AR Series Routers VRP3.

30 Training Presentation Slides

MPLS L2 VPN
ISSUE 1.0

Huawei-3Com Training Center

 Objectives

Provide a architectural overview to MPLS

L2 VPN

Give a rough discussion to data flow of

general MPLS L2 VPN

Provide a general discussion to Martini

and Kompella signaling method

2
Course Contents

MPLS L2 VPN Overview

MPLS L2 VPN Data Flow

Signaling Methods

3
 What’s L2 VPN
rt5 rt2
We will refer to these VPNs as
dlci:201
dlci:506 "Layer 2 VPNs" because the
dlci:504 dlci:203 service provider providers only a
layer 2 interface to its customer,
SB
and the customer is responsible
for creating and managing the
layer 3 overlay.
rt1
dlci:605 rt6
dlci:102 SC
dlci:103 Frame Relay Network
dlci:604
dlci:302 rt3
dlci:405
SA
dlci:406 dlci:301
rt4

 Traditional L2 VPN is based on circuit-like technology.

 It just use virtual circuit to construct connections among VPN
sites.
 It provide better flexibility than leased line.

4
 Problems of Traditional L2 VPN

However, many of these service providers would like to replace their

Frame Relay or ATM infrastructures with an IP infrastructure.

 Problems

 Too complex control information

 Too much configuration Jobs
 Total system has to share same l2 technology.
 MPLS L2 VPN intends to solve all these problems by following
technologies:
 Solution 1: Tunnel Technology
 Solution 2: Pre-provision
 Solution 3: IP Backbone

5
 Basic Scenarios of MPLS L2 VPN
rt5 rt2

dlci:201
dlci:506
dlci:504 dlci:203

rt1
rt6
dlci:605
dlci:102
dlci:103
dlci:604

dlci:302 rt3
dlci:405
dlci:301
rt4
dlci:406
Tunnel
Emulated Virtual Circuit
 Obviously, this solution provide better scalability and flexibility.

6
 What’s tunnel?
Label:17 Label:18
X C Y
A
B
LFIB of A
Label:101 LFIB of B Label:100
LFIB of C
in NHLFE in NHLFE in NHLFE
x push 17, send to B 17 Swap 18, send to C 18 pop, send to up layer

101 pop, send to up layer 100 Swap 101, send to A y push 100, send to B

 Tunnel just has the traditional meanings. Tunnel here just

could be GRE or other tunnel. Certainly, two MPLS LSPs can
do same job.
X and Y here indicate the data transported in the tunnel.

7
 What’s Emulated VC?
 Below scenarios illustrate how to connect 2 local Frame Relay
DLCI by 2 MPLS LSP emulated VC in a MPLS tunnel.
(Question: why we need tunnel?)

EVC LSP 1000 Tunnel LSP

17 18 C
dlci 150 A
B dlci 250
101 100
2000
LFIB of A LFIB of C
in NHLFE LFIB of B in NHLFE
Dlci:150 push 1000, send to C in NHLFE Dlci:250 push 2000, send to A

C push 17, send to B 17 Swap 18, send to C A push 100, send to B

101 pop, send to up layer 100 Swap 101, send to A 18 pop, send to up layer
1000
2000 pop, send to dlci 150 send to dlci 250
8
 How do these VCs and tunnels work?

L2 frame

150 17 1000 18 1000 250

A C
B

LFIB of A LFIB of C
in NHLFE LFIB of B in NHLFE
Dlci:150 push 1000, send to C in NHLFE Dlci:250 push 2000, send to A

C push 17, send to B 17 Swap 18, send to C A push 100, send to B

101 pop, send to up layer 100 Swap 101, send to A 18 pop, send to up layer
1000
2000 pop, send to dlci 150 send to dlci 250

 This is MPLS L2 VPN!

9
 But MPLS L2 VPN is not only this!

 We have seen basic thoughts of MPLS L2 VPN. But that not all.
Since following essential questions still haven’t been answered:
 How to transmit L2 data in the MPLS network according control
information which is illustrated in before slides?
 What’s the encapsulation?
 How to simulate different l2 network behaviors in MPLS network?

 How to establish all the control information?

 How to establish the tunnel?
 How to establish the EVC (Emulated Virtual Circuit)?

10
Course Contents

MPLS L2 VPN Overview

MPLS L2 VPN Data Flow

Signaling Methods

11
MPLS L2VPN Data Flow

 L2 Encapsulation
 Data Flow Model

12
 L2 Data Encapsulation

 Generally, L2 data transmitted in backbone has 3 parts of

encapsulation:
 Tunnel Header
 It contains the information needed to transport the L2 PDU across
backbone;
 Demultiplexer Field
 It is used to distinguish individual emulated virtual circuits within a
single tunnel;
 Emulated VC Encapsulation
 It contains the information about the enclosed layer 2 PDU which is
necessary in order to properly emulate the corresponding layer 2
protocol.

13
 Tunnel & Demultiplexer Encapsulation

 Tunnel here could be based on any tunnel encapsulation

technology: MPLS, GRE, etc.
 MPLS label should be used be as demultiplexer Field.
 Here is a typical encapsulation manner:

S S

Tunnel Label EXP 0 TTL EVC Label EXP 1 TTL

14
 Emulated VC Encapsulation

 Quotes from “draft-martini-l2circuit-encap-mpls-04.txt”

 In most cases, it is not necessary to transport the layer 2
encapsulation across the network; rather, the layer 2 header
can be stripped at R1(the ingress edge router), and reproduced
at R2(the egress edge router). This is done using information

carried in the control word, as well as information that

may already have been signaled from R1 to R2.

Tunnel Demultiplexer Control word L2 Encapsulations

15
 Control Word Details

 Flags is protocol specific.

 The value of the length field, if non-zero, can be used to
remove any padding.
 The sequence number could be used to guarantee ordered
packet delivery.

16
 Layer 2 Frame Encapsulation

 Layer 2 frames could be transmitted

 Frame Relay
 ATM AAL5 CPCS-SDU
 ATM Cell
 Ethernet VLAN
 Ethernet
 HDLC
 PPP

Following are the Protocol-Specific Details for flags

17
 Frame Relay

 B: BECN
 F: FECN
 D: DE
 C: C/R

18
 ATM AAL5 CPCS-SDU

 T: Transport type
 E: EFCI
 L: CLP
 C: Command / Response

19
 Ethernet VLAN & Ethernet

 Ethernet frame without the preamble or FCS is transported as

a single packet. The control word is OPTIONAL.
 The 4 byte VLAN tag is transported as is, and MAY be
overwritten by the egress router.

20
 PPP & HDLC

 The HDLC PDU is transported in its entirety, including the

HDLC address, control and protocol fields, but excluding
HDLC flags and the FCS.
 The PPP PDU is transported in its entirety, including the
protocol field, but excluding any media-specific framing
information, such as HDLC address and control fields or FCS.

21
MPLS L2VPN Data Flow

 L2 Encapsulation
 Data Flow Model

22
 L2 Data Flow Model

 What MPLS L2 VPN stipulate is L2 network, and all L2

network could be classified as:
 LAN: Ethernet, Ethernet with VLAN
 WAN: Frame Relay, ATM, HDLC, PPP, Ethernet (PTP), Ethernet
with VLAN (PTP)
 So, all MPLS L2 VPN could be classified as:
 VPLS: Virtual private LAN service
 VPWS: Virtual private Wire service

23
 VPWS Scenarios

CE2

dlci:201

PE2 dlci:203

dlci:102 P
CE1 dlci:103
dlci:302 CE3

dlci:301
PE1 PE3

 VPWS provide simple “point-to-point” services. CE must

configure a VC to any site it willing to communicate with.

24
 PE Model

 PE model in VPWS is very simple: they just works the same

thing like WAN switch. Just take MPLS-emulated VC like PVC
in frame relay network. (Another approximated conclusion is:
Just take tunnel as interface, and take EVC as PVC)

25
 VPWS Data Forwarding Information
 Before L2 data forwarding happening, all equipment involved
must have the forwarding information established.

IP DLCI IN NHLFE IP DLCI

CE2 102 100 swap 101, send to PE2 CE1 201

CE2
CE1
P

PE2
PE1

IN NHLFE IN NHLFE

102 push 1000; push 100, send to P 101 pop; send to up layer

1000 pop; send DLCI 201

26
 VPWS Data Flow
CE2

201 dlci:201

PE2 dlci:203
demultiplexer
tunnel control word

1001000

102

dlci:102 P
CE1 dlci:103
dlci:302 CE3

PE1 dlci:301
PE3

 The forwarding action is simple: just searching and sending.

 In order to communication with CE2 & CE3, CE1 has to
configure 2 address maps. The total system works like a
Frame Relay network.
27
 VPLS Scenarios
CE2
B

PE2

P
CE1
CE3

PE1 PE3
C

 VPLS provide an LAN-like services. Any CE only need 1

connection to PE.

28
 PE Model

 PE here simulate a virtual LAN switch for each VPN. VSI

works in a same manner with LAN Switch.

MAC Address Table Physical Ethernet Interfaces

MAC Interface

Logical Ethernet Interfaces

Control Flow

Data Flow Tunnel LSP

incoming LSP
Forwarding Engine
out going LSP

VSI: Virtual Switching Instances

29
 VPLS Forwarding Information

 Just like LAN switch, VPLS forwarding information is not

completely established before data forwarding happen.
 VSI has been established before the happening of data
forwarding, which means that MPLS tunnel and VC LSP has
been established.
 MAC address table contents are dynamically maintained by
forwarding action.

30
 VPLS Data Flow
 When data forwarding happens, VPLS dynamically establish
some control information (Just like LAN Switch).
B
CE2
VSI of the VPLS in PE1
PE2 E1 E0
MAC address table Interface List
A, B
MAC Interface Interface Attributes MAC Interface
A E0 E0 Physical Link E0 A E1
VIF 0 out lsp:(100, 1000) in lsp:(201,2000) 101 1000 A, B
VSI of the VPLS in PE2
VIF 1 out lsp:(150, 1500) in lsp:(301,3000)
MAC address table Interface List
E0
A E0 E1 MAC Interface Interface Attributes
CE1 A, B A VIF 0 E0 Physical Link
A, B 100 1000 A, B
E0 VIF 0 out lsp:(200, 2000) in lsp:(101,1000)
VIF 1 out lsp:(250, 2500) in lsp:(301,3000)
A PE1 150 1500 A, B
P
MAC Interface
IN NHLFE 151 1500 A, B
A E1
100 Swap 101, send to PE2; A, B
PE3
150 Swap 151, send to PE3; VSI of the VPLS in PE3 E0 E1 CE3
E0
200 Swap 201, send to PE1; MAC address table Interface List
250 Swap 251, send to PE3; MAC Interface Interface Attributes

300 Swap 301, send to PE1;

E0 Physical Link C
A VIF 0 VIF 0 out lsp:(300, 3000) in lsp:(151,1500)
350 Swap 351, send to PE2;
VIF 1 out lsp:(350, 3500) in lsp:(251,2500)

31
Course Contents

MPLS L2 VPN Overview

MPLS L2 VPN Data Flow

Signaling Methods

32
Signaling Methods

 General Concept
 Martini Method
 Kompella Method

33
 General Concept

 Signaling is not an very accuracy item. Basically, “signaling”

here has relation with following three technologies:
 Tunnel Signaling
 VC Signaling
 VPN Topology Discovery

34
 Tunnel Signaling

 Tunnel Signaling is the technology used to establish tunnel.

Some of them are used very widely (not limit in L2 VPN):
 MPLS Tunnel
 LDP/CR-LDP
PE PE
 RSVP-TE

 Traditional Tunnel
 L2TP
 GRE
 IPSEC
P

PE

35
 VC Signaling

 VC signaling means the technology used to establish

emulated VC between PES. Major differences among different
MPLS L2 VPN technologies lies in this point.
CE
 Typical VPWS technologies Dlci 290, name vc1
 Martini Solution (LDP)
I bind vc1 with label1000 PE
 Kompella Solution (BGP)
 Typical VPLS technologies P
 Martini Extensive Solution (LDP) I bind vc1 with label2000
 Other Solutions (LDP or BGP)
PE Dlci 190, name vc1

CE

36
 VPN Topology Discovery

 VPN topology discovery means the distribution of the site

information that make up of VPN. It is a very important
element of constructing scalable L2 VPN.
 Most implementation adopts BGP as topology discovering
technology.
VPLS V1

A VPLS V1 C
VPLS V1

37
Signaling Methods

 General Concept
 Martini Method
 Kompella Method

38
 Martini MPLS L2 VPN

 Martini L2 VPN is defined by following 2 drafts:

 draft-martini-l2circuit-encap-mpls-04
 draft-martini-l2circuit-trans-mpls-08
 Martini solution is a VPWS technology:
 Tunnel Signaling Technology: LDP
 VC Signaling Technology: LDP Remote Peer

39
 Basic Thoughts of Martini Signaling

 Major tasks of Martini Signaling are:

 Tunnel signaling
 LDP is used to establish MPLS tunnels between PEs. However,
other tunnels also could be used.
 VC signaling
 PE names each attached VC by a 32 bits number: VC-ID.
 LDP remote peer relationship is established between 2 PES, then it
is used to distribute and maintain label & VC bindings.

(1,1000;PE1)

VC-ID:1 (1,2000;PE2)
VC-ID:1
DLCI:100 PE1 PE2 DLCI:200

CE1
P CE2

40
 How could LDP do it?

A new LDP FEC TLV is defined:

VC FEC

41
 Fields in VC FEC
C = 1 means control word will present on this VC.
 VC Type: Frame Relay DLCI, ATM AAL5 VCC transport, ATM
transparent cell transport, Ethernet VLAN, Ethernet, HDLC,
PPP, CEM, ATM VCC cell transport, ATM VPC cell transport
 Group ID: An arbitrary 32 bit value which represents a group
of VCs that is used to create groups in the VC space.
 VC ID: A non zero 32-bit connection ID that together with the
VC type, identifies a particular VC.
 Interface parameters: This variable length field is used to
provide interface specific parameters, such as interface MTU.

42
 Signaling Details
 Tunnel Signaling
 It could be based on any form of signaling technology.

IN NHLFE IN NHLFE
PE2 push 201, send to b PE1 push 101, send to c
100 pop, send to up layer 200 pop, send to up layer

LDP Label Mapping

d
DCLI 500 a (PE1,100;a) (PE1,101;c) DCLI 600
PE1 PE2
(PE2,201;b) b (PE2,200;d)
c
P
CE1 IN NHLFE CE1
100 Swap 101, send to d
200 Swap 201, send to a

43
 Signaling Details
 VC Signaling
 LDP Remote Peer, Downstream Unsolicited label distribution

IN NHLFE IN NHLFE
PE2 push 201, send to b PE1 push 101, send to c
100 pop, send to up layer 200 pop, send to up layer
dlci 500 push 2000, send to PE2 dlci 600 push 1000, send to PE1
1000 pop, send to dlci 500 2000 pop, send to dlci 600

(VC1,1000;PE1)

(VC1,2000;PE2) d
DCLI 500 a DCLI 600
PE1 PE2
b
c
P
CE1 IN NHLFE CE1
100 Swap 101, send to d
200 Swap 201, send to a

44
 Summary of Martini Solution

 It’s simple, and so it is efficient. (VPLS signaling could be

simply based this solution).
 It just provide point to point connecting services, so it seems
that it is too simple.

45
Signaling Methods

 General Concept
 Martini Method
 Kompella Method

46
 Kompella MPLS L2VPN Solution

 Kompella solution is defined by following 2 drafts

 draft-martini-l2circuit-encap-mpls-04
 draft-kompella-ppvpn-l2vpn-00.txt
 Kompella solution is a VPWS technology:
 Tunnel Signaling Technology: LDP
 VC Signaling Technology: BGP
2 significant features
 Topology auto discovery
 Auto Configuration

47
 General Concept
 Kompella is a similar L2 VPN solution as Martini solution
 They share same tunnel technology.
 They are based on similar transporting encapsulation.
 Basic thoughts of VC signaling are same: establish a binding
between 2 simplex LSP and a VC.
 Compares to Martini solution, Kompella solution provides 3
additional features
 Topology auto discovery. (Martini just provide point to point
connection services)
 Automatic configuration. (Just plug CE, then it will work) .
 Layer 2 interworking.

48
 Basic Thoughts of Kompella Signaling
 Signaling Protocols
 MBGP(BGP Multiprotocol Extensions): A series of extended
communities are defined. They are used both for topology
discovery and VC signaling.
 Basic thoughts of Kompella Signaling
 PE identify each attached CE with a CE-ID. CE-IDs are unique
in the scope of one VPN.
 PE use MBGP to distribute bindings of each attached CE (say
CEI) with a list of labels to all other PEs. Any other PE will pick
one label in the list for the VC encapsulation when it want to
forward traffic from one of it’s own attached CE to CEI.
 BGP extended community RT (Route Target) is used to
distinguish different VPNs.

49
 Rough Overview-Tunnel Signaling
 By common LDP (or other tunnel technology), tunnels could
be established between all PEs.
IN NHLFE
IN NHLFE
PEA Push 101, send from b;
PEB Push 201, send from a;
PEC Push 351, send from b;
PEC Push 301, send from a;
200 Pop, send to up layer;
100 Pop, send to up layer;
250 Pop, send to up layer;
150 Pop, send to up layer; PEA
a b

CE:1 PEB CE:2

A c B
PEC IN NHLFE
CE:3 PEA Push 151, send from c;
PEB Push 251, send from c;
300 Pop, send to up layer;
C 350 Pop, send to up layer;

50
 Rough Overview-VC Signaling

IN NHLFE
IN NHLFE
1-2 Push 2000, send to PEB;
Here need a mapping algorithm! 2-1 Push 1000, send to PEA;
1-3 Push 3000, send to PEC;
2-3 Push 3001, send to PEC;
1000 Pop, send to up layer;
2000 Pop, send to up layer;
1001 Pop, send to up layer; RT(100:1),CE-ID(1),
Label Block(1000, 1001) 2001 Pop, send to up layer;

PEA
RT(100:1),CE-ID(2),
Label Block(2000, 2001)
PEB
CE:1 RT(100:1),CE-ID(1), RT(100:1),CE-ID(3), CE:2
Label Block(1000, 1001) Label Block(3000, 3001)

A RT(100:1),CE-ID(3),
Label Block(2000, 2001) B
RT(100:1),CE-ID(3),
Label Block(3000, 3001)
PEC
IN NHLFE
CE:3
3-1 Push 1001, send to PEA;
3-2 Push 2001, send to PEB;
3000 Pop, send to up layer;
C 3001 Pop, send to up layer;

 You needn’t configure CE-CE connections manually!

51
 Rough Overview: Data Flow
IN NHLFE IN NHLFE
1-2 Push 2000, push 201; send from a; 2-1 Push 1000, push 101; send from b;
1-3 Push 3000, push 301; send from a; 2-3 Push 3001, push 351; send from b;
1000 Pop, send from 2-1; 2000 Pop, send from 1-2;
1001 Pop, send from 3-1; 2001 Pop, send from 3-2;
100 Pop, send to up layer; 201 2000 200 Pop, send to up layer;
150 Pop, send to up layer; 1->2 250 Pop, send to up layer;

PEA

PEB
CE:1 CE:2
351 2001
151 1001
A 3->1
2->3
B
PEC

CE:3 IN NHLFE
3-1 Push 1001, push 151; send from c;
3-2 Push 2001, push 251; send from c;
3000 Pop, send from 1-3;
C 3001 Pop, send from 2-3;
300 Pop, send to up layer;
350 Pop, send to up layer;

52
 CE-Labels Binding: Analysis
 As we have discussed, It’s naturally to ask all labels bind with one CE
should be continuous.
 Could it be one contiguous block?
 The amounts of labels of a CE reflects amounts of remote CEs it need to
connect with. When a new CE is added to the VPN, and if one
contiguous label block is used, here are following 2 solutions:
 Reallocation: Reallocate attached added VC and reallocate all labels bound
with the respect CE.
 Pre-provision: pre-allocate local VCs (Frame Relay DLCIs, ATM VPI/VCIs
etc. ) and labels corresponded for future usage.
 Reallocation is not a good solution. Pre-provision is a good idea, but you
could not always know everything in the future.
 So, following label space arrangement is used in this solution.

53
 CE-Labels Binding: label space arrangement
 Basic thoughts
 All labels bound with a CE is composed of a number of label
9 DLCIs:
block. 100-109

 A label block is a set of contiguous labels.

 Some concepts
 CE Range; Label block ( Label base, Label range); Block Offset.

Here label 1000 is just used

for algorithm simplicity. Labels bound with
this CE could be:

Block Offset: 1 5 8 CE1

It’s range is 9.
1000 1001 1002 1003 2000 2001 2002 3000 3001 3002
It intends to
Label Base: 1000
Label Range: 4
Label Base: 2000
Label Range:3
Label Base: 3000
Label Range: 3
connect with
CE2 to CE10
54
CE-Labels Binding: Distribution & Usage
 Suppose CE1 we just discussed is in a below network:
 PEB will use choose label 2001 for CE6->CE1 traffic.

1 5 8
1000 1001 1002 1003 2000 2001 2002 3000 3001 3002

6->1

PEA PEB

CE1 CE6

55
 How could BGP do this?
A new AFI for L2-VPN, a new SAFI, and also a new NLRI
format for carrying the individual L2-VPN label-block
information are introduced to MBGP.
 L2VPN NLRIs MUST be accompanied by one or more
extended communities. RT is one of them.

RD is used to distinguish bindings

belong to different VPNs.

Example: Circuit Status Vector TLV.

56
 BGP Extended Communities for L2VPN

 Route Target
 It is used to construct VPN topology.
 Layer2-Info Extended Community
 It is used to carry layer 2 specific information in a VPN.

57
 L2 Interworking

 Kompella solution of MPLS L2 VPN could provide Layer 2

interworking, where there is no restriction on Layer 2, but
Layer 3 must be IP.
 The idea is straight: only transport IP packets in the
backbone. The encapsulation is:

58
 Questions

59
Thank You !

Huawei-3Com Technology Co., Ltd.

www.huawei-3com.com