconnect 2.2.2.2 56 encapsulation mpls ! interface GigabitEthernet1/1/1 U-PE3 no Cisco switchport 3750ME ip address 156.50.20.2 255.255.255.252 mpls ip

CE2

Ensures CE traffic passed on PW to/from U-PE

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

54

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

27

Configuration Examples
ƒ Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)

ƒ H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)

ƒ Sample Output
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

55

show mpls l2 vc

U-PE1
Cisco 3750ME

1.1.1.1

2.2.2.2

U-PE2
Cisco 3750ME 4.4.4.4

MPLS Core
pos4/1 gi3/0 pos3/0 pos3/1 pos4/3 gi4/4 gi1/1/1 fa1/0/1

N-PE1

N-PE2 CE1

CE1

CE2 CE2 CE1

3.3.3.3 gi4/2

N-PE3

CE2

Local intf ------------VFI VPLS-A VFI VPLS-A

NPE-A#show mpls l2 vc Local circuit Dest address ------------- ------------VFI 1.1.1.1 VFI 3.3.3.3

Cisco 3750ME

U-PE3

VC ID -----10 10

Status -----UP UP

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

56

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

28

show mpls l2 vc detail

U-PE1
Cisco 3750ME

1.1.1.1
Use VC Label 19

2.2.2.2

U-PE2
Cisco 3750ME 4.4.4.4

MPLS Core
pos4/3

Use VC Label 23

pos4/1 gi3/0 pos3/0 pos3/1

gi4/4 gi1/1/1

fa1/0/1

N-PE1

N-PE2 CE1

CE1

CE2 CE2 CE1

3.3.3.3 NPE-2#show mpls l2 vc detail N-PE3 Local interface: VFI VPLS-A up gi4/2 Destination address: 1.1.1.1, VC ID: 10, VC status: up Tunnel label: imp-null, next hop 156.50.20.1 Output interface: POS4/3, imposed label stack {19} Create time: 1d01h, last status U-PE3 change time: 00:40:16 Signaling protocol: LDP, peer 1.1.1.1:0 Cisco 3750ME up MPLS VC labels: local 23, remote 19

CE2

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

57

PW Redundancy Concepts

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

58

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

29

PW High Availability
PE1 P1 P3 PE3

Site1 PE2

P2

P4 PE4 CE2

Site2

CE1

ƒ Failure in the Provider core mitigated with link redundancy and FRR ƒ PE router failure – PE Diversity ƒ Attachment Circuit failure – Need Pair of Attachment Ckts end-to-end ƒ CE Router failure – Redundant CEs
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

59

PW High Availability
PE1 P1 P3 PE3

Site1 PE2

P2

P4 PE4 CE2

Site2

CE1

ƒ Failure in the Provider core mitigated with link redundancy and FRR ƒ PE router failure – PE Diversity ƒ Attachment Circuit failure – Need Pair of Attachment Ckts end-to-end ƒ CE Router failure – Redundant CEs
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

60

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

30

L2VPN Networks—Dual Homed PW Sites Without Redundancy Feature
interface e 1/0.1 encapsulation dot1q 10 xconnect <PE3 router ID> <VCID> encapsulation mpls

PE1

x P1 P3

PE3

Site1 PE2 CE1

P2

P4 PE4 CE2 CE3

Site2

Interface e1/0.1 encapsulation dot1q 10 xconnect <PE4 router ID> <VCID> encapsulation mpls

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

61

High Availability in L2VPN Networks
PE3 PE1 P1 Site1 Primary Standby P2 P4 Site2 P3 Primary

Primary PE4

ƒ The TCP session between two LDP peers may go down due to HW/SW failure (RP switchover) ƒ If PE3 fails, traffic will be dropped ƒ Need PW-redundancy so that pw can be re-routed to the redundant router i.e. PE4
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

62

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

31

Dual Homed PW Sites— with Redundancy Feature

PE1

x P1 P3

PE3 CE2

Site1 PE2

P2

P4 PE4 CE3

Site2

CE1

pe1(config)#int e 0/0.1 pe1(config-subif)#encapsulation dot1q 10 pe1(config-subif)# xconnect <PE3 router ID> <VCID> encapsulation mpls pe1(config-subif-xconn)#backup peer <PE4 router ID> <VCID>

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

63

PW Redundancy—Manual Switchover

pe1>xconnect backup force-switchover peer 192.168.1.3 10

Maintenance Required PE3 P1 P3 CE2

PE1

CE1

Site1 PE2

P2

P4 PE4 CE3

Site2

interface Ethernet0/0.1 encapsulation dot1Q 10 xconnect 192.168.1.3 10 encapsulation mpls backup peer 192.168.1.4 10 backup delay 3 10
pe1#sh mpls l2transport vc 10 Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------Et0/0.1 Eth VLAN 20 192.168.1.3 10 UP Et0/0.1 Eth VLAN 20 192.168.1.4 10 DOWN

pe1#sh mpls l2transport vc 10 Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------Et0/0.1 Eth VLAN 20 192.168.1.3 10 DOWN Et0/0.1 Eth VLAN 20 192.168.1.4 10 UP

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

64

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

32

PW Redundancy—Config Examples (1/2)
ƒ Example 1: MPLS xconnect with 1 redundant peer. The debounce timer is set to 3 seconds so that we don’t allow a switchover until the connection has been deemed down for 3 seconds.
interface serial0/0 xconnect 10.0.0.1 100 encapsulation mpls backup peer 10.0.0.2 200 backup delay 3 10

ƒ Example 2: xconnect with 1 redundant peer. In this example, once a switchover occurs, we will not fallback to the primary until the secondary xconnect fails.
pseudowire-class test encapsulation mpls ! connect frpw1 serial0/1 50 l2transport xconnect 20.0.0.1 50 pw-class test backup peer 20.0.0.2 50 backup delay 0 never

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

65

PW Redundancy—Config Examples
ƒ Example 3: Local-switched connection between ATM and FR using Ethernet interworking. The FR circuit is backed up by a MPLS pseudowire
pseudowire-class test encapsulation mpls interworking ethernet connect atm-fr atm1/0 100/100 E0/0.10 100 interworking ethernet backup peer 1.1.1.1 100 pw-class test..
PE2-Backup 1.1.1.1

r201

atm4/0 atm4/0 pe ce

f0/0.10 f0/0.10

ce

ƒ Example 4: xconnect with 1 redundant peer. In this example, the switchover will not begin unless the pseudowire has been down for 3 seconds. Once a switchover occurs, we will not fallback to the primary has been re-established and UP for 10 seconds.z`
pseudowire-class test encapsulation mpls connect frpw1 serial0/1 50 l2transport xconnect 20.0.0.1 50 pw-class test backup peer 20.0.0.2 50 backup delay 3 10
BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

66

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

33

Tunnel Selection

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

67

What If the Core Uses Traffic Engineering?
Need to Use the Command ‘preferred-path {interface | peer}’ Under the ‘pseudowire-class’; Have in Mind That:

ƒ The selected path must be a label switched path (LSP) destined to the peer PE router ƒ If you specify a tunnel (selecting interface):
The tunnel must be an MPLS traffic engineering tunnel The tunnel tailend must be on the remote PE router

ƒ If you specify an IP address (selecting peer):
The address must be the IP address of a loopback interface on the remote PE router, not necessarily the LDP router-id address; peer means targeted LDP peer The address must have a /32 mask There must be an LSP destined to that selected address The LSP does not have to be a TE tunnel

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

68

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

34

Forwarding Traffic into a TE Tunnel
ƒ Static routing ƒ Policy routing
Global table only—not from VRF at present

ƒ Autoroute ƒ Forwarding Adjacency ƒ AToM Tunnel Selection ƒ Class Based Tunnel Selection
Static, Autoroute, and Forwarding Adjacency Get You Unequal-Cost Load-Balancing

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

69

Coupling Layer-2 Services with MPLS TE—AToM Tunnel Selection
ƒ Static mapping between pseudo-wire and TE Tunnel on PE ƒ Implies PE-to-PE TE deployment ƒ TE tunnel defined as preferred path for pseudo-wire ƒ Traffic will fall back to peer LSP if tunnel goes down
BRKAGG-2000 14555_04_2008_c1

CE PE1

IP/MPLS
PE2

PE3

ATM

ATM TE LSP Layer 2 Circuit Layer 2 Circuit

CE

pseudowire-class my-path-pref encapsulation mpls preferred-path interface tunnel 1 disable-fallback ! interface fastEthernet <slot/port>.<subif-id> encapsulation dot1Q 150 xconnect 172.18.255.3 1000 pw-class my-path-pref

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

70

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

35

MPLS Forwarding (AToM Traffic)
Voice
10.1.1.0/24

Site 2
CE1 P3
E2/0.1 Vlan 10
17

CE2 P4 23 PE1 23 37 17 CE2

Video
10.1.1.0/24

CE1
37

Site 2

E2/0.2 vlan20

38

20 CE1 10.1.1.0/24
E2/0.3 Vlan 30

38 CE2 PE2

P2

P1

Site 2

ƒ PE2 sees multiple IGP paths to reach PE1 ƒ L2VPN Packets load balanced per customer site according to VC label over two label ƒ Switched paths from PE to P
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

71

L2VPN Deployment

Tunnel Selection for Bandwidth Protection
preferred path [interface tunnel tunnel-number | peer / {ip address | host name}] [disable-fallback]

pseudowire-class my-path-pref encapsulation mpls preferred-path interface tunnel 1 disable-fallback ! interface fastEthernet <slot/port>.<subif-id> encapsulation dot1Q 150 xconnect 172.18.255.3 1000 pw-class my-path-pref

ƒ This configuration will allow one to direct which path pseudowires are to take throughout the network ƒ The tunnel head end / tail end must be on the PEs
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

72

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

36

ATOM: Preferred Path TE Tunnels
ƒ Three TE tunnels (Tunnel 0, Tunnel 1 and Tunnel2) between PE1 and PE2 ƒ “Preferred path” can be used to map each vc (or multiple vcs) traffic into different TE tunnels Site 1
10.1.1.0/24

TE Tunnel 0
CE1 192.168.0.5/32 P3 P4

TE Tunnel 2

Site 2
CE2

30

Site 1
10.1.1.0/24

CE2 CE1
35

Site 2

PE1

Site 1
10.1.1.0/24

CE1

P2

P1

34

PE2 CE2

Site 2

TE Tunnel 1

pseudowire-class test encapsulation mpls preferred-path interface Tunnel0 ! pseudowire-class test1 encapsulation mpls preferred-path interface Tunnel1 ! pseudowire-class test2 encapsulation mpls preferred-path interface Tunnel2

interface Ethernet2/0.1 description green vc xconnect 192.168.0.5 1 encapsulation mpls pw-class test ! interface Ethernet2/0.2 description red vc xconnect 192.168.0.5 20 encapsulation mpls pw-class test1 ! interface Ethernet2/0.3 description dark green vc xconnect 192.168.0.5 30 encapsulation mpls pw-class test2

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

73

ATOM: Preferred Path TE Tunnels
ƒ Each vc is mapped to a different tunnel
pe2#sh mpls l2transport vc detail | in label Output interface: Tu0, imposed label stack {30 16} MPLS VC labels: local 16, remote 16 Tunnel label: 3, next hop point2point Output interface: Tu1, imposed label stack {34 37} MPLS VC labels: local 17, remote 37 Tunnel label: 3, next hop point2point Output interface: Tu2, imposed label stack {35 38} MPLS VC labels: local 37, remote 38

Site 1
10.1.1.0/24

Site 2
CE1 192.168.0.5/32 P3 P4
30

CE2

Site 1
10.1.1.0/24

CE2 CE1
35

Site 2

PE1

Site 1
10.1.1.0/24

CE1

P2

P1

34

PE2 CE2

Site 2

TE Tunnel 2
74

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

37

Data Center Implementation with Layer 2 VPN PWE

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

75

Data Center Option (A) Utilizing Layer 2 VPN to Provide High Availability Between Two Data Centers and Two Service Providers

6500-DCN-SWITCH ! interface gigabitethernet 1/0/1 COREA channel-group 1 mode on switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 COREB channel-group 1 mode on switchport switchport trunk encapsulation dot1q switchport mode trunk

PE1-COREB ! interface gigabitethernet 1/0/0 no switchport xconnect X.X.X.PE2 70 encapsulation mpls PE2-COREA __________________________________________________ PE2-COREB ! interface gigabitethernet 1/0/0 no switchport xconnect X.X.X.PE1 70 encapsulation mpls PE1-COREA

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

76

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

38

Data Center Option (B) Utilizing Layer 2 VPN to Provide Physical High Availability Between Two Data Centers

6500-DCN-SWITCH ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10

interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 2 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 2/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 2/0/2 channel-group 2 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface Port-channel2 switchport trunk

PE1-COREA interface gigabitethernet 3/0 no switchport xconnect X.X.X.PE2-CORE A 70 encapsulation mpls PE1-COREB interface gigabitethernet 3/0 no switchport xconnect X.X.X.PE2-CORE B 70 encapsulation mpls

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

77

Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Two Data Centers STP Free Topology
6500-A

6500-A ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10

6500-B ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10

PE1-COREA interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls

PE1-COREB interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

78

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

39

Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Two Data Centers STP Free Topology
6500-A

6500-A ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10

6500-B ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10

PE1-COREA interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls

PE1-COREB interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

79

Data Center Option (D) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Three Data Centers and One Transit Data Center

X

PE1 interface gigabitethernet 3/0 xconnect 10.1.1.3 20 encapsulation mpls backup peer 10.1.1.2 200

PE2 interface gigabitethernet 3/0 xconnect 10.1.1.3 30 encapsulation mpls backup peer 10.1.1.1 200

Data Center 3 6500 Switch ! interface gigabitethernet 3/0 switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 4/0 switchport trunk encapsulation dot1q switchport mode trunk

Q-in-Q

PE3 interface gigabitethernet 3/0 xconnect 10.1.1.1 20 encapsulation mpls

Q-in-Q

PE3 interface gigabitethernet 4/0 xconnect 10.1.1.1 30 encapsulation mpls

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

80

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

40

Virtual Switching and Layer 2 VPN in Data Center

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

81

Current Network Challenges
Enterprise Campus
Traditional Enterprise Campus deployments have been designed in such a way that allows for scalability, differentiated services and high availability. However they also face many challenges, some of which are listed in the below diagram…

Extensive routing topology, Routing reconvergence
L3 Core

L2/L3 Distribution

FHRP, STP, Asymmetric routing, Policy Management

Single active uplink per VLAN (PVST), L2 reconvergence, increased route peering with L3 access
Access

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

82

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

41

Current Network Challenges
Data Center
Traditional Data Center designs are requiring ever increasing Layer 2 adjacencies between Server nodes due to prevalence of Virtualization technology. However, they are pushing the limits of Layer 2 networks, placing more burden on loop-detection protocols such as Spanning Tree…
FHRP, HSRP, VRRP Spanning Tree Policy Management L2/L3 Core

Single active uplink per VLAN (PVST), L2 reconvergence, excessive BPDUs L2 Distribution

Dual-Homed Servers to single switch, Single active uplink per VLAN (PVST), L2 reconvergence

L2 Access

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

83

Introduction to Virtual Switch
Concepts
Virtual Switch System is a new technology break through for the Catalyst 6500 family…

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

84

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

42

Virtual Switch System
Enterprise Campus
A Virtual Switch-enabled Enterprise Campus network takes on multiple benefits including simplified management & administration, facilitating greater high availability, while maintaining a flexible and scalable architecture…

Reduced routing neighbors, Minimal L3 reconvergence
L3 Core

L2/L3 Distribution

No FHRPs No Looped topology Policy Management

Multiple active uplinks per VLAN, No STP convergence
Access

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

85

Virtual Switch System
Data Center
A Virtual Switch-enabled Data Center allows for maximum scalability so bandwidth can be added when required, but still providing a larger Layer 2 hierarchical architecture free of reliance on Spanning Tree…
Single router node, Fast L2 convergence, Scalable architecture L2/L3 Core

Dual Active Uplinks, Fast L2 convergence, minimized L2 Control Plane, Scalable L2 Distribution

Dual-Homed Servers, Single active uplink per VLAN (PVST), Fast L2 convergence

L2 Access

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

86

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

43

Virtual Switch Architecture
Virtual Switch Link
The Virtual Switch Link is a special link joining each physical switch together - it extends the out of band channel allowing the active control plane to manage the hardware in the second chassis…

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

87

Virtual Switch Architecture
VSL Initialization
Before the Virtual Switch domain can become active, the Virtual Switch Link (VSL) must be brought online to determine Active and Standby roles. The initialization process essentially consists of 3 steps: 1. 2.
Link Link Bringup Bringup to to determine determine which which ports ports form form the the VSL VSL

Link Link Management Management Protocol Protocol (LMP) (LMP) used used to to track track and and reject reject Unidirectional Unidirectional Links, Links, Exchange Exchange Chassis Chassis ID ID and and other other information information between between the the 2 2 switches switches

LMP LMP RRP RRP

LMP LMP RRP RRP

3.
BRKAGG-2000 14555_04_2008_c1

Role Role Resolution Resolution Protocol Protocol (RRP) (RRP) used used to to determine determine compatible compatible Hardware Hardware and and Software Software versions versions to to form form the the VSL VSL as as well well as as determine determine which which switch switch becomes becomes Active Active and and Hot Hot Standby Standby from from a a control control plane plane perspective perspective

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

88

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

44

Virtual Switch Architecture
VSLP Ping
A new Ping mechanism has been implemented in VSS mode to allow the user to objectively verify the health of the VSL itself. This is implemented as a VSLP Ping…
VSL
VSLP VSLP VSLP VSLP

VSLP VSLP

VSLP VSLP

Switch 1

Switch 2

The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified…
vss#ping vss#ping vslp vslp output output interface interface tenGigabitEthernet tenGigabitEthernet 1/5/4 1/5/4 Type Type escape escape sequence sequence to to abort. abort. Sending Sending 5, 5, 100-byte 100-byte VSLP VSLP ping ping to to peer-sup peer-sup via via output output port port 1/5/4, 1/5/4, timeout timeout is is 2 2 seconds: seconds: !!!!! !!!!! Success rate is 100 percent Success rate is 100 percent (5/5), (5/5), round-trip round-trip min/avg/max min/avg/max = = 12/12/16 12/12/16 ms ms vss# vss#

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

89

VSS EtherChannel Concepts
Overview, Protocols, Load Balancing, Enhancements with VSL

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

90

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

45

EtherChannel Concepts
Multichassis EtherChannel (MEC)
Prior to Virtual Switch, Etherchannels were restricted to reside within the same physical switch. In a Virtual Switch environment, the 2 physical switches form a single logical network entity - therefore Etherchannels can now also be extended across the 2 physical chassis…
Virtual Switch Virtual Switch

LACP, LACP, PAGP PAGP or or ON ON EtherChannel EtherChannel modes modes are are supported… supported…

Regular EtherChannel on single chassis

Multichassis EtherChannel across 2 VSLenabled Chassis
91

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

EtherChannel Concepts
EtherChannel Hash for MEC
Deciding on which link of a Multi-chassis EtherChannel to use in a Virtual Switch is skewed in favor towards local links in the bundle this is done to avoid overloading the Virtual Switch Link (VSL) with unnecessary traffic loads…

Blue Traffic destined for the Server will result in Link A1 in the MEC link bundle being chosen as the destination path…

Orange Traffic destined for the Server will result in Link B2 in the MEC link bundle being chosen as the destination path…

Link A1

Link B2

MEC

Server
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

92

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

46

Hardware Requirements
VSL Hardware Requirements
The Virtual Switch Link requires special hardware as noted below…

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

93

Hardware Requirements
Other Hardware Considerations

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

94

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

47

High Availability
Link Failure, Redundancy Schemes, Dual-Active Detection, GOLD

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

95

High Availability
Redundancy Schemes
The default redundancy mechanism between the 2 VSS chassis and their associated supervisors is NSF/SSO, allowing state information and configuration to be synchronized. Additionally, only in NSF/SSO mode does the Standby supervisor PFC, Switch Fabric, modules and their associated DFCs become active…
Switch 1 12.2(33)SXH1 Active Switch 2 12.2(33)SXH1 NSF/SSO

VSL

Should a mismatch of information occur between the Active and Standby Chassis, the Standby Chassis will revert to RPR mode, where only configuration is synchronized, but PFC, Switch Fabric and modules will not be brought up
Switch 1 12.2(33)SXH1 Active Switch 2 12.2(33)SXH2 RPR

VSL

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

96

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

48

High Availability
SSO-Aware Protocols
As of Whitney 1, there are over 90 protocols that are SSO-aware. These include information such as ARP, DHCP Snooping, IP Source Guard, NAC Posture database, etc… In a VSS environment, failure of either VS will not require this information to be re-populated again…

Switch 1

Virtual Switch

Switch 2

DHCP DHCP Snooping Snooping Binding Binding Table Table IP IP Add Add 10.10.10.10 10.10.10.10 172.26.18.2 172.26.18.2 172.26.19.34 172.26.19.34 10.10.10.43 10.10.10.43 MAC MAC Add Add 00:50:56:01:e1:02 00:50:56:01:e1:02 00:02:b3:3f:3b:99 00:02:b3:3f:3b:99 00:16:a1:c2:ee:32 00:16:a1:c2:ee:32 00:16:cb:03:d3:44 00:16:cb:03:d3:44 VLAN VLAN 10 10 18 18 19 19 10 10 Interface Interface Po10 Po10 Po10 Po10 Po20 Po20 Po20 Po20

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

97

High Availability
Dual-Active Detection
In a Virtual Switch Domain, one switch is elected as Active and the other is elected as Standby during bootup by VSLP. Since the VSL is always configured as a Port Channel, the possibility of the entire VSL bundle going down is remote, however it is a possibility…
Switch 1 Supervisor Virtual Switch Domain Switch 2 Supervisor

VSL

VS State : Active Control Plane: Active Data Plane: Active

VS State : Standby Control Plane: Standby Data Plane: Active

It It is is always always recommended recommended to to deploy deploy the the VSL VSL with with 2 2 or or more more links links and and distribute distribute those those interfaces interfaces across across multiple multiple modules modules to to ensure ensure the the greatest greatest redundancy redundancy

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

98

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

49

High Availability
Dual-Active Detection
If the entire VSL bundle should happen to go down, the Virtual Switch Domain will enter a Dual Active scenario where both switches transition to Active state and share the same network configuration (IP addresses, MAC address, Router IDs, etc…) potentially causing communication problems through the network…

Switch 1 Supervisor

Virtual Switch Domain

Switch 2 Supervisor

VSL

VS State : Active Control Plane: Active Data Plane: Active

VS State : Active Control Plane: Active Data Plane: Active

2 mechanisms have been implemented in the initial release to detect and recover from a Dual Active scenario: 1. 2.
BRKAGG-2000 14555_04_2008_c1

Enhanced Port Aggregation Protocol (PAgP) Dual-Active Detection over IP-BFD
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

99

High Availability
1.

Dual-Active Detection—Mechanisms
Enhanced Port Aggregation Protocol (PAgP)

2.

Dual-Active Detection over IP-BFD

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

100

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

50

High Availability

Dual-Active Detection—Exclude Interfaces
Upon detection of a Dual Active scenario, all interfaces on the previousActive switch will be brought down so as not to disrupt the functioning of the remainder of the network. The exception interfaces include VSL members as well as pre-determined interfaces which may be used for management purposes…
vs-vsl#conf vs-vsl#conf t t Enter Enter configuration configuration commands, commands, one one per per line. line. vs-vsl(config)#switch vs-vsl(config)#switch virtual virtual domain domain 100 100 vs-vsl(config-vs-domain)#dual-active vs-vsl(config-vs-domain)#dual-active exclude exclude vs-vsl(config-vs-domain)#dual-active vs-vsl(config-vs-domain)#dual-active exclude exclude vs-vsl(config-vs-domain)# vs-vsl(config-vs-domain)# ^Z ^Z vs-vsl# vs-vsl#

End End with with CNTL/Z. CNTL/Z. interface interface Gig Gig 1/5/1 1/5/1 interface interface Gig Gig 2/5/1 2/5/1

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

101

High Availability
Dual-Active Recovery
Upon the restoration of one or more VSL interfaces, VSLP will detect this and will proceed to reload Switch 1 so that it may be able to re-negotiate Active/Standby role after bootup…
Switch 1 Switch 2

VSL VSL Up! Up! Reload… Reload…

Switch 1 VSLP VSLP VSLP VSLP

Switch 2

After role has been resolved and SSO Hot Standby mode is possible, interfaces will be brought up and traffic will resume back to 100% capacity…
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

102

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

51

High Availability

Generic OnLine Diagnostics (GOLD)
Some enhancements to the GOLD framework have been implemented in a VSS environment, which leverages a Distributed GOLD environment. In this case, each supervisor runs an instance of GOLD, but is centrally managed by the Active Supervisor in the Active chassis…
Switch 1 Switch 2

VSL

VS State : Active Local GOLD: Active

Distributed GOLD Manager

VS State : Standby Local GOLD: Active

There are 4 new tests that are available in VSS mode: 1. 2. 3. 4.
BRKAGG-2000 14555_04_2008_c1

TestVSLLocalLoopback TestVSLBridgeLink TestVSLStatus TestVSActiveToStandbyLoopback
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

103

Virtual Switch System
Deployment Considerations
Virtual Switch will incorporate some deployment considerations as best practice…

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

104

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

52

Virtual Switch System
Benefits

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

105

Virtual Switch System
Summary

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

106

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

53

Data Center Option (E) Utilizing Layer 2 VPN and Virtual Switching New Features

PE1-COREA interface gigabitethernet 3/0 <-6500 B xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

PE1-COREB interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.1 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.1 40 encapsulation mpls

107

Q and A

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

108

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

54

Recommended Reading
ƒ Continue your Cisco Live learning experience with further reading from Cisco Press ƒ Check the Recommended Reading flyer for suggested books ƒ “Layer 2 VPN Architectures” ƒ ISBN: 1-58705-168-0

Available Onsite at the Cisco Company Store
BRKAGG-2000 14555_04_2008_c1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public

109

Complete Your Online Session Evaluation
ƒ Give us your feedback and you could win fabulous prizes. Winners announced daily. ƒ Receive 20 Passport points for each session evaluation you complete. ƒ Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008. Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

110

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

55

BRKAGG-2000 14555_04_2008_c1

© 2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

111

© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

56