VPLS Introduction

An Introduction to VPLS
Jeff Apcar, Distinguished Services Engineer APAC Technical Practices, Advanced Services
Presentation_ID
2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Agenda
VPLS Introduction Pseudo Wire Refresher VPLS Architecture VPLS Configuration Example VPLS Deployment Summary
Presentation_ID
Cisco Confidential
Do you want to date VPLS?

VPLS is like having Paris Hilton as your girlfriend.
The concept is fantastic, but in reality the experience might not be what you expected.
But were still willing to give it a go as long as we can understand/handle her behaviour
Me, Just Then
Presentation_ID
Cisco Confidential
VPLS Introduction
Presentation_ID
Cisco Confidential
Virtual Private LAN Service (VPLS)

VPLS defines an architecture allows MPLS networks offer Layer 2 multipoint Ethernet Services SP emulates an IEEE Ethernet bridge network (virtual) Virtual Bridges linked with MPLS Pseudo Wires
Data Plane used is same as EoMPLS (point-to-point)
VPLS is an Architecture
CE PE PE CE
CE
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Virtual Private LAN Service

End-to-end architecture that allows MPLS networks to provide Multipoint Ethernet services It is Virtual because multiple instances of this service share the same physical infrastructure It is Private because each instance of the service is independent and isolated from one another
It is LAN Service because it emulates Layer 2 multipoint connectivity between subscribers
Presentation_ID
Cisco Confidential
Why Provide A Layer 2 Service?

Customer have full operational control over their routing neighbours Privacy of addressing space - they do not have to be shared with the carrier network Customer has a choice of using any routing protocol including non IP based (IPX, AppleTalk)
Customers could use an Ethernet switch instead of a router as the CPE

A single connection could reach all other edge points emulating an Ethernet LAN (VPLS)
Presentation_ID
Cisco Confidential
VPLS is defined in IETF

Application ISOC General IAB Internet PWE3 IETF Ops and Mgmt L2VPN Formerly PPVPN workgroup L3VPN BGP/MPLS VPNs (RFC 4364 was 2547bis) IP VPNs using Virtual Routers (RFC 2764) CE based VPNs using IPsec VPWS, VPLS, IPLS
Routing
MPLS
Security
Pseudo Wire Emulation edge-to-edge Forms the backbone transport for VPLS
As of 2-Nov-2006
Presentation_ID
Transport
Cisco Confidential
Classification of VPNs
VPN
Network Based
CPE Based
Layer 2
Layer 3
Layer 3
Ethernet
P2P
VPWS
VPLS IPLS
Ethernet (P2MP) Ethernet (MP2MP)
MPLS VPN
Virtual Router
IPSec
GRE
Frame Relay ATM
Frame Relay PPP/HDLC ATM/Cell Relay Ethernet (P2P)
Presentation_ID
Cisco Confidential
L2VPN Models
L2VPN
MPLS
Like-to-Like Any-to-Any Like-to-Like
IP
VPWS Point-to-Point
VPLS/IPLS Multipoint
L2TPv3 Point-to-Point
PPP HDLC
ATM AAL5/Cell
FR Ethernet
PPP HDLC
ATM AAL5/Cell
FR
Ethernet
Ethernet
Presentation_ID
Cisco Confidential
10
IP LAN-Like Service (IPLS)

An IPLS is very similar to a VPLS except
The CE devices must be hosts or routers not switches The service will only carry IPv4 or IPv6 packets IP Control packets are also supported ARP, ICMP Layer 2 packets that do not contain IP are not supported
IPLS is a functional subset of the VPLS service

MAC address learning and aging not required Simpler mechanism to match MAC to CE can be used Bridging operations removed from the PE Simplifies hardware capabilities and operation
Defined in draft-ietf-l2vpn-ipls
Presentation_ID
Cisco Confidential
11
VPLS Components
Pseudo Wires within LSP Attachment circuits Port or VLAN mode Virtual Switch Interface (VSI) terminates PW and provides Ethernet bridge function Mesh of LSP between N-PEs
CE router
N-PE
N-PE
CE router
CE router
CE router
CE switch
MPLS Core
CE switch
Targeted LDP between PEs to exchange VC labels for Pseudo Wires
CE router CE switch
Attachment CE can be a switch or router
N-PE
12
Virtual Switch Interface

Flooding / Forwarding
MAC table instances per customer (port/vlan) for each PE VFI will participate in learning and forwarding process Associate ports to MAC, flood unknowns to all other ports
Address Learning / Aging

LDP enhanced with additional MAC List TLV (label withdrawal) MAC timers refreshed with incoming frames
Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS) Unidirectional LSP carries VCs between pair of N-PE Per
A VPLS use split horizon concepts to prevent loops

13
Presentation_ID
Cisco Confidential
Pseudo Wire Refresher
Presentation_ID
Cisco Confidential
14
Pseudo Wires in VPLS

IETF working group PWE3
Pseudo Wire Emulation Edge to Edge; Requirements detailed in RFC3916 Architecture details in RFC3985
Develop standards for the encapsulation & service emulation of Pseudo Wires
Across a packet switched backbone
A VPLS is based on a full mesh of Pseudo Wires
Presentation_ID
Cisco Confidential
15
Pseudo Wire Reference Model (RFC 3916)

Emulated Service Pseudo Wire Customer Site PSN Tunnel (LSP in MPLS) Customer Site
CE IP/MPLS
CE
PW1 Attachment Circuit PW2
Customer Site
CE
PE1
Packet Switched Network (PSN) IP or MPLS
PE2
Pseudo Wire PDUs
CE
Customer Site
A Pseudo Wire (PW) is a connection between two provider edge devices connecting two attachment circuits (ACs)
In an MPLS core a Pseudo Wire uses two MPLS labels

Tunnel Label (LSP) identifying remote PE router VC Label identifying Pseudo Wire circuit within tunnel
16
Pseudo Wire Standards (Care for a Martini?)

RFC 4446 Numeric values for PW types RFC 4447 Distribution mechanism for VC labels
Previously called draft-martini-l2circuit-trans-mpls
RFC 4448 Encapsulation for Ethernet using MPLS

Previously called draft-martini-l2circuit-encap-mpls
Other drafts are addressing different encapsulations

draft-ietf-pwe3-frame-relay/draft-ietf-pwe3-atm-encap draft-ietf-pwe3-ppp-hdlc-encap-mpls Originally part of draft-martini-l2circuit-encap-mpls
Presentation_ID
Cisco Confidential
17
MPLS PW Types (RFC 4446)

0x0001 Frame Relay DLCI ( Martini Mode ) 0x0002 ATM AAL5 SDU VCC transport 0x0003 ATM transparent cell transport 0x0004 Ethernet Tagged Mode (VLAN) 0x0005 Ethernet (Port) 0x0006 HDLC 0x0007 PPP 0x0008 SONET/SDH Circuit Emulation 0x000E ATM AAL5 PDU VCC transport 0x000F Frame-Relay Port mode 0x0010 SONET/SDH Circ. Emu. over Packet 0x0011 Structure-agnostic E1 over Packet
0x0012 Structure-agnostic T1 over Packet

0x0013 Structure-agnostic E3 over Packet 0x0014 Structure-agnostic T3 over Packet 0x0015 CESoPSN basic mode 0x0016 TDMoIP AAL1 Mode
0x0009 ATM n-to-one VCC cell transport

0x000A ATM n-to-one VPC cell transport 0x000B IP Layer2 Transport 0x000C ATM one-to-one VCC Cell Mode 0x000D ATM one-to-one VPC Cell Mode
0x0017 CESoPSN TDM with CAS

0x0018 TDMoIP AAL2 Mode 0x0019 Frame Relay DLCI
Presentation_ID
Cisco Confidential
18
VC Information Distribution (RFC 4447)

VC labels are exchanged across a targeted LDP session between PE routers
Generic Label TLV within LDP Label Mapping Message
LDP FEC element defined to carry VC information

Such PW Type (RFC 4446) and VCID
VC information exchanged using Downstream Unsolicited label distribution procedures Separate MAC List TLV for VPLS
Defined in draft-ietf-l2vpn-vpls-ldp Use to withdraw labels associated with MAC addresses
Presentation_ID
Cisco Confidential
19
VC Distribution Mechanism using LDP

Directed LDP Session between PE1 and PE2 Tunnel Label(s) gets to PE router
Customer Site
Label Switch Path
CE IP/MPLS
CE
Customer Site
Customer Site
CE
PE1
LSP created using IGP+LDP or RSVP-TE
PE2
VC Label identifies interface
CE
Customer Site
Unidirectional Tunnel LSP between PE routers to transport PW PDU from PE to PE using tunnel label(s)
Both LSPs combined to form single bi-directional Pseudo Wire
Directed LDP session between PE routers to exchange VC information, such as VC label and control information
20
PW Encapsulation over MPLS (RFC 4448)

Ethernet Pseudo Wires use 3 layers of encapsulation
Tunnel Encapsulation (zero, one or more MPLS Labels) To get PDU from ingress to egress PE; Could be an MPLS label (LDP, TE), GRE tunnel, L2TP tunnel Pseudo Wire Demultiplexer (PW Label) To identify individual circuits within a tunnel; Obtained from Directed LDP session Control Word (Optional) The following is supported when carrying Ethernet Provides the ability to sequence individual frames Avoidance of equal-cost multiple-path load-balancing Operations and Management (OAM) mechanisms
Control word format varies depending on transported PDU
Layer 2 PDU
Control Word
PW Label
Tunnel Label
21
Presentation_ID
Cisco Confidential
Ethernet PW Tunnel Encapsulation

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tunnel Encaps PW Demux Control Word
Tunnel Label (LDP,RSVP,BGP) VC Label (VC) 0 0 0 0 Reserved Layer-2 PDU
EXP EXP
0 1
TTL TTL (set to 2)
Sequence Number
Tunnel Encapsulation
One or more MPLS labels associated with the tunnel Defines the LSP from ingress to egress PE router
Can be derived from LDP+IGP, RSVP-TE, BGP IPv4+Label
Presentation_ID
Cisco Confidential
22
Ethernet PW Demultiplexer
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
EXP EXP
0 1
TTL TTL (set to 2)
Sequence Number
VC Label
Inner label used by receiving PE to determine the following Egress interface for L2PDU forwarding (Port based) Egress VLAN used on the CE facing interface (VLAN Based)
EXP can be set to the values received in the L2 frame
Presentation_ID
Cisco Confidential
23
Ethernet PW Control Word

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
EXP EXP
0 1
TTL TTL (set to 2)
Sequence Number
Control Word is Optional (as per RFC)

0000 First nibble is 0x0 to prevent aliasing with IP Packets over MPLS (MAC addresses that start with 0x4 or 0x6)
Should be all zeros, ignored on receive
Reserved
Seq number
provides sequencing capability to detect out of order packets - currently not in Ciscos implementation processing is optional
Cisco Confidential
Presentation_ID
24
PW Operation and Encapsulation

Label 72 for PW1
Directed LDP Session between PE1 and PE2
Lo0: IP/MPLS
PW1 L2 PDU 24LSP72 P2 P1 38
Customer Site
CE
PE1 Label Pop

for Lo0:
Label 38 for Lo0:

LDP Session
Label 24 for Lo0:

LDP Session
PE2
CE
Customer Site
LDP Session
This process happens in both directions

(Example shows process for PE2 PE1 traffic)
Presentation_ID
Cisco Confidential
25
VPLS Architecture
Presentation_ID
Cisco Confidential
26
VPLS Standards
Architecture allows IEEE 802.1 bridge behaviour in SP plus:
Autodiscovery of other N-PE in same VPLS instance Signaling of PWs to interconnect VPLS instances Loop avoidance & MAC Address withdrawal
Two drafts have been approved by IETF L2VPN Working Group
draft-ietf-l2vpn-vpls-ldp
Uses LDP for signalling, agnostic on PE discovery method Predominant support from carriers and vendors Cisco supports this draft
draft-ietf-l2vpn-vpls-bgp
Uses BGP for signalling and autodiscovery
Presentation_ID
Cisco Confidential
27
Cisco VPLS Building Blocks

Layer 2 VPN Point-to-Point Layer 2 VPN Interface-Based/ Sub-Interface Multipoint Layer 2 VPN Ethernet Switching (VFI) Layer 3 VPN
Forwarding Mechanism L2VPN Discovery
IP Routing
DNS
Centralised Radius Directory Services Label Distribution Protocol
Distributed BGP NMS/OSS
Signaling
Tunnel Protocol Hardware
MPLS
IP
Cisco 7600
Catalyst 6500
Cisco 12000
Presentation_ID
Cisco Confidential
28
VPLS Auto-discovery & Signaling

VPN Discovery DNS Centralised Radius Directory Services Label Distribution Protocol Distributed BGP
Signaling
Draft-ietf-l2vpn-vpls-ldp
Does not mandate an auto-discovery protocol Can be BGP, Radius, DNS, or Directory based Uses Directed LDP for label exchange (VC) and PW signaling PWs signal control information as well (for example, circuit state)
Cisco IOS supports Directed LDP for all VC signaling

Point-to-point Cisco IOS Any Transport over MPLS (AToM) Multipoint Cisco IOS MPLS Virtual Private LAN Services
Presentation_ID
Cisco Confidential
29
VPLS Flooding & Forwarding

Unknown DA?
Pseudo Wire in LSP
Data
SA
DA?
Flooding (Broadcast, Multicast, Unknown Unicast) Dynamic learning of MAC addresses on PHY and VCs Forwarding
Physical Port
Virtual Circuit
30
Presentation_ID
Cisco Confidential
MAC Address Learning and Forwarding

Send me frames using Label 102
MAC1
Directed LDP PE1
Send me frames using Label 170 PE2

MAC2
CE
E0/0
Use VC Label 102 Use VC Label 170
CE
E0/1
MAC Address MAC 2 MAC 1
Adj 170 E0/0

Data MAC1 MAC2 170 PE2 PE2 102 MAC1 MAC2 Data
MAC Address MAC 2 MAC 1
Adj E0/1 102
Broadcast, Multicast, and Unknown Unicast are learned via the received label associations
Two LSPs associated with a VC (Tx & Rx)

If inbound or outbound LSP is down
Then the entire Pseudo Wire is considered down
31
Presentation_ID
Cisco Confidential
MAC Address Withdrawal Message

Directed LDP
X
MPLS
Message speeds up convergence process

Otherwise PE relies on MAC Address Aging Timer
Upon failure PE removes locally learned MAC addresses Send LDP Address Withdraw (RFC3036) to remote PEs in VPLS (using the Directed LDP session) New MAC List TLV is used to withdraw addresses
32
VPLS Topology PE View

CEs
PEs
MPLS
Full Mesh LDP Ethernet PW to each peer PE view
Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection Full mesh topology obviates STP in the SP network Customer STP is transparent to the SP / Customer BPDUs are forwarded transparently
Presentation_ID
Cisco Confidential
33
VPLS Topology CE View

CEs
PEs
MPLSMPLS VPLS Core
Full Mesh LDP Ethernet PW to each peer PE view
CE routers/switches see a logical Bridge/LAN VPLS emulates a LAN but not exactly
This raises a few issues which are discussed later
Presentation_ID
Cisco Confidential
34
VPLS Architectures
VPLS defines two Architectures
Direct Attachment (Flat) Described in section 4 of Draft-ietf-l2vpn-vpls-ldp Hierarchical or H-VPLS comprising of two access methods Ethernet Edge (EE-H-VPLS) QinQ tunnels MPLS Edge (ME-H-VPLS) - PWE3 Pseudo Wires (EoMPLS) Described in section 10 of Draft-ietf-l2vpn-vpls-ldp
Each architecture has different scaling characteristics
Presentation_ID
Cisco Confidential
35
VPLS Functional Components

Customer MxUs CE SP PoPs Customer MxUs
U-PE
N-PE
MPLS Core
N-PE
U-PE
CE
N-PE provides VPLS termination/L3 services U-PE provides customer UNI CE is the custome device
36
Directed attachment (Flat) Characteristics

Suitable for simple/small implementations Full mesh of directed LDP sessions required
N*(N-1)/2 Pseudo Wires required Scalability issue a number of PE routers grows
No hierarchical scalability VLAN and Port level support (no QinQ) Potential signaling and packet replication overhead
Large amount of multicast replication over same physical CPU overhead for replication
Presentation_ID
Cisco Confidential
37
Direct Attachment VPLS (Flat Architecture)

CE N-PE MPLS Core N-PE CE
Ethernet (VLAN/Port 802.1q Customer
Full Mesh PWs + LDP
Ethernet (VLAN Port)
Data
MAC1 MAC2
Data MAC1 MAC2 VC PE

Pseudo Wire SP Core
MAC1 MAC2
Data
Presentation_ID
Cisco Confidential
38
Hierarchical VPLS (H-VPLS)

Best for larger scale deployment Reduction in packet replication and signaling overhead Consists of two levels in a Hub and Spoke topology
Hub consists of full mesh VPLS Pseudo Wires in MPLS core Spokes consist of L2/L3 tunnels connecting to VPLS (Hub) PEs Q-in-Q (L2), MPLS (L3), L2TPv3 (L3)
Some additional H-VPLS terms

MTU-s PE-r Multi-Tenant Unit Switch capable of bridging (U-PE) Non bridging PE router
PE-rs
Bridging and Routing capable PE
Presentation_ID
Cisco Confidential
39
Why H-VPLS?
VPLS
PE
CE PE PE CE
H-VPLS
CE PE-rs MTU-s
CE
PE
PE
CE CE
CE PE-rs PE-rs CE PE-r PE-rs CE PE-rs CE
PE
PE PE-rs
CE
CE
Potential signaling overhead Full PW mesh from the Edge Packet replication done at the Edge Node Discovery and Provisioning extends end to end
PE
Minimizes signaling overhead Full PW mesh among Core devices Packet replication done the Core Partitions Node Discovery process
40
Ethernet Edge H-VPLS (EE-H-VPLS)

CE U-PE MTU-s N-PE PE-rs MPLS Core N-PE PE-rs U-PE MTU-s CE
1
802.1q Access
2
QinQ Tunnel
3
Full Mesh PWs + LDP 802.1q Customer
QinQ Tunnel
802.1q Access
Data
Vlan CE
2
MAC1 MAC2 Data
Vlan Vlan CE SP 3 Data
MAC1 MAC2 Vlan CE
QinQ SP Edge
MAC1 MAC2
VC
P E
Pseudo Wire SP Core

41
Presentation_ID
Cisco Confidential
Bridge Capability in EE-H-VPLS

CE
U-PE MTU-s N-PE PE-rs
Local edge traffic does not have to traverse N-PE

MTU-s can switch traffic locally Saves bandwidth capacity on circuits to N-PE
Presentation_ID
Cisco Confidential
42
Ethernet Edge Topologies

Full Service CPE Efficient Access U-PE Large Scale Intelligent Aggregation Edge PE-AGG N-PE Multiservice Core P Intelligent Edge N-PE Efficient Access U-PE Full Service CPE
Si
Metro A
User Facing Provider Edge (U-PE) U-PE PE-AGG

Si
Metro C
10/100/ 1000 Mbps
GE Ring
Hub and 10/100/ Spoke 1000 Mbps U-PE

N-PE
MPLS VPLS Metro B N-PE DWDM/ CDWM N-PE U-PE Network Facing Provider Edge (N-PE)
P RPR
10/100/ 1000 Mbps
10/100/ U-PE 1000 Mbps
Metro D
43
MPLS Edge H-VPLS

CE U-PE PE-rs N-PE PE-rs
MPLS Core
N-PE PE-rs
U-PE PE-rs
CE
MPLS Acces s
MPLS Core
MPLS Acces s
1
802.1q Access
2
MPLS Pseudo Wire
3
Full Mesh PWs + LDP
MPLS Pseudo Wire
802.1q Access
Data 2
Vlan CE
Data
MAC1 MAC2 802.1q Customer Vlan CE MAC1 MAC2 3 VC PE Vlan CE

MPLS PW SP Edge
Same VCID used in Edge and core (Labels may differ)
Data
MAC1 MAC2
VC
P E
Pseudo Wire SP Core

44
Presentation_ID
Cisco Confidential
VFI and Split Horizon (VPLS, EE-H-VPLS)

This traffic will not be replicated out PW #2 and visa versa
CE
1 3 1 3 1 3 1 3
1 1 2 3 1 3 2 3 1 3
1 3 2 3
1 3 2 3
1 3 2 3
Pseudo Wire #1 3 2
N-PE2
CE
2 3 2 3 2 3 2 3
VFI
3 3 2 3
Virtual Forwarding Interface
Pseudo Wire #2
Broadcast /Multicast
N-PE3
3
N-PE1
Bridging Function (.1Q or QinQ)
Pseudo Wires
Local Switching
Split Horizon Active
Virtual Forwarding Interface is the VSI representation in IOS

Single interface terminates all PWs for that VPLS instance This model applicable in direct attach and H-VPLS with Ethernet Edge
45
VFI and NO Split Horizon (ME-H-VPLS)

CE U-PE CE
3
Unicast Split Horizon disabled
1 1 3
1 3 2
1 3 2
1 3 2
Pseudo Wire #1 1 2 3 1 3 2 3 3 2 Pseudo Wire #3 3
N-PE2
VFI
2 Pseudo Wire #2
N-PE3
N-PE1
Pseudo Wire MPLS Based Virtual Forwarding Interface
Pseudo Wires
NO Split Horizon
Split Horizon Active
This model applicable H-VPLS with MPLS Edge

PW #1, PW #2 will forward traffic to PW #3 (non split horizon port)
46
VPLS Logical Topology Comparison

Direct Attach Pros Simple access via Ethernet H-VPLS QinQ tunnel Simple access via Ethernet Hierarchical support via QinQ at access Scalable customer VLANs (4K x 4K) 4K customers supported per Ethernet Access Domain Cons No hierarchical scalability Customer VLAN cannot over lap High STP re-convergence time MAC is not scalable as customer MAC still seen on SP network Supported on SIP-600 only as of 12.2(33)SRA More complicated provisioning Requires MPLS to u-PE OSM/SIP-400/600 as U-PE facing card on N-PE (for 7600) H-VPLS - MPLS PW Fast L3 IGP convergence MPLS TE FRR <50msec Hierarchical support via MPLS PW at access
4K customer VLAN limit in Ethernet access domain

High STP reconvergence time
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
47
Configuration Examples
Presentation_ID
Cisco Confidential
48
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
Presentation_ID
Cisco Confidential
49
Direct Attachment Configuration (C7600)
1.1.1.1
2.2.2.2
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
gi4/4
CE2
pos3/0
pos3/1
VLAN100
PE3
gi4/2 3.3.3.3 VLAN100
CE2
CEs are all part of same VPLS instance (VCID = 56)

CE router connects using VLAN 100 over sub-interface
50
Direct Attachment CE router Configuration

interface GigabitEthernet 2/1.100 encapsulation dot1q 100 ip address 192.168.20.1 interface GigabitEthernet 1/3.100 encapsulation dot1q 100 ip address 192.168.20.2
CE1
Subnet 192.168.20.0/24
CE2
VLAN100
VLAN100
interface GigabitEthernet 2/0.100 encapsulation dot1q 100 ip address 192.168.20.3
CE2
VLAN100
CE routers sub-interface on same VLAN

Can also be just port based (NO VLAN)
51
Direct Attachment VSI Configuration

l2 vfi VPLS-A manual vpn id 56 neighbor 2.2.2.2 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls
1.1.1.1
2.2.2.2
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
gi4/4
CE2
pos3/0
pos3/1
VLAN100
PE3
gi4/2 3.3.3.3 VLAN100
CE2
Create the Pseudo Wires between N-PE routers

52
Direct Attachment CE Router (VLAN Based)

Same set of commands on each PE
Configured on the CE facing interface

1.1.1.1 2.2.2.2
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
gi4/4
CE2
pos3/0
3.3.3.3 VLAN100
This command associates the VLAN with the VPLS instance VLAN100 = VCID 56
Interface GigabitEthernet3/0VLAN100 pos3/1 switchport switchport mode trunk switchport trunk encapsulation dot1q PE3 gi4/2 switchport trunk allowed vlan 100 ! CE2 Interface vlan 100 no ip address xconnect vfi VPLS-A ! vlan 100 state active
Presentation_ID
Cisco Confidential
53
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
54
Direct Attachment CE switch (Port Based)

If CE was a switch instead of a router then we can use QinQ QinQ places all traffic (tagged/untagged) from switch into a VPLS
1.1.1.1 2.2.2.2
CE1
gi3/0 All VLANs
PE1
pos4/1
MPLS Core
pos4/3
PE2
gi4/4
CE2
pos3/0
3.3.3.3 All VLANs
This command associates the VLAN with the VPLS instance VLAN100 = VCID 56
Interface GigabitEthernet3/0 pos3/1 All VLANs switchport switchport mode dot1qtunnel switchport access vlan 100 PE3 gi4/2 l2protocol-tunnel stp ! CE2 Interface vlan 100 no ip address xconnect vfi VPLS-A ! vlan 100 state active
Presentation_ID
Cisco Confidential
55
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
56
H-VPLS Configuration (C7600/3750ME)
U-PE1
Cisco 3750ME
1.1.1.1
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
MPLS Core
pos4/1 gi3/0 pos4/3
gi4/4 gi1/1/1
N-PE1 CE1 CE2 CE2 CE1

3.3.3.3
pos3/0
pos3/1
N-PE2 CE1 CE2
N-PE3
gi4/2
U-PE3
Cisco 3750ME
U-PEs provide services to customer edge device

CE traffic then carried in QinQ or EoMPLS PW to N-PE PW VSI mesh configuration is same as previous examples
57
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
58
H-VPLS QinQ Tunnel (Ethernet Edge)

U-PE carries all traffic from CE using QinQ
Outer tag is VLAN100, inner tags are customers
U-PE1
Cisco 3750ME 1.1.1.1 2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
MPLS Core
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 Interface GigabitEthernet4/4 switchport pos3/0 pos3/1 N-PE1 N-PE2 switchport mode trunk switchport trunk encapsulation dot1q CE1 switchport trunk allowed vlan 100 N-PE3 3.3.3.3 CE1 CE2 CE2 ! gi4/2 interface FastEthernet1/0/1 Interface vlan 100 switchport CE2 no ip address switchport access vlan 100 U-PE3 xconnect vfi VPLS-A switchport mode dot1q-tunnel Cisco 3750ME CE1 ! switchport trunk allow vlan 1-1005 vlan 100 ! state active interface GigabitEthernet 1/1/1 switchport switchport mode trunk switchport allow vlan 1-1005
59
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
60
H-VPLS EoMPLS PW Edge (VLAN Based)

CE interface on U-PE can be access or trunk port
xconnect per VLAN is required
U-PE1
Cisco 3750ME 1.1.1.1 2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
MPLS Core
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 Interface GigabitEthernet4/4 no switchport pos3/0 pos3/1 N-PE1 N-PE2 ip address 156.50.20.1 255.255.255.252 CE1 mpls ip ! N-PE3 3.3.3.3 interface FastEthernet1/0/1 CE1 CE2 CE2 l2 vfi VPLS-A manual gi4/2 switchport vpn id 56 switchport access vlan 500 CE2 neighbor 1.1.1.1 encapsulation mpls U-PE3 ! neighbor 3.3.3.3 encapsulation mpls Cisco 3750ME vlan500 interface CE1 mpls no-split neighbor 4.4.4.4 encaps xconnect 2.2.2.2 56 encapsulation mpls ! interface GigabitEthernet1/1/1 Ensures CE traffic passed on no switchport ip address 156.50.20.2 255.255.255.252 PW to/from U-PE mpls ip
61
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
62
H-VPLS EoMPLS PW Edge (Port Based)

CE interface on U-PE can be access or trunk port
xconnect for entire PORT is required
U-PE1
Cisco 3750ME 1.1.1.1 2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
MPLS Core
pos4/1 pos4/3
gi3/0 gi4/4 gi1/1/1 Interface GigabitEthernet4/4 no switchport pos3/0 pos3/1 N-PE1 N-PE2 ip address 156.50.20.1 255.255.255.252 CE1 mpls ip ! N-PE3 3.3.3.3 interface FastEthernet1/0/1 CE1 CE2 CE2 l2 vfi PE1-VPLS-A manual gi4/2 no switchport vpn id 56 xconnect 2.2.2.2 56 encapsulation mpls CE2 neighbor 1.1.1.1 encapsulation mpls U-PE3 ! neighbor 3.3.3.3 encapsulation mpls Cisco 3750ME GigabitEthernet1/1/1 interface CE1 mpls no-split neighbor 4.4.4.4 encaps no switchport ip address 156.50.20.2 255.255.255.252 mpls ip
Ensures CE traffic passed on PW to/from U-PE

63
Direct Attachment
H-VPLS
Ethernet QinQ
Sample Output
Presentation_ID
Cisco Confidential
64
show mpls l2 vc
U-PE1
Cisco 3750ME
1.1.1.1
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
MPLS Core
pos4/1 gi3/0 pos4/3
gi4/4 gi1/1/1

3.3.3.3
pos3/0
pos3/1
N-PE2 CE1 CE2
N-PE3
gi4/2
NPE-A#show mplsCisco l2 vc 3750ME Local intf ------------VFI VPLS-A VFI VPLS-A Local circuit Dest address VFI VFI 1.1.1.1 3.3.3.3 VC ID 10 10
U-PE3
Status UP UP
65
------------- ------------- ------ ------
Presentation_ID
Cisco Confidential
show mpls l2 vc detail
U-PE1
Cisco 3750ME
1.1.1.1
Use VC Label 19
MPLS Core
pos4/3
Use VC Label 23
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4 fa1/0/1
pos4/1 gi3/0
gi4/4 gi1/1/1
pos3/0
pos3/1
N-PE2 CE1 CE2
NPE-2#show mpls l2 N-PE3 vc detail 3.3.3.3

gi4/2 VFI VPLS-A up Local interface:
Destination address: U-PE3 1.1.1.1, VC ID: 10, VC status: up

3750ME next hop 156.50.20.1 Tunnel label:Cisco imp-null,
Output interface: POS4/3, imposed label stack {19} Create time: 1d01h, last status change time: 00:40:16 Signaling protocol: LDP, peer 1.1.1.1:0 up MPLS VC labels: local 23, remote 19
66
Deployment Issues
Presentation_ID
Cisco Confidential
67
Deployment Issues
MTU Size Broadcast Handling Router or a Switch CPE? Ramblings of an Engineer A Sample Problem
Presentation_ID
Cisco Confidential
68
Pseudo Wire Data Plane Overhead

At imposition, N-PE encapsulates CE Ethernet or VLAN packet to route across MPLS cloud These are the associated overheads
Transport Header is 6 bytes DA + 6 bytes SA + 2 bytes Etype + OPTIONAL 4 Bytes of VLAN Tag (carried in Port based service) At least 2 levels of MPLS header (Tunnel + VC) of 4 bytes each There is an optional 4-Byte control word
L2 Header
Tunnel Header
Outer Label (32-bits)
VC Header
Inner Label (32-bits)
Original Ethernet Frame
Presentation_ID
Cisco Confidential
69
Calculating Core MTU Requirements

Core MTU Edge MTU + Transport Header + AToM Header + (MPLS Label Stack * MPLS Header Size) Edge MTU is the MTU configured in the CE-facing PE interface Examples (all in Bytes):
Edge EoMPLS Port Mode EoMPLS VLAN Mode EoMPLS Port w/ TE FRR
Transport
AToM
MPLS Stack
MPLS Header
Total
1500 1500 1500
14
4 [0]
2 2 3
4 4 4
18
14
4 [0]
4 [0]
1526 [1522] 1530 [1526] 1530 [1526]
Presentation_ID
Cisco Confidential
70
Beware the MTU It Can Get Real Big

Carrier Pseudowire Encapsulation Enterprise MPLS Frame
7 Pre
1 SFD
6 DA
6 SA
2 Type
4 TE
4 Tu
4 Vc
4 Cntrl
6 DA
6 SA
2 TPID
2 TCI
2 Type
> 1500 Data
4 FCS
MTU Sizing
Preamble
Presentation_ID
Start of Frame Delimter
Packet size can get very large in backhaul due to multiple tags and labels Ensure core and access Ethernet interfaces are configured with appropriate MTU size
Carrier Dest MAC
Cust Destination MAC
Carrier Source MAC
Ether type = 8847
Traffic Engineer label
Cust Source MAC
Cisco Confidential
EoMPLS Tunnel Label
EoMPLS VC Label
Control Word
VLAN Protocol ID = 8100
VLAN ID Info
Data portion may be > 1500 if carrying MPLS labels

71
Cust Type
Cust Packet
Frame Check Sequence
Broadcast/Multicast/Unknown Unicast Handling

VPLS relies on ingress replication
Ingress PE replicates the multicast packet to each egress Pseudo Wire (PE neighbour)
Ethernet switches replicate broadcast/multicast flows once per output interface

VPLS may duplicate packets over the same physical egress interface for each PW that interface carriers
Unnecessary replication brings the risk of resource exhaustion when the number of PWs increases
Some discussion on maybe using multicast for PWs

Rather than full mesh of P2P Pseudo Wires
Presentation_ID
Cisco Confidential
72
Switch or Router as CE device

Ethernet Switch as CE device
If directly attached SP allocates VLAN could be an issue in customer network SP UNI exposed to L2 network of customer L2 PDUs must be tunnelled such as STP BPDUs No visibility of network behind CE switch Many MAC address can exists on UNI High exposure to broadcast storms
Router as CE device
Single MAC Address exists (for interface of router) No SPT interactions Router controls broadcast issues (multicast still happens)
Presentation_ID
Cisco Confidential
73
VPLS Caveats (Ramblings of an Engineer)

VPLS may introduce non-deterministic behaviour in SP Core
Case in point learning of VPN routes An MPLS-VPN provides ordered manner to learn VPNv4 routers using MP-BGP unknown addresses are dropped In VPLS, learning is achieved through flooding MAC address Excessive number of Unknown, Broadcast and Multicast frames could behave as a series of packet bombs
Solution: Ingress Threshold Filters (on U-PE or N-PE)

How to selectively choose which Ethernet Frames to discard? How to avoid dropping Routing and Keepalives (control) May cause more problems in customer network How many MAC addresses allowed? Does SP really want to take this responsibility?
Presentation_ID
Cisco Confidential
74
VPLS Caveats (Ramblings of an Engineer)

DoS attack has a higher probability of manifesting
Whether intentional or by mis-configuration
Since traffic is carried at layer 2, a lot of chatter could be traversing the MPLS core unnecessarily.
For example, status requests for printers
How is CoS applied across for a VPLS service?

Should all frames on a VPLS interface be afforded the same class of service?
Should there be some sort of differentiation?
Presentation_ID
Cisco Confidential
75
A Common VPLS Problem

Protocols expect LAN behaviour VPLS is viewed as an Ethernet network
Although it does not necessarily behave like one
VPLS is virtual in its LAN service

There are some behaviours which differ from a real LAN
An example
The OSPF designated router problem
Presentation_ID
Cisco Confidential
76
OSPF Designated Router Problem

VPLS View
Router A is the DR, Router B is the BDR Router C sees both A and B via Pseudo Wires
OSPF DR (A) Pseudo Wires
OSPF Backup DR (B)
Router View
OSPF DR (A)
OSPF Neighbour (C)
Router A, B and C behave like they are on a LAN
OSPF Backup DR (B)

OSPF Neighbour (C)

77
OSPF Designated Router Problem

Assume PW between A and B loses connectivity
Router A and Router B cannot see each other Router C can still see both the Router A and Router B
No arbitration available between Router A and Router B
OSPF Backup DR (B) OSPF DR (A) Pseudo Wires
OSPF Neighbour (C)
Ethernet frames travel along discrete paths a VPLS

Therefore Router C can see both Router A and B But Router A and Router B cannot see each other!
Router B assumes A has failed and becomes the DR

Router C now see two DRs on same LAN segment Problem!
78
Summary
Presentation_ID
Cisco Confidential
79
Summary
VPLS has its advantages and benefits
Non-IP protocols supported, customers do not have routing interaction etc..
Use routers as the CE device

Understand their multicast requirements Then again, maybe MPLS-VPN could do the job?
Avoid switches as CPE

Otherwise understand customers network requirements Devices, applications (broadcast/multicast vs unicast)
Presentation_ID
Cisco Confidential
80
Q&A
Presentation_ID
Cisco Confidential
81
Presentation_ID
Cisco Confidential
82

VPLS Introduction

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VPLS Introduction

Uploaded by

Copyright:

Available Formats

An Introduction to VPLS

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

Do you want to date VPLS?

Me, Just Then

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

Virtual Private LAN Service (VPLS)

Virtual Private LAN Service

It is LAN Service because it emulates Layer 2 multipoint connectivity between subscribers

2006 Cisco Systems, Inc. All rights reserved.

Why Provide A Layer 2 Service?

Customers could use an Ethernet switch instead of a router as the CPE

2006 Cisco Systems, Inc. All rights reserved.

VPLS is defined in IETF

2006 Cisco Systems, Inc. All rights reserved.

Frame Relay ATM

Frame Relay PPP/HDLC ATM/Cell Relay Ethernet (P2P)

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

IP LAN-Like Service (IPLS)

IPLS is a functional subset of the VPLS service

2006 Cisco Systems, Inc. All rights reserved.

Targeted LDP between PEs to exchange VC labels for Pseudo Wires

Attachment CE can be a switch or router

Virtual Switch Interface

Address Learning / Aging

A VPLS use split horizon concepts to prevent loops

2006 Cisco Systems, Inc. All rights reserved.

Pseudo Wire Refresher

2006 Cisco Systems, Inc. All rights reserved.

Pseudo Wires in VPLS

A VPLS is based on a full mesh of Pseudo Wires

2006 Cisco Systems, Inc. All rights reserved.

Pseudo Wire Reference Model (RFC 3916)

PW1 Attachment Circuit PW2

In an MPLS core a Pseudo Wire uses two MPLS labels

Pseudo Wire Standards (Care for a Martini?)

RFC 4448 Encapsulation for Ethernet using MPLS

Other drafts are addressing different encapsulations

2006 Cisco Systems, Inc. All rights reserved.

MPLS PW Types (RFC 4446)

0x0012 Structure-agnostic T1 over Packet

0x0009 ATM n-to-one VCC cell transport

0x0017 CESoPSN TDM with CAS

2006 Cisco Systems, Inc. All rights reserved.

VC Information Distribution (RFC 4447)

LDP FEC element defined to carry VC information

2006 Cisco Systems, Inc. All rights reserved.

VC Distribution Mechanism using LDP

Label Switch Path

PW Encapsulation over MPLS (RFC 4448)

Control word format varies depending on transported PDU

2006 Cisco Systems, Inc. All rights reserved.

Ethernet PW Tunnel Encapsulation

Tunnel Label (LDP,RSVP,BGP) VC Label (VC) 0 0 0 0 Reserved Layer-2 PDU

TTL TTL (set to 2)

Can be derived from LDP+IGP, RSVP-TE, BGP IPv4+Label

2006 Cisco Systems, Inc. All rights reserved.

Tunnel Label (LDP,RSVP,BGP) VC Label (VC) 0 0 0 0 Reserved Layer-2 PDU

TTL TTL (set to 2)

EXP can be set to the values received in the L2 frame

2006 Cisco Systems, Inc. All rights reserved.

Ethernet PW Control Word