Click here to load reader

An Introduction to VPLS

  • View
    63

  • Download
    2

Embed Size (px)

DESCRIPTION

An Introduction to VPLS. Jeff Apcar, Distinguished Services Engineer APAC Technical Practices, Advanced Services. Agenda. VPLS Introduction Pseudo Wire Refresher VPLS Architecture VPLS Configuration Example VPLS Deployment Summary. Do you want to date VPLS?. - PowerPoint PPT Presentation

Text of An Introduction to VPLS

Introduction to VPLSCisco Confidential
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
VPLS is like having Paris Hilton as your girlfriend
The concept is fantastic, but in reality the experience might not be that great
But you are still willing to take her out, as long as you can handle her behaviour
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
“VPLS is like having Paris Hilton as your girlfriend.
The concept is fantastic, but in reality the experience might not be what you expected.
But… we’re still willing to give it a go as long as we can understand/handle her behaviour”
Me, Just Then
VPLS is like having Paris Hilton as your girlfriend
The concept is fantastic, but in reality the experience might not be that great
But you are still willing to take her out, as long as you can handle her behaviour
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Cisco Confidential
Virtual Private LAN Service (VPLS)
VPLS defines an architecture allows MPLS networks offer Layer 2 multipoint Ethernet Services
SP emulates an IEEE Ethernet bridge network (virtual)
Virtual Bridges linked with MPLS Pseudo Wires
Data Plane used is same as EoMPLS (point-to-point)
PE
PE
CE
CE
Cisco Confidential
End-to-end architecture that allows MPLS networks to provide Multipoint Ethernet services
It is “Virtual” because multiple instances of this service share the same physical infrastructure
It is “Private” because each instance of the service is independent and isolated from one another
It is “LAN Service” because it emulates Layer 2 multipoint connectivity between subscribers
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Customer have full operational control over their routing neighbours
Privacy of addressing space - they do not have to be shared with the carrier network
Customer has a choice of using any routing protocol including non IP based (IPX, AppleTalk)
Customers could use an Ethernet switch instead of a router as the CPE
A single connection could reach all other edge points emulating an Ethernet LAN (VPLS)
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Application
General
IP VPNs using Virtual Routers (RFC 2764)
CE based VPNs using IPsec
Pseudo Wire Emulation edge-to-edge
IAB
ISOC
Internet
L2VPN
L3VPN
PWE3
VPLS is defined under the auspices of the IETF (which is part of Internet Society/Internet Architecture Board). IETF is broken into 9 categories each which is addressing a certain technical ara consisting of working groups. VPLS is under the L2VPN working group (once part of PPVPN – which was broken into two working groups L2VPN and L3VPN as things got more complicated). Another important working group which directly affects the operation of VPLS is the PWE3 working group who is tasked with defining the process and procedures for the create of Pseudo Wires over and IP/MPLS backbone.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Cisco Confidential
Cisco Confidential
The CE devices must be hosts or routers not switches
The service will only carry IPv4 or IPv6 packets
IP Control packets are also supported – ARP, ICMP
Layer 2 packets that do not contain IP are not supported
IPLS is a functional subset of the VPLS service
MAC address learning and aging not required
Simpler mechanism to match MAC to CE can be used
Bridging operations removed from the PE
Simplifies hardware capabilities and operation
Defined in draft-ietf-l2vpn-ipls
Cisco Confidential
N-PE
N-PE
Virtual Switch Interface (VSI) terminates PW and provides Ethernet bridge function
Targeted LDP between PEs to exchange VC labels for Pseudo Wires
Attachment CE
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
VFI will participate in learning and forwarding process
Associate ports to MAC, flood unknowns to all other ports
Address Learning / Aging
MAC timers refreshed with incoming frames
Loop Prevention
Unidirectional LSP carries VCs between pair of N-PE Per
A VPLS use “split horizon” concepts to prevent loops
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Cisco Confidential
Requirements detailed in RFC3916
Architecture details in RFC3985
Develop standards for the encapsulation & service emulation of “Pseudo Wires”
Across a packet switched backbone
A VPLS is based on a full mesh of Pseudo Wires
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Pseudo Wire Reference Model (RFC 3916)
A Pseudo Wire (PW) is a connection between two provider edge devices connecting two attachment circuits (ACs)
In an MPLS core a Pseudo Wire uses two MPLS labels
Tunnel Label (LSP) identifying remote PE router
VC Label identifying Pseudo Wire circuit within tunnel
Emulated Service
Packet Switched Network (PSN) IP or MPLS
Pseudo Wire
PE2
CE
PW1
PW2
CE
CE
CE
A PWES is either: - an Ethernet link or a VLAN link between two ports, or - an ATM VC or VP, or - a Frame Relay VC, or - a TDM circuit, or - an MPLS LSP
Note that the PSN tunnel may be MPLS, L2TP, GRE and so on .. UTI is another mechanism to transport the PDUs between ingress and egress PE – in this case the PW is created using a UTI tunnel.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Previously called draft-martini-l2circuit-trans-mpls
Previously called draft-martini-l2circuit-encap-mpls
draft-ietf-pwe3-frame-relay/draft-ietf-pwe3-atm-encap
draft-ietf-pwe3-ppp-hdlc-encap-mpls
Cisco Confidential
0x0001 Frame Relay DLCI ( Martini Mode )
0x0002 ATM AAL5 SDU VCC transport
0x0003 ATM transparent cell transport
0x0004 Ethernet Tagged Mode (VLAN)
0x0005 Ethernet (Port)
0x000B IP Layer2 Transport
0x000F Frame-Relay Port mode
0x0011 Structure-agnostic E1 over Packet
0x0012 Structure-agnostic T1 over Packet
0x0013 Structure-agnostic E3 over Packet
0x0014 Structure-agnostic T3 over Packet
0x0015 CESoPSN basic mode
0x0016 TDMoIP AAL1 Mode
0x0018 TDMoIP AAL2 Mode
0x0019 Frame Relay DLCI
This slides shows different available Pseudo Wire types used to different attachment circuits.
The highlided types are then one we going to cover today.
During the session you will see how these PW Type are applied during your troubleshooting we will go in to detail further in this session.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
VC Information Distribution (RFC 4447)
VC labels are exchanged across a targeted LDP session between PE routers
Generic Label TLV within LDP Label Mapping Message
LDP FEC element defined to carry VC information
Such PW Type (RFC 4446) and VCID
VC information exchanged using Downstream Unsolicited label distribution procedures
Separate “MAC List” TLV for VPLS
Defined in draft-ietf-l2vpn-vpls-ldp
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
VC Distribution Mechanism using LDP
Unidirectional Tunnel LSP between PE routers to transport PW PDU from PE to PE using tunnel label(s)
Both LSPs combined to form single bi-directional Pseudo Wire
Directed LDP session between PE routers to exchange VC information, such as VC label and control information
VC Label identifies interface
IP/MPLS
PE1
Customer Site
Customer Site
Customer Site
Customer Site
PE2
CE
CE
CE
CE
A PWES is either: - an Ethernet link or a VLAN link between two ports, or - an ATM VC or VP, or - a Frame Relay VC, or - a TDM circuit, or - an MPLS LSP
Note that the PSN tunnel may be MPLS, L2TP, GRE and so on .. UTI is another mechanism to transport the PDUs between ingress and egress PE – in this case the PW is created using a UTI tunnel.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Ethernet Pseudo Wires use 3 layers of encapsulation
Tunnel Encapsulation (zero, one or more MPLS Labels)
To get PDU from ingress to egress PE;
Could be an MPLS label (LDP, TE), GRE tunnel, L2TP tunnel
Pseudo Wire Demultiplexer (PW Label)
To identify individual circuits within a tunnel;
Obtained from Directed LDP session
Control Word (Optional)
Avoidance of equal-cost multiple-path load-balancing
Operations and Management (OAM) mechanisms
Control word format varies depending on transported PDU
Tunnel
Label
PW
Label
Control
Word
PDU
Cisco implementation allows only 1 key per GRE tunnel – GRE code would need to be enhanced to provide multiple keys per GRE tunnel to allow for demultiplexer field implementation.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Can be derived from LDP+IGP, RSVP-TE, BGP IPv4+Label
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
EXP
Cisco Confidential
Inner label used by receiving PE to determine the following
Egress interface for L2PDU forwarding (Port based)
Egress VLAN used on the CE facing interface (VLAN Based)
EXP can be set to the values received in the L2 frame
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
EXP
PW Demux
Tunnel Encaps
Control Word
If using LDP, liberal retention mode should be used but conservative label retention must be implemented
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Control Word is Optional (as per RFC)
0 0 0 0 First nibble is 0x0 to prevent aliasing with IP Packets over MPLS (MAC addresses that start with 0x4 or 0x6)
Reserved Should be all zeros, ignored on receive
Seq number provides sequencing capability to detect out of order packets - currently not in Cisco’s implementation – processing is optional
EXP
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
PW Demux
Tunnel Encaps
Control Word
Cisco Confidential
(Example shows process for PE2 PE1 traffic)
P2
P1
IP/MPLS
PE2
CE
CE
LSP
“PW1”
Lo0:
L2 PDU
A PWES is either: - an Ethernet link or a VLAN link between two ports, or - an ATM VC or VP, or - a Frame Relay VC, or - a TDM circuit, or - an MPLS LSP
Note that the PSN tunnel may be MPLS, L2TP, GRE and so on .. UTI is another mechanism to transport the PDUs between ingress and egress PE – in this case the PW is created using a UTI tunnel.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Cisco Confidential
Autodiscovery of other N-PE in same VPLS instance
Signaling of PWs to interconnect VPLS instances
Loop avoidance & MAC Address withdrawal
Two drafts have been approved by IETF L2VPN Working Group
draft-ietf-l2vpn-vpls-ldp
Predominant support from carriers and vendors
Cisco supports this draft
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Cisco Confidential
Can be BGP, Radius, DNS, or Directory based
Uses Directed LDP for label exchange (VC) and PW signaling
PWs signal control information as well (for example, circuit state)
Cisco IOS supports Directed LDP for all VC signaling
Point-to-point – Cisco IOS Any Transport over MPLS (AToM)
Multipoint – Cisco IOS MPLS Virtual Private LAN Services
VPN
Discovery
Centralised
Cisco Confidential
Dynamic learning of MAC addresses on PHY and VCs
Forwarding
-         Dynamically learn MAC addresses on PHY ports and VCs
-         Forward
Cisco Confidential
MAC Address Learning and Forwarding
Broadcast, Multicast, and Unknown Unicast are learned via the received label associations
Two LSPs associated with a VC (Tx & Rx)
If inbound or outbound LSP is down
Then the entire Pseudo Wire is considered down
PE1
PE2
CE
CE
E0/0
E0/1
PE2
170
MAC2
MAC1
Data
PE2
102
MAC1
MAC2
Data
Assume a packet from A1 is bound for A2. When it leaves CE1, say it has a source MAC address of M1 and a destination MAC of M2. If PE1 does not know where M2 is, it will multicast the packet to PE2 and PE3. When PE2 receives the packet, it will have an inner label of 201. PE2 can conclude that the source MAC address M1 is behind PE1, since it distributed the label 201 to PE1. It can therefore associate MAC address M1 with VC Label 102.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Otherwise PE relies on MAC Address Aging Timer
Upon failure PE removes locally learned MAC addresses
Send LDP Address Withdraw (RFC3036) to remote PEs in VPLS (using the Directed LDP session)
New MAC List TLV is used to withdraw addresses
MPLS
X
MAC
Withdrawal
MAC
Withdrawal
Directed LDP
The processing for MAC TLVs received in an Address Withdraw Message is: For each MAC address in the TLV: - Relearn the association between the MAC address and the interface/Pseudo Wire over which this message is received - Send the same message to all other PEs over the corresponding directed LDP sessions. For an Address Withdraw message with empty list: - Remove all the MAC addresses associated with the VPLS instance (specified by the FEC TLV) except the MAC addresses learned
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
VPLS Topology – PE View
Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection
Full mesh topology obviates STP in the SP network
Customer STP is transparent to the SP / Customer BPDUs are forwarded transparently
MPLS
PEs
CEs
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
VPLS emulates a LAN – but not exactly…
This raises a few issues which are discussed later
MPLS
PEs
CEs
MPLS VPLS Core
Cisco Confidential
Hierarchical or H-VPLS comprising of two access methods
Ethernet Edge (EE-H-VPLS) – QinQ tunnels
MPLS Edge (ME-H-VPLS) - PWE3 Pseudo Wires (EoMPLS)
Described in section 10 of Draft-ietf-l2vpn-vpls-ldp
Each architecture has different scaling characteristics
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
U-PE provides customer UNI
CE
U-PE
N-PE
Cisco Confidential
N*(N-1)/2 Pseudo Wires required
Scalability issue a number of PE routers grows
No hierarchical scalability
Potential signaling and packet replication overhead
Large amount of multicast replication over same physical
CPU overhead for replication
Cisco Confidential
CE
N-PE
Cisco Confidential
Reduction in packet replication and signaling overhead
Consists of two levels in a Hub and Spoke topology
Hub consists of full mesh VPLS Pseudo Wires in MPLS core
Spokes consist of L2/L3 tunnels connecting to VPLS (Hub) PEs
Q-in-Q (L2), MPLS (L3), L2TPv3 (L3)
Some additional H-VPLS terms
PE-r Non bridging PE router
PE-rs Bridging and Routing capable PE
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Node Discovery and Provisioning extends end to end
Minimizes signaling overhead
Packet replication done the Core
Partitions Node Discovery process
Cisco Confidential
Cisco Confidential
MTU-s can switch traffic locally
Saves bandwidth capacity on circuits to N-PE
CE
N-PE
PE-rs
U-PE
MTU-s
Cisco Confidential
U-PE
RPR
Service CPE
Note that in many cases, any given Metro Ethernet solution may not contain all of these layers. In fact,
in some cases the architectural functions can be merged into a single layer. For example, various
combinations of network technologies and topologies can be formed to deliver Ethernet services without
passing through a core network. In this context, these network technology and topology combinations
can be viewed as separate from the inter-connecting core network, and are hence referred to as Metro
Ethernet islands (or simply islands).
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Same VCID used in Edge and core (Labels may differ)
MPLS Access
MPLS Access
Cisco Confidential
Virtual Forwarding Interface is the VSI representation in IOS
Single interface terminates all PWs for that VPLS instance
This model applicable in direct attach and H-VPLS with Ethernet Edge
VFI
N-PE1
N-PE2
N-PE3
CE
CE
1
1
1
1
1
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
Broadcast
/Multicast
2
2
2
2
2
1
1
1
2
2
1
1
1
1
2
2
2
2
3
3
3
3
3
3
3
3
This traffic will not be replicated out PW #2 and visa versa
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
This model applicable H-VPLS with MPLS Edge
PW #1, PW #2 will forward traffic to PW #3 (non split horizon port)
N-PE1
Cisco Confidential
Simple access via Ethernet
Simple access via Ethernet Hierarchical support via QinQ at access Scalable customer VLANs (4K x 4K) 4K customers supported per Ethernet Access Domain
Fast L3 IGP convergence MPLS TE FRR <50msec Hierarchical support via MPLS PW at access
Cons
No hierarchical scalability Customer VLAN cannot over lap 4K customer VLAN limit in Ethernet access domain High STP reconvergence time
High STP re-convergence time MAC is not scalable as customer MAC still seen on SP network Supported on SIP-600 only as of 12.2(33)SRA
More complicated provisioning Requires MPLS to u-PE OSM/SIP-400/600 as U-PE facing card on N-PE (for 7600)
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Cisco Confidential
H-VPLS
Sample Output
Cisco Confidential
CEs are all part of same VPLS instance (VCID = 56)
CE router connects using VLAN 100 over sub-interface
MPLS Core
Cisco Confidential
CE routers sub-interface on same VLAN
Can also be just port based (NO VLAN)
interface GigabitEthernet 1/3.100
encapsulation dot1q 100
ip address 192.168.20.2
interface GigabitEthernet 2/0.100
encapsulation dot1q 100
ip address 192.168.20.3
Cisco Confidential
l2 vfi VPLS-A manual
Cisco Confidential
Same set of commands on each PE
Configured on the CE facing interface
MPLS Core
!
VLAN100 = VCID 56
Cisco Confidential
H-VPLS
Sample Output
Cisco Confidential
MPLS Core
VLAN100 = VCID 56
If CE was a switch instead of a router then we can use QinQ
QinQ places all traffic (tagged/untagged) from switch into a VPLS
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
H-VPLS
Sample Output
Cisco Confidential
U-PEs provide services to customer edge device
CE traffic then carried in QinQ or EoMPLS PW to N-PE
PW VSI mesh configuration is same as previous examples
MPLS Core
Cisco Confidential
H-VPLS
Sample Output
Cisco Confidential
MPLS Core
!
Outer tag is VLAN100, inner tags are customer’s
interface FastEthernet1/0/1
!
HVPLS with L2 Handoff (QinQ)
H-VPLS with QinQ attachment circuit is the simplest of all configurations. This handoff does not require MPLS to the edge. It only requires a physical link that is configured as a 802.1Q trunk or a QinQ access port.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
H-VPLS
Sample Output
Cisco Confidential
CE interface on U-PE can be access or trunk port
xconnect per VLAN is required
MPLS Core
!
4.4.4.4
HVPLS with MPLS edge VC type 4
When configuring HVPLS with MPLS edge the U-PE is simply a Vlan-Based EoMPLS Tunnel (VC Type 4). The Tunnel xconnect is configured on the VLAN interface which allows all traffic from that VLAN to pass into the VPLS Core. If the UNI is configured as a trunk port, a xconnect per VLAN allowed on the trunk will be required to pass the customer traffic.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
H-VPLS
Sample Output
Cisco Confidential
CE interface on U-PE can be access or trunk port
xconnect for entire PORT is required
MPLS Core
!
4.4.4.4
HVPLS with MPLS edge VC type 4
When configuring HVPLS with MPLS edge the U-PE is simply a Vlan-Based EoMPLS Tunnel (VC Type 4). The Tunnel xconnect is configured on the VLAN interface which allows all traffic from that VLAN to pass into the VPLS Core. If the UNI is configured as a trunk port, a xconnect per VLAN allowed on the trunk will be required to pass the customer traffic.
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
H-VPLS
Sample Output
Cisco Confidential
Local intf Local circuit Dest address VC ID Status
------------- ------------- ------------- ------ ------
4.4.4.4
HVPLS with MPLS edge VC type 4
When configuring HVPLS with…