BRKMPL 2101

Deploying MPLS-based
Layer 2 Virtual Private

Networks
Vinod Kumar Balasubramanyam – Technical Marketing Engineer
vinbalas@cisco.com
BRKMPL-2101
Agenda
• Motivation and Overview
• Ethernet Point-to-Point L2VPNs
• Ethernet Multipoint L2VPNs
• VPLS
• EVPN and PBB-EVPN
• Advanced Topics
• Resiliency Solutions
• Load-Balancing
• Deployment Use Cases

• Summary
L2VPN Motivation and
Overview
What is a Layer 2 VPN?
L2VPN Transport Services
Ethernet TDM ATM Frame Relay

Point-to-Point L2VPN Multipoint L2VPN Point-to-Point L2VPN
Ethernet Virtual Ethernet Private Circuit Emulation AAL5 over FR over Pseudowire
Private Line (EVPL) LAN (EPLAN) Service over PSN Pseudowire
(CESoPSN)
Muxed UNI Unmuxed Muxed UNI Muxed UNI Muxed UNI

UNI
Structure Agnostic Cell Relay with
Ethernet Virtual TDM over Packet Packing over
Ethernet Private (SAToP) Pseudowire PPP/HDLC over
Private LAN Pseudowire
Line (EPL) (EVPLAN)
Muxed UNI Muxed UNI

Muxed
Unmuxed UNI UNI Unmuxed UNI
PPP/HDLC
Motivation for L2VPNs
Old and New Drivers
• Network Consolidation (circa 2000)
• Multiple access services (FR, ATM, TDM) required Access Access
multiple core technologies
L3 service
• Enterprise Ethernet WAN Connectivity IP/IPSec IP or MPLS IP/IPSec
Services (circa 2005+)
• Ethernet well understood by Enterprise / SPs
• CAPEX (lower cost per bit) / Growth (100GE) L2 service
FR/ATM FR/ATM
• Layer 2 VPN replacement to ATM/Frame Relay
Broadband ATM Broadband
• Internet / Layer 3 VPN access (CE to PE)
• Data Center Interconnection (DCI)

L1 service
• Mobile Backhaul Evolution
TDM SONET / SDH TDM
• TDM /PDH to Dual/Hybrid to All-packet
(IP/Ethernet)
• Single (voice + data) IP/Ethernet mobile backhaul
universally accepted solution Typical Service Provider (circa 2000)
MPLS Layer-2 Virtual Private Networks
Technology Options
• VPWS services MPLS Layer-2 VPNs
• Point-to-point
• Referred to as Pseudowires (PWs)
Point-to-Point Multipoint-to-Multipoint
• VPLS services Layer-2 VPNs (VPWS) Layer-2 VPNs
• Multipoint
• EVPN
EVPN
• Multipoint with BGP-based MAC VPLS
learning
• PBB-EVPN
PBB-EVPN
• Combines scale tools from PBB (aka
MAC-in-MAC) with BGP-based MAC
learning from EVPN
Ethernet Point-to-Point
L2VPNs
Virtual Private Wire Service (VPWS)
Layer 2 VPN Enabler
The Pseudowire
Provider
• L2VPNs are built with Pseudowire Edge
(PW) technology
Packet
• PWs provide a common Switched
Provider
intermediate format to transport Edge Network
multiple types of network services
over a Packet Switched Network
(PSN)
Pseudowire
• PW technology provides Like-to-
Like transport and also Interworking FR
ATM
(IW)
TDM
PPP/HDLC
Ethernet
Pseudowire Reference Model
• Any Transport Over MPLS (AToM) is Cisco’s implementation of VPWS for IP/MPLS
networks
• An Attachment Circuit (AC) is the physical or virtual circuit attaching a CE to a PE
• Customer Edge (CE) equipment perceives a PW as an unshared link or circuit
Emulated Layer-2 Service

Pseudowire (PW)
Native Native
Service PSN Service
Tunnel
PW1
AC PW2 AC
CE PE PE CE
AC AC
CE
Ref: RFC 3985 Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture, March 2005
CE
Layer 2 Transport over MPLS
Control • Targeted LDP session / BGP session / Static
Connection • Used for VC-label negotiation, withdrawal, error notification
The “emulated circuit” has three (3) layers of encapsulation

Tunnelling • Tunnel header (Tunnel Label)
Component • To get PDU from ingress to egress PE
• MPLS LSP derived through static configuration (MPLS-TP) or dynamic (LDP or
RSVP-TE)
Demultiplexing • Demultiplexer field (VC Label)

Component • To identify individual circuits within a tunnel
• Could be an MPLS label, L2TPv3 header, GRE key, etc.
Layer 2 • Emulated VC encapsulation (Control Word)

• Information on enclosed Layer 2 PDU
Encapsulation
• Implemented as a 32-bit control word
How Are Ethernet Frames Transported?
• Ethernet frames transported without Preamble, Start Frame Delimiter (SFD) and
FCS
• Two (2) modes of operation supported:
• Ethernet VLAN mode (VC type 0x0004) – created for VLAN over MPLS application
• Ethernet Port / Raw mode (VC type 0x0005) – created for Ethernet port tunneling application
Original Ethernet Frame

802.1q Lengt
Preamble DA SA Ethernet Payload FCS
tag h/Type
6B 6B 4B (optional) 2B 46-1500B 4B
MPLS
E-Type
MPLS-encapsulated Ethernet Frame
LSP VC Ethernet
DA’ SA’ 0x8847 Control Word Ethernet Payload FCS’
Label Label Header
4B 4B 4B (optional)
MPLS Stack AToM Header

VPWS Traffic Encapsulation
0 2 2 3
0 0 3 1
Tunnel Label Tunnel Label (IGP-LDP or RSVP-TE) TC 0 TTL
VC Label VC Label (VC) TC 1 TTL (Set to 2)
Flags FRG Length Sequence Number Control Word

Control Word 0000
Encap. Required
Layer 2 PDU ATM N:1
No
Cell Relay
• Three-level encapsulation
ATM AAL5 Yes
• Packets switched between PEs using Tunnel label Ethernet No
Frame
• VC label identifies PW Relay
Yes
HDLC No
• VC label signaled between PEs
PPP No
• Optional Control Word (CW) carries Layer 2 control bits and SAToP Yes
enables sequencing CESoPSN Yes
VPWS
Discovery and Signaling Alternatives
• VPWS Signaling VPN Discovery
• LDP-based (RFC 4447)
Manual Border Gateway
• BGP-based (RFC 6624) No Auto-Discovery Protocol (BGP)
• VPWS with LDP-signaling and No Most

auto-discovery widely
deployed
• Most widely deployed solution Signaling
• Auto-discovery for point-to-point
services not as relevant as for Label
Static
Distribution BGP
multipoint No Signaling
Protocol (LDP)
LDP Signaling
Overview
LDP Label Mapping
t-LDPsession
• RFC 4447 defines use of LDP protocol message
for setting up and maintaining
PE1 PE2
pseudowires
CE-A1 CE-A2
• Targeted LDP (t-LDP) session between PE
routers
MPLS
• PW label bindings exchanged using LDP
Label Mapping messages Use PW label X when Pseudowire Use PW label W when
transmitting traffic to PE1 transmitting traffic to PE2
on PW XYZ on PW XYZ
• Two Forward Equivalency Classes
(FEC) element types defined
• LDP PWid FEC Element (FEC 128) - Used
in manual provisioning scenarios
• LDP Generalized PWid FEC Element (FEC
129) – Used in auto-discovery scenarios
PW Control Plane Operation
PEs advertize local VC label using
LDP Signaling LDP label-mapping message:
4 Label TLV + PW FEC TLV
2
New targeted LDP session between
PE routers established, in case one
does not already exist
PE-1 PE-2
CE-1 CE-2
MPLS
1 Interface A Interface B
PW manually Local_int = A Local_int = B PW manually
provisioned – Remote PE = PE2_ip Remote PE = PE1_ip provisioned –
Remote PE info
included
VC-id <123> PEs assigns VC-id <123> Remote PE info 1
local VC label included
to PW
PEs bind remote
5 label for PW Local Label X 3 Local Label Y 3
with matching Remote Remote
VC-id Y 5 X
Label Label
VPWS Forwarding Plane Processing
PE1 PE2
CE-1 CE-2
P1 P2
MPLS
Pseudowire
Traffic direction Tunnel label Penultimate

swapping through Hop VC label
VC and Tunnel MPLS cloud Popping (PHP) disposition
label imposition
Push Swap Pop Pop

Push
Tunnel Label Label = 34 Label = 45

VC Label Label = 28 Label = 28 Label = 28
Payload Payload Payload Payload Payload

Ethernet Multipoint
L2VPNs
Virtual Private LAN Service (VPLS)
Virtual Private LAN Service
Overview
• Defines Architecture to provide
Ethernet Multipoint connectivity CE-A1
MPLS
CE-A3
sites, as if they were connected

CE-B3
using a LAN CE-B1
• VPLS operation emulates an IEEE

Ethernet switch
• Two (2) signaling methods
CE-A2
• RFC 4762 (LDP-Based VPLS)
• RFC 4761 (BGP-Based VPLS) CE-B2
Reference Model
• VFI (Virtual Forwarding Instance)
• Also called VSI (Virtual Switching Instance) CE-A3
CE-A1
PE1 MPLS PE3
• Emulates L2 broadcast domain among ACs and
VCs VFI VFI
CE-B1 CE-B3
• Unique per service. Multiple VFIs can exist same
PE VFI VFI
• AC (Attachment Circuit)
PE2
• Connect to CE device, it could be Ethernet physical
or logical port Full-mesh of PWs
VFI
between VFIs
• One or multiple ACs can belong to same VFI CE-A2
VFI
• VC (Virtual Circuit)
CE-B2
• EoMPLS data encapsulation, tunnel label used to
reach remote PE, VC label used to identify VFI
• One or multiple VCs can belong to same VFI
• PEs must have a full-mesh of PWs in the VPLS
core
Operation
Applies
Split-
• Flooding / Forwarding Customer
Horizon
• Forwarding based on destination MAC addresses Equipment PE 1 PE 3
• Flooding (Broadcast, Multicast, Unknown Unicast) CE
CE
• Split-Horizon and Full-Mesh of PWs for loop-
PW
avoidance in core CE
PE 2 Applies PE 4 Applies
• SP does not run STP in the core Split- Split-
Ethernet UNI Horizon Horizon Ethernet UNI
• MAC Learning/Aging/Withdrawal
• Dynamic learning based on Source MAC and VLAN
Customer
• Refresh aging timers with incoming packet Equipment PE 1 PE 3
• MAC withdrawal upon topology changes CE
CE
PW
CE
PE 2 PE 4
Ethernet UNI Ethernet UNI
Why H-VPLS? Improved Scaling
• Flat VPLS
• Potential signaling overhead
• Packet replication at the edge
• Full PW mesh end-to-end
• Hierarchical-VPLS
• Minimizes signaling overhead
• Packet replication at the core only
• Full PW mesh in the core
Core PWs
Spoke PWs
VPLS Operation
Loop Prevention
• Core PW – Split Horizon ON AC
PE
• Spoke PW – Split Horizon OFF Core PWs
(default) VFI X
• Split-Horizon Rules
• Forwarding between Spoke PWs
• Forwarding between Spoke and Core
PWs
• Forwarding between ACs and Core /
Spoke PWs
Spoke PWs
• Forwarding between ACs
• Blocking between Core PWs
VPLS Operation
MAC Address Withdrawal
• Remove (flush) dynamic MAC addresses
upon Topology Changes
PE1 PE3
• Faster convergence – avoids blackholing CE-A
MPLS
CE-B
• Uses LDP Address Withdraw Message
(RFC 4762) VFI VFI
• H-VPLS dual-home example

• U-PE detects failure of Primary PW
Primary PW
X PE2
uPE1 MPLS
• U-PE activates Backup PW
• U-PE sends LDP MAC address withdrawal VFI
request to new N-PE
• N-PE forwards the message to all PWs in CE-C
LDP MAC Backup PW
the VPLS core and flush its MAC address Withdraw
table Message
Ethernet Multipoint
L2VPNs
VPLS Signaling and Auto-Discovery
VPLS
Discovery and Signaling Alternatives
• VPLS Signaling VPN Discovery
• LDP-based (RFC 4762)
Manual Border Gateway
• BGP-based (RFC 4761) No Auto-Discovery Protocol (BGP)
• VPLS with LDP-signaling and No Most

auto-discovery widely
deployed RFC
RFC 4761
• Most widely deployed solution 6074
Signaling
• Operational complexity for larger
deployments Label
Static
Distribution BGP
• BGP-based Auto-Discovery (BGP- No Signaling
Protocol (LDP)
AD) (RFC 6074)
• Enables discovery of PE devices in a
VPLS instance
Ethernet Multipoint
L2VPNs
VPLS with LDP Signaling and BGP-based
AutoDiscovery (BGP-AD)
BGP Auto-Discovery (BGP-AD)
• Eliminates need to manually provision BGP Update
BGP session message with VPLS
VPLS neighbors
NLRI
• Automatically detects when new PEs PE1 BGP RR PE3
CE-A3
are added / removed from the VPLS CE-A1
domain VFI VFI
MPLS
• Uses BGP Update messages to
advertize PE/VFI mapping (VPLS NLRI) PE2
I am a new PE with ACs
Pseudowire on BLACK VFI
• Typically used in conjunction with BGP VFI
Route Reflectors to minimize iBGP full-
mesh peering requirements CE-A2
• Two (2) RFCs define use of BGP for

Covered in
VPLS AD1 this section
• RFC 6074 – when LDP used for PW signaling
• RFC 4761 – when BGP used for PW signaling
(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
BGP Auto-Discovery in Action
4
3 BGP Update message
I learned about
20:100:10.0.0.1/96 !!!
20:100:10.0.0.1/96
PE1 RT 20:100 VPLS-id 20:100 PE2
1 Next Hop: 10.0.0.1
BGP BGP
subsystem subsystem 5
L2 VFI with VPN ID 100
is configured
Found matching
PEs on BGP AS 20
RT !!!
L2VPN L2VPN
subsystem
7 LDP signaling phase starts subsystem
Using auto-discovered
2 L2VPN router IDs for a 6
common VPLS-id
Import NLRI...
Packet Format:
VPN ID: 100
RD <AS>:<VPN-ID> RD 20:100
Neighbor LDP ID: 10.0.0.1
Prefix: <L2 Router ID> Prefix: 10.0.0.1
Extended Community Extended Community
RT <AS>:<VPN-ID> RT 20:100
VPLS-id <AS>:<VPN-ID> VPLS-id 20:100
What is Discovered? NLRI + Extended Communities
BGP Update Messages
BGP ASN = 100 BGP ASN = 100
BGP Rtr ID = 1.1.1.10 PE-1 PE-2 BGP Rtr ID = 2.2.2.20
BGP neighbor
CE-1= 2.2.2.20 BGP neighbor
CE-2= 1.1.1.10
MPLS
L2VPN Rtr ID = 10.10.10.10 L2VPN Rtr ID = 20.20.20.20

VPN ID = 111 VPN ID = 111
RT = auto (100:111) RT = auto (100:111)
RD = auto (100:111) RD = auto (100:111)
VPLS-ID = auto (100:111) VPLS-ID = auto (100:111)
Source Address = 1.1.1.10 Source Address = 2.2.2.20

Destination Address = 2.2.2.20 Destination Address = 1.1.1.10
Length = 14 Length = 14
NLRI Route Distinguisher = 100:111 Route Distinguisher = 100:111

L2VPN Router ID = 10.10.10.10 L2VPN Router ID = 20.20.20.20
VPLS-ID = 100:111 VPLS-ID = 100:111

Extended
Communities Route Target = 100:111 Route Target = 100:111
What is Signaled?
LDP Generalized Pwid
BGP ASN = 100 FEC Element (FEC 129) BGP ASN = 100
BGP Rtr ID = 1.1.1.10 PE-1 PE-2 BGP Rtr ID = 2.2.2.20
BGP neighbor
CE-1= 2.2.2.20 BGP neighbor
CE-2= 1.1.1.10
MPLS
L2VPN Rtr ID = 10.10.10.10 L2VPN Rtr ID = 20.20.20.20

VPN ID = 111 VPN ID = 111
RT = auto (100:111) RT = auto (100:111)
RD = auto (100:111) RD = auto (100:111)
VPLS-ID = auto (100:111) VPLS-ID = auto (100:111)
AGI = VPLS-ID = 100:111 AGI = VPLS-ID = 100:111
FEC 129 SAII = Local L2VPN ID = 10.10.10.10 SAII = Local L2VPN ID = 20.20.20.20
TAII = Remote L2VPN ID = 20.20.20.20 TAII = Remote L2VPN ID = 10.10.10.10
Local and Remote

(discovered) L2VPN router
ID and VPLS-ID used for
PW signaling
Ethernet Multipoint
L2VPNs
VPLS with BGP-based Signaling and AutoDiscovery
BGP Signaling and Auto-Discovery
Overview
BGP Update
BGP session message with
• RFC 47611
defines use of BGP for VPLS VPLS NLRI
PE Auto-Discovery and Signaling PE1 PE X
VE_ID 1 BGP RR VE_ID X
• All PEs within a given VPLS are CE-A1 CE-A3
assigned a unique VPLS Edge device ID VFI VFI

(VE ID) MPLS
• A PE X wishing to send a VPLS update PE2 I am PE X with ACs on

VE_ID 2 BLACK VFI
sends the same label block information Pseudowire Here is my label block for
to all other PEs using BGP VPLS NLRI VFI
this VFI
• Each receiving PE infers the label CE-A2

intended for PE X by adding its (unique)
VE ID to the label base
• Each receiving PE gets a unique label for PE X
for that VPLS
(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
BGP Signaling and Auto-Discovery
Label Blocks
• RFC 4761 is primarily based on the Remote VE set Label Block
concept of Label Blocks
• Contiguous set of local labels
VBO+VBS-1 LB+VBS-1
• Label Block boundary advertised using
BGP VPLS NLRI
• Label Base (LB) – start of label VBO LB
block
• VE Block Size (VBS) – size of label
block
VE ID (VBO + n) corresponds
• VE Block Offset (VBO) – start of
remote VE set to Label (LB + n)
Topic covered in detail in
BRKMPL-2333
Ethernet Multipoint
L2VPNs
Ethernet VPN Family Overview
What is xEVPN?
• xEVPN family introduces next
generation solutions for Ethernet E-LAN E-LINE E-TREE
services
• BGP control-plane for Ethernet Segment
and MAC distribution and learning over
MPLS core
• Same principles and operational experience EVPN
of IP VPNs
• No use of Pseudowires
• Uses MP2P tunnels for unicast
• Multi-destination frame delivery via ingress
replication (via MP2P tunnels) or LSM
PBB- EVPN EVPN
EVPN VPWS E-TREE
• Multi-vendor solutions under IETF
standardization
Ethernet VPN
Highlights
• Next generation solution for Ethernet
Control-plane address
multipoint (E-LAN) services Data-plane address advertisement / learning
learning from Access over Core
• PEs run Multi-Protocol BGP to advertise
& learn Customer MAC addresses (C- PE1 PE3
MACs) over Core VID 100

SMAC: M1
• Same operational principles of L3VPN DMAC: F.F.F
CE1 CE3
• Learning on PE Access Circuits via data-
plane transparent learning MPLS
C-MAC: C-MAC:
M2
• No pseudowire full-mesh required M1
• Unicast: use MP2P tunnels

• Multicast: use ingress replication over MP2P
tunnels or use LSM PE2 PE4
• Under standardization at IETF – draft- BGP MAC adv. Route

ietf-l2vpn-evpn EVPN NLRI
MAC M1 via PE1
Concepts
EVPN Instance (EVI) BGP Route
Ethernet Segment BGP Routes
Attributes
SHD Route Types Extended Communities

CE1
BD EVI ESI1 PE1 [1] Ethernet Auto-Discovery (AD) Route ESI MPLS Label
[2] MAC Advertisement Route ES-Import

MHD CE2
[3] Inclusive Multicast Route MAC Mobility
EVI
BD
PE2
ESI2 [4] Ethernet Segment Route Default Gateway
PE
• EVI identifies a VPN in the • Represents a ‘site’ • EVPN and PBB-EVPN • New BGP extended
network connected to one or more define a single new BGP communities defined
• Encompass one or more PEs NLRI used to carry all • Expand information
bridge-domains, • Uniquely identified by a EVPN routes carried in BGP routes,
depending on service 10-byte global Ethernet • NLRI has a new SAFI (70) including:
interface type Segment Identifier (ESI) • Routes serve control MAC address moves
Port-based • Could be a single device plane purposes, C-MAC flush notification
VLAN-based (shown above) or an entire network including: Redundancy mode
VLAN-bundling Single-Homed Device (SHD) MAC address reachability MAC / IP bindings of a GW
VLAN aware bundling (NEW) Multi-Homed Device (MHD) MAC mass withdrawal Split-horizon label encoding
Single-Homed Network (SHN) Split-Horizon label adv.
Multi-Homed Network (MHN) Aliasing Used by PBB-EVPN
Multicast endpoint discovery
Redundancy group discovery
Designated forwarder election
Topic covered in detail in
BRKMPL-2333
Ethernet Multipoint
L2VPNs
Provider Backbone Bridging (PBB) Ethernet VPN
(PBB-EVPN)
PBB-EVPN PE
PBB Ethernet VPN PBB

Backbone EVPN
Edge Bridge
Highlights
• Next generation solution for Ethernet multipoint Control-plane address
Data-plane address
(E-LAN) services by combining Provider advertisement /
learning from Core
Backbone Bridging (PBB - IEEE 802.1ah) and learning over Core (B-
• Remote C-MAC to
MAC)
Ethernet VPN remote B-MAC binding
• Data-plane learning of local C-MACs and remote Data-plane address PE1 PE3
C-MAC to B-MAC binding learning from Access
• Local C-MAC to local B-MAC:
B-MAC binding B-M1 B-M2
• PEs run Multi-Protocol BGP to advertise local
Backbone MAC addresses (B-MACs) & learn CE1 CE3
remote B-MACs
MPLS
• Takes advantage of PBB encapsulation to simplify BGP
C-MAC:
control plane operation – faster convergence C-MAC:
MB
MA
• Lowers BGP resource usage (CPU, memory) on B-MAC: B-M2
deployed infrastructure (PEs and RRs) B-M1
• Under standardization at IETF – WG draft: draft- PE2 PE4

ietf-l2vpn-pbb-evpn
BGP MAC adv.
Route
EVPN NLRI
MAC B-M1 via PE2
Provider Backbone Bridging Overview IB-BEB
• PBB (IEEE 802.1ah-2008) defines an
I-comp
architecture that includes
L2 Access
L2 Core
• 224 service instances (I-SID) per B-VLAN
I-comp B-comp
• MAC-in-MAC
• I-Component I-comp
CBP
• Learns & forwards using C-MACs PIP
• Maintains a mapping table of C-MACs to B-
MACs B-DA / B-SA 12B
• Performs PBB encap/decap on PIP B-DA / B-SA B-Tag 4B
I-TAG I-TAG 6B
• B-Component
• Learns & forwards using B-MACs C-DA / C-SA C-DA / C-SA C-DA / C-SA
• Push / pop B-VLAN on CBP
IB-BEB = I-/B-comp Backbone Edge Bridge Customer Frame Customer Frame Customer Frame
I-SID = Backbone Service Instance Identifier
PIP = Provider Instance Port
CBP = Customer Backbone Port
PBB-EVPN Encapsulation
Traffic Direction
I-Component B-Component
EVPN
Ethernet BD
BD Forwarder
MPLS
Access I-SID X EVI aaa
DA (NH router)
SA
6B B-DA E-type (MPLS 0x8847)
6B B-SA PSN MPLS label 4B
24-bit I-SID
inside I-TAG 2B E-type (I-TAG 0x88E7) EVPN MPLS label EVPN MPLS label 4B
4B I-TAG Control Word Control Word 4B
DA DA
PBB Header PBB Header 18B
SA SA
E-type (802.1q 0x8100) 802.1q Tag (0x8100)
C-VID C-VID
Payload E-Type Payload E-Type Customer Frame Customer Frame
Payload Payload
PBB-EVPN Operation
Multicast Tunnel ID / Endpoint Discovery1
Inclusive Multicast
2
route signals MPLS
I-SID X Flood List
label to be used in the
Entry 1: PE 2 – label A downstream direction
X Y CE2
Entry 2: PE 3 – label B PE2
Entry 3: PE 4 – label C
PE1
PE3
RR X
BD
CE1 I-SID X BD EVPN

Forwarder
MPLS
EVI aaa CE3
BD
I-SID Y 1
2
At start-up, PEs send X Y
EVPN Inclusive Multicast
I-SID Y Flood List routes to signal I-SID
Entry 1: PE 2 – label D membership PE4 CE4
Entry 2: PE 4 – label E
(1) Ingress / Head Replication model shown
EVPN Inclusive Multicast route
PBB-EVPN Operation
B-MAC Reachability Advertisement MAC Advertisement
2 route signals MPLS
label to be used in the
L2 Routing Information Base (RIB) downstream direction
B-DA2; Next Hop PE2; label F
B-DA3; Next Hop PE3; label G CE2
B-DA4; Next Hop PE4; label H PE2
PE1 B-DA2
PE3
RR
B-DA3
BD
CE1 I-SID X BD EVPN

Forwarder
MPLS
B-DA1 EVI aaa CE3
BD
I-SID Y 1
At start-up, PEs send
B-DA4
EVPN MAC
Advertisement route for
local B-MAC/EVI PE4 CE4
EVPN MAC Advertisement route

PBB-EVPN Operation
Multi-Destination Traffic Forwarding (Per-ISID Ingress Replication)
1 3
CAM Table I-SID X
Multi-destination Traffic Entry1: C-MAC1a; B-DA1
I-SID X Flood List
• Unknown unicast X Y
Entry 1: PE 2 – label A CE2
• Broadcast CAM Table I-SID Y
Entry 2: PE 3 – label B
• Multicast PE2
Entry1: C-MAC1b; B-DA1
Entry 3: PE 4 – label C
PE1
SA: C-MAC1a PE3
DA: FFFF.FFFF.FFFF
SA: C-MAC1b X
DA: FFFF.FFFF.FFFF
BD
CE1 I-SID X BD EVPN

Forwarder
MPLS
C-MAC1a B-DA1 BD
EVI aaa CE3
C-MAC1b
I-SID Y
2
Ingress replication X Y
I-SID Y Flood List with Per-ISID flooding
Entry 1: PE 2 – label D 3 copies for I-SID X
PE4 CE4
Entry 2: PE 4 – label E 2 copies for I-SID Y
PBB-EVPN Operation
Known Unicast Traffic Forwarding
1 L2 Routing Information Base (RIB)
Known Unicast Traffic CAM Table I-SID X B-DA2; Next Hop PE2; label F
Entry1: C-MAC1a; local B-DA3; Next Hop PE3; label G CE2
C-MAC2
Entry2: C-MAC2; B-DA2 Lookup B-DA4; Next Hop PE4; label H PE2
Entry3: C-MAC4; B-DA4
PE1 B-DA2
SA: C-MAC1a Lookup PE3
DA: C-MAC2
SA: C-MAC1a
DA: C-MAC4
BD
CE1 I-SID X BD EVPN

Forwarder
MPLS
C-MAC1a B-DA1 BD
EVI aaa
I-SID Y
2
B-DA4
Known Unicast
delivered to specific C-MAC4
remote PEs PE4 CE4
Introducing PBB-EVPN in Cisco ASR 9000
• Introducing the next-generation of
L2VPNs – Provider Backbone
Bridging Ethernet VPN (PBB-EVPN)
• Support across Cisco ASR 9000
series router family
• From ASR9001-S to ASR9922
• Support starting with Cisco IOS-XR

release 4.3.21 (FCS 09/2013)
• Enhanced Ethernet Line Cards
(Typhoon) required as Ingress and
Egress linecards
(1) PBB-EVPN support started in IOS-XR 4.3.2 and 5.1.1 releases

Advanced Topics
Resiliency
Two-Way Pseudowire Redundancy and mLACP
Two-Way Pseudowire Redundancy
Overview
• Allows dual-homing of two local PEs
to two remote PEs PE1 PE3
• Four (4) pseudowires: 1 primary & 3

CE1 CE2
backup provide redundancy for IP/MPLS
ICCP ICCP
dual-homed devices Site X Site Y
PE2 PE4
• Two-Way PW redundancy coupled

with Multi-Chassis LAG (MC-LAG)
solution on the access side
• LACP state used to determine PW AC
state
• InterChassis Communication Protcol
(ICCP) used to synchronize LACP
states
E-LINE Availability Model VPWS
Active / Backup Access Node Redundancy (mLACP)
Events
 Port / Link Failures
I Initial state
FA-C Port / Link Failures

AS A Active PoA detects failure
FC 3 1A and signals failover over
ICCP
FB
1B Failover triggered on DHD
1A
FA LACP ICCP ICCP LACP Standby link brought up per
2 LACP proc.
1B Active PoA advertises
3 “Standby” state on its PWs
2 4
Standby PoA advertises
SA S 4 “Active” state on its PWs
 For VPWS Coupled Mode, attachment circuit (AC) stateForwarding EoMPLS PW Non-Forwarding EoMPLS PW
(Active/Standby) drives PW state advertised to remote

peers
E-LINE Availability Model VPWS
Active / Backup Access Node Redundancy (mLACP)
Events
 Port / Link Failures (cont.)
I Initial state
FA-C Port / Link Failures
S A Active PoA detects failure

FC 1A and signals failover over
ICCP
FB 1B Failover triggered on DHD
FA LACP ICCP ICCP LACP 2

Standby link brought up per
LACP proc.
Active PoA advertises

3 “Standby” state on its PWs
Standby PoA advertises

A S 4 “Active” state on its PWs
E End State
 Local site access failure does not trigger LACP failover
at remote site (i.e. control-plane separation between Forwarding EoMPLS PW Non-Forwarding EoMPLS PW
sites)
Advanced Topics
Resiliency
ITU-T G.8032 Access Redundancy
ITU-T G.8032 Overview
• Standards-based protection switching for Ethernet
ring topologies
• Defined by ITU-T Study Group 15 [G.8032/Y.1344] (v1 –
06/08; v2 – 03/10)
• Ring traffic forwarding based on Ethernet bridging A B C

rules – Layer 2 Rings
R-APS
• Loop avoidance by blocking of designated ring link Ring Protection Link Channel of
under normal conditions (RPL) - Blocked Link Ring
• Uses a dedicated Control Channel (VLAN)

carrying control messages - Ring APS RPL Owner
• Leverages Ethernet CFM / ITU-T Y.1731 for Fault D E F
Detection (CCM)
• Single Ring or Multi-Ring network topologies
• Supports MAC flushing, load-balancing, revertive /

non-revertive switching and administrative
switching commands
E-LINE Availability Model VPLS
Ring Access Node Redundancy (G.8032)
 G.8032 Ring Span Failure
Blocked Port
Events
I Initial state
VFI VFI
FB Ring Span failure
B
RPL Owner
1B Access switches “A” and
FB “B”detect link failure. Send
1A-B R-APS Signal Fail (SF) on
the ring
A G.8032 G.8032
Access nodes in the ring

1A 2 flush MAC tables and
RPL Owner propagate R-APS SF
RPL owner AGG node
3 receives R-APS and
2 VFI VFI unblocks RPL owner port
3
Forwarding EoMPLS PW
 G.8032 Open Ring without R-APS Virtual Channel, terminating on Aggregation Nodes Non-Forwarding EoMPLS PW
R-APS Channel
vlan
 VLAN load balancing using two ERP instances with RPL Owners on Aggregation Nodes.
 G.8032 Ring Span Failure (cont.)
Blocked port
Events
5 RPL owner AGG node
3 receives R-APS SF and
VFI VFI unblocks RPL owner port
B AGG nodes flush MAC
4 RPL Owner tables. Trigger LDP MAC
1B 4 add withdrawal to VPLS
FB peers
Remote peers flush MAC

A G.8032 G.8032 5 tables
1A
5
RPL Owner
4
2 VFI VFI
3
Non-Forwarding EoMPLS PW
R-APS Channel
vlan
 G.8032 Ring Span Failure (cont.)
Blocked port
Events
Remote peers flush MAC
5 tables
VFI VFI
E End State
RPL Owner
FB
G.8032 G.8032
RPL Owner
VFI VFI
Non-Forwarding EoMPLS PW
R-APS Channel
vlan
Advanced Topics
L2VPN Load Balancing
Access L2VPN PE Core
Load-balancing Questions
• How do we make LERs distribute
flows within the same PW across
ECMPs?
• How do we make LERs distribute
members of core-facing bundle
interface?
• How do we make LSRs distribute
ECMPs?
• How do we make LSRs distribute
members of core-facing bundle
interface?
Flow Aware Transport PWs (RFC6391)
• Problem: How can LSRs load-balance
traffic from flows in a PW across core RTR DA
ECMPs and Bundle interfaces? RTR DA RTR SA
• LSRs load-balance traffic based on IP RTR SA MPLS E-Type (0x8847)
header information (IP payloads) or MPLS E-Type (0x8847) PSN MPLS Label
based on bottom of stack MPLS label PSN MPLS Label PW MPLS Label
(Non-IP payloads) PW MPLS Label Flow MPLS Label
• PW traffic handled as Non-IP payload PW CW PW CW
DA DA
• RFC6391 defines a mechanism that
introduces a Flow label that allows P SA SA
routers to distribute flows within a PW 802.1q Tag (0x8100) 802.1q Tag (0x8100)
• PEs push / pop Flow label C-VID C-VID
• P routers not involve in any signaling / E-Type (0x0800) E-Type (0x0800)

handling / manipulation of Flow label 4 4
IPv4 Payload IPv4 Payload
EoMPLS frame without EoMPLS frame with

Flow Label Flow Label
L2VPN Load-balancing (E2E Scenario) (1/2)
PW2 (Service Y)
PW1 (Service X)
P1 P3
PE1 PE2
P2 P4
L2VPN Load-balancing (E2E Scenario) (2/2)
PW2 (Service Y)
P router with ECMP and P router without ECMP
Bundle interfaces and Bundle interfaces
PW1 (Service X) PE router with ECMP and

PE router with ECMP and P1 P3
Non-bundle interfaces
Bundle interfaces
PE1 PE2 PE router with Bundle

interface as PW
attachment circuit (AC)
P2 P4
P router with ECMP and P router without ECMP

Non-bundle interfaces and Bundle interfaces
L2VPN Load-balancing (Per-VC LB)
PW2 (Service Y)
Default - ASR9000 P with Core- Default - ASR9000 PE with AC
facing Bundle Bundle
P rtr load-balances traffic across PE load-balances traffic across
Bundle members based on VC PW1 (Service X) Bundle members based on DA/SA
label; i.e. all traffic from a PW P1 P3
F1x F2x F3x MAC
assigned to one member F4x
Svc X – Flow 1
Svc X – Flow 2
Svc X – Flow 3
Svc X – Flow 4
Svc Y – Flow 1
Svc Y – Flow 2 F1y F2y F3y
Svc Y – Flow 3
PE1 F4y PE2
Svc Y – Flow 4
Default - ASR9000 PE with P2 P4

ECMP
PE load-balances PW traffic Default - ASR9000 PE with
Default - ASR9000 P with ECMP
across ECMPs based on VC Core-facing Bundle
P rtr load-balances traffic across
label; i.e. all traffic from a PW PE load-balances traffic across
ECMPs based on VC label; i.e. all
assign to one ECMP Bundle members based on VC
traffic from a PW assigned to one
label; i.e. all traffic from a PW
ECMP
assigned to one member
L2VPN Load-balancing (L2/L3 LB)
Default - ASR9000 P
PW loadbalancing based on VC
label; only one ECMP and one PE L2VPN load-balancing knob:
bundle member used for all PW l2vpn
PE L2VPN load-balancing knob: traffic load-balancing flow {src-dst-mac
l2vpn PW1 (Service X) | src-dst-ip}
P1 P3
load-balancing flow {src-dst-mac
| src-dst-ip} F1x F2x
Svc X – Flow 1
Svc X – Flow 2
Svc X – Flow 3
Svc X – Flow 4
Two-stage Hash PE1 PE2

process
F3x F4x
P2 P4 ASR9000 PE with AC Bundle
ASR9000 PE with ECMP
PE now load-balances PW traffic ASR9000 PE with Core-facing PE load-balances now traffic
across ECMPs based on L2 or Bundle across Bundle members based on
L3 payload info; i.e. flows from a PE now load-balances traffic L2 or L3 payload info
PW distributed over ECMPs across Bundle members based on
L2 or L3 payload info; i.e. flows
from a PW distributed over
members
L2VPN Load-balancing (L2/L3 LB + FAT)
PE L2VPN load-balancing ASR9000 P with Core-facing
knob Bundle No new configuration
PW loadbalancing based on Flow required on P routers
PE FAT PW label; i.e. flows from a PW
l2vpn PE L2VPN load-balancing
pw-class sample-class distributed over bundle members PW1 (Service X) knob
encapsulation mpls P1 P3
PE FAT PW
load-balancing flow- F1x
label both
Svc X – Flow 1
Svc X – Flow 2
Svc X – Flow 3 F2x
Svc X – Flow 4
ASR9000 PE F3x
PE1 PE2
PE now adds Flow
labels based on L2 or L3 F4x
payload info P4
P2 ASR9000 PE with AC Bundle
ASR9000 PE with Core-facing PE load-balances now traffic
ASR9000 PE with ECMP ASR9000 P with ECMP
Bundle across Bundle members based on
PE now load-balances PW traffic P rtr now load-balances traffic
PE now load-balances traffic L2 or L3 payload info
across ECMPs based on L2 or across ECMPs based on Flow
L3 payload info; i.e. flows from a across Bundle members based on
L2 or L3 payload info; i.e. flows label; i.e. flows from a PW
PW distributed over ECMPs distributed over ECMPs
from a PW distributed over
members
Significance of PW Control-Word
Solution:
Problem:
Add PW Control Word in
DANGER for LSR
front of PW payload. This RTR DA
LSR will confuse payload as
guarantees that a zero will
IPv4 (or IPv6) and attempt to RTR DA RTR SA
always be present and thus
load-balance based off RTR SA MPLS E-Type (0x8847)
no risk of confusion for LSR
incorrect fields
MPLS E-Type (0x8847) PSN MPLS Label
PSN MPLS Label PW MPLS Label
PW MPLS Label 0 PW CW
4 DA 4 DA 4 DA
SA SA SA
802.1q Tag (0x8100) 802.1q Tag (0x8100) 802.1q Tag (0x8100)
C-VID C-VID C-VID
Payload E-Type Payload E-Type Payload E-Type
Non-IP Payload Non-IP Payload Non-IP Payload

Deployment Use Cases
Data Center Interconnect – VPLS on
Nexus 7000
Data Center Interconnect with VPLS
Nexus 7000
Nexus 7K
Primary Nexus 7K
VFI for
WAN Edge
Access Agg Vlan X
A A
VFI VFI
A A
WAN
vPC Peer
Link
S S
Secondary VFI VFI
VFI for S S
DC 1 Vlan X vPC Domain vPC Domain DC 2
• Nexus 7000 as DC WAN Edge provides VPLS Multi-Homing with Virtual Port Channel (vPC)
• User configuration sets VFI as primary / secondary on vPC members

• vPC members can alternate in Active / Standby responsibilities for different VLANs
• PW status signaled as Active / Standby on primary / secondary VFIs respectively

• Single PW activated to forward traffic between pair of data center sites
• vPC Peer Link used to forward traffic to / from vPC member with VFI in primary designation
Sample Configuration – Nexus 7000 PE1 PE3
10.0.0.1 10.0.0.3
EVEN VLANs
• Primary VFI owner for
PE 1 EVEN vlans PE 2 • Primary VFI owner for
vlan 80-81 • Secondary owner for vlan 80-81 ODD vlans VFI VFI
! ODD vlans ! • Secondary owner for
vlan configuration 80 vlan configuration 80 vPC
EVEN vlans
member vfi vpls-80 member vfi vpls-80
! !
vlan configuration 81 vlan configuration 81
member vfi vpls-81 member vfi vpls-81
! ! VFI VFI
l2vpn vfi context vpls-80 l2vpn vfi context vpls-80
vpn id 80 vpn id 80 PE2 PE4
redundancy primary redundancy secondary 10.0.0.2 10.0.0.4
member 10.0.0.3 encapsulation mpls member 10.0.0.3 encapsulation mpls
member 10.0.0.4 encapsulation mpls member 10.0.0.4 encapsulation mpls PE1 PE3
! ! 10.0.0.1 10.0.0.3
l2vpn vfi context vpls-81 l2vpn vfi context vpls-81 ODD VLANs
vpn id 81 vpn id 81
redundancy secondary redundancy primary
member 10.0.0.3 encapsulation mpls member 10.0.0.3 encapsulation mpls VFI VFI
member 10.0.0.4 encapsulation mpls member 10.0.0.4 encapsulation mpls
! !
interface port-channel50 interface port-channel50 vPC
switchport mode trunk switchport mode trunk
switchport trunk allowed vlan 80,81 switchport trunk allowed vlan 80,81
VFI VFI
Note: Virtual Port Channel (vPC) configuration not shown
PE2 PE4
10.0.0.2 10.0.0.4
E-LAN with per-flow load-balancing –
ASR 9000 (PBB-EVPN)
PBB-EVPN
Multi-Homing Scenarios – All-Active Load-Balancing
• Dual Home Device / Multi Home Device1
scenarios and All-Active LB Dual Home Device (DHD)
All-Active Load-Balancing
• A.k.a. Active / Active per-flow (AApF) LB
• Both PEs forward traffic associated with a given PE1
PE1 and PE2 use same
PBB I-SID BMAC 1 B-MAC / same ESI for a
Single Bundle ESI W shared segment
VID
configured on CE1
• PEs attached to Ethernet Segment using CE1
X
bundle interfaces MPLS

Core
• Single bundle (manual or LACP) configured on
CE VID
X BMAC 1
ESI W
• PEs on same segment must share the
same source B-MAC and ESI PE2
Both PEs forward
• ESI and B-MAC auto-sensed from CE LACP traffic from the same
information service (PBB I-SID)
• DF election (manual or automatic)

(1) Standard does not limit solution to only dual homing
PBB-EVPN Dual Home Device (DHD) MINIMAL
Configuration
All-Active (per-FLOW) Load-Balancing Auto-sensed B-MAC SA

Auto-sensed ESI
PE1
redundancy iccp group 66 Auto RD for Segment Route
mlacp node 1 Auto RT for EVI
mlacp system priority 1 Auto RD for EVI PE1
mlacp system mac 0111.0222.0111 A/A Per-flow LB (default)
mode singleton
Auto DF / service carving Bundle-
backbone interface GigabitEthernet 0/0/0/1 Eth25.1 Gig0/0/0/1
interface Bundle-Ether25 PE2 should use same RG #
mlacp iccp-group 66 CE1
PE2 should use different mlacp
MPLS
interface Bundle-Ether25.1 l2transport node id Core
encapsulation dot1q 777 PE2 should use same mlacp
l2vpn system mac and system priority
bridge group gr1 Bundle-
bridge-domain bd1 Eth25.1
interface Bundle-Ether25.1 ICCP in singleton mode (i.e.No
pbb edge i-sid 256 core-bridge core_bd1 peer neighbor configuration) PE2
bridge group gr2

bridge-domain core_bd1 PBB I-component and B-
pbb core component configuration. ISIDs
evpn evi 1000
must match on both PEs
router bgp 64 No need to define B-VLAN
bgp router-id 1.100.100.100
Note: MPLS / LDP configuration
address-family l2vpn evpn Mandatory EVI ID configuration required on core-facing interfaces (not
neighbor 2.100.100.100 shown)
remote-as 64 BGP configuration with
address-family l2vpn evpn new EVPN AF
Summary
• MPLS is a mature technology with widespread L2VPN deployments by Service
Providers and Enterprises around the globe
• Ethernet-based WAN services and Data Center Interconnect are key applications
driving deployments of L2VPN today
• L2VPNs can be deployed addressing key requirements including: Resiliency,
Auto-Discovery, Load-Balancing and OAM
• EVPN / PBB-EVPN are next-generation L2VPN solutions based on BGP control-
plane for MAC distribution/learning over the core
Complete Your Online Session Evaluation
• Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner
will receive a $750 Amazon
gift card.
• Complete your session surveys
though the Cisco Live mobile
app or your computer on
Cisco Live Connect.
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education
• Demos in the Cisco Campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
Thank you
Backup Slides
Ethernet Point-to-Point
L2VPNs
Virtual Private Wire Service (VPWS)
VPWS (EoMPLS) LDP Signaling
Cisco IOS XR
hostname PE1
!
interface Loopback0
ipv4 address 106.106.106.106 255.255.255.255 GigabitEthernet0/0/0/6
l2vpn CE1
PE1
xconnect group Cisco-Live 106.106.106.106
p2p xc-sample-1 PW VC id PE2
interface GigabitEthernet0/0/0/2.100 111 MPLS Core102.102.102.102
neighbor 102.102.102.102 pw-id 111 CE2
p2p xc-sample-2 222

interface GigabitEthernet0/0/0/2.200 333
neighbor 102.102.102.102 pw-id 222 GigabitEthernet0/0/0/2
p2p xc-sample-3
interface GigabitEthernet0/0/0/6
Single-tagged VLAN neighbor 102.102.102.102 pw-id 333
traffic to PW Single-tagged range Entire port
VLAN traffic to PW OR traffic to PW
interface GigabitEthernet0/0/0/2.100 l2transport
encapsulation dot1q 100
rewrite ingress tag pop 1 symmetric
l2transport
encapsulation dot1q 999-1010
rewrite ingress tag push dot1q 888 symmetric
Cisco IOS (VLAN-based services)
hostname PE1
!
interface Loopback0 Sub-interface
ip address 106.106.106.106 255.255.255.255 based xconnect GigabitEthernet2/5
interface GigabitEthernet2/4.300
encapsulation dot1q 300 O CE1
PE1
xconnect 102.102.102.102 111 encapsulation mpls R 106.106.106.106
PE2
interface GigabitEthernet2/4 Service-Instance MPLS Core102.102.102.102
service instance 10 ethernet (EFP) based CE2
encapsulation dot1q 300 xconnect
rewrite ingress tag pop 1 symmetric 111
PW VC id
xconnect 102.102.102.102 111 encapsulation O GigabitEthernet2/4
mpls
interface Vlan 300 R
xconnect 102.102.102.102 111 encapsulation mpls
! Interface VLAN (SVI)
interface GigabitEthernet2/4 based xconnect +
switchport mode trunk Switchport trunk / access
switchport trunk allowed vlan 300
interface Vlan 300

O
xconnect 102.102.102.102 111 encapsulation mpls R
!
interface GigabitEthernet2/4 Interface VLAN (SVI)
service instance 10 ethernet based xconnect +
encapsulation dot1q 300 Service instance BD
bridge-domain 300
Cisco IOS (Port-based services)
hostname PE1
! Main interface
interface Loopback0
ip address 106.106.106.106 255.255.255.255
based xconnect
GigabitEthernet2/5
interface GigabitEthernet2/5 CE1
xconnect 102.102.102.102 222 encapsulation mpls OR PE1
106.106.106.106
PE2
Service-Instance (EFP)
interface GigabitEthernet2/5 MPLS Core102.102.102.102
service instance 1 ethernet
based xconnect CE2
encapsulation default (encap default)
xconnect 102.102.102.102 111 encapsulation mpls 222
PW VC id
interface Vlan 300 OR GigabitEthernet2/4

!
Interface VLAN (SVI)
interface GigabitEthernet2/5
switchport mode dot1q-tunnel based xconnect +
switchport access vlan 300 Switchport dot1q-tunnel
interface Vlan 300 OR

!
interface GigabitEthernet2/5 Interface VLAN (SVI)
service instance 1 ethernet based xconnect +
encapsulation default Service instance BD
bridge-domain 300
Cisco IOS / NX-OS (NEW Service-based CLI)
hostname PE1
!
interface Loopback0
ip address 106.106.106.106 255.255.255.255
GigabitEthernet2/5
l2vpn xconnect context sample-xconnect
member Pseudowire1 102.102.102.102 111 encap mpls CE1
PE1
member GigabitEthernet2/4 service instance 333 106.106.106.106 PW VC id PE2
!
interface GigabitEthernet2/4 111 102.102.102.102
MPLS Core
service instance 333 ethernet CE2
rewrite ingress tag pop 1 symmetric 222
bridge-domain 300 GigabitEthernet2/4

member Pseudowire2 192.0.0.5 222 encap mpls
member GigabitEthernet2/4 service instance 333
! NEW
interface GigabitEthernet2/4 NEW Service-based CLI
PWs modeled as virtual Xconn context /
encapsulation dot1q 300 Bridge-Domain or
rewrite ingress tag pop 1 symmetric interfaces. PW and EFPs
For now members of BD/Xconn VLAN configurations
OR
vlan 400 NX-OS context
vlan configuration 400
member Pseudowire2 102.102.102.102 222 encapsulation mpls
!
switchport mode trunk
switchport trunk allowed vlan 400
Backup Slides
Ethernet Multi-Point
L2VPNs
VPLS with LDP Signaling
VPLS LDP Signaling / Manual provisioning
Cisco IOS
hostname PE1
! PE2
interface Loopback0 VPN ID defined per VFI or 192.0.0.2
ip address 192.0.0.1 255.255.255.255 on a per-neighbor basis
!
l2 vfi sample-vfi manual PE1
PW VC id
192.0.0.1
vpn id 300
neighbor 192.0.0.2 encapsulation mpls 1111
Core PWs CE1
neighbor 192.0.0.3 2222 encapsulation mpls PE3
Full-mesh MPLS Core 192.0.0.3
neighbor 192.0.0.4 3333 encapsulation mpls VFI
!
interface Vlan300 2222
xconnect vfi sample-vfi PE4
3333 192.0.0.4
GigabitEthernet2/4
VFI associated to Bridge-Domain or

VLAN interface (SVI) VLAN/switchport
via xconnect cmd configurations
interface GigabitEthernet2/4 interface GigabitEthernet2/4

service instance 333 ethernet switchport mode trunk
encapsulation dot1q 333 OR switchport trunk allowed vlan 300
bridge-domain 300
H-VPLS LDP Signaling / Manual provisioning
Cisco IOS
hostname PE1 u-PE1

! 192.0.0.5 PE2
interface Loopback0 CE2 192.0.0.2
ip address 192.0.0.1 255.255.255.255
! 5555
PE1
l2 vfi sample-vfi manual PW VC id
192.0.0.1
vpn id 300 CE1
neighbor 192.0.0.2 encapsulation mpls 1111
neighbor 192.0.0.3 2222 encapsulation mpls 2/4 PE3
MPLS Core 192.0.0.3
neighbor 192.0.0.4 3333 encapsulation mpls u-PE2 VFI
neighbor 192.0.0.5 5555 encapsulation mpls no-split-horizon 192.0.0.6
neighbor 192.0.0.6 5555 encapsulation mpls no-split-horizon CE3 2222
! 5555 PE4
interface Vlan300 3333 192.0.0.4
xconnect vfi sample-vfi
Bridge-Domain or Spoke
VLAN/switchport PWs
configurations
switchport mode trunk
rewrite ingress tag pop 1 symmetric OR switchport trunk allowed vlan 300
bridge-domain 300
Cisco IOS XR
hostname PE1 PE2

! 192.0.0.2
interface Loopback0
ipv4 address 192.0.0.1 255.255.255.255 PE1
PW VC id
! 192.0.0.1
interface GigabitEthernet0/0/0/14.101 l2transport 1111
encapsulation dot1q 101 CE1
PE3
rewrite ingress tag pop 1 symmetric MPLS Core 192.0.0.3
VFI
2222
PE4
3333 192.0.0.4
l2vpn GigabitEthernet0/0/0/14.101
bridge group Cisco-Live
bridge-domain bd101
interface GigabitEthernet0/0/0/14.101 Service-based CLI:
vfi vfi101
vpn-id 1111
EFPs, PWs and VFI
neighbor 192.0.0.2 pw-id 1111 as members of
neighbor 192.0.0.3 pw-id 2222 Bridge Domain
neighbor 192.0.0.4 pw-id 3333
VPN ID defined per VFI or

on a per-neighbor basis
Cisco IOS XR
u-PE1
hostname PE1 192.0.0.5 PE2
CE2 192.0.0.2
!
interface Loopback0
5555
ipv4 address 192.0.0.1 255.255.255.255 PE1
PW VC id
! 192.0.0.1
interface GigabitEthernet0/0/0/14.101 l2transport CE1
1111
encapsulation dot1q 101 0/0/0/14 PE3
rewrite ingress tag pop 1 symmetric MPLS Core 192.0.0.3
u-PE2 VFI
192.0.0.6
CE3 2222
5555 PE4
3333 192.0.0.4
l2vpn
bridge-domain bd101
interface GigabitEthernet0/0/0/14.101
neighbor 192.0.0.5 pw-id 5555 Spoke
!
PWs
vfi vfi101
vpn-id 1111
neighbor 192.0.0.3 pw-id 2222 Core PWs
Full-mesh
Cisco IOS / NX-OS (NEW Service-based CLI)
hostname PE1
! Core PWs PE2
interface Loopback0 Full-mesh 192.0.0.2
ip address 192.0.0.1 255.255.255.255
l2vpn vfi context sample-vfi PE1

PW VC id
192.0.0.1
vpn id 1111
member Pseudowire1 192.0.0.2 encapsulation mpls CE1 1111
member Pseudowire2 192.0.0.3 2222 encapsulation mpls PE3
MPLS Core 192.0.0.3
member Pseudowire3 192.0.0.4 3333 encapsulation mpls VFI
!
2222
NEW
NEW PE4
PWs modeled as 3333 192.0.0.4
Service-based CLI GigabitEthernet2/4
virtual interfaces.
Bridge-Domain or
VFI and EFPs now
VLAN/switchport
members of BD
configurations
bridge-domain 300 vlan 300
member vfi sample-vfi vlan configuration 300
member GigabitEthernet2/4 service instance 333 member vfi sample-vfi
! !
interface GigabitEthernet2/4 OR interface GigabitEthernet2/4
encapsulation dot1q 300 switchport trunk allowed vlan 300
For
NX-OS
Cisco IOS (NEW Service-based CLI)
hostname PE1 u-PE1
! 192.0.0.5 PE2
interface Loopback0 CE2 192.0.0.2
ip address 192.0.0.1 255.255.255.255
! 5555
l2vpn vfi context sample-vfi PE1
PW VC id
192.0.0.1
vpn id 1111 CE1
member Pseudowire1 192.0.0.2 encapsulation mpls 1111
member Pseudowire2 192.0.0.3 2222 encapsulation mpls 2/4 PE3
MPLS Core 192.0.0.3
member Pseudowire3 192.0.0.4 3333 encapsulation mpls u-PE2 VFI
! 192.0.0.6
NEW NEW CE3 2222
PWs modeled as Service-based CLI 5555 PE4
3333 192.0.0.4
virtual interfaces. Bridge-Domain
VFI, spoke PW, configurations
EFPsmembers of BD
bridge-domain 300
member vfi sample-vfi
!
service instance 333 ethernet Spoke
encapsulation dot1q 300 PWs
Backup Slides
L2VPNs
VPLS with LDP Signaling and BGP-based
AutoDiscovery (BGP-AD)
VPLS LDP Signaling and BGP-AD BGP Auto-Discovery attributes
VPLS VFI attributes
Signaling attributes
Cisco IOS
PE2
104.104.104.104
hostname PE1
!
interface Loopback0 PE1
PW VC id
ip address 102.102.102.102 255.255.255.255 102.102.102.102
! CE1 100:300
router bgp 100 PE3
bgp router-id 102.102.102.102 MPLS Core 192.0.0.3
VFI
neighbor 104.104.104.104 remote-as 100
neighbor 104.104.104.104 update-source Loopback0 100:300
! PE4
address-family l2vpn vpls BGP L2VPN AF 100:300 192.0.0.4
GigabitEthernet2/4
neighbor 104.104.104.104 activate
neighbor 104.104.104.104 send-community extended
exit-address-family
l2 vfi sample-vfi autodiscovery

vpn id 300 BGP AS 100
vpls-id 100:300
Bridge Domain- OR VLAN/switchport- BGP Auto-Discovery
!
interface Vlan300 based Configuration based Configuration
xconnect vfi sample-vfi
interface GigabitEthernet2/4 interface GigabitEthernet2/4

bridge-domain 300
H-VPLS LDP Signaling and BGP-AD / Manual provisioning
Cisco IOS
u-PE1
192.0.0.5 PE2
CE2 104.104.104.104
hostname PE1
!
5555
ip address 102.102.102.102 255.255.255.255 PW VC id
102.102.102.102
! CE1 100:300
l2 vfi sample-vfi autodiscovery PE3
2/4
vpn id 300 MPLS Core 192.0.0.3
vpls-id 100:300 u-PE2 VFI
neighbor 192.0.0.5 5555 encapsulation mpls no-split-horizon 192.0.0.6
CE3 100:300
neighbor 192.0.0.6 5555 encapsulation mpls no-split-horizon PE4
5555
100:300 192.0.0.4
Manually
provisioned
Spoke PWs
BGP AS 100
Manual BGP Auto-Discovery
VPLS VFI attributes
Cisco IOS XR
hostname PE1
!
ipv4 address 106.106.106.106 255.255.255.255 110.110.110.110
!
encapsulation dot1q 101 PE1
PW VC id
rewrite ingress tag pop 1 symmetric 106.106.106.106
CE1 100:101
router bgp 100 PE3
MPLS Core
bgp router-id 106.106.106.106 VFI 192.0.0.3
address-family l2vpn vpls-vpws BGP L2VPN AF
neighbor 110.110.110.110 100:101
remote-as 100 PE4
update-source Loopback0 100:101 192.0.0.4
GigabitEthernet0/0/0/2.101
address-family l2vpn vpls-vpws
l2vpn
bridge-domain bd101 Full-mesh Core PWs
interface GigabitEthernet0/0/0/2.101 auto-discovered with BGP-AD
vfi vfi101
and signaled by LDP BGP AS 100
vpn-id 11101
autodiscovery bgp
BGP Auto-Discovery
rd auto PW ID = VPLS-id (100:101)
route-target 100:101
signaling-protocol ldp
vpls-id 100:101
Cisco IOS XR
u-PE1
192.0.0.5 PE2
CE2 110.110.110.110
hostname PE1
!
5555
l2vpn PE1
PW VC id
bridge group Cisco-Live 106.106.106.106
bridge-domain bd101 CE1
100:101
interface GigabitEthernet0/0/0/2.101 0/0/0/2 PE3
! VFI MPLS Core 192.0.0.3
neighbor 192.0.0.5 pw-id 5555 u-PE2
! 192.0.0.6
CE3 100:101
neighbor 192.0.0.6 pw-id 5555 PE4
5555
! 100:101 192.0.0.4
vfi vfi101
vpn-id 11101
autodiscovery bgp Manually
rd auto
route-target 100:101
provisioned
signaling-protocol ldp Spoke PWs
vpls-id 100:101
Manual BGP AS 100
BGP Auto-Discovery
VPLS LDP Signaling and BGP-AD
Cisco NX-OS
PE2
104.104.104.104
hostname PE1
! PE1
interface Loopback0 PW VC id
102.102.102.102
ip address 102.102.102.102 255.255.255.255 100:3300
CE1
PE3
l2vpn vfi context sample-vfi MPLS Core 192.0.0.3
vpn id 3300 VFI
autodiscovery bgp signaling ldp
100:3300
vpls-id 100:3300
PE4
! 100:3300 192.0.0.4
router bgp 100 Ethernet2/4
update-source loopback 0
address-family l2vpn vpls
send-community extended
Bridge Domain- VLAN/switchport-
based Configuration OR based Configuration BGP AS 100
BGP Auto-Discovery
system bridge-domain 300
! vlan 300
bridge-domain 300 vlan configuration 300
member vfi sample-vfi member vfi sample-vfi
member Ethernet2/4 service instance 333 !
! interface Ethernet2/4
interface Ethernet2/4 switchport
VPLS VFI attributes
PE2
104.104.104.104
hostname PE1
!
PW VC id
ip address 102.102.102.102 255.255.255.255 102.102.102.102
! CE1 100:300
router bgp 100 PE3
bgp router-id 102.102.102.102 MPLS Core 192.0.0.3
VFI
neighbor 104.104.104.104 update-source Loopback0 100:300
! PE4
address-family l2vpn vpls 100:300 192.0.0.4
GigabitEthernet2/4
exit-address-family
l2vpn vfi context sample-vfi

vpn id 300 BGP AS 100
autodiscovery bgp signaling ldp
vpls-id 100:300 Bridge Domain- BGP Auto-Discovery
! based Configuration
bridge-domain 300
u-PE1
hostname PE1 192.0.0.5 PE2
CE2 104.104.104.104
!
5555
vpn id 3300 PE1
PW VC id
autodiscovery bgp signaling ldp 102.102.102.102
vpls-id 100:3300 CE1 100:3300
2/4 PE3
MPLS Core 192.0.0.3
u-PE2 VFI
bridge-domain 300 192.0.0.6
member vfi sample-vfi CE3 100:3300
member Pseudowire4 192.0.0.5 5555 encapsulation mpls 5555 PE4
member Pseudowire5 192.0.0.6 5555 encapsulation mpls 100:3300 192.0.0.4
Bridge Domain-
based Configuration Manually
provisioned BGP AS 100
Manual BGP Auto-Discovery
Spoke PWs
Backup Slides
L2VPNs
VPLS with BGP-based Signaling and AutoDiscovery
VPLS BGP Signaling and BGP-AD BGP Auto-Discovery attributes
VPLS VFI attributes
Cisco IOS XR
hostname PE1
!
ipv4 address 106.106.106.106 255.255.255.255 110.110.110.110
!
router bgp 100
PE1
bgp router-id 106.106.106.106
106.106.106.106
address-family l2vpn vpls-vpws ve-id 6
neighbor 110.110.110.110 CE1
remote-as 100 PE3
MPLS Core 192.0.0.3
update-source Loopback0 VFI
address-family l2vpn vpls-vpws
ve-id 5 PE4
192.0.0.4 ve-id 7
GigabitEthernet0/0/0/2.102
l2vpn
bridge-domain bd102
interface GigabitEthernet0/0/0/2.102 ve-id 8
vfi vfi102
vpn-id 11102
autodiscovery bgp BGP AS 100
rd auto
route-target 100:102 BGP Signaling and Auto-Discovery
signaling-protocol bgp
ve-id 5 VE-id must be
unique in a VPLS
instance
VPLS BGP Signaling and BGP-AD
Cisco IOS (NEW Service-based CLI) PE2
104.104.104.104
hostname PE1
! PE1
interface Loopback0 102.102.102.102
ve-id 6
ip address 102.102.102.102 255.255.255.255 CE1
! PE3
router bgp 100 MPLS Core 192.0.0.3
bgp router-id 102.102.102.102
VFI
neighbor 104.104.104.104 update-source Loopback0 GigabitEthernet2/4 ve-id 5 PE4
! 192.0.0.4 ve-id 7
address-family l2vpn vpls
neighbor 104.104.104.104 suppress-signaling-protocol ldp ve-id 8
exit-address-family

vpn id 3300 VE-id must be
BGP AS 100
autodiscovery bgp signaling bgp unique in a VPLS BGP Signaling and Auto-Discovery
ve id 5
instance
ve range 10
bridge-domain 300
member GigabitEthernet2/4 service instance 333 Bridge Domain-
!
based Configuration
VPLS BGP Signaling and BGP-AD
Cisco NX-OS PE2
110.110.110.110
hostname PE1 PE1

! 106.106.106.106
ve-id 6
interface Loopback0 CE1
ip address 106.106.106.106 255.255.255.255 PE3
! MPLS Core 192.0.0.3
VFI
router bgp 100
update-source Loopback 0 GigabitEthernet2/4 ve-id 5 PE4
address-family l2vpn vpls 192.0.0.4 ve-id 7
suppress-signaling-protocol ldp
send-community extended VE-id must be
unique in a VPLS
l2vpn vfi context sample-vfi instance ve-id 8
vpn id 3300
autodiscovery bgp signaling bgp
ve id 5 Bridge Domain- OR VLAN/switchport- BGP AS 100
ve range 10
based Configuration based Configuration BGP Signaling and Auto-Discovery
system bridge-domain 300
! vlan 300
bridge-domain 300 vlan configuration 300
member vfi sample-vfi member vfi sample-vfi
member Ethernet2/4 service instance 333 !
! interface Ethernet2/4
interface Ethernet2/4 switchport
PBB-EVPN IOS-XR
Implementation
Configuration and
Examples
PBB-EVPN Single Home Device (SHD) MINIMAL
Configuration
Chassis B-MAC SA
Null ESI
Auto RD for Segment Route
PE1 Auto RT for EVI
interface Bundle-Ether1.777 l2transport Auto RD for EVI
l2vpn
PBB I-component PE1
bridge group gr1
bridge-domain bd1 Includes I-SID assignment CE1
Bundle-
Eth1.777
interface Bundle-Ether1.777 MPLS
pbb edge i-sid 256 core-bridge core_bd1 Core
PBB B-component
bridge group gr2 No need to define B-VLAN
bridge-domain core_bd1
pbb core
Mandatory - Globally
evpn evi 1000 unique identifier for all PEs
in a given EVI
router bgp 64
address-family l2vpn evpn
!
neighbor 2.100.100.100 BGP configuration with
remote-as 64 new EVPN AF
update-source Loopback0 Note: MPLS / LDP configuration
address-family l2vpn evpn required on core-facing interfaces (not
shown)
PBB-EVPN Single Home Device (SHD) with PW access
PE1
l2vpn
PBB I-component includes:
bridge group gr1
bridge-domain bd1 - Access PW
neighbor 14.14.14.10 pw-id 111010 - I-SID assignment PW
PE1
! VC ID 111010
pbb edge i-sid 256 core-bridge core_bd1 CE1
MPLS
PBB B-component MPLS Core
bridge group gr2
bridge-domain core_bd1 No need to define B-VLAN
PEx
pbb core Mandatory - Globally 14.14.14.10
evpn evi 1000
unique identifier for all PEs
router bgp 64 in a given EVI
!
neighbor 2.100.100.100
update-source Loopback0 new EVPN AF
required on core-facing interfaces (not
shown)
Configuration
All-Active (per-FLOW) Load-Balancing Auto-sensed B-MAC SA

Auto-sensed ESI
PE1
redundancy iccp group 66 Auto RD for Segment Route
mlacp node 1 Auto RT for EVI
mlacp system priority 1 Auto RD for EVI PE1
mlacp system mac 0111.0222.0111 A/A Per-flow LB (default)
mode singleton
Auto DF / service carving Bundle-
backbone interface GigabitEthernet 0/0/0/1 Eth25.1 Gig0/0/0/1
interface Bundle-Ether25 PE2 should use same RG #
mlacp iccp-group 66 CE1
PE2 should use different mlacp
MPLS
interface Bundle-Ether25.1 l2transport node id Core
encapsulation dot1q 777 PE2 should use same mlacp
l2vpn system mac and system priority
bridge group gr1 Bundle-
bridge-domain bd1 Eth25.1
interface Bundle-Ether25.1 ICCP in singleton mode (i.e.No
pbb edge i-sid 256 core-bridge core_bd1 peer neighbor configuration) PE2
bridge group gr2

bridge-domain core_bd1 PBB I-component and B-
pbb core component configuration. ISIDs
evpn evi 1000
must match on both PEs
router bgp 64 No need to define B-VLAN
address-family l2vpn evpn Mandatory EVI ID configuration required on core-facing interfaces (not
neighbor 2.100.100.100 shown)
address-family l2vpn evpn new EVPN AF
Configuration
Single-Active (per-Service) Load-Balancing and Dynamic Service Carving

Chassis B-MAC SA (def.)
Manual ESI
PE1 Auto RD for Segment Route
interface Bundle-Ether25.1 l2transport Auto RT for EVI PE1
encapsulation dot1q 777 Auto RD for EVI
evpn A/A Per-Service LB Bundle-
Eth25
interface Bundle-Ether25 Auto Service Carving (def.)
ethernet-segment
identifier system-priority 1 system-id 0300.0b25.00ce
A/A per-service (per-ISID) CE1
load-balancing-mode per-service load balancing with MPLS
l2vpn dynamic Service Carving Core
bridge group gr1 ESI must match on both
bridge-domain bd1 PEs
interface Bundle-Ether25.1 Bundle-
pbb edge i-sid 256 core-bridge core_bd1 Eth25
PBB I-component and B-
bridge group gr2 PE2
component configuration.
bridge-domain core_bd1
pbb core
ISIDs must match on both
evpn evi 1000 PEs
router bgp 64
No need to define B-VLAN
bgp router-id 1.100.100.100 Mandatory EVI ID
address-family l2vpn evpn configuration Note: MPLS / LDP configuration
neighbor 2.100.100.100 required on core-facing interfaces (not
remote-as 64
address-family l2vpn evpn BGP configuration with shown). ICCP (singleton) config (not
new EVPN AF shown)
Data-Plane
considerations for
Ethernet transport
How Are Ethernet Frames Transported?
• Ethernet frames transported without Preamble, Start Frame Delimiter (SFD) and
FCS
• Two (2) modes of operation supported:
• Ethernet VLAN mode (VC type 0x0004) – created for VLAN over MPLS application
• Ethernet Port / Raw mode (VC type 0x0005) – created for Ethernet port tunneling application
Original Ethernet Frame

Lengt
802.1q
Preamble DA SA h/Typ Ethernet Payload FCS
tag
e
6B 6B 4B (optional) 2B 46-1500B 4B
MPLS
E-Type
MPLS-encapsulated Ethernet Frame
LSP VC Ethernet
DA’ SA’ 0x8847 Control Word Ethernet Payload FCS’
Label Label Header
4B 4B 4B (optional)
MPLS Stack AToM Header

Ethernet PW VC Type
7604-2#show running-config IOS
• VC type used must match on PEs pseudowire-class test-pw-class-VC4
encapsulation mpls
interworking vlan
• Cisco IOS devices by default will !
pseudowire-class test-pw-class-VC5
generally attempt to bring up an encapsulation mpls
interworking ethernet
Ethernet PW using VC type 5
• If rejected by remote PE, then VC IOS-XR
type 4 will be used – VC Type auto-
sensing RP/0/RSP0/CPU0:ASR9000-2#show running-config l2vpn
l2vpn
pw-class test-pw-class-VC4
• Alternatively, Cisco IOS and IOS- encapsulation mpls
transport-mode vlan
XR devices can be explicitly
pw-class test-pw-class-VC4-passthrough
configured to use either VC type 4 encapsulation mpls
transport-mode vlan passthrough
or 5
pw-class test-pw-class-VC5
encapsulation mpls
transport-mode ethernet
Introducing Cisco EVC Framework
Functional Highlights
Ethernet Service Layer
Flexible service delimiters • Ethernet Flow Point (EFP)
• Ethernet Virtual Circuit (EVC)
• Single-tagged, Double-tagged Service • Bridge Domain (BD)
Abstraction
• VLAN Lists, VLAN Ranges • Local VLAN significance
• Header fields (COS, Ethertype)
EVC
VLAN Header operations -
Flexible Advanced
Service Framework Frame
VLAN Rewrites
Mapping Manipulation
• POP
• PUSH
Multiplexed • SWAP
ANY service – ANY port Forwarding services
• Layer 2 Point-to-Point
• Layer 2 Multipoint
• Layer 3
Encapsulation Adjustment Considerations
EoMPLS PW VC Type and EVC VLAN Rewrites Dummy
VLAN tag
MPLS Imposition
• VLAN tags can be added, removed
or translated prior to VC label PUSH 1
VLAN tag
imposition or after disposition 4
• Any VLAN tag(s), if retained, will EVC VLAN
Rewrite VC 5 MPLS Label
appear as payload to the VC (Ingress) Type Imposition
• VC label imposition and service AC PW

delimiting tag are independent from MPLS Disposition
EVC VLAN tag operations
POP 1
• Dummy VLAN tag – RFC 4448 (sec VLAN tag
4.4.1)
4 EVC VLAN
MPLS Label VC 5 Rewrite
• VC service-delimiting VLAN-ID is Disposition Type (Egress)
removed before passing packet to
PW AC
Attachment Circuit processing
PE1 PE2
VC 5 and EVC Rewrites
CE-1 104.104.104.104 102.102.102102 CE-2
MPLS
Pseudowire
VC Type 5
Single-tagged frame 10 10
Double-tagged frame 10 tag tag 10 tag
IOS-XR
•No service-delimiting vlan
•POP VLAN 10
expected (VC 5)
l2vpn •No Push of Dummy tag (VC 5) IOS
pw-class class-VC5
•PUSH VLAN 10
encapsulation mpls pseudowire-class class-VC5
transport-mode ethernet encapsulation mpls
interworking ethernet
xconnect group Cisco-Live
p2p xc-sample-1 interface GigabitEthernet2/2
interface GigabitEthernet0/0/0/2.100 service instance 3 ethernet
neighbor 102.102.102.102 pw-id 111 encapsulation dot1q 10
pw-class class-VC5 rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 111 encap mpls pw-class class-VC5
MPLS label
PE1 PE2
VC 4 and EVC Rewrites
CE-1 104.104.104.104 102.102.102102 CE-2
MPLS
Pseudowire
VC Type 4
Single-tagged frame 10 Dummy 10

Double-tagged frame 10 tag Dummy tag 10 tag
IOS-XR
•POP service-delimiting
•POP VLAN 10
vlan (VC 4)
l2vpn •Push Dummy tag (VC 4) IOS
pw-class class-VC4
•PUSH VLAN 10
encapsulation mpls pseudowire-class class-VC4
transport-mode vlan encapsulation mpls
interworking vlan
p2p xc-sample-1 interface GigabitEthernet2/2
interface GigabitEthernet0/0/0/2.100 service instance 3 ethernet
neighbor 102.102.102.102 pw-id 111 encapsulation dot1q 10
pw-class class-VC4 rewrite ingress tag pop 1 symmetric
xconnect 104.104.104.104 111 encap mpls pw-class class-VC4
MPLS label
MTU Considerations
PW payload
• No payload fragmentation MTU signaled
supported between PEs
• Incoming PDU dropped

PE1 PE2
if MTU exceeds AC MTU
AC MTU
MPLS
• PEs exchange PW payload MTU as Pseudowire
part of PW signaling procedures
• Both ends must agree to use same
value for PW to come UP
Intra
• PW MTU derived from AC MTU PE MTU
backbone
CE-1 CE-2
MTU
• No mechanism to check Backbone
MTU
• MTU in the backbone must be large
enough to carry PW payload and
MPLS stack
Ethernet MTU Considerations
Cisco IOS
interface GigabitEthernet0/0/4
• Interface MTU configured as largest description Main interface
mtu 1600
ethernet payload size
ASR1004-1#show int gigabitEthernet 0/0/4.1000 | include MTU
• 1500B default MTU 1600 bytes, BW 100000 Kbit/sec, DLY 100 usec,
• Sub-interfaces / Service Instances (EFPs)

MTU always inherited from main interface
Sub-interface MTU
• PW MTU used during PW signaling inherited from Main
interface
• By default, inherited from attachment circuit
MTU
• Submode configuration CLI allows MTU interface GigabitEthernet0/0/4.1000
values to be set per subinterface/EFP in encapsulation dot1Q 1000
xconnect configuration mode (only for mtu 1500
signaling purposes)
• No MTU adjustments made for EFP rewrite
(POP/PUSH) operations PW MTU used during
signaling can be
overwritten
Ethernet MTU Considerations
Cisco IOS XR
• Interface / sub-interface MTU configured description Main interface
mtu 9000
as largest frame size – FCS (4B)
• 1514B default for main interfaces encapsulation dot1q 100
• 1518B default for single-tagged mtu 1518
subinterfaces
• 1522B default for double-tagged
subinterfaces By default, sub-interface Sub-interface MTU can
MTU inherited from Main be overwritten to match
• PW MTU used during PW signaling interface remote AC
• AC MTU – 14B + Rewrite offset
• E.g. POP 1 ( - 4B), PUSH 1 (+ 4B) RP/0/RSP0/CPU0:PE1#show l2vpn xconnect neighbor 102.102.102.102 pw-
id 11
Group Cisco-Live, XC xc-sample-1, state is down; Interworking none
AC: GigabitEthernet0/0/0/2.100, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [100, 100]
MTU 1500; XC ID 0x840014; interworking none
XC MTU = 1518 – 14 – 4 Statistics:
= 1500B (snip)
Advanced Topics
Multi-Segment Pseudowire
Multi-Segment Pseudowire
Overview
• Separate IGP processes (or areas) for separate T-PE1 S-PE T-PE2
MPLS Access networks IP/MPLS IP/MPLS
CE1 CE2
• T-PE – Terminating Provider Edge

• Customer facing PE, hosting the first or last segment of
a MS-PW
• S-PE – Switching Provider Edge

• Switches control / data planes of preceding and
succeeding segments
• Control Word, sequencing, or original packet header not T-PE1 T-PE2
IP/MPLS IP/MPLS IP/MPLS
examined S-PE 1 S-PE 2
• VC labels swapped
• VC Type, MTU should match end-to-end
• One or more S-PEs can be used depending on number
of segments
• MS-PW uses same signaling procedures and

TLVs described in RFC 4447
Multi-Segment Pseudowires
T-PE1 S-PE T-PE2 CE-2
CE-1 MPLS MPLS
Pseudowire 1 Pseudowire 2
RSVP-TE / LDP RSVP-TE / LDP

Targeted-LDP Targeted-LDP
PW switching point
VC labels swapped, new Penultimate Hop VC label
VC and Tunnel Tunnel label pushed Popping (PHP) disposition
label imposition Push Pop Swap Pop Pop
Push Push

VC Label Label = 28 Label = 28 Label = 45 Label = 45
Payload Payload Payload Payload Payload Payload
Traffic direction
Configuring MS-PWs
Cisco IOS
hostname S-PE
interface Loopback0
T-PE1 S-PE T-PE2
ip address 104.104.104.104 255.255.255.255 102.102.102.102 104.104.104.104 106.106.106.106
l2 vfi sample-ms-pw-1 point-to-point

MS-PW
CE1 CE2
neighbor 106.106.106.106 222190 encapsulation mpls PW VC id
neighbor 102.102.102.102 111190 encapsulation mpls 111190 222190
7604-3#show xconnect peer 102.102.102.102 vcid 111190

Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP mpls 106.106.106.106:222190 UP mpls 102.102.102.102:111190 UP
7604-3#show xconnect peer 102.102.102.102 vcid 111190 detail

------+---------------------------------+--+---------------------------------+--
UP mpls 106.106.106.106:222190 UP mpls 102.102.102.102:111190 UP S-PE labels for
Local VC label 65536 Local VC label 65549 each PW segment
Remote VC label 16029 Remote VC label 47
pw-class: pw-class:
Configuring MS-PWs
Cisco IOS XR
hostname S-PE
interface Loopback0 T-PE1 S-PE T-PE2
102.102.102.102 106.106.106.106 104.104.104.104
ipv4 address 106.106.106.106 255.255.255.255
CE1 CE2
PW VC id
l2vpn
xconnect group Cisco-Live 111200 222200
p2p xc-sample-8
neighbor 102.102.102.102 pw-id 111200 MS-PW
!
neighbor 104.104.104.104 pw-id 222200
RP/0/RSP0/CPU0:ASR9000-2#show l2vpn xconnect group Cisco-Live xc-name xc-sample-8

Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2

Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
Cisco-Live xc-sample-8
UP 102.102.102.102 111200 UP 104.104.104.104 222200 UP
----------------------------------------------------------------------------------------
Advanced Topics
L2VPN Inter – Autonomous Systems (I-AS)
L2VPN Inter-AS Option A
PE1 PE2
IP/MPLS IP/MPLS
• Three (3) deployment models ASBR1 ASBR2 AS Y
AS X
• Option A
• No reachability information shared between AS LDP/RSVP-TE PW AC LDP/RSVP-TE
Native Ethernet
Targeted-LDP Targeted-LDP
• Option B
Option B
• Minimal reachability information shared between AS
PE1 PE2
• ASBR configured as S-PEs (multi-segment PWs) IP/MPLS IP/MPLS
AS X
ASBR1 ASBR2 AS Y
• eBGP (IPv4 prefix + label) used to build PSN tunnel
between AS
LDP/RSVP-TE eBGP (IPv4+Label) LDP/RSVP-TE
• Option C
Targeted-LDP Targeted-LDP Targeted-LDP
• Significant reachability information shared between
AS Option C
• Single-segment PW signaled across AS boundary PE1 PE2
IP/MPLS IP/MPLS
AS X
ASBR1 ASBR2 AS Y
LDP/RSVP-TE eBGP (IPv4+Label) LDP/RSVP-TE
Targeted-LDP
L2VPN Inter-AS Option B
PE1 ASBR1 ASBR2 PE2 CE-2
CE-1 MPLS MPLS
Pseudowire 1 Pseudowire 2 Pseudowire 3

RSVP-TE / LDP eBGP IPv4+Label RSVP-TE / LDP
Targeted-LDP Targeted-LDP Targeted-LDP
BGP on NNI used to Penultimate Hop

PW switching point VC label
exchange tunnel label Popping (PHP)
VC labels swapped disposition
VC and Tunnel No LDP running on NNI
label imposition Push Pop Swap Swap Pop Pop
Push Push

VC Label Label = 28 Label = 28 Label = 45 Label = 88 Label = 88
Payload Payload Payload Payload Payload Payload Payload
Traffic direction
L2VPN Inter-AS Option C
PE1 ASBR1 ASBR2 PE2 CE-2
CE-1 MPLS MPLS
Pseudowire 1
RSVP-TE / LDP/iBGP eBGP IPv4+Label RSVP-TE / LDP/iBGP
Targeted-LDP
ASBR BGP on NNI used to Penultimate Hop VC label

Push of PSN label (if any) exchange tunnel label Popping (PHP) disposition
VC and Tunnel VC labels untouched No LDP running on NNI
label imposition Push Pop Push Swap Pop Pop
Push
Tunnel Label Label = 34 Label = 35 Label = 19

VC Label Label = 28 Label = 28 Label = 28 Label = 28 Label = 28
Payload Payload Payload Payload Payload Payload Payload
Traffic direction
Advanced Topics
Resiliency
Pseudowire Redundancy
High Availability in L2VPN Networks
PE2a
Solutions CE2a
Primary Packet Switched
Pseudowire
Network 3 4
PE1
5
2 3
CE1
Attachment
1 Circuits
PE2b
Site1 Site 2
CE2b
Attachment Redundant
Circuit Pseudowire
• IP Fast Re-Route (FRR) / MPLS FRR

1 • PSN core failure
• Pseudowire Redundancy:
2 • PSN end-to-end routing failure – Redundant PEs
3 • PE failure – Redundant PEs
4 • Attachment circuit failure – AC Diversity
5 • CE failure – Redundant CEs
One-Way Pseudowire Redundancy
Overview
PE1 PE2 CE2a
CE1
IP/MPLS
• Allows dual-homing of one local PE Site X Site Y
to one or two remote PEs

CE2b
• Two pseudowires - primary & PE2
backup provide redundancy for a PE1

CE1
single AC CE2a
Site Y
Site X IP/MPLS PE3
• Faults on the primary PW cause

failover to backup PW
PE2
• Multiple backup PWs (different
PE1 CE2a
priorities) can be defined CE1
Site X IP/MPLS Site Y

PE3
• Alternate LSPs (TE Tunnels) can be
used for additional redundancy CE2b
Primary PW
Backup PW
One-Way Pseudowire Redundancy
Failure Protection Points
 Failure 1 - Core failures handled by IGP
re-routing / IP/MPLS FRR do not trigger
pseudowire switchover
Multi-hop BFD
• Failure 2 - Loss of route to remote PE as PE-PE
PE2
notified by IGP (PE isolation) LDP
PE1 3
• Failure 3 - Loss of Remote PE 2
1IP/MPLS PE3
• How to detect PE failures?
• LDP Fast Failure Detection (FFD) (a.k.a.
Route-Watch) Monitor IGP route
• Monitors IGP route availability for LDP peer (2-3
sec or sub-sec with Fast IGP)
• LDP session timeout (default = 3 x 30 sec)
• BFD timeout (multi-hop PE-to-PE BFD session)
(a.k.a. “xconnect client” IOS feature)
Pseudowire Redundancy
PE2
Active
Preferential Forwarding Status Bit Active
PE1
• Extensions to PW status codes (RFC 6870)

IP/MPLS PE3
• Allows PEs to signal local forwarding status
of the PW (Active or Standby)
Standby
• A PW is selected for forwarding when Active
declared as Active by both PEs PW
Active Active
• Minimize service downtime during PW
failover
• Backup PWs always signaled before failures Active Standby
and held in Standby mode
• Allows VCCV capability over a backup PW Standby Active
• OAM over backup PWs

• SP monitors backup PWs prior to its usage Standby Standby
Two-Way Pseudowire Redundancy
Overview
• Allows dual-homing of two local PEs
to two remote PEs PE1 PE3
• Four (4) pseudowires: 1 primary & 3

CE1 CE2
backup provide redundancy for IP/MPLS
ICCP ICCP
dual-homed devices Site X Site Y
PE2 PE4
• Two-Way PW redundancy coupled

with Multi-Chassis LAG (MC-LAG)
solution on the access side
• LACP state used to determine PW AC
state
• InterChassis Communication Protcol
(ICCP) used to synchronize LACP
states
Configuring Pseudowire Redundancy
Cisco IOS
hostname PE1 PE2
interface Loopback0 PE1 104.104.104.104
ip address 102.102.102.102 255.255.255.255 102.102.102.102
PW VC id
CE2a
interface GigabitEthernet2/4 CE1 170
xconnect 104.104.104.104 170 encapsulation mpls 170170
Redundant PW CE2b
backup peer 106.106.106.106 170170
mtu 1500 configuration PE3
106.106.106.106
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware Primary PW in UP state
------+---------------------------------+--+---------------------------------+--
UP pri ac Gi2/4:170(Eth VLAN) UP mpls 104.104.104.104:170 UP

Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State Redundant PW in Standby state
------+---------------------------------+--+---------------------------------+--
IA sec ac Gi2/4:170(Eth VLAN) UP mpls 106.106.106.106:170170 SB
Configuring Pseudowire Redundancy
Cisco IOS XR
hostname PE1
PE2
interface Loopback0 104.104.104.104
PE1
ipv4 address 106.106.106.106 255.255.255.255 106.106.106.106
! PW VC id
CE2a
interface GigabitEthernet0/0/0/2.180 l2transport CE1 180
l2vpn 180180 CE2b

p2p xc-sample-6 PE3
interface GigabitEthernet0/0/0/2.180 102.102.102.102
neighbor 104.104.104.104 pw-id 180 Redundant PW
pw-class sample-CW-ON configuration
backup neighbor 102.102.102.102 pw-id 180180
pw-class sample-CW-ON
RP/0/RSP0/CPU0:ASR9000-2#show l2vpn xconnect group Cisco-Live xc xc-sample-6

Sun Apr 15 20:18:50.180 UTC
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2

Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
Cisco-Live xc-sample-6
Primary PW in UP state
UP Gi0/0/0/2.180 UP 104.104.104.104 180 UP Redundant PW in Standby state
Backup
102.102.102.102 180180 SB
----------------------------------------------------------------------------------------
Data Center Interconnect – ASR 9000
ASR9000 sessions:
BRKARC-2003
Data Center Interconnect with VPLS BRKSPG-2904
ASR 9000 Use Case 1 – nV Edge
Cisco ASR 9000 Cisco ASR 9000
WAN Edge WAN Edge
Access Agg
WAN
VFI VFI
DC 1 nV Edge nV Edge DC 2
• ASR 9000 as DC WAN Edge provides VPLS with Network Virtualization (nV) for DCI applications
• nV and VPLS provides:

• Single-Chassis (Virtual) Redundancy solution – Network Virtualization Cluster
• Access Multi-Homing solution with Multichassis EtherChannel
• Single control and management plane, distributed data plane – single VFI / single PW between DC pairs
• Flow-based load balancing over Pseudowire using Flow Aware Transport (FAT) PW
• Scalability (MAC address table, number of VFIs / PWs)
ASR 9000 Use Case 1 – nV Edge Sample Configuration
PE 1 PE 2
hostname PE1 hostname PE2
! !
interface Loopback0 interface Loopback0
PE1 PE2
ipv4 address 10.0.0.1 255.255.255.255 ipv4 address 10.0.0.2 255.255.255.255
10.0.0.1 10.0.0.2
interface bundle-ethernet1.1 l2transport interface bundle-ethernet1.1 l2transport
encapsulation dot1q 80 encapsulation dot1q 80
interface bundle-ethernet1.2 l2transport interface bundle-ethernet1.2 l2transport Multichassis PW VC id
encapsulation dot1q 81 encapsulation dot1q 81 EtherChannel 1111
l2vpn l2vpn VFI VFI
pw-class sample-flow-lb pw-class sample-flow-lb nV
encapsulation mpls encapsulation mpls VFI VFI
load-balancing load-balancing 2222
load-balancing flow-label load-balancing flow-label
! !
bridge group DCI bridge group DCI
bridge-domain bd-80 bridge-domain bd-80
interface bundle-ethernet1.1 interface bundle-ethernet1.1
vfi vfi1111 vfi vfi1111
neighbor 10.0.0.2 pw-id 1111 neighbor 10.0.0.1 pw-id 1111
pw-class sample-flow-lb pw-class sample-flow-lb Single PW per VFI/ Vlan
! !
bridge-domain bd-81 bridge-domain bd-81
interface bundle-ethernet1.2 interface bundle-ethernet1.2
vfi vfi2222 vfi vfi2222
neighbor 10.0.0.2 pw-id 2222 neighbor 10.0.0.1 pw-id 2222
Note: nV cluster configuration not shown
pw-class sample-flow-lb pw-class sample-flow-lb Etherchannel configuration imcomplete
ASR 9000 Use Case 2 – ICCP-based Service Multi-Homing
Cisco ASR 9000 Cisco ASR 9000
WAN Edge WAN Edge
Primary
Access Agg Vlan X A VFI vlan X A
VFI VFI
A A
WAN
ICCP ICCP
S S
Flooded
traffic for VFI VFI
S
vlan X S
Secondary
DC 1 dropped
Vlan X
DC 2
• ASR 9000 as DC WAN Edge device provides VPLS with service multi-homing for DCI applications
• Service Multi-homing and VPLS provides:

• Geo-Redundant dual-home DCI layer solution
• Active / Active per VLAN load balancing
• Distributed Control / Management / Data Plane
• Forwarding state coordination via Inter-Chassis Communication Protocol (ICCP)
Data Center Interconnect – Catalyst
6500
Catalyst 6500
Catalyst Catalyst
6500
WAN 6500
Access Agg Edge
Si Si
WAN
VFI VFI
Si Si
DC 1 VSS VSS DC 2
• DC WAN Edge device (Catalyst 6500) implements VPLS with Advanced –VPLS (A-VPLS)
for DCI applications
• A-VPLS provides:
• Single-Chassis (Virtual) Redundancy solution – Virtual Switching System (VSS)
• Multichassis EtherChannel (MEC)
• Flow-based load balancing over WAN using Flow Aware Transport (FAT) PW
• Simplified configuration
Sample Configuration – Catalyst 6500
Virtual Ethernet interface
modeled as Switchport
PE 1 trunk towards VFIs
PE 2
hostname PE1 hostname PE2 PE1 PE2
! ! 10.0.0.1 10.0.0.2
interface Loopback0 interface Loopback0
ip address 10.0.0.1 255.255.255.255 ip address 10.0.0.2 255.255.255.255
! !
Multichassis PW VC id
pseudowire-class sample-class pseudowire-class sample-class
EtherChannel Si 80 Si
encapsulation mpls encapsulation mpls
(MEC)
load-balance flow load-balance flow VFI VFI
flow-label enable flow-label enable VSS
VFI VFI
interface virtual-ethernet 1 interface virtual-ethernet 1 81
transport vpls mesh transport vpls mesh
neighbor 10.0.0.2 pw-class sample- neighbor 10.0.0.1 pw-class sample- Si Si
class class
switchport switchport
switchport mode trunk switchport mode trunk
switchport trunk allowed vlan 80,81 switchport trunk allowed vlan 80,81
interface port-channel50 interface port-channel50
switchport switchport
switchport mode trunk switchport mode trunk Single PW per Vlan per
switchport trunk allowed vlan 80,81 switchport trunk allowed vlan 80,81 VSS pair
Note: Complete Virtual Switching System (VSS) / Multichassis EtherChannel (MEC) configuration not shown

BRKMPL 2101

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKMPL 2101

Uploaded by

Copyright:

Available Formats

Deploying MPLS-based

Layer 2 Virtual Private

• Deployment Use Cases

Ethernet TDM ATM Frame Relay

Muxed UNI Unmuxed Muxed UNI Muxed UNI Muxed UNI

Muxed UNI Muxed UNI

• Data Center Interconnection (DCI)

Emulated Layer-2 Service

The “emulated circuit” has three (3) layers of encapsulation

Demultiplexing • Demultiplexer field (VC Label)

Layer 2 • Emulated VC encapsulation (Control Word)

Original Ethernet Frame

MPLS Stack AToM Header

Tunnel Label Tunnel Label (IGP-LDP or RSVP-TE) TC 0 TTL

VC Label VC Label (VC) TC 1 TTL (Set to 2)

Flags FRG Length Sequence Number Control Word

• VPWS with LDP-signaling and No Most

Traffic direction Tunnel label Penultimate

Push Swap Pop Pop

Tunnel Label Label = 34 Label = 45

Payload Payload Payload Payload Payload

sites, as if they were connected

• VPLS operation emulates an IEEE

• Forwarding based on destination MAC addresses Equipment PE 1 PE 3

• Flooding (Broadcast, Multicast, Unknown Unicast) CE

• H-VPLS dual-home example

• VPLS with LDP-signaling and No Most

domain VFI VFI

• Two (2) RFCs define use of BGP for

L2VPN Rtr ID = 10.10.10.10 L2VPN Rtr ID = 20.20.20.20

Source Address = 1.1.1.10 Source Address = 2.2.2.20

NLRI Route Distinguisher = 100:111 Route Distinguisher = 100:111

VPLS-ID = 100:111 VPLS-ID = 100:111

L2VPN Rtr ID = 10.10.10.10 L2VPN Rtr ID = 20.20.20.20

AGI = VPLS-ID = 100:111 AGI = VPLS-ID = 100:111

Local and Remote

assigned a unique VPLS Edge device ID VFI VFI

• A PE X wishing to send a VPLS update PE2 I am PE X with ACs on

• Each receiving PE infers the label CE-A2

MACs) over Core VID 100

• Unicast: use MP2P tunnels

• Under standardization at IETF – draft- BGP MAC adv. Route

SHD Route Types Extended Communities

[2] MAC Advertisement Route ES-Import

PBB Ethernet VPN PBB

• Under standardization at IETF – WG draft: draft- PE2 PE4

• Performs PBB encap/decap on PIP B-DA / B-SA B-Tag 4B

CE1 I-SID X BD EVPN

CE1 I-SID X BD EVPN

EVPN MAC Advertisement route

CE1 I-SID X BD EVPN

CE1 I-SID X BD EVPN

• Support starting with Cisco IOS-XR

(1) PBB-EVPN support started in IOS-XR 4.3.2 and 5.1.1 releases

• Four (4) pseudowires: 1 primary & 3

• Two-Way PW redundancy coupled

FA-C Port / Link Failures

(Active/Standby) drives PW state advertised to remote

FA-C Port / Link Failures

S A Active PoA detects failure

FA LACP ICCP ICCP LACP 2

Active PoA advertises

Standby PoA advertises