Upload
roy-fisher
View
224
Download
3
Tags:
Embed Size (px)
Citation preview
1© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS/TLS/DTLS/VPSN….
Robert Raszuk
IOS Engineering – MPLS Development
Tokyo July 12th 2002
222© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
Prerequisites
• LDP/TE or any other core tunneling
• Basic knowledge of LAN/STP/VLANs
• P2p draft-martini-encap & signaling
333© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
Agenda
• What is VPLS and all of those acronyms
• VPLS building blocks
• What draft talk about what services
• Summary
444© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What is VPLS and all of those acronyms
• VPLS = Virtual Private LAN Service
• TLS = Transparent LAN Service
• VPSN = Virtual Private Switched Network
!!! Those above all mean the same thing = VPLS !!!
• DTLS = Decoupled TLS
• New: Ethernet Virtual Circuit Service (EVCS)
• New: Virtual Private Wire/WAN Service (VPWS)
555© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
L2VPN Terminology Clarification
L2VPN
L2 Transport
VPWS
VPLS
MPLS(AToM)
L2TPv3
MPLS
L2TPv3
MPLS
QinQ
L2TPv3
- Ethernet - FR
- ATM - PPP
- HDLC
- Ethernet - FR
- ATM - PPP
- HDLC
- Ethernet
666© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
L2VPN Terminology Clarification
PE
Service Provider Backbone
CE-1
Attachments VCs Emulated VCs or Pseudo Wire Attachments VCs
Tunnel Circuit
Basic L2 Transport:
777© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
L2VPN Terminology Clarification
PE
PE
PE
C E -1
C E -2
C E -3
A ttachment V C s
E mulated V C
E mulated T unnel
VPWS:
888© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What is VPLS and all of those acronyms
• VPLS is a network service providing layer 2 multipoint connectivity between edge devices.
• From customer edge device point of view WAN or Metro infrastructure providing vpls service is not visible. Customer edge devices appear to each other as connected via single logical learning bridge with fully meshed ports.
999© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
Agenda
• What is VPLS and all of those acronyms
• VPLS building blocks
• What draft talk about what services
• Summary
101010© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
• Network elements
• VPLS edge device discovery
• Signaling (also called auto-configuration)
• Packet’s encapsulation
• MAC address learning & re-learning
• Flooding
• Decoupling
• Loop avoidance - STP
111111© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Network elements providing two VPLS services:
LAN-10a
PE1PE2
CE1
CE2
L2PE
LAN-10c
CE3
CE4
LAN-10d
LAN-20b
LAN-10b
LAN-20a
VPLS1: LAN10abcdVPLS2: LAN20abCE2–L2PE & CE4-PE2 are VLAN trunksL2PE-PE1 can be QinQ or VLANinMPLS
VPLS aware devices
121212© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
VPLS Edge device discovery
• Distribution of configuration information indicating mapping of VPLS instances to VPLS edge devices
Example:
PE2
LAN-10c
CE3
CE4
LAN-10d
LAN-20b
Hello I’m PE1
I have VPLS 1 Site_ID 1
I have VPLS 2 Site_ID 5
Can be:
• BGP based
• DNS/Directory based
• NMS
• Partially LDP
• Manual PE1
131313© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
• Discovery of peer PEs for a VPLS instance (for a given VPN).
• Two primary approaches:
- Directory based approach such as DNS (draft-heinanen-dirldp-eth-vpns.txt)
- BGP based approach (draft-ppvpn-bgpvpn-auto-01.txt)
VPLS Edge device discovery
141414© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks – LDP Autodiscovery
• Each Ethernet Attachment VC is Bound To A “Name” Resolved by Directory Lookup (e.g., DNS)
• Circuit Name Is Associated With A Set Of PE Addresses (e.g., DNS A Resource Records)
acmecorp.tls.sbc.com 10.1.1.1 10.2.2.210.3.3.3
• Binding of of Circuit Name to Ethernet Attachment VC Causes Directory Query
• Reception of New VC over Targeted LDP Signaling Channel Causes Directory Query To Update List of PEs in Circuit
Service Provider
MPLS Network
CE-1 PE1(7600)
CE-2PE3(7600)
CE-3
PE2(7600)
• Example
pe1# config t
pe1 (config)# interface ethernet 1/1
pe1 (config-if)# name acmecorp.tls.sbc.com
pe2 (config)# interface ethernet 2/2
pe2 (config-if)# name acmecorp.tls.sbc.com
Directory(Primary and Secondary)
151515© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks – BGP Autodiscovery
• Each Attachment VC is Associated with an L2VPN Id (Site_id)
Association Is Performed At Time of Attachment VC Provisioning
• BGP Updates Distribute To Be Defined L2VPN NLRIs
Next Hop = PE Reporting the L2VPN, Route Target Contains VPN-Id
Updates Filtered Based on VPN-Id – Just reg ext community filtering
• BGP Updates Sent On Binding of Attachment VC
• BGP Withdrawal Sent on Removal of Binding VC
• Requires BGP Route Reflector or I-BGP Mesh
Service Provider
MPLS Network
CE-1 PE1(7600)
CE-2PE2(7600)
CE-3
PE2(7600)
BGP Route Reflector(Primary and Secondary)
161616© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
VPLS emulated VCs Signaling
• Distribution of labels as demultiplexors for packets between VPLSs arriving to PE/L2PE from core. Needed because a single PE-PE tunnel can be used for transport data from different VPLS instances
• Two main methods for signaling VPLS:
1. By using BGP (one draft)
2. By using LDP (all other drafts and Industry trend)
171717© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Signaling emulated VCs by using BGP
• Can be used as a single protocol for combined discovery & signaling in full mesh topologies.
PE2
LAN-10c
CE3
CE4
LAN-10d
LAN-20b
For VPLS1/PE2 use (base 10, offset 0, length k)
For VPLS2/PE2 use (base 20, offset 0, length j)
I have VPLS1 – Site_ID 1 & VPLS2 – SIte ID 5
So I use the following VPLS VC labels to send to PE2
For VPLS1 10+1=11 & for VPLS 20+5=25
PE1
All needed information received by PE1 with single TCP IBGP session !
181818© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Signaling emulated VCs by using BGP
• This “trick” with advertising label base and length allows to generate one NLRI for all other PE-s.
• Unique within a VPLS Site_ID added to the label base constitutes a VPLS VC label which in itself carries embedded information about the packet’s originator
• Why not just send labels – simply because learning of MAC is done based on the VPLS VC label and it has to be known apriori what peer has send us a packet with a given MAC based on the VPLS VC label value.
191919© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Signaling emulated VCs by using BGP
• If L2PEs are being used the advertised label blocks are per VPLS/L2PE pair
• For those who don’t run BGP this is not an option
• Industry (IETF) does not follow this path so vendor interoperabilty is not possible
• Label blocks are getting fragmented at the Pes due to block pre-allocation requirement
• Delay in delivery of control information due to BGP nature and reflection (update generation + advert.)
• Non full mesh topologies require RT filtering on PEs
202020© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Signaling emulated VCs by using LDP
• A separate directed LDP session required between each PE pair.
• Watch LDP session’s scalability numbers
• Multiple proposals (see draft section for details)
• General Industry direction for emulated VC setup scheme in all L2VPN applications: L2 p2p Transport, VPWS & VPLS !
• Interoperability with number of vendors worldwide
212121© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Packet encapsulation
• PE-s connected via full mesh of tunnels: GRE, MPLS(LDP/TE), L2TPv3 etc …
PE-PE tunnels VPLS VCs
Tunnel header/label
VPLS VC Label
Control Word
Layer2 Frame
Minus preamble
Minus checksum
• VPLS VCs (aka emulated VCs) transported inside those PE-PE tunnels based on draft-martini-encaps.
222222© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
MAC address learning & re-learning
• VPLS visible from customer devices as a learning bridge with geographically distributed ports:
LAN-10a
PE1PE2
CE1
CE2
L2PE
LAN-10c
CE3
CE4
LAN-10d
LAN-20b
LAN-10b
LAN-20a
PP1
LP1LP2
LP1LP2
PP1
00-10-A4-92-F2-1200-10-A4-92-F2-11
PC1PC2
00-10-A4-92-F2-12 - PP1
00-10-A4-92-F2-11 – VC 2 L2PE
00-10-A4-92-F2-11 - PP1
00-10-A4-92-F2-12 – VC to PE2
L2PE’s VPLS1 FIB PE2’s VPLS1 FIB
232323© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
MAC address learning & re-learning
• Two modes for learning: qualified and unqualified
• In qualified learning we build FIB per VLAN per VPLS – general agreement to have only one VLAN per VPLS
• In unqualified learning we build FIB per VPLS – in other words per port
• Note that MAC’s being globally unique may relax to need for FIB’s separation
• Virtual Switch Instance VSI – component responsible for the above actions
242424© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
MAC address learning & re-learning
• End users can move from place to place
• Dual connected switches or hubs may block different ports.
• PE or L2PE needs to be able to signal the need to flash all or subset of MAC entries previously learned via it
252525© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Flooding
• When FIB tables do not contain dst MAC address VPLS wide flooding is needed of such a packet.
LAN-10a
PE1PE2
CE1
CE2
L2PE
LAN-10c
CE3
CE4
LAN-10d
LAN-20b
LAN-10b
LAN-20a
PP1
LP1LP2
LP1LP2
PP1
00-10-A4-92-F2-1200-10-A4-92-F2-11
PC1PC2
00-10-A4-92-F2-12 - PP1
00-10-A4-92-F2-11 - L2PE
00-10-A4-92-F2-11 - PP1
??-??-??-??-??-?? – ??
L2PE’s VPLS1 FIB PE2’s VPLS1 FIB
262626© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Flooding
• The same is needed for broadcast/multicast
• To be flooded packet may be received from customer port or from other PE-s
• If received from customer port it must be flooded to all other customer ports + all other PE-s
• If received from other PE-s (because of full mesh) it must be flooded only to customer facing ports analogy to “split-horizon” scheme
• With qualified learning the flooding scope may be limited per VLAN if more then one instance per VPLS is ever used
272727© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Decoupling
• To offer VPLS service on most of the existing PE routers decoupling of MAC address learning, STP, replication/flooding from control plane’s discovery & signaling is necessary. This also helps to scale provider’s IGP.
LAN-10a
PE1CE1
CE2
L2PE
LAN-10b
LAN-20a
282828© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Decoupling
• STP on L2PE is needed when L2PE is connected to multiple PE boxes to select active ports
• L2PE uses per interface MPLS or VLAN stacking to send customer L2 frames to PE
• L2PE-PE exchange information about VPLS #, Site-id#, connected PE as well as assigned by PE MPLS/VLAN encapsulation value per VPLS # to be used on L2PE-PE link
• PE generates and advertises to other PE-s VPLS VC label blocks each representing single L2PE-VPLS pair
292929© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Decoupling
• PE also generates MPLS labels or VLAN tags for L2PE-PE trunk identifying VPLS-L2PE coming to PE
• L2PE does flooding and packet replication freeing PE from doing it
• L2PE does MAC learning both from the customer ports (trivial) and from the network.
• If from the network the MAC’s originator Site_id is deducted from the originally advertised per VPLS/SiteID label base or VLAN tag base or label.
• L2PE can load balance per VPLS when multihomed
303030© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
VPLS building blocks
Loop avoidance - STP
• To avoid the need of running STP per VPLS between and on all provider’s network elements participating in a given VPLS – full mesh of tunnels between those elements (PE or L2PE devices) is mandated.
• STP will typically be run by redundantly connected customer devices using VPLS.
• In the fully meshed topology L2PE may select without running STP which PE’s port can be used when the packet with the identical MAC is received from more then one core facing interface
313131© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
Agenda
• What is VPLS and all of those acronyms
• VPLS building blocks
• What draft talk about what services
• Summary
323232© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
VPLS
related
IETF
drafts:
• draft-lasserre-tls-mpls-00.txt
• draft-lasserre-vkompella-ppvpn-vpls-02.txt
• draft-khandekar-ppvpn-hvpls-mpls-00.txt
• draft-sajassi-vpls-architectures-00.txt
• draft-heinanen-dns-ldp-vpls-00.txt
• draft-tsenevir-gre-vpls-00.txt
• draft-augustyn-vpls-arch-00.txt
• draft-kompella-ppvpn-vpls-00.txt
• draft-kompella-ppvpn-dtls-01.txt
333333© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
Lasserre-Vkompella
PE –POP(PE-rs)
PE-CLE (MTU-s)
CE
CE
PE-CLE (MTU-s)
PE –POP(PE-rs)
MPLS MPLSMPLSData Plane:
Directed LDP
LDP
Control Plane:
Ether Pkt Ether PktL2 Hdr Ether PktL2 HdrMPLS Ether PktL2 Hdr Ether Pkt
Directed LDP Directed LDP
343434© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
Sajassi draft
PE –POP(PE-rs)
PE-CLE (MTU-s)
CE
CE
PE-CLE (MTU-s)
PE –POP(PE-rs)
QinQ QinQMPLSData Plane:
LDP
Control Plane:
Ether Pkt Ether PktE Hdr Ether PktL2 HdrMPLS Ether PktE Hdr Ether Pkt
Directed LDP
353535© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
MPLS-Lite
PE –POP(PE-rs)
PE-CLE (MTU-s)
CE
CE
PE-CLE (MTU-s)
PE –POP(PE-rs)
QinQ QinQMPLSData Plane:
Directed LDP
LDP
Control Plane:
Ether Pkt Ether PktE Hdr Ether PktL2 HdrMPLS Ether PktE Hdr Ether Pkt
Directed LDP Directed LDP
363636© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
draft-lasserre-vkompella-ppvpn-vpls-02.txt
• PE must be able to flood, fwd or filter bridges frames
• VPLS VCs use martini-encaps
• For VPLS VC signaling uses martini-sig draft
• Proposes the addition of new VC Type (in the VC TLV) “Ethernet VPLS” codepoint 0x000B where VCID will become a VPN_ID (VPLS ID)
• Proposes to introduce a new optional 1 byte interface parameter to martini-sig: “VPLS learning mode” to distinguish qualified from unqualified learning modes
373737© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
draft-lasserre-vkompella-ppvpn-vpls-02.txt cd …
• Defines a new TLV “MAC TLV” type 0x0404 used for explicit removal of listed in it MAC addresses from all peer’s FIB tables for use in LDP Address Withdraw Message
• When the length field of MAC TLV indicates an empty list all MACs received from a VPLS VC of a given peer are removed
• Proposes to use two MAC aging timers: short for locally learned MACs – longer for MACs learned via VPLS VCs from other PE-s
383838© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
• In qualified learning this is actually one VSI per VLAN per VPLS per PE.
• Defines much broader & complete then any existing draft the QinQ case between L2PE(PE-CLE) and PE
• Modified MAC address deletion which mean the message should be sent from MTU-s to backup PEs and NOT the primary PEs.
draft-lasserre-vkompella-ppvpn-vpls-02.txt cd …
393939© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
• Offers pretty attractive idea to eliminate the need to have all VPLS capable devices fully meshed by tunneling the emulated VPLS VC via non VPLS capable PE-s to those selected for given VPLS as well as capable to do all VPLS functions
• Reduces number of emulated VCs - reduces signaling
• If auto discovery is not used it reduces the number of configuration tasks when add/delete the L2PE (aka MTU) devices
• Very much alike what L2TP or GRE tunnel do today
draft-lasserre-vkompella-ppvpn-vpls-02.txt cd …
404040© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
• Very nicely glues martini based p2p VCs with p2mp VPLS concept !
• Relaxes the need to have VPLS capable device in every POP
draft-lasserre-vkompella-ppvpn-vpls-02.txt cd …
414141© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
draft-heinanen-dns-ldp-vpls-00.txt
• Uses DNS (draft-luciani-ppvpn-vpn-discovery) for PE discovery
• Uses LDP for VPLS VC signaling
• Introduces a new VPN ID FEC TLV
draft-tsenevir-gre-vpls-00.txt
• Proposes VPLS over GRE
• VPLS VC demux based on GRE network wide uniqe key
424242© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
draft-augustyn-vpls-arch-00.txt
• Some requirements & just an overall architecture proposal. No new protocol definitions.
draft-mroz-ppvpn-inter-as-lsps-00.txt
• Proposes a way to establish a VPLS VC across AS-es
• Uses EBGP ipv4+label code to distribute PE-s /32s between AS-es
• More or less exactly the same thing as we do in our mpls-vpn inter-as case .
434343© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
draft-kompella-ppvpn-vpls-00.txt
• Discovery & Signalling with BGP
• Defines a new BGP NLRI for VPLS
• Defines new bgp ext community as a container for control information for a VPLS VC
+------------------------------------+
| Length (2 octets) |
+------------------------------------+
| Route Distinguisher (8 octets) |
+------------------------------------+
| VE ID (2 octets) |
+------------------------------------+
| Label-block Offset (2 octets) |
+------------------------------------+
| Label Base (3 octets) |
+------------------------------------+
| Variable TLVs (0 to N octets) |
| ... |
+------------------------------------+
+------------------------------------+
| Extended community type (2 octets) |
+------------------------------------+
| Encaps Type (1 octet) |
+------------------------------------+
| Control Flags (1 octet) |
+------------------------------------+
| Layer-2 MTU (2 octet) |
+------------------------------------+
| Reserved (2 octets) |
+------------------------------------+
444444© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
draft-rosen-ppvpn-l2-signaling-00.txt
• Proposes a way to eliminate the need to configure VPLS VC on both ends by extending martini signaling
• Proposes to build an emulated VC by not pair of <PE1, PE2, Vcid, VC_type> but by pair of <PE1, SAI, PE2, TAI> where …AI is an src/dst Attachment ID
• TAIs and PE2 address can be learn via auto discovery mechanism which is not specified in the draft
• In VPLS AI can be composed by concatenation of VPLS#+VLANid connecting customer switches to PE
454545© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
What draft talk about what services
draft-lasserre-tls-mpls-00.txt
• Proposes to use IGP extension do discover VPLS capable PE-s (draft-tsenevir-8021qospf-00.txt)
• Once directed LDP sessions are established between each PE-PE, extends draft-martini signalling VC FEC with the new parameter: 7-byte VPN_ID (VPLS_ID)
• Assumes replication/flooding capable PE
464646© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
Agenda
• What is VPLS and all of those acronyms
• VPLS building blocks
• What draft talk about what services
• Summary
474747© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
Summary
• Main problem – MAC addresses can’t be summarized !
• Fully VPLS capable devices must be able to replicate flood and filter packets
• VPLS has some applications in MANs – I can’t see then pushing away L3 services from WANs
• All L2 applications are IMHO only current moment’s industry fashion borned mostly due to the believe of some that flat networks/ethernet rock
• L3 routing and L3 services are still the main element with far greater scalability !
48© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002
Thank you !
This presentation can be found at:
ftp://ftp-eng.cisco.com/rraszuk/vpls
Ack: Some slides were borrowed from Ali Sajassi. Thx !