BRKAGG-2000

7/27/2019 BRKAGG-2000

1/56

2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr

2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAGG-200014555_04_2008_c1 2

Implementation andUtilization of Layer 2VPN Technologies

BRKAGG-2000

7/27/2019 BRKAGG-2000

2/56


2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3BRKAGG-200014555_04_2008_c1

General Prerequis ites

Spanning Tree problems and Data Center knowledge

Why L2VPN technology is becoming ever important toservice providers and enterprise

Good understanding of L2VPN technology pseudowires(PWs) operation (AToM, L2TPv3)

Basic understanding of network design principles

Familiarity with quality of service principles; applicationwill be discussed, with examples

Basic understanding of MPLS traffic engineering(MPLS-TE) concepts


L2VPN Deployment Objectives

Quick review of the motivating factors forL2VPN adoption

Outline common service requirements for L2VPN andhow they are being addressed by Service Providersand Enterprise

Quick overview EoMPLS and VPLS

Using Traffic Engineering with Layer 2 VPN Position Layer 2 VPN for Data Center

7/27/2019 BRKAGG-2000

3/56



Summary Technology

AToM/L2TPv3

EoMPLS

VPLS

TrafficEngineering


Deployment Objectives

7/27/2019 BRKAGG-2000

4/56



Why Is L2VPN Needed?

It allows SP and Enterprise to have a singleinfrastructure for both IP and legacy services

For SP Move legacy ATM/FR traffic to MPLS/IP core withoutinterrupting current services

Enterprise allow them to build better DataCenter and spamacross L2 AC across WAN/MPLS and provide better HA

Help SP provide new P2P Layer 2 tunnelling services

Customer can have its own routing, QoS policy, etc.

A migration step towards IP/MPLS VPN


Benefits for L2VPNs

New service opportunities:

Virtual leased line service

Offer PVC-like Layer 2-based service

Reduced costconsolidate multiple core technologiesinto a single packet-based network infrastructure

Simplify servicesLayer 2 transport provides options for serviceproviders who need to provide L2 connectivity and maintaincustomer autonomy

Protect existing investmentsGreenfield networks to extendcustomer access to existing Layer 2 networks without deployinga new separate infrastructure

Feature supportthrough the use of Cisco IOS featuressuch as IPsSec, QoS, and Traffic Engineering, L2 transportcan be tailored to meet customer requirements

7/27/2019 BRKAGG-2000

5/56



L2VPN Models

P2MP/MP2MP

VPWS VPLS

PPP/HDLC

ATMAAL5/Cell

FR

Ethernet

PPP/HDLC

ATMAAL5/Cell

FR

Ethernet

Like-to-Like ORAny-to-AnyPoint-to-Point

AToM

Ethernet

MPLS CoreLocal Switching IP Core

Any-to-Any ServicePoint-to-Point

L2TPv3

L2VPN Models

CE-TDM

T1/E1


Motivation for L2VPNsIve Really Got to Consolidate These Networks

Access

IP/IPSec

FR/ATMBroadband

Ethernet

Access

IP/IPSec

FR/ATMBroadband

Ethernet

Multiple Access Services Require Multiple Core Technologies = $$$ High Costs/ComplexManagement

ATM

MPLS or IP

SONET

7/27/2019 BRKAGG-2000

6/56



Generic L2 VPN Architecture

Tunnels (MPLS, L2TPv3, GRE, IPSec, etc.)

Emulated VCs (pseudowires) inside tunnels (many-to-one)

Attachment VCs (e.g., FR DLCI, PPP) mapped to emulated VCs

L2

AttachmentCircuit

VC

Emulated VCTunnel

VCEmulated VC/PW

L2

AttachmentCircuit

PSN


Motivation for L2VPNsHow Can I Leverage My Packet Infrastructure?

Reduce overlapping core expense; consolidate trunk lines

Offer multiservice/common interface (i.e. Ethernet MUX = L2, L3 and Internet)

Maintain existing revenues from legacy services

EthernetMPLS/IP

Edge Packet Switched Network

MSE

New Service Growth

Broadband Access

Frame Relay ATM

Existing Infrastructure

Trunk Replacement

7/27/2019 BRKAGG-2000

7/56



New Evolution for Circuit Emulation

SONET/SDH

IP/MPLSIP/MPLS

SONET/SDH/Ethernet/DSL

PW/Abis/Iub FR/ATM

Radio Access Network

BTS/NodeB

SGSN

RAN Edge

Backbone Network

IP POP at

cellsite

Abis/Iu b Optimi zation

GGSN

GMSC

MGW

MGW

MSC Server

MSC

IP/MPLS BackbonePre-Aggregation

Site

SS7oIP

PSTN

Internet

ITPITPITPITP

Pseudo

Wires

Broadband Ethernet

Backhaul

BSC/RNC


L2VPN DeploymentLaying the Groundwork for Successful Deployment

The Need to Knows of Your Infrastructure:

What is the aggregate bandwidth requirements for convergedservices?

What are the minimum platform requirements to runthe planned services?

What software features will be required to meet all of my plannedneeds?such as:

L2VPN functionality (like-to-like, any-to-any, etc.)

VPLS functionality (point-to-multipoint)

Q-in-Q

OAM requirements

IGP, EGP, and TE requirements

Cisco Express Forwarding (CEF, dCEF)

7/27/2019 BRKAGG-2000

8/56



Ethernet overMPLS Overview


MPLSEnabled

MPLSEnabled

Customer A

Site#2

1200010720 10720

Targeted LDP Session Between PE Routers

PEPE P

Logical Connectivity

BPDUs, VTP Messages

Physical Connectivity

EoMPLS Reference Model

SwitchSwitch

Customer A

Site#1

Switch Switch

7/27/2019 BRKAGG-2000

9/56



A Typical Configuration: EoMPLS VLANR201

10.0.0.201R202

10.0.0.202R203

10.0.0.203

R204R20010.1.1.0/24 10.1.2.0/24

PE P PE

CE CE

e1/0 e1/0 e2/0 e2/0

e0/0.10

e0/0.10

e0/0.10

e0/0.10

LDP LDP

Targeted LDP

dot1Q 1010.10.10.200/24

dot1Q 1010.10.10.204/24

hostname R201!ipcefmpls ipmplslabel protocol ldpmplsldp router-id Loopback0 force!interface Loopback0ip address 10.0.0.201 255.255.255.255!interface Ethernet0/0.10description *** To R200 ***encapsulation dot1Q 10no ip directed-broadcastno cdp enablexconnect 10.0.0.203 10 encapsulation mpls

hostname R203!ipcefmplsipmpls label protocol ldpmpls ldp router-id Loopback0 force!interface Loopback0ip address 10.0.0.203 255.255.255.255!pseudowire-class eomplsencapsulation mpls!interface Ethernet0/0.10description *** To R204encapsulation dot1Q 10no ip directed-broadcastno cdpenablexconnect 10.0.0.201 10 pw-class eompls


Calculating MTU Requirementsfor the Core

Core MTU Edge MTU + Transport Header + AToMHeader + (MPLS Label Stack * MPLS Header Size)

Edge MTU is the MTU configured in the CE-facingPEs interface

Examples (all in bytes):

1530[1526]

1530[1526]

1526[1522]

Total

431500EoMPLS Port w/ TE FRR

421500EoMPLS VLAN Mode

421500EoMPLS Port Mode

MPLSHeader

MPLSStack

Edge

14

18

14

Transport

4 [0]

4 [0]

4 [0]

AToM

7/27/2019 BRKAGG-2000

10/56



L2 VPN Interworking


Interworking Modes and Features

The AC are terminated locally!!!

There are two types of Interworking (a.k.a. any-2-any)

Ethernet (AKA bridged)Ethernet frames are extractedfrom the AC and sent over the PW; VLAN Tag is removed;CEs can run Ethernet, BVI, or RBE

IP (a.k.a. routed)IP packets are extracted from the ACand sent over the PW

AToM L2TPv3 IP Mode Ethernet

Frame Relay to Ethernet/VLAN Yes Yes Yes Yes

Frame Relay to PPP Yes Yes Yes No

Frame Relay to ATM AAL5 Yes No Yes No

Ethernet/VLAN to ATM AAL5 Yes No Yes Yes

Ethernet to VLAN Yes Yes Yes Yes

7/27/2019 BRKAGG-2000

11/56



Configuration ExampleFrame-Relay to Ethernet

Frame Li nkfr ame-rel ay swi tchi ng!pseudowi re-cl ass atom_fr _vl anencapsul ati on mplsin te r wor kin g ip

!i nterface POS3/0encapsulati on fr ame-rel aycl ock source i nternalfr ame-r elay l mi -t ype ansifr ame-r elay intf -t ype dce

!connect fr -vl an POS3/0 210 l2transportxconnect 192. 168. 200. 2 210 pw- cl ass atom_f r_vl an

Ethernet/ VLAN Li nkfr ame-rel ay swi tchi ng!pseudowi re- cl ass atom_vl an_frencapsul ati on mplsin te r wor kin g ip

!i nterface Gi gabit Ethernet4/0. 310encapsul ati on dot1Q 310xconnect 192. 168. 200. 1 210 pw- cl ass atom_vl an_fr

VLAN 310

i nterface POS5/ 0.210 point- to-poi nti p address 172.16.1. 1 255. 255.255.0fr ame-relay interface-dl c i 210

i nterface Gi gabit Ethernet6/0.310encapsul ati on dot1Q 310i p address 172.16.1. 2 255. 255.255.0

MPLS/IP

DLCI 210


Local Switching InterWorking

interface Serial1/0/1:0encapsulation frame-relay MFR100

!interface Serial1/0/2:0encapsulation frame-relay MFR100

!interface Serial1/0/3:0encapsulation frame-relay MFR100

!interface MFR100

frame-relay lmi-type ansiframe-relay intf-type dce

!interface GigabitEthernet0/1.10encapsulation dot1Q 10

T1/E1 Total6.144 Mbps

Ethernet0/1.10speed 100

connect FR_to_EtherMFR100 Ethernet0/1.10 interworking ip

CE3

PPP/HDLCEthernet0/1.20speed 100

MFR

CE2-HUBCE

PE1

7/27/2019 BRKAGG-2000

12/56



VPLS Introduction


VPLS Introduction

Pseudo Wire Refresher

VPLS Architecture

VPLS Configuration Example

VPLS Deployment

Summary

7/27/2019 BRKAGG-2000

13/56

7/27/2019 BRKAGG-2000

14/56



Why Provide a Layer 2 Service?

Customer have full operational control over theirrouting neighbours

Privacy of addressing space - they do not have tobe shared with the carrier network

Customer has a choice of using any routing protocolincluding non IP based (IPX, AppleTalk)

Customers could use an Ethernet switch instead ofa router as the CPE

A single connection could reach all other edge

points emulating an Ethernet LAN (VPLS)


VPLS Is Defined in IETF

Application

General

Ops and Mgmt

Routing

Security

IETF

MPLS

Transport

Formerly PPVPNworkgroup

VPWS, VPLS, IPLS

BGP/MPLS VPNs (RFC 4364 was2547bis)

IP VPNs using Virtual Routers (RFC2764)

CE based VPNs using IPsec

Pseudo Wire Emulation edge-to-edgeForms the backbone transport for VPLS

IAB

ISOC

As of 2-Nov-2006

Internet

L2VPN

L3VPN

PWE3

7/27/2019 BRKAGG-2000

15/56



VPLS Components

N-PE

MPLSCore

CE router

CE router

CE switch

CE router

CE router

CE switch

CE switch

CE router

Attachment circuitsPort or VLAN mode

Mesh of LSP between N-PEs

N-PE

N-PE

Pseudo Wires within LSP

Virtual Switch Interface (VSI) terminates PWand provides Ethernet bridge function

Targeted LDP between PEsto exchangeVC

labels for Pseudo WiresAttachment CE

can be a switch or router


Virtual Switch Interface

Flooding/Forwarding

MAC table instances per customer (port/vlan) for each PE

VFI will participate in learning and forwarding process

Associate ports to MAC, flood unknowns to all other ports

Address Learning/Aging

LDP enhanced with additional MAC List TLV (label withdrawal)

MAC timers refreshed with incoming frames

Loop Prevention

Create full-mesh of Pseudo Wire VCs (EoMPLS)

Unidirectional LSP carries VCs between pair of N-PE Per

A VPLS use split horizon concepts to prevent loops

7/27/2019 BRKAGG-2000

16/56



VPLS Architecture


VPLS TopologyPE View

Each PE has a P2MP view of all other PEs it sees it selfas a root bridge with split horizon loop protection

Full mesh topology obviates STP in the SP network

Customer STP is transparent to the SP/CustomerBPDUs are forwarded transparently

PEs

CEs

PE view

Full Mesh LDPEthernet PW to each peer

MPLS

7/27/2019 BRKAGG-2000

17/56



PEs

CEs

PE view


MPLS

VPLS TopologyCE View

CE routers/switches see a logical Bridge/LAN

VPLS emulates a LAN but not exactly

This raises a few issues which are discussed later

PEs

CEs

PE view


MPLS

CEs

MPLS


VPLS Functional Components

N-PE provides VPLS termination/L3 services

U-PE provides customer UNI

CE is the customer device

CE U-PE N-PE MPLS Core N-PE U-PE CE

CustomerMxUs

SP PoPsCustomer

MxUs

7/27/2019 BRKAGG-2000

18/56



Why H-VPLS?

Potential signaling overhead

Full PW mesh from the Edge Packet replication done at the Edge

Node Discovery and Provisioningextends end to end

Minimizes signaling overhead

Full PW mesh among Core devices Packet replication done the Core

Partitions Node Discovery process

VPLS H-VPLS

CE

CE

CECE

CE

CE

PE

PE

PE

PE

PE

PE

PE

PECE

CE

MTU-s

CE

CE

PE-rs

PE-rs

PE-rs

PE-rs

PE-rs

PE-rs

PE-r

CE

CE


MPLS VPLS

N-PE

N-PE

N-PE

P P

PP

GE Ring

Metro AU-PE

PE-AGG

Metro C

U-PE

DWDM/CDWM

U-PE

User Facing Provider Edge (U-PE)

Network Facing Provider Edge (N-PE)

Ethernet Edge Topologies

U-PE

RPR

Metro D

Large ScaleAggregation

PE-AGGIntelligent Edge

N-PEMultiservice Core

PEfficientAccess

U-PEIntelligent Edge

N-PEEfficientAccess

U-PE

SiSi

SiSi

Metro B

10/100/1000 Mbps

10/100/1000 Mbps

10/100/1000 Mbps

10/100/1000 Mbps

Hub andSpoke

FullService CPE

FullService CPE

7/27/2019 BRKAGG-2000

19/56

7/27/2019 BRKAGG-2000

20/56



VPLS ConfigurationExample


Configuration Examples

Direct Attachment

Using a Router as a CE(VLAN Based)

Using a Switch as a CE(Port Based)

H-VPLS

Ethernet QinQ

EoMPLS Pseudo Wire(VLAN Based)

EoMPLS Pseudo Wire(Port Based)

Sample Output

7/27/2019 BRKAGG-2000

21/56



Direct Attachment Configuration (C7600)

CEs are all part of same VPLS instance (VCID = 56)

CE router connects using VLAN 100 over sub-interface

PE1 PE2CE1 CE2

CE2

PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0 gi4/4

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1VLAN100

VLAN100

VLAN100

MPLS Core


Direct Attachment CE RouterConfiguration

CE routers sub-interface on same VLAN

Can also be just port based (NO VLAN)

i nterface Gi gabit Ethernet 1/3.100encapsul ati on dot 1q 100i p address 192. 168.20. 2


CE1 CE2

CE2

VLAN100

VLAN100

VLAN100

Subnet 192.168.20.0/24


7/27/2019 BRKAGG-2000

22/56



Direct Attachment VSI Configuration

Create the Pseudo Wires between N-PE routers

MPLS Core

l 2 vfi VPLS-A manualvpn i d 56

neighbor 2. 2.2. 2 encapsul ati on mpl sneighbor 1. 1.1. 1 encapsul ati on mpl s

l 2 vfi VPLS-A manual

vpn i d 56neighbor 1. 1.1. 1 encapsulat i on mpl sneighbor 3. 3.3. 3 encapsulat i on mpl s

l 2 vfi VPLS- A manual

vpn i d 56neighbor 2. 2.2. 2 encapsulat i on mpl sneighbor 3. 3.3. 3 encapsulat i on mpl s

PE1 PE2CE1 CE2

CE2

PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0 gi4/4

gi4/2

pos4/1 pos4/3


VLAN100

VLAN100


Direct Attachment CE Router(VLAN Based)

Same set of commands on each PE

Configured on the CE facing interface

MPLS CorePE1 PE2

CE1 CE2

CE2

PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0 gi4/4

gi4/2

pos4/1 pos4/3


VLAN100

VLAN100I nterf ace Gi gabit Ethernet3/0

swi t chportswi tchport mode t runkswi tchport tr unk encapsulat i on dot1qswi tchport tr unk all owed vl an 100

!I nterf ace vlan 100

no i p addressxconnect vf i VPLS-A

!vlan 100

state acti ve

This command associates the VLAN with t heVPLS instance

VLAN100 = VCID 56

7/27/2019 BRKAGG-2000

23/56




Direct Attachment



H-VPLS

Ethernet QinQ



Sample Output


Direct Attachment CE Switch(Port Based)

IfCE was a switch instead of a router then we can use QinQ

QinQ places all traffic (tagged/untagged) from switch into a VPLS

MPLS CorePE1 PE2

CE1 CE2

CE2

PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0 gi4/4

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1All VLANs

All VLANs

All VLANsI nterf ace Gi gabit Ethernet3/0

swi t chportswi t chport mode dot1qtunnelswi tchport access vlan 100l 2protocol -t unnel stp

!I nterface vlan 100

no i p addressxconnect vf i VPLS-A

!vlan 100

state acti ve

This command associates the VLAN with t heVPLS instance

VLAN100 = VCID 56

7/27/2019 BRKAGG-2000

24/56




Direct Attachment



H-VPLS

Ethernet QinQ



Sample Output


H-VPLS Configuration (C7600/3750ME)

U-PEs provide services to customer edge device

CE traffic then carried in QinQ or EoMPLS PW to N-PE

PW VSI mesh configuration is same as previous examples

MPLS Core

N-PE1 N-PE2

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

CE1

CE2

U-PE1Cisco

3750ME

gi4/4 gi1/1/1fa1/0/1

U-PE2Cisco

3750ME 4.4.4.4

7/27/2019 BRKAGG-2000

25/56




Direct Attachment



H-VPLS

Ethernet QinQ



Sample Output


H-VPLS QinQ Tunnel (Ethernet Edge)

U-PE carries all traffic from CE using QinQ

Outer tag is VLAN100, inner tags are customers

MPLS Core

N-PE1 N-PE2

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0 gi4/4 gi1/1/1

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

U-PE1Cisco

3750ME

I nterf ace Gi gabit Ethernet4/4swi t chportswi tchport mode t runkswi tchport tr unk encapsulat i on dot1qswi tchport tr unk al l owed vlan 100

!I nterface vlan 100

no ip addressxconnect vf i VPLS-A

!vlan 100

state acti ve

i nterf ace FastEthernet1/0/ 1swi t chportswi tchport access vlan 100swi t chport mode dot1q-t unnelswi tchport trunk al l ow vlan 1-1005

!i nterf ace Gi gabit Ethernet 1/1/1swi t chportswi tchport mode t runkswi tchport al l owvlan 1-1005

CE1

CE2

fa1/0/1

4.4.4.4

U-PE2Cisco

3750ME

7/27/2019 BRKAGG-2000

26/56




Direct Attachment



H-VPLS

Ethernet QinQ



Sample Output


H-VPLS EoMPLS PW Edge (VLAN Based)

CE interface on U-PE can be access or trunk port

xconnect per VLAN is required

MPLS Core

N-PE1 N-PE2

U-PE2Cisco

3750ME

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

U-PE1Cisco

3750ME

i nterf ace FastEthernet1/0/ 1swi t chportswi tchport access vlan 500

!i nterf ace vl an500xconnect 2.2. 2.2 56 encapsul ati on mpl s

!i nterf ace Gi gabit Ethernet1/1/ 1no swi t chporti p address 156.50. 20. 2 255.255.255. 252mpl s i p

gi4/4 gi1/1/1

CE1

CE2

fa1/0/1

I nterf ace Gi gabit Ethernet4/4no swi t chporti p address 156.50. 20. 1 255.255.255. 252mpl s i p

!l 2 vfi VPLS- A manual

vpn i d 56neighbor 1. 1.1. 1 encapsul ati on mpl sneighbor 3. 3.3. 3 encapsul ati on mpl snei ghbor 4.4.4.4 encaps mpls no-spl i t

4.4.4.4

Ensures CE traffic passed on PW to/from U-PE

7/27/2019 BRKAGG-2000

27/56




Direct Attachment



H-VPLS

Ethernet QinQ



Sample Output


H-VPLS EoMPLS PW Edge (Port Based)

CE interface on U-PE can be access or trunk port

xconnect for entire PORT is required

MPLS Core

N-PE1 N-PE2

U-PE2Cisco

3750ME

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

U-PE1Cisco

3750ME

i nterf ace FastEthernet1/0/ 1no swi t chportxconnect 2.2. 2.2 56 encapsul ati on mpl s

!i nterf ace Gi gabit Ethernet1/1/ 1no swi t chporti p address 156.50. 20. 2 255.255.255. 252mpl s i p

gi4/4 gi1/1/1

CE1

CE2

fa1/0/1

I nterf ace Gi gabit Ethernet4/4no swi t chporti p address 156.50. 20. 1 255.255.255. 252mpl s i p

!l 2 vf i PE1- VPLS-A manual

vpn i d 56neighbor 1. 1.1. 1 encapsul ati on mpl sneighbor 3. 3.3. 3 encapsul ati on mpl snei ghbor 4.4.4.4 encaps mpls no-spl i t

4.4.4.4

Ensures CE traffic passed on PW to/from U-PE

7/27/2019 BRKAGG-2000

28/56




Direct Attachment



H-VPLS

Ethernet QinQ



Sample Output


MPLS Core

show mpls l2 vc

N-PE1 N-PE2

U-PE2Cisco

3750ME

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

U-PE1Cisco

3750ME

gi4/4 gi1/1/1

CE1

CE2

fa1/0/1

NPE- A#showmpl s l 2 vcLocal i nt f Local c i r cui t Des t address VC ID Sta tus- - -- - -- - -- - -- - - -- - -- - -- - -- - - -- - -- - -- - -- - - -- - - - - -- - -VFI VPLS-A VFI 1.1. 1.1 10 UPVFI VPLS-A VFI 3.3. 3.3 10 UP

4.4.4.4

7/27/2019 BRKAGG-2000

29/56



MPLS Core

show mpls l2 vc detail

N-PE1 N-PE2

U-PE2Cisco

3750ME

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

U-PE1Cisco

3750ME

gi4/4 gi1/1/1

CE1

CE2

fa1/0/1

NPE- 2#showmpl s l 2 vc detai lLocal i nterf ace: VFI VPLS-A up

Desti nati on address: 1.1. 1.1, VC I D: 10, VC status: upTunnel l abel : i mp-nul l , next hop 156.50.20. 1Output i nterf ace: POS4/ 3, i mposed l abel st ack {19}

Create ti me: 1d01h, l ast st atus change t i me: 00: 40: 16Signal i ng protocol : LDP, peer 1. 1.1. 1:0 up

MPLS VC label s: l ocal 23, remote 19

4.4.4.4Use VCLabel 19

Use VCLabel 23


PW RedundancyConcepts

7/27/2019 BRKAGG-2000

30/56



PW High Availability

Failure in the Provider core mitigated with link redundancy and FRR

PE router failure PE Diversity Attachment Circuit failure Need Pair of Attachment Ckts end-to-end

CE Router failure Redundant CEs

CE1

CE2

Site1

PE1

PE2

PE3

PE4

P1

P2

P3

P4Site2


PW High Availability

Failure in the Provider core mitigated with link redundancy and FRR

PE router failure PE Diversity

Attachment Circuit failure Need Pair of Attachment Ckts end-to-end

CE Router failure Redundant CEs

CE1

CE2

Site1

PE1

PE2

PE3

PE4

P1

P2

P3

P4Site2

7/27/2019 BRKAGG-2000

31/56



L2VPN NetworksDual Homed PWSites Without Redundancy Feature

CE1 CE2

Site1

PE3

Site2P2

PE1

PE4

P1 P3

P4

CE3

PE2

x

interface e 1/0.1encapsulation dot1q 10xconnect encapsulation mpls

Interface e1/0.1encapsulation dot1q 10xconnect encapsulation mpls


High Availabili ty in L2VPN Networks

The TCP session between two LDP peers may go down dueto HW/SW failure (RP switchover)

If PE3 fails, traffic will be dropped

Need PW-redundancy so that pw can be re-routed to theredundant router i.e. PE4

PE1

Site1

P1 P3

Site2P4

PE3

PE4

P2

Primary

Standby

Primary

Primary

7/27/2019 BRKAGG-2000

32/56



Dual Homed PW Siteswith Redundancy Feature

CE1

CE3

Site1

PE2

PE3

P2

P3

P4Site2

P1

PE1x

PE4

CE2

pe1(config)#int e 0/0.1pe1(config-subif)#encapsulation dot1q 10pe1(config-subif)#xconnect encapsulation mplspe1(config-subif-xconn)#backup peer


PW RedundancyManual Switchover

CE1CE2

Site1

PE1

PE2

Site2P2 P4

PE3

P1 P3

PE4

CE3

interface Ethernet0/0.1encapsulation dot1Q 10xconnect 192.168.1.3 10 encapsulation mplsbackup peer 192.168.1.4 10backup delay 3 10

pe1#sh mpls l2transport vc 10Local intf Local circuit Destaddress VC ID Status------------- -------------------------- ------------------------- ----------Et0/0.1 Eth VLAN 20 192.168.1.3 10 UPEt0/0.1 Eth VLAN 20 192.168.1.4 10 DOWN

pe1#sh mpls l2transport vc 10

Local intf Local circuit Destaddress VC ID Status------------- -------------------------- ------------------------- ----------Et0/0.1 Eth VLAN 20 192.168.1.3 10 DOWNEt0/0.1 Eth VLAN 20 192.168.1.4 10 UP

pe1>xconnectbackup force-switchover peer 192.168.1.3 10Maintenance Required

7/27/2019 BRKAGG-2000

33/56



PW RedundancyConfig Examples (1/2)

Example 1: MPLS xconnect with 1 redundant peer. The debounce timer is set to 3 seconds sothat we dont allow a switchover until the connection has been deemed down for 3 seconds.

interface serial0/0

xconnect 10.0.0.1 100 encapsulation mpls

backup peer 10.0.0.2 200

backup delay 3 10

pseudowire-class test

encapsulation mpls

!

connect frpw1 serial0/1 50 l2transport

xconnect 20.0.0.1 50 pw-class testbackup peer 20.0.0.2 50

backup delay 0 never

Example 2: xconnect with 1 redundant peer. In this example, once a switchover occurs, we willnot fallback to the primary until the secondary xconnect fails.


PW RedundancyConfig Examples

Example 3: Local-switched connection between ATM and FR using Ethernet interworking.The FR circuit is backed up by a MPLS pseudowire


encapsulation mpls

connect frpw1 serial0/1 50 l2transport

xconnect 20.0.0.1 50 pw-class test

backup peer 20.0.0.2 50

backup delay 3 10


encapsulation mpls

interworkingethernet

connect atm-fr atm1/0 100/100 E0/0.10 100 interworkingethernet

backup peer 1.1.1.1 100 pw-class test..

r201

ce ce

f0/0.10atm4/0

atm4/0 f0/0.10

pe

1.1.1.1

Example 4: xconnect with 1 redundant peer. In this example, the switchover will not beginunless the pseudowire has been down for 3 seconds. Once a switchover occurs, we will notfallback to the primary has been re-established and UP for 10 seconds.z`

PE2-Backup

7/27/2019 BRKAGG-2000

34/56



Tunnel Selection


What If the Core Uses Traffic Engineering?Need to Use the Command preferred-path {interface | peer} Under the pseudowire-class;

The selected path must be a label switched path (LSP) destined tothe peer PE router

If you specify a tunnel (selecting interface):

The tunnel must be an MPLS traff ic engineering tunnel

The tunnel tailend must be on the remote PE router

If you specify an IP address (selecting peer):

The address must be the IP address of a loopback interface on theremote PE router, not necessarily the LDP router-id address; peer

means targeted LDP peerThe address must have a /32 mask

There must be an LSP destined to that selected address

The LSP does not have to be a TE tunnel

Have in Mind That:

7/27/2019 BRKAGG-2000

35/56



Forwarding Traffic into a TE Tunnel

Static routing

Policy routing

Global table onlynot from VRF at present

Autoroute

Forwarding Adjacency

AToM Tunnel Selection

Class Based Tunnel Selection

Static, Autoroute, and Forwarding AdjacencyGet You Unequal-Cost Load-Balancing


Coupling Layer-2 Services with MPLSTEAToM Tunnel Selection

Static mapping betweenpseudo-wire and TETunnel on PE

Implies PE-to-PE TEdeployment

TE tunnel defined aspreferred path for

pseudo-wire

Traffic will fall backto peer LSP if tunnelgoes down

ATM

PE1

PE2

IP/MPLS

ATM

CE

CETE LSP

Layer 2 Circuit

Layer 2 Circuit

PE3

pseudowire-class my-path-prefencapsulation mplspreferred-path interface tunnel 1 disable-fallback!interface fastEthernet .encapsulation dot1Q 150xconnect 172.18.255.3 1000 pw-class my-path-pref

7/27/2019 BRKAGG-2000

36/56



MPLS Forwarding (AToM Traffic)

PE2 sees multiple IGP paths to reach PE1

L2VPN Packets load balanced per customer siteaccording to VC label over two label

Switched paths from PE to P

10.1.1.0/24CE1

Voice Site 2

P4

P2P1

P3

10.1.1.0/24

VideoSite 2

CE2

CE1CE2PE1

10.1.1.0/24

Site 2CE1

CE2

E2/0.1Vlan10

E2/0.2vlan20

E2/0.3Vlan30

PE2

23 17

23 37

20 38

17

37

38


pseudowi re- cl ass my-path- pref

encapsul ati on mpl s

preferred-path i nterface tunnel 1 di sabl e-f all back

!

i nterf ace fastEthernet .

encapsulat i on dot1Q 150

xconnect 172. 18. 255. 3 1000 pw- cl ass my-path- pref

preferred path [interface tunnel tunnel-number| peer /{ip address | host name}] [disable-fallback]

L2VPN DeploymentTunnel Selection for Bandwidth Protection

This configuration will allow one to direct which pathpseudowires are to take throughout the network

The tunnel head end / tail end must be on the PEs

7/27/2019 BRKAGG-2000

37/56



ATOM: Preferred Path TE Tunnels

Three TE tunnels (Tunnel 0, Tunnel 1 and Tunnel2) between PE1 and PE2

Preferred path can be used to map each vc (or multiple vcs) traffic into differentTE tunnels

192.168.0.5/32

10.1.1.0/24

PE2

CE1

Site 1 Site 2

P4

P2 P1

P3

10.1.1.0/24

Site 1Site 2

CE2

CE1CE2

PE1

10.1.1.0/24

Site 1Site 2

CE1CE2

TE Tunnel 2

TE Tunnel 1

TE Tunnel 0

30

34

35

pseudowire-class testencapsulation mpls

preferred-path interface Tunnel0!pseudowire-class test1encapsulation mplspreferred-path interface Tunnel1!pseudowire-class test2encapsulation mplspreferred-path interface Tunnel2

interface Ethernet2/0.1description green vcxconnect192.168.0.5 1 encapsulation mplspw-class test!interface Ethernet2/0.2description red vcxconnect192.168.0.5 20 encapsulation mplspw-class test1

!interface Ethernet2/0.3description dark green vcxconnect192.168.0.5 30 encapsulation mpls pw-class test2


ATOM: Preferred Path TE Tunnels

Each vc is mapped to a different tunnel

Site 2

Site 2

CE2

CE2

Site 2CE2

10.1.1.0/24

Site 1

10.1.1.0/24

Site 1

10.1.1.0/24

Site 1

192.168.0.5/32

PE2

CE1

P4

P2 P1

P3

CE1

PE1

CE1

TE Tunnel 2

30

34

35

pe2#sh mplsl2transport vc detail | in labelOutput interface: Tu0, imposed label stack {30 16}MPLS VC labels: local 16, remote 16Tunnel label: 3, next hop point2pointOutput interface: Tu1, imposed label stack {34 37}MPLS VC labels: local 17, remote 37Tunnel label: 3, next hop point2pointOutput interface: Tu2, imposed label stack {35 38}MPLS VC labels: local 37, remote 38

7/27/2019 BRKAGG-2000

38/56



Data CenterImplementation withLayer 2 VPN PWE


Data Center Option (A) Utilizing Layer 2 VPN to Provide High Availabil ityBetween Two Data Centers and Two Service Providers

6500-DCN- SWI TCH!

i nterf ace gi gabitethernet 1/0/1 COREAchannel - group 1 mode onswi tchportswi tchport tr unk encapsulati on dot1qswi tchport mode t runk!i nterf ace gi gabitethernet 1/0/2 COREBchannel - group 1 mode onswi tchportswi tchport tr unk encapsulati on dot1qswi tchport mode t runk

PE1- COREB!

i nterf ace gigabitethernet 1/0/0no swi tchportxconnect X.X.X. PE2 70 encapsulat i on mpl s PE2-COREA

___ ___ ___ ___ ___ ___ ___ ___ ___ ___ __ ___ ___ ___ ___ ___ ___PE2- COREB!i nterf ace gigabitethernet 1/0/0no swi tchportxconnect X.X.X. PE1 70 encapsulat i on mpl s PE1-COREA

7/27/2019 BRKAGG-2000

39/56



Data Center Option (B) Utilizing Layer 2 VPN to Provide Physical HighAvai labil ity Between Two Data Centers

6500-DCN-SWITCH!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk!interface gigabitethernet 1/0/4

switchport mode accessSwitchport access vlan 10

interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 2 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 2/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 2/0/2

channel-group 2 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk!interface Port-channel2switchport trunk

PE1-COREAinterface gigabitethernet 3/0no switchportxconnect X.X.X.PE2-CORE A 70encapsulat i on mpl s

PE1-COREBi nterface gi gabitethernet 3/0no switchportxconnect X.X.X.PE2-CORE B 70encapsulat i on mpl s


Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical HighAvai labil ity Dual Switches Betw een Two Data Centers STP Free Topology

6500-A!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1q

switchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk!i nterf ace gi gabitethernet 1/0/4swi tchport mode accessSwi tchport access vl an 10

6500-A

6500-B!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1q

switchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk!i nterf ace gi gabitethernet 1/0/4swi tchport mode accessSwi tchport access vl an 10

PE1-COREAinterface gigabitethernet 3/0

7/27/2019 BRKAGG-2000

40/56



Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical HighAvai labil ity Dual Switches Betw een Two Data Centers STP Free Topology

6500-A

!interface gigabitethernet 1/0/1channel-group 1 mode on

switchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk

!interface Port-channel1switchport trunk

!interf ace gigabit ethernet 1/0/4swi tchport mode accessSwi tchport access vlan 10

6500-A

6500-B

!interface gigabitethernet 1/0/1channel-group 1 mode on

switchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk

!interface Port-channel1switchport trunk

!interf ace gigabit ethernet 1/0/4swi tchport mode accessSwi tchport access vlan 10


7/27/2019 BRKAGG-2000

41/56



Virtual Switchingand Layer 2 VPNin Data Center


Current Network ChallengesEnterprise Campus

Access

L2/L3Distribution

L3 Core

FHRP, STP, Asymmetricrouting,

Policy Management

Extensive routingtopology, Routing

reconvergence

Single active uplink perVLAN (PVST), L2

reconvergence, increasedroute peering with L3

access

Traditional Enterprise Campus deployments have been designedin such a way that allows for scalability, differentiated services andhigh availability. However they also face many challenges, some ofwhich are listed in the below diagram

7/27/2019 BRKAGG-2000

42/56



Current Network ChallengesData Center

L2/L3 Core

L2Distribution

L2 Access

Dual-Homed Servers to single

switch, Single active uplink perVLAN (PVST), L2reconvergence

Single active uplink per VLAN(PVST), L2 reconvergence,

excessive BPDUs

FHRP, HSRP, VRRPSpanning Tree

Policy Management

Traditional Data Center designs are requiring ever increasing

Layer 2 adjacencies between Server nodes due to prevalence ofVirtualization technology. However, they are pushing the limits ofLayer 2 networks, placing more burden on loop-detection protocolssuch as Spanning Tree


Introduction to Virtual SwitchConceptsVirtual Switch System is a new technology break through for theCatalyst 6500 family

7/27/2019 BRKAGG-2000

43/56



Virtual Switch SystemEnterprise Campus

Access

L2/L3Distribution

L3 Core

No FHRPsNo Looped topologyPolicy Management

Reduced routingneighbors, Minimal L3

reconvergence

Multiple active uplinks perVLAN, No STPconvergence

A Virtual Switch-enabled Enterprise Campus network takes

on multiple benefits including simplified management &administration, facilitating greater high availability, whilemaintaining a flexible and scalable architecture


Virtual Switch SystemData Center

L2/L3 Core

L2Distribution

L2 Access

Dual-Homed Servers, Singleactive uplink per VLAN (PVST),

Fast L2 convergence

Dual Active Uplinks, Fast L2convergence, minimized L2

Control Plane, Scalable

Single router node, Fast L2convergence, Scalable

architecture

A Virtual Switch-enabled Data Center allows for maximumscalability so bandwidth can be added when required, but stillproviding a larger Layer 2 hierarchical architecture free of relianceon Spanning Tree

7/27/2019 BRKAGG-2000

44/56



Virtual Switch ArchitectureVirtual Switch LinkThe Virtual Switch Link is a special link joining each physical switch

together - it extends the out of band channel allowing the activecontrol plane to manage the hardware in the second chassis


Virtual Switch ArchitectureVSL Initialization

Role Resolution Protocol (RRP) used to determine compatible Hardware and Soft ware versions to form the VSL as well as determinewhich switch becomes Active and Hot Standby from a control plane perspective

Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determinewhich switch becomes Active and Hot Standby from a control plane perspective

LMPLMP

LMPLMP

RRPRRPRRPRRP

Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange ChassisID and other information between the 2switches

Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange Chassis ID and other information between the 2switches

Link Bringup to determine which ports form the VSLLink Bringup to determine which ports form the VSL

Before the Virtual Switch domain can become active, the Virtual SwitchLink (VSL) must be brought online to determine Active and Standbyroles. The initialization process essentially consists of 3 steps:

1.

2.

3.

7/27/2019 BRKAGG-2000

45/56



Virtual Switch ArchitectureVSLP Ping

The VSLP Ping operates on a per-physical interface basis and parameterssuch as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified

VSL

Switch 1 Switch 2

VSLPVSLP VSLPVSLP

VSLPVSLP VSLPVSLP

vss#ping vslp output i nterf ace t enGi gabitEthernet 1/5/4

Type escape sequence to abort .Sendi ng 5, 100-byt e VSLP pi ng to peer- sup vi a output por t 1/ 5/4, ti meout i s 2 seconds:! ! ! ! !Success rat e i s 100 percent (5/ 5), round-t ri p mi n/avg/max = 12/12/16 msvss#

vss#ping vslp output i nterf ace tenGi gabitEthernet 1/5/4

Type escape sequence to abort .Sendi ng 5, 100-byt e VSLP pi ng to peer- sup via output port 1/5/ 4, t i meout i s 2 seconds:! ! ! ! !

Success rat e is 100 percent ( 5/5) , round-tr i p mi n/avg/max =12/ 12/16 msvss#

A new Ping mechanism has been implemented in VSS mode to allow the

user to objectively verify the health of the VSL itself. This is implemented asa VSLP Ping


VSS EtherChannelConceptsOverview, Protocols, LoadBalancing, Enhancements with VSL

7/27/2019 BRKAGG-2000

46/56



EtherChannel ConceptsMultichassis EtherChannel (MEC)

Regular EtherChannel on single chassis Multichassis EtherChannel across 2 VSL-enabled Chassis

Virtual Switch Virtual Switch

LACP, PAGP or ON EtherChannelmodes are supported

LACP, PAGP or ON EtherChannelmodes are supported

Prior to Virtual Switch, Etherchannels were restricted to reside within the

same physical switch. In a Virtual Switch environment, the 2 physicalswitches form a single logical network entity - therefore Etherchannelscan now also be extended across the 2 physical chassis


EtherChannel ConceptsEtherChannel Hash for MEC

Link A1 Link B2

Blue Traffic destined for theServer will result in LinkA1 in theMEC link bundle being chosen as

the destination path

Orange Traffic destined for theServer will result in Link B2 in t heMEC link bundle being chosen as

the destination path

Server

MEC

Deciding on which link of a Multi-chassis EtherChannel to use in aVirtual Switch is skewed in favor towards local links in the bundle -this is done to avoid overloading the Virtual Switch Link (VSL) withunnecessary traffic loads

7/27/2019 BRKAGG-2000

47/56



Hardware RequirementsVSL Hardware RequirementsThe Virtual Switch Link requires special hardware as noted below


Hardware RequirementsOther Hardware Considerations

7/27/2019 BRKAGG-2000

48/56



High AvailabilityLink Failure, Redundancy Schemes,Dual-Active Detection, GOLD


High Availabili tyRedundancy Schemes

Should a mismatch of information occur between the Active and Standby

Chassis, the Standby Chassis will revert to RPR mode, where only configurationis synchronized, but PFC, Switch Fabric and modules will not be brought up

VSL

Switch 112.2(33)SXH1

Active


NSF/SSO

VSL


Active


RPR

The default redundancy mechanism between the 2 VSS chassis andtheir associated supervisors is NSF/SSO, allowing state information andconfiguration to be synchronized. Additionally, only in NSF/SSO mode doesthe Standby supervisor PFC, Switch Fabric, modules and their associatedDFCs become active

7/27/2019 BRKAGG-2000

49/56



High Availabili tySSO-Aware Protocols

Virtual SwitchSwitch 1 Switch 2

DHCP SnoopingBinding Table

DHCP SnoopingBinding Table

IP AddIP Add MAC AddMAC Add

10.10.10.1010.10.10.10 00:50:56:01:e1:0200:50:56:01:e1:02

172.26.18.2172.26.18.2 00:02:b3:3f:3b:9900:02:b3:3f:3b:99

172.26.19.34172.26.19.34 00:16:a1:c2:ee:3200:16:a1:c2:ee:32

10.10.10.4310.10.10.43 00:16:cb:03:d3:4400:16:cb:03:d3:44

VLANVLAN

1010

1818

1919

1010

InterfaceInterface

Po10Po10

Po10Po10

Po20Po20

Po20Po20

As of Whitney 1, there are over 90 protocols that are SSO-aware. Theseinclude information such as ARP, DHCP Snooping, IP Source Guard, NACPosture database, etc In a VSS environment, failure of either VS will notrequire this information to be re-populated again


High Availabili tyDual-Active Detection

Virtual Switch Domain

VS State :ActiveControl Plane:ActiveData Plane:Active

VS State : StandbyControl Plane: Standby

Data Plane:Active

VSL

Switch 1 Supervisor Switch 2 Supervisor

It is always recommended to deploy the VSL with 2 or more links and distribute thoseinterfaces across multiple modules to ensure the greatest redundancy

It is always recommended to deploy the VSL with 2 or more links and distribute thoseinterfaces across multiple modules to ensure the greatest redundancy

In a Virtual Switch Domain, one switch is elected as Active and the other iselected as Standby during bootup by VSLP. Since the VSL is always configuredas a Port Channel, the possibility of the entire VSL bundle going down is remote,however it is a possibility

7/27/2019 BRKAGG-2000

50/56



1. Enhanced Port Aggregation Protocol (PAgP)

2. Dual-Active Detection over IP-BFD

High Availabili tyDual-Active Detection

2 mechanisms have been implemented in the initial release to detect and recover froma Dual Active scenario:

Virtual Switch Domain

VS State :ActiveControl Plane:ActiveData Plane:Active

VS State :ActiveControl Plane:Active

Data Plane:Active

VSL

Switch 1 Supervisor Switch 2 Supervisor

If the entire VSL bundle should happen to go down, the Virtual Switch Domain willenter a Dual Active scenario where both switches transition to Active state and sharethe same network configuration (IP addresses, MAC address, Router IDs, etc)potentially causing communication problems through the network


High Availabili tyDual-Active DetectionMechanisms1. Enhanced Port Aggregation Protocol (PAgP)

2. Dual-Active Detection over IP-BFD

7/27/2019 BRKAGG-2000

51/56



High Availabili tyDual-Active DetectionExclude Interfaces

vs-vsl#conf tEnter conf i gurat i on commands, one per l i ne. End wi th CNTL/Z.vs-vsl (confi g)#swi tch vi rt ual domai n 100vs-vsl (confi g-vs-domain) #dual- acti ve excl ude i nterf ace Gi g 1/5/1vs-vsl (confi g-vs-domain) #dual- acti ve excl ude i nterf ace Gi g 2/5/1vs-vsl (confi g-vs-domain) # Zvs-vs l#

vs-vs l#c onf tEnt er confi gurat i on commands, one per l i ne. End wi t h CNTL/ Z.vs-vsl (confi g)#swi tch vi rt ual domain 100vs-vsl (confi g-vs-domain) #dual- acti ve exclude i nterface Gi g 1/ 5/1vs-vsl (confi g-vs-domain) #dual- acti ve exclude i nterface Gi g 2/ 5/1vs-vsl (confi g-vs-domain) # Zvs-vs l#

Upon detection of a Dual Active scenario, all interfaces on the previous-Active switch will be brought down so as not to disrupt the functioning ofthe remainder of the network. The exception interfaces include VSLmembers as well as pre-determined interfaces which may be used formanagement purposes


High Availabili tyDual-Active Recovery

After role has been resolved and SSO Hot Standby mode is possible, interfaceswill be brought up and traffic will resume back to 100% capacity

VSL Up! ReloadVSL Up! Reload

Switch 1 Switch 2

Switch 1 Switch 2

VSLPVSLP VSLPVSLP

Upon the restoration of one or more VSL interfaces, VSLP will detect thisand will proceed to reload Switch 1 so that it may be able to re-negotiateActive/Standby role after bootup

7/27/2019 BRKAGG-2000

52/56



High Availabili tyGeneric OnLine Diagnostics (GOLD)

There are 4 new tests that are available in VSS mode:

1. TestVSLLocalLoopback

2. TestVSLBridgeLink3. TestVSLStatus

4. TestVSActiveToStandbyLoopback

VS State :ActiveLocal GOLD:Active

VS State : StandbyLocal GOLD:Active

VSLSwitch 1 Switch 2

Distributed GOLD Manager

Some enhancements to the GOLD framework have been implemented in aVSS environment, which leverages a Distributed GOLD environment. Inthis case, each supervisor runs an instance of GOLD, but is centrallymanaged by the Active Supervisor in the Active chassis


Virtual Switch SystemDeployment ConsiderationsVirtual Switch will incorporate some deployment considerations as best practice

7/27/2019 BRKAGG-2000

53/56



Virtual Switch SystemBenefits


Virtual Switch SystemSummary

7/27/2019 BRKAGG-2000

54/56



Data Center Option (E) Utilizing Layer 2VPN and Virtual Switching New Features


7/27/2019 BRKAGG-2000

55/56



Recommended Reading

Continue your Cisco Livelearning experience with furtherreading from Cisco Press

Check the RecommendedReading flyer for suggestedbooks

Layer 2 VPN Architectures

ISBN: 1-58705-168-0

Available Onsite at the Cisco Company Store


Complete Your OnlineSession Evaluation

Give us your feedback and you could winfabulous prizes. Winners announced daily.

Receive 20 Passport points for each sessionevaluation you complete.

Complete your session evaluation online now(open a browser through our wireless networkto access our portal) or visit one of the Internetstations throughout the Convention Center.

Dont forget to activateyourCisco Live virtualaccount for access toall session materialon-demand and returnfor our live virtual eventin October 2008.

Go to the CollaborationZone in World ofSolutions or visitwww.cisco-live.com.

7/27/2019 BRKAGG-2000

56/56


Documents

BRKAGG-2000