Upload
nguyen-tien-hai
View
215
Download
0
Embed Size (px)
Citation preview
7/27/2019 BRKAGG-2000
1/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAGG-200014555_04_2008_c1 2
Implementation andUtilization of Layer 2VPN Technologies
BRKAGG-2000
7/27/2019 BRKAGG-2000
2/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3BRKAGG-200014555_04_2008_c1
General Prerequis ites
Spanning Tree problems and Data Center knowledge
Why L2VPN technology is becoming ever important toservice providers and enterprise
Good understanding of L2VPN technology pseudowires(PWs) operation (AToM, L2TPv3)
Basic understanding of network design principles
Familiarity with quality of service principles; applicationwill be discussed, with examples
Basic understanding of MPLS traffic engineering(MPLS-TE) concepts
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4BRKAGG-200014555_04_2008_c1
L2VPN Deployment Objectives
Quick review of the motivating factors forL2VPN adoption
Outline common service requirements for L2VPN andhow they are being addressed by Service Providersand Enterprise
Quick overview EoMPLS and VPLS
Using Traffic Engineering with Layer 2 VPN Position Layer 2 VPN for Data Center
7/27/2019 BRKAGG-2000
3/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5BRKAGG-200014555_04_2008_c1
Summary Technology
AToM/L2TPv3
EoMPLS
VPLS
TrafficEngineering
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6BRKAGG-200014555_04_2008_c1
Deployment Objectives
7/27/2019 BRKAGG-2000
4/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7BRKAGG-200014555_04_2008_c1
Why Is L2VPN Needed?
It allows SP and Enterprise to have a singleinfrastructure for both IP and legacy services
For SP Move legacy ATM/FR traffic to MPLS/IP core withoutinterrupting current services
Enterprise allow them to build better DataCenter and spamacross L2 AC across WAN/MPLS and provide better HA
Help SP provide new P2P Layer 2 tunnelling services
Customer can have its own routing, QoS policy, etc.
A migration step towards IP/MPLS VPN
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8BRKAGG-200014555_04_2008_c1
Benefits for L2VPNs
New service opportunities:
Virtual leased line service
Offer PVC-like Layer 2-based service
Reduced costconsolidate multiple core technologiesinto a single packet-based network infrastructure
Simplify servicesLayer 2 transport provides options for serviceproviders who need to provide L2 connectivity and maintaincustomer autonomy
Protect existing investmentsGreenfield networks to extendcustomer access to existing Layer 2 networks without deployinga new separate infrastructure
Feature supportthrough the use of Cisco IOS featuressuch as IPsSec, QoS, and Traffic Engineering, L2 transportcan be tailored to meet customer requirements
7/27/2019 BRKAGG-2000
5/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9BRKAGG-200014555_04_2008_c1
L2VPN Models
P2MP/MP2MP
VPWS VPLS
PPP/HDLC
ATMAAL5/Cell
FR
Ethernet
PPP/HDLC
ATMAAL5/Cell
FR
Ethernet
Like-to-Like ORAny-to-AnyPoint-to-Point
AToM
Ethernet
MPLS CoreLocal Switching IP Core
Any-to-Any ServicePoint-to-Point
L2TPv3
L2VPN Models
CE-TDM
T1/E1
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10BRKAGG-200014555_04_2008_c1
Motivation for L2VPNsIve Really Got to Consolidate These Networks
Access
IP/IPSec
FR/ATMBroadband
Ethernet
Access
IP/IPSec
FR/ATMBroadband
Ethernet
Multiple Access Services Require Multiple Core Technologies = $$$ High Costs/ComplexManagement
ATM
MPLS or IP
SONET
7/27/2019 BRKAGG-2000
6/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11BRKAGG-200014555_04_2008_c1
Generic L2 VPN Architecture
Tunnels (MPLS, L2TPv3, GRE, IPSec, etc.)
Emulated VCs (pseudowires) inside tunnels (many-to-one)
Attachment VCs (e.g., FR DLCI, PPP) mapped to emulated VCs
L2
AttachmentCircuit
VC
Emulated VCTunnel
VCEmulated VC/PW
L2
AttachmentCircuit
PSN
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12BRKAGG-200014555_04_2008_c1
Motivation for L2VPNsHow Can I Leverage My Packet Infrastructure?
Reduce overlapping core expense; consolidate trunk lines
Offer multiservice/common interface (i.e. Ethernet MUX = L2, L3 and Internet)
Maintain existing revenues from legacy services
EthernetMPLS/IP
Edge Packet Switched Network
MSE
New Service Growth
Broadband Access
Frame Relay ATM
Existing Infrastructure
Trunk Replacement
7/27/2019 BRKAGG-2000
7/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13BRKAGG-200014555_04_2008_c1
New Evolution for Circuit Emulation
SONET/SDH
IP/MPLSIP/MPLS
SONET/SDH/Ethernet/DSL
PW/Abis/Iub FR/ATM
Radio Access Network
BTS/NodeB
SGSN
RAN Edge
Backbone Network
IP POP at
cellsite
Abis/Iu b Optimi zation
GGSN
GMSC
MGW
MGW
MSC Server
MSC
IP/MPLS BackbonePre-Aggregation
Site
SS7oIP
PSTN
Internet
ITPITPITPITP
Pseudo
Wires
Broadband Ethernet
Backhaul
BSC/RNC
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14BRKAGG-200014555_04_2008_c1
L2VPN DeploymentLaying the Groundwork for Successful Deployment
The Need to Knows of Your Infrastructure:
What is the aggregate bandwidth requirements for convergedservices?
What are the minimum platform requirements to runthe planned services?
What software features will be required to meet all of my plannedneeds?such as:
L2VPN functionality (like-to-like, any-to-any, etc.)
VPLS functionality (point-to-multipoint)
Q-in-Q
OAM requirements
IGP, EGP, and TE requirements
Cisco Express Forwarding (CEF, dCEF)
7/27/2019 BRKAGG-2000
8/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15BRKAGG-200014555_04_2008_c1
Ethernet overMPLS Overview
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16BRKAGG-200014555_04_2008_c1
MPLSEnabled
MPLSEnabled
Customer A
Site#2
1200010720 10720
Targeted LDP Session Between PE Routers
PEPE P
Logical Connectivity
BPDUs, VTP Messages
Physical Connectivity
EoMPLS Reference Model
SwitchSwitch
Customer A
Site#1
Switch Switch
7/27/2019 BRKAGG-2000
9/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17BRKAGG-200014555_04_2008_c1
A Typical Configuration: EoMPLS VLANR201
10.0.0.201R202
10.0.0.202R203
10.0.0.203
R204R20010.1.1.0/24 10.1.2.0/24
PE P PE
CE CE
e1/0 e1/0 e2/0 e2/0
e0/0.10
e0/0.10
e0/0.10
e0/0.10
LDP LDP
Targeted LDP
dot1Q 1010.10.10.200/24
dot1Q 1010.10.10.204/24
hostname R201!ipcefmpls ipmplslabel protocol ldpmplsldp router-id Loopback0 force!interface Loopback0ip address 10.0.0.201 255.255.255.255!interface Ethernet0/0.10description *** To R200 ***encapsulation dot1Q 10no ip directed-broadcastno cdp enablexconnect 10.0.0.203 10 encapsulation mpls
hostname R203!ipcefmplsipmpls label protocol ldpmpls ldp router-id Loopback0 force!interface Loopback0ip address 10.0.0.203 255.255.255.255!pseudowire-class eomplsencapsulation mpls!interface Ethernet0/0.10description *** To R204encapsulation dot1Q 10no ip directed-broadcastno cdpenablexconnect 10.0.0.201 10 pw-class eompls
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18BRKAGG-200014555_04_2008_c1
Calculating MTU Requirementsfor the Core
Core MTU Edge MTU + Transport Header + AToMHeader + (MPLS Label Stack * MPLS Header Size)
Edge MTU is the MTU configured in the CE-facingPEs interface
Examples (all in bytes):
1530[1526]
1530[1526]
1526[1522]
Total
431500EoMPLS Port w/ TE FRR
421500EoMPLS VLAN Mode
421500EoMPLS Port Mode
MPLSHeader
MPLSStack
Edge
14
18
14
Transport
4 [0]
4 [0]
4 [0]
AToM
7/27/2019 BRKAGG-2000
10/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19BRKAGG-200014555_04_2008_c1
L2 VPN Interworking
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20BRKAGG-200014555_04_2008_c1
Interworking Modes and Features
The AC are terminated locally!!!
There are two types of Interworking (a.k.a. any-2-any)
Ethernet (AKA bridged)Ethernet frames are extractedfrom the AC and sent over the PW; VLAN Tag is removed;CEs can run Ethernet, BVI, or RBE
IP (a.k.a. routed)IP packets are extracted from the ACand sent over the PW
AToM L2TPv3 IP Mode Ethernet
Frame Relay to Ethernet/VLAN Yes Yes Yes Yes
Frame Relay to PPP Yes Yes Yes No
Frame Relay to ATM AAL5 Yes No Yes No
Ethernet/VLAN to ATM AAL5 Yes No Yes Yes
Ethernet to VLAN Yes Yes Yes Yes
7/27/2019 BRKAGG-2000
11/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21BRKAGG-200014555_04_2008_c1
Configuration ExampleFrame-Relay to Ethernet
Frame Li nkfr ame-rel ay swi tchi ng!pseudowi re-cl ass atom_fr _vl anencapsul ati on mplsin te r wor kin g ip
!i nterface POS3/0encapsulati on fr ame-rel aycl ock source i nternalfr ame-r elay l mi -t ype ansifr ame-r elay intf -t ype dce
!connect fr -vl an POS3/0 210 l2transportxconnect 192. 168. 200. 2 210 pw- cl ass atom_f r_vl an
Ethernet/ VLAN Li nkfr ame-rel ay swi tchi ng!pseudowi re- cl ass atom_vl an_frencapsul ati on mplsin te r wor kin g ip
!i nterface Gi gabit Ethernet4/0. 310encapsul ati on dot1Q 310xconnect 192. 168. 200. 1 210 pw- cl ass atom_vl an_fr
VLAN 310
i nterface POS5/ 0.210 point- to-poi nti p address 172.16.1. 1 255. 255.255.0fr ame-relay interface-dl c i 210
i nterface Gi gabit Ethernet6/0.310encapsul ati on dot1Q 310i p address 172.16.1. 2 255. 255.255.0
MPLS/IP
DLCI 210
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22BRKAGG-200014555_04_2008_c1
Local Switching InterWorking
interface Serial1/0/1:0encapsulation frame-relay MFR100
!interface Serial1/0/2:0encapsulation frame-relay MFR100
!interface Serial1/0/3:0encapsulation frame-relay MFR100
!interface MFR100
frame-relay lmi-type ansiframe-relay intf-type dce
!interface GigabitEthernet0/1.10encapsulation dot1Q 10
T1/E1 Total6.144 Mbps
Ethernet0/1.10speed 100
connect FR_to_EtherMFR100 Ethernet0/1.10 interworking ip
CE3
PPP/HDLCEthernet0/1.20speed 100
MFR
CE2-HUBCE
PE1
7/27/2019 BRKAGG-2000
12/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23BRKAGG-200014555_04_2008_c1
VPLS Introduction
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24BRKAGG-200014555_04_2008_c1
VPLS Introduction
Pseudo Wire Refresher
VPLS Architecture
VPLS Configuration Example
VPLS Deployment
Summary
7/27/2019 BRKAGG-2000
13/56
7/27/2019 BRKAGG-2000
14/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27BRKAGG-200014555_04_2008_c1
Why Provide a Layer 2 Service?
Customer have full operational control over theirrouting neighbours
Privacy of addressing space - they do not have tobe shared with the carrier network
Customer has a choice of using any routing protocolincluding non IP based (IPX, AppleTalk)
Customers could use an Ethernet switch instead ofa router as the CPE
A single connection could reach all other edge
points emulating an Ethernet LAN (VPLS)
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28BRKAGG-200014555_04_2008_c1
VPLS Is Defined in IETF
Application
General
Ops and Mgmt
Routing
Security
IETF
MPLS
Transport
Formerly PPVPNworkgroup
VPWS, VPLS, IPLS
BGP/MPLS VPNs (RFC 4364 was2547bis)
IP VPNs using Virtual Routers (RFC2764)
CE based VPNs using IPsec
Pseudo Wire Emulation edge-to-edgeForms the backbone transport for VPLS
IAB
ISOC
As of 2-Nov-2006
Internet
L2VPN
L3VPN
PWE3
7/27/2019 BRKAGG-2000
15/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29BRKAGG-200014555_04_2008_c1
VPLS Components
N-PE
MPLSCore
CE router
CE router
CE switch
CE router
CE router
CE switch
CE switch
CE router
Attachment circuitsPort or VLAN mode
Mesh of LSP between N-PEs
N-PE
N-PE
Pseudo Wires within LSP
Virtual Switch Interface (VSI) terminates PWand provides Ethernet bridge function
Targeted LDP between PEsto exchangeVC
labels for Pseudo WiresAttachment CE
can be a switch or router
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30BRKAGG-200014555_04_2008_c1
Virtual Switch Interface
Flooding/Forwarding
MAC table instances per customer (port/vlan) for each PE
VFI will participate in learning and forwarding process
Associate ports to MAC, flood unknowns to all other ports
Address Learning/Aging
LDP enhanced with additional MAC List TLV (label withdrawal)
MAC timers refreshed with incoming frames
Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS)
Unidirectional LSP carries VCs between pair of N-PE Per
A VPLS use split horizon concepts to prevent loops
7/27/2019 BRKAGG-2000
16/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31BRKAGG-200014555_04_2008_c1
VPLS Architecture
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32BRKAGG-200014555_04_2008_c1
VPLS TopologyPE View
Each PE has a P2MP view of all other PEs it sees it selfas a root bridge with split horizon loop protection
Full mesh topology obviates STP in the SP network
Customer STP is transparent to the SP/CustomerBPDUs are forwarded transparently
PEs
CEs
PE view
Full Mesh LDPEthernet PW to each peer
MPLS
7/27/2019 BRKAGG-2000
17/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33BRKAGG-200014555_04_2008_c1
PEs
CEs
PE view
Full Mesh LDPEthernet PW to each peer
MPLS
VPLS TopologyCE View
CE routers/switches see a logical Bridge/LAN
VPLS emulates a LAN but not exactly
This raises a few issues which are discussed later
PEs
CEs
PE view
Full Mesh LDPEthernet PW to each peer
MPLS
CEs
MPLS
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34BRKAGG-200014555_04_2008_c1
VPLS Functional Components
N-PE provides VPLS termination/L3 services
U-PE provides customer UNI
CE is the customer device
CE U-PE N-PE MPLS Core N-PE U-PE CE
CustomerMxUs
SP PoPsCustomer
MxUs
7/27/2019 BRKAGG-2000
18/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35BRKAGG-200014555_04_2008_c1
Why H-VPLS?
Potential signaling overhead
Full PW mesh from the Edge Packet replication done at the Edge
Node Discovery and Provisioningextends end to end
Minimizes signaling overhead
Full PW mesh among Core devices Packet replication done the Core
Partitions Node Discovery process
VPLS H-VPLS
CE
CE
CECE
CE
CE
PE
PE
PE
PE
PE
PE
PE
PECE
CE
MTU-s
CE
CE
PE-rs
PE-rs
PE-rs
PE-rs
PE-rs
PE-rs
PE-r
CE
CE
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36BRKAGG-200014555_04_2008_c1
MPLS VPLS
N-PE
N-PE
N-PE
P P
PP
GE Ring
Metro AU-PE
PE-AGG
Metro C
U-PE
DWDM/CDWM
U-PE
User Facing Provider Edge (U-PE)
Network Facing Provider Edge (N-PE)
Ethernet Edge Topologies
U-PE
RPR
Metro D
Large ScaleAggregation
PE-AGGIntelligent Edge
N-PEMultiservice Core
PEfficientAccess
U-PEIntelligent Edge
N-PEEfficientAccess
U-PE
SiSi
SiSi
Metro B
10/100/1000 Mbps
10/100/1000 Mbps
10/100/1000 Mbps
10/100/1000 Mbps
Hub andSpoke
FullService CPE
FullService CPE
7/27/2019 BRKAGG-2000
19/56
7/27/2019 BRKAGG-2000
20/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39BRKAGG-200014555_04_2008_c1
VPLS ConfigurationExample
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct Attachment
Using a Router as a CE(VLAN Based)
Using a Switch as a CE(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire(VLAN Based)
EoMPLS Pseudo Wire(Port Based)
Sample Output
7/27/2019 BRKAGG-2000
21/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41BRKAGG-200014555_04_2008_c1
Direct Attachment Configuration (C7600)
CEs are all part of same VPLS instance (VCID = 56)
CE router connects using VLAN 100 over sub-interface
PE1 PE2CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1VLAN100
VLAN100
VLAN100
MPLS Core
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42BRKAGG-200014555_04_2008_c1
Direct Attachment CE RouterConfiguration
CE routers sub-interface on same VLAN
Can also be just port based (NO VLAN)
i nterface Gi gabit Ethernet 1/3.100encapsul ati on dot 1q 100i p address 192. 168.20. 2
i nterface Gi gabit Ethernet 2/0.100encapsul ati on dot 1q 100i p address 192. 168.20. 3
CE1 CE2
CE2
VLAN100
VLAN100
VLAN100
Subnet 192.168.20.0/24
i nterface Gi gabit Ethernet 2/1.100encapsul ati on dot 1q 100i p address 192. 168.20. 1
7/27/2019 BRKAGG-2000
22/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43BRKAGG-200014555_04_2008_c1
Direct Attachment VSI Configuration
Create the Pseudo Wires between N-PE routers
MPLS Core
l 2 vfi VPLS-A manualvpn i d 56
neighbor 2. 2.2. 2 encapsul ati on mpl sneighbor 1. 1.1. 1 encapsul ati on mpl s
l 2 vfi VPLS-A manual
vpn i d 56neighbor 1. 1.1. 1 encapsulat i on mpl sneighbor 3. 3.3. 3 encapsulat i on mpl s
l 2 vfi VPLS- A manual
vpn i d 56neighbor 2. 2.2. 2 encapsulat i on mpl sneighbor 3. 3.3. 3 encapsulat i on mpl s
PE1 PE2CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1VLAN100
VLAN100
VLAN100
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44BRKAGG-200014555_04_2008_c1
Direct Attachment CE Router(VLAN Based)
Same set of commands on each PE
Configured on the CE facing interface
MPLS CorePE1 PE2
CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1VLAN100
VLAN100
VLAN100I nterf ace Gi gabit Ethernet3/0
swi t chportswi tchport mode t runkswi tchport tr unk encapsulat i on dot1qswi tchport tr unk all owed vl an 100
!I nterf ace vlan 100
no i p addressxconnect vf i VPLS-A
!vlan 100
state acti ve
This command associates the VLAN with t heVPLS instance
VLAN100 = VCID 56
7/27/2019 BRKAGG-2000
23/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct Attachment
Using a Router as a CE(VLAN Based)
Using a Switch as a CE(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire(VLAN Based)
EoMPLS Pseudo Wire(Port Based)
Sample Output
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46BRKAGG-200014555_04_2008_c1
Direct Attachment CE Switch(Port Based)
IfCE was a switch instead of a router then we can use QinQ
QinQ places all traffic (tagged/untagged) from switch into a VPLS
MPLS CorePE1 PE2
CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1All VLANs
All VLANs
All VLANsI nterf ace Gi gabit Ethernet3/0
swi t chportswi t chport mode dot1qtunnelswi tchport access vlan 100l 2protocol -t unnel stp
!I nterface vlan 100
no i p addressxconnect vf i VPLS-A
!vlan 100
state acti ve
This command associates the VLAN with t heVPLS instance
VLAN100 = VCID 56
7/27/2019 BRKAGG-2000
24/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct Attachment
Using a Router as a CE(VLAN Based)
Using a Switch as a CE(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire(VLAN Based)
EoMPLS Pseudo Wire(Port Based)
Sample Output
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48BRKAGG-200014555_04_2008_c1
H-VPLS Configuration (C7600/3750ME)
U-PEs provide services to customer edge device
CE traffic then carried in QinQ or EoMPLS PW to N-PE
PW VSI mesh configuration is same as previous examples
MPLS Core
N-PE1 N-PE2
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
CE1
CE2
U-PE1Cisco
3750ME
gi4/4 gi1/1/1fa1/0/1
U-PE2Cisco
3750ME 4.4.4.4
7/27/2019 BRKAGG-2000
25/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct Attachment
Using a Router as a CE(VLAN Based)
Using a Switch as a CE(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire(VLAN Based)
EoMPLS Pseudo Wire(Port Based)
Sample Output
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50BRKAGG-200014555_04_2008_c1
H-VPLS QinQ Tunnel (Ethernet Edge)
U-PE carries all traffic from CE using QinQ
Outer tag is VLAN100, inner tags are customers
MPLS Core
N-PE1 N-PE2
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4 gi1/1/1
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
I nterf ace Gi gabit Ethernet4/4swi t chportswi tchport mode t runkswi tchport tr unk encapsulat i on dot1qswi tchport tr unk al l owed vlan 100
!I nterface vlan 100
no ip addressxconnect vf i VPLS-A
!vlan 100
state acti ve
i nterf ace FastEthernet1/0/ 1swi t chportswi tchport access vlan 100swi t chport mode dot1q-t unnelswi tchport trunk al l ow vlan 1-1005
!i nterf ace Gi gabit Ethernet 1/1/1swi t chportswi tchport mode t runkswi tchport al l owvlan 1-1005
CE1
CE2
fa1/0/1
4.4.4.4
U-PE2Cisco
3750ME
7/27/2019 BRKAGG-2000
26/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct Attachment
Using a Router as a CE(VLAN Based)
Using a Switch as a CE(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire(VLAN Based)
EoMPLS Pseudo Wire(Port Based)
Sample Output
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52BRKAGG-200014555_04_2008_c1
H-VPLS EoMPLS PW Edge (VLAN Based)
CE interface on U-PE can be access or trunk port
xconnect per VLAN is required
MPLS Core
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
i nterf ace FastEthernet1/0/ 1swi t chportswi tchport access vlan 500
!i nterf ace vl an500xconnect 2.2. 2.2 56 encapsul ati on mpl s
!i nterf ace Gi gabit Ethernet1/1/ 1no swi t chporti p address 156.50. 20. 2 255.255.255. 252mpl s i p
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1
I nterf ace Gi gabit Ethernet4/4no swi t chporti p address 156.50. 20. 1 255.255.255. 252mpl s i p
!l 2 vfi VPLS- A manual
vpn i d 56neighbor 1. 1.1. 1 encapsul ati on mpl sneighbor 3. 3.3. 3 encapsul ati on mpl snei ghbor 4.4.4.4 encaps mpls no-spl i t
4.4.4.4
Ensures CE traffic passed on PW to/from U-PE
7/27/2019 BRKAGG-2000
27/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct Attachment
Using a Router as a CE(VLAN Based)
Using a Switch as a CE(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire(VLAN Based)
EoMPLS Pseudo Wire(Port Based)
Sample Output
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54BRKAGG-200014555_04_2008_c1
H-VPLS EoMPLS PW Edge (Port Based)
CE interface on U-PE can be access or trunk port
xconnect for entire PORT is required
MPLS Core
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
i nterf ace FastEthernet1/0/ 1no swi t chportxconnect 2.2. 2.2 56 encapsul ati on mpl s
!i nterf ace Gi gabit Ethernet1/1/ 1no swi t chporti p address 156.50. 20. 2 255.255.255. 252mpl s i p
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1
I nterf ace Gi gabit Ethernet4/4no swi t chporti p address 156.50. 20. 1 255.255.255. 252mpl s i p
!l 2 vf i PE1- VPLS-A manual
vpn i d 56neighbor 1. 1.1. 1 encapsul ati on mpl sneighbor 3. 3.3. 3 encapsul ati on mpl snei ghbor 4.4.4.4 encaps mpls no-spl i t
4.4.4.4
Ensures CE traffic passed on PW to/from U-PE
7/27/2019 BRKAGG-2000
28/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct Attachment
Using a Router as a CE(VLAN Based)
Using a Switch as a CE(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire(VLAN Based)
EoMPLS Pseudo Wire(Port Based)
Sample Output
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56BRKAGG-200014555_04_2008_c1
MPLS Core
show mpls l2 vc
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1
NPE- A#showmpl s l 2 vcLocal i nt f Local c i r cui t Des t address VC ID Sta tus- - -- - -- - -- - -- - - -- - -- - -- - -- - - -- - -- - -- - -- - - -- - - - - -- - -VFI VPLS-A VFI 1.1. 1.1 10 UPVFI VPLS-A VFI 3.3. 3.3 10 UP
4.4.4.4
7/27/2019 BRKAGG-2000
29/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57BRKAGG-200014555_04_2008_c1
MPLS Core
show mpls l2 vc detail
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1
NPE- 2#showmpl s l 2 vc detai lLocal i nterf ace: VFI VPLS-A up
Desti nati on address: 1.1. 1.1, VC I D: 10, VC status: upTunnel l abel : i mp-nul l , next hop 156.50.20. 1Output i nterf ace: POS4/ 3, i mposed l abel st ack {19}
Create ti me: 1d01h, l ast st atus change t i me: 00: 40: 16Signal i ng protocol : LDP, peer 1. 1.1. 1:0 up
MPLS VC label s: l ocal 23, remote 19
4.4.4.4Use VCLabel 19
Use VCLabel 23
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58BRKAGG-200014555_04_2008_c1
PW RedundancyConcepts
7/27/2019 BRKAGG-2000
30/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59BRKAGG-200014555_04_2008_c1
PW High Availability
Failure in the Provider core mitigated with link redundancy and FRR
PE router failure PE Diversity Attachment Circuit failure Need Pair of Attachment Ckts end-to-end
CE Router failure Redundant CEs
CE1
CE2
Site1
PE1
PE2
PE3
PE4
P1
P2
P3
P4Site2
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60BRKAGG-200014555_04_2008_c1
PW High Availability
Failure in the Provider core mitigated with link redundancy and FRR
PE router failure PE Diversity
Attachment Circuit failure Need Pair of Attachment Ckts end-to-end
CE Router failure Redundant CEs
CE1
CE2
Site1
PE1
PE2
PE3
PE4
P1
P2
P3
P4Site2
7/27/2019 BRKAGG-2000
31/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61BRKAGG-200014555_04_2008_c1
L2VPN NetworksDual Homed PWSites Without Redundancy Feature
CE1 CE2
Site1
PE3
Site2P2
PE1
PE4
P1 P3
P4
CE3
PE2
x
interface e 1/0.1encapsulation dot1q 10xconnect encapsulation mpls
Interface e1/0.1encapsulation dot1q 10xconnect encapsulation mpls
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62BRKAGG-200014555_04_2008_c1
High Availabili ty in L2VPN Networks
The TCP session between two LDP peers may go down dueto HW/SW failure (RP switchover)
If PE3 fails, traffic will be dropped
Need PW-redundancy so that pw can be re-routed to theredundant router i.e. PE4
PE1
Site1
P1 P3
Site2P4
PE3
PE4
P2
Primary
Standby
Primary
Primary
7/27/2019 BRKAGG-2000
32/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63BRKAGG-200014555_04_2008_c1
Dual Homed PW Siteswith Redundancy Feature
CE1
CE3
Site1
PE2
PE3
P2
P3
P4Site2
P1
PE1x
PE4
CE2
pe1(config)#int e 0/0.1pe1(config-subif)#encapsulation dot1q 10pe1(config-subif)#xconnect encapsulation mplspe1(config-subif-xconn)#backup peer
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64BRKAGG-200014555_04_2008_c1
PW RedundancyManual Switchover
CE1CE2
Site1
PE1
PE2
Site2P2 P4
PE3
P1 P3
PE4
CE3
interface Ethernet0/0.1encapsulation dot1Q 10xconnect 192.168.1.3 10 encapsulation mplsbackup peer 192.168.1.4 10backup delay 3 10
pe1#sh mpls l2transport vc 10Local intf Local circuit Destaddress VC ID Status------------- -------------------------- ------------------------- ----------Et0/0.1 Eth VLAN 20 192.168.1.3 10 UPEt0/0.1 Eth VLAN 20 192.168.1.4 10 DOWN
pe1#sh mpls l2transport vc 10
Local intf Local circuit Destaddress VC ID Status------------- -------------------------- ------------------------- ----------Et0/0.1 Eth VLAN 20 192.168.1.3 10 DOWNEt0/0.1 Eth VLAN 20 192.168.1.4 10 UP
pe1>xconnectbackup force-switchover peer 192.168.1.3 10Maintenance Required
7/27/2019 BRKAGG-2000
33/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65BRKAGG-200014555_04_2008_c1
PW RedundancyConfig Examples (1/2)
Example 1: MPLS xconnect with 1 redundant peer. The debounce timer is set to 3 seconds sothat we dont allow a switchover until the connection has been deemed down for 3 seconds.
interface serial0/0
xconnect 10.0.0.1 100 encapsulation mpls
backup peer 10.0.0.2 200
backup delay 3 10
pseudowire-class test
encapsulation mpls
!
connect frpw1 serial0/1 50 l2transport
xconnect 20.0.0.1 50 pw-class testbackup peer 20.0.0.2 50
backup delay 0 never
Example 2: xconnect with 1 redundant peer. In this example, once a switchover occurs, we willnot fallback to the primary until the secondary xconnect fails.
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66BRKAGG-200014555_04_2008_c1
PW RedundancyConfig Examples
Example 3: Local-switched connection between ATM and FR using Ethernet interworking.The FR circuit is backed up by a MPLS pseudowire
pseudowire-class test
encapsulation mpls
connect frpw1 serial0/1 50 l2transport
xconnect 20.0.0.1 50 pw-class test
backup peer 20.0.0.2 50
backup delay 3 10
pseudowire-class test
encapsulation mpls
interworkingethernet
connect atm-fr atm1/0 100/100 E0/0.10 100 interworkingethernet
backup peer 1.1.1.1 100 pw-class test..
r201
ce ce
f0/0.10atm4/0
atm4/0 f0/0.10
pe
1.1.1.1
Example 4: xconnect with 1 redundant peer. In this example, the switchover will not beginunless the pseudowire has been down for 3 seconds. Once a switchover occurs, we will notfallback to the primary has been re-established and UP for 10 seconds.z`
PE2-Backup
7/27/2019 BRKAGG-2000
34/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67BRKAGG-200014555_04_2008_c1
Tunnel Selection
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68BRKAGG-200014555_04_2008_c1
What If the Core Uses Traffic Engineering?Need to Use the Command preferred-path {interface | peer} Under the pseudowire-class;
The selected path must be a label switched path (LSP) destined tothe peer PE router
If you specify a tunnel (selecting interface):
The tunnel must be an MPLS traff ic engineering tunnel
The tunnel tailend must be on the remote PE router
If you specify an IP address (selecting peer):
The address must be the IP address of a loopback interface on theremote PE router, not necessarily the LDP router-id address; peer
means targeted LDP peerThe address must have a /32 mask
There must be an LSP destined to that selected address
The LSP does not have to be a TE tunnel
Have in Mind That:
7/27/2019 BRKAGG-2000
35/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69BRKAGG-200014555_04_2008_c1
Forwarding Traffic into a TE Tunnel
Static routing
Policy routing
Global table onlynot from VRF at present
Autoroute
Forwarding Adjacency
AToM Tunnel Selection
Class Based Tunnel Selection
Static, Autoroute, and Forwarding AdjacencyGet You Unequal-Cost Load-Balancing
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70BRKAGG-200014555_04_2008_c1
Coupling Layer-2 Services with MPLSTEAToM Tunnel Selection
Static mapping betweenpseudo-wire and TETunnel on PE
Implies PE-to-PE TEdeployment
TE tunnel defined aspreferred path for
pseudo-wire
Traffic will fall backto peer LSP if tunnelgoes down
ATM
PE1
PE2
IP/MPLS
ATM
CE
CETE LSP
Layer 2 Circuit
Layer 2 Circuit
PE3
pseudowire-class my-path-prefencapsulation mplspreferred-path interface tunnel 1 disable-fallback!interface fastEthernet .encapsulation dot1Q 150xconnect 172.18.255.3 1000 pw-class my-path-pref
7/27/2019 BRKAGG-2000
36/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71BRKAGG-200014555_04_2008_c1
MPLS Forwarding (AToM Traffic)
PE2 sees multiple IGP paths to reach PE1
L2VPN Packets load balanced per customer siteaccording to VC label over two label
Switched paths from PE to P
10.1.1.0/24CE1
Voice Site 2
P4
P2P1
P3
10.1.1.0/24
VideoSite 2
CE2
CE1CE2PE1
10.1.1.0/24
Site 2CE1
CE2
E2/0.1Vlan10
E2/0.2vlan20
E2/0.3Vlan30
PE2
23 17
23 37
20 38
17
37
38
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72BRKAGG-200014555_04_2008_c1
pseudowi re- cl ass my-path- pref
encapsul ati on mpl s
preferred-path i nterface tunnel 1 di sabl e-f all back
!
i nterf ace fastEthernet .
encapsulat i on dot1Q 150
xconnect 172. 18. 255. 3 1000 pw- cl ass my-path- pref
preferred path [interface tunnel tunnel-number| peer /{ip address | host name}] [disable-fallback]
L2VPN DeploymentTunnel Selection for Bandwidth Protection
This configuration will allow one to direct which pathpseudowires are to take throughout the network
The tunnel head end / tail end must be on the PEs
7/27/2019 BRKAGG-2000
37/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73BRKAGG-200014555_04_2008_c1
ATOM: Preferred Path TE Tunnels
Three TE tunnels (Tunnel 0, Tunnel 1 and Tunnel2) between PE1 and PE2
Preferred path can be used to map each vc (or multiple vcs) traffic into differentTE tunnels
192.168.0.5/32
10.1.1.0/24
PE2
CE1
Site 1 Site 2
P4
P2 P1
P3
10.1.1.0/24
Site 1Site 2
CE2
CE1CE2
PE1
10.1.1.0/24
Site 1Site 2
CE1CE2
TE Tunnel 2
TE Tunnel 1
TE Tunnel 0
30
34
35
pseudowire-class testencapsulation mpls
preferred-path interface Tunnel0!pseudowire-class test1encapsulation mplspreferred-path interface Tunnel1!pseudowire-class test2encapsulation mplspreferred-path interface Tunnel2
interface Ethernet2/0.1description green vcxconnect192.168.0.5 1 encapsulation mplspw-class test!interface Ethernet2/0.2description red vcxconnect192.168.0.5 20 encapsulation mplspw-class test1
!interface Ethernet2/0.3description dark green vcxconnect192.168.0.5 30 encapsulation mpls pw-class test2
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74BRKAGG-200014555_04_2008_c1
ATOM: Preferred Path TE Tunnels
Each vc is mapped to a different tunnel
Site 2
Site 2
CE2
CE2
Site 2CE2
10.1.1.0/24
Site 1
10.1.1.0/24
Site 1
10.1.1.0/24
Site 1
192.168.0.5/32
PE2
CE1
P4
P2 P1
P3
CE1
PE1
CE1
TE Tunnel 2
30
34
35
pe2#sh mplsl2transport vc detail | in labelOutput interface: Tu0, imposed label stack {30 16}MPLS VC labels: local 16, remote 16Tunnel label: 3, next hop point2pointOutput interface: Tu1, imposed label stack {34 37}MPLS VC labels: local 17, remote 37Tunnel label: 3, next hop point2pointOutput interface: Tu2, imposed label stack {35 38}MPLS VC labels: local 37, remote 38
7/27/2019 BRKAGG-2000
38/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75BRKAGG-200014555_04_2008_c1
Data CenterImplementation withLayer 2 VPN PWE
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76BRKAGG-200014555_04_2008_c1
Data Center Option (A) Utilizing Layer 2 VPN to Provide High Availabil ityBetween Two Data Centers and Two Service Providers
6500-DCN- SWI TCH!
i nterf ace gi gabitethernet 1/0/1 COREAchannel - group 1 mode onswi tchportswi tchport tr unk encapsulati on dot1qswi tchport mode t runk!i nterf ace gi gabitethernet 1/0/2 COREBchannel - group 1 mode onswi tchportswi tchport tr unk encapsulati on dot1qswi tchport mode t runk
PE1- COREB!
i nterf ace gigabitethernet 1/0/0no swi tchportxconnect X.X.X. PE2 70 encapsulat i on mpl s PE2-COREA
___ ___ ___ ___ ___ ___ ___ ___ ___ ___ __ ___ ___ ___ ___ ___ ___PE2- COREB!i nterf ace gigabitethernet 1/0/0no swi tchportxconnect X.X.X. PE1 70 encapsulat i on mpl s PE1-COREA
7/27/2019 BRKAGG-2000
39/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77BRKAGG-200014555_04_2008_c1
Data Center Option (B) Utilizing Layer 2 VPN to Provide Physical HighAvai labil ity Between Two Data Centers
6500-DCN-SWITCH!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk!interface gigabitethernet 1/0/4
switchport mode accessSwitchport access vlan 10
interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 2 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 2/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 2/0/2
channel-group 2 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk!interface Port-channel2switchport trunk
PE1-COREAinterface gigabitethernet 3/0no switchportxconnect X.X.X.PE2-CORE A 70encapsulat i on mpl s
PE1-COREBi nterface gi gabitethernet 3/0no switchportxconnect X.X.X.PE2-CORE B 70encapsulat i on mpl s
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 78BRKAGG-200014555_04_2008_c1
Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical HighAvai labil ity Dual Switches Betw een Two Data Centers STP Free Topology
6500-A!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1q
switchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk!i nterf ace gi gabitethernet 1/0/4swi tchport mode accessSwi tchport access vl an 10
6500-A
6500-B!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1q
switchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk!i nterf ace gi gabitethernet 1/0/4swi tchport mode accessSwi tchport access vl an 10
PE1-COREAinterface gigabitethernet 3/0
7/27/2019 BRKAGG-2000
40/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 79BRKAGG-200014555_04_2008_c1
Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical HighAvai labil ity Dual Switches Betw een Two Data Centers STP Free Topology
6500-A
!interface gigabitethernet 1/0/1channel-group 1 mode on
switchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk
!interface Port-channel1switchport trunk
!interf ace gigabit ethernet 1/0/4swi tchport mode accessSwi tchport access vlan 10
6500-A
6500-B
!interface gigabitethernet 1/0/1channel-group 1 mode on
switchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk
!interface Port-channel1switchport trunk
!interf ace gigabit ethernet 1/0/4swi tchport mode accessSwi tchport access vlan 10
PE1-COREAinterface gigabitethernet 3/0
7/27/2019 BRKAGG-2000
41/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 81BRKAGG-200014555_04_2008_c1
Virtual Switchingand Layer 2 VPNin Data Center
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 82BRKAGG-200014555_04_2008_c1
Current Network ChallengesEnterprise Campus
Access
L2/L3Distribution
L3 Core
FHRP, STP, Asymmetricrouting,
Policy Management
Extensive routingtopology, Routing
reconvergence
Single active uplink perVLAN (PVST), L2
reconvergence, increasedroute peering with L3
access
Traditional Enterprise Campus deployments have been designedin such a way that allows for scalability, differentiated services andhigh availability. However they also face many challenges, some ofwhich are listed in the below diagram
7/27/2019 BRKAGG-2000
42/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 83BRKAGG-200014555_04_2008_c1
Current Network ChallengesData Center
L2/L3 Core
L2Distribution
L2 Access
Dual-Homed Servers to single
switch, Single active uplink perVLAN (PVST), L2reconvergence
Single active uplink per VLAN(PVST), L2 reconvergence,
excessive BPDUs
FHRP, HSRP, VRRPSpanning Tree
Policy Management
Traditional Data Center designs are requiring ever increasing
Layer 2 adjacencies between Server nodes due to prevalence ofVirtualization technology. However, they are pushing the limits ofLayer 2 networks, placing more burden on loop-detection protocolssuch as Spanning Tree
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 84BRKAGG-200014555_04_2008_c1
Introduction to Virtual SwitchConceptsVirtual Switch System is a new technology break through for theCatalyst 6500 family
7/27/2019 BRKAGG-2000
43/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85BRKAGG-200014555_04_2008_c1
Virtual Switch SystemEnterprise Campus
Access
L2/L3Distribution
L3 Core
No FHRPsNo Looped topologyPolicy Management
Reduced routingneighbors, Minimal L3
reconvergence
Multiple active uplinks perVLAN, No STPconvergence
A Virtual Switch-enabled Enterprise Campus network takes
on multiple benefits including simplified management &administration, facilitating greater high availability, whilemaintaining a flexible and scalable architecture
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 86BRKAGG-200014555_04_2008_c1
Virtual Switch SystemData Center
L2/L3 Core
L2Distribution
L2 Access
Dual-Homed Servers, Singleactive uplink per VLAN (PVST),
Fast L2 convergence
Dual Active Uplinks, Fast L2convergence, minimized L2
Control Plane, Scalable
Single router node, Fast L2convergence, Scalable
architecture
A Virtual Switch-enabled Data Center allows for maximumscalability so bandwidth can be added when required, but stillproviding a larger Layer 2 hierarchical architecture free of relianceon Spanning Tree
7/27/2019 BRKAGG-2000
44/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 87BRKAGG-200014555_04_2008_c1
Virtual Switch ArchitectureVirtual Switch LinkThe Virtual Switch Link is a special link joining each physical switch
together - it extends the out of band channel allowing the activecontrol plane to manage the hardware in the second chassis
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 88BRKAGG-200014555_04_2008_c1
Virtual Switch ArchitectureVSL Initialization
Role Resolution Protocol (RRP) used to determine compatible Hardware and Soft ware versions to form the VSL as well as determinewhich switch becomes Active and Hot Standby from a control plane perspective
Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determinewhich switch becomes Active and Hot Standby from a control plane perspective
LMPLMP
LMPLMP
RRPRRPRRPRRP
Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange ChassisID and other information between the 2switches
Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange Chassis ID and other information between the 2switches
Link Bringup to determine which ports form the VSLLink Bringup to determine which ports form the VSL
Before the Virtual Switch domain can become active, the Virtual SwitchLink (VSL) must be brought online to determine Active and Standbyroles. The initialization process essentially consists of 3 steps:
1.
2.
3.
7/27/2019 BRKAGG-2000
45/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 89BRKAGG-200014555_04_2008_c1
Virtual Switch ArchitectureVSLP Ping
The VSLP Ping operates on a per-physical interface basis and parameterssuch as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified
VSL
Switch 1 Switch 2
VSLPVSLP VSLPVSLP
VSLPVSLP VSLPVSLP
vss#ping vslp output i nterf ace t enGi gabitEthernet 1/5/4
Type escape sequence to abort .Sendi ng 5, 100-byt e VSLP pi ng to peer- sup vi a output por t 1/ 5/4, ti meout i s 2 seconds:! ! ! ! !Success rat e i s 100 percent (5/ 5), round-t ri p mi n/avg/max = 12/12/16 msvss#
vss#ping vslp output i nterf ace tenGi gabitEthernet 1/5/4
Type escape sequence to abort .Sendi ng 5, 100-byt e VSLP pi ng to peer- sup via output port 1/5/ 4, t i meout i s 2 seconds:! ! ! ! !
Success rat e is 100 percent ( 5/5) , round-tr i p mi n/avg/max =12/ 12/16 msvss#
A new Ping mechanism has been implemented in VSS mode to allow the
user to objectively verify the health of the VSL itself. This is implemented asa VSLP Ping
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 90BRKAGG-200014555_04_2008_c1
VSS EtherChannelConceptsOverview, Protocols, LoadBalancing, Enhancements with VSL
7/27/2019 BRKAGG-2000
46/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 91BRKAGG-200014555_04_2008_c1
EtherChannel ConceptsMultichassis EtherChannel (MEC)
Regular EtherChannel on single chassis Multichassis EtherChannel across 2 VSL-enabled Chassis
Virtual Switch Virtual Switch
LACP, PAGP or ON EtherChannelmodes are supported
LACP, PAGP or ON EtherChannelmodes are supported
Prior to Virtual Switch, Etherchannels were restricted to reside within the
same physical switch. In a Virtual Switch environment, the 2 physicalswitches form a single logical network entity - therefore Etherchannelscan now also be extended across the 2 physical chassis
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 92BRKAGG-200014555_04_2008_c1
EtherChannel ConceptsEtherChannel Hash for MEC
Link A1 Link B2
Blue Traffic destined for theServer will result in LinkA1 in theMEC link bundle being chosen as
the destination path
Orange Traffic destined for theServer will result in Link B2 in t heMEC link bundle being chosen as
the destination path
Server
MEC
Deciding on which link of a Multi-chassis EtherChannel to use in aVirtual Switch is skewed in favor towards local links in the bundle -this is done to avoid overloading the Virtual Switch Link (VSL) withunnecessary traffic loads
7/27/2019 BRKAGG-2000
47/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 93BRKAGG-200014555_04_2008_c1
Hardware RequirementsVSL Hardware RequirementsThe Virtual Switch Link requires special hardware as noted below
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 94BRKAGG-200014555_04_2008_c1
Hardware RequirementsOther Hardware Considerations
7/27/2019 BRKAGG-2000
48/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 95BRKAGG-200014555_04_2008_c1
High AvailabilityLink Failure, Redundancy Schemes,Dual-Active Detection, GOLD
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 96BRKAGG-200014555_04_2008_c1
High Availabili tyRedundancy Schemes
Should a mismatch of information occur between the Active and Standby
Chassis, the Standby Chassis will revert to RPR mode, where only configurationis synchronized, but PFC, Switch Fabric and modules will not be brought up
VSL
Switch 112.2(33)SXH1
Active
Switch 212.2(33)SXH1
NSF/SSO
VSL
Switch 112.2(33)SXH1
Active
Switch 212.2(33)SXH2
RPR
The default redundancy mechanism between the 2 VSS chassis andtheir associated supervisors is NSF/SSO, allowing state information andconfiguration to be synchronized. Additionally, only in NSF/SSO mode doesthe Standby supervisor PFC, Switch Fabric, modules and their associatedDFCs become active
7/27/2019 BRKAGG-2000
49/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 97BRKAGG-200014555_04_2008_c1
High Availabili tySSO-Aware Protocols
Virtual SwitchSwitch 1 Switch 2
DHCP SnoopingBinding Table
DHCP SnoopingBinding Table
IP AddIP Add MAC AddMAC Add
10.10.10.1010.10.10.10 00:50:56:01:e1:0200:50:56:01:e1:02
172.26.18.2172.26.18.2 00:02:b3:3f:3b:9900:02:b3:3f:3b:99
172.26.19.34172.26.19.34 00:16:a1:c2:ee:3200:16:a1:c2:ee:32
10.10.10.4310.10.10.43 00:16:cb:03:d3:4400:16:cb:03:d3:44
VLANVLAN
1010
1818
1919
1010
InterfaceInterface
Po10Po10
Po10Po10
Po20Po20
Po20Po20
As of Whitney 1, there are over 90 protocols that are SSO-aware. Theseinclude information such as ARP, DHCP Snooping, IP Source Guard, NACPosture database, etc In a VSS environment, failure of either VS will notrequire this information to be re-populated again
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 98BRKAGG-200014555_04_2008_c1
High Availabili tyDual-Active Detection
Virtual Switch Domain
VS State :ActiveControl Plane:ActiveData Plane:Active
VS State : StandbyControl Plane: Standby
Data Plane:Active
VSL
Switch 1 Supervisor Switch 2 Supervisor
It is always recommended to deploy the VSL with 2 or more links and distribute thoseinterfaces across multiple modules to ensure the greatest redundancy
It is always recommended to deploy the VSL with 2 or more links and distribute thoseinterfaces across multiple modules to ensure the greatest redundancy
In a Virtual Switch Domain, one switch is elected as Active and the other iselected as Standby during bootup by VSLP. Since the VSL is always configuredas a Port Channel, the possibility of the entire VSL bundle going down is remote,however it is a possibility
7/27/2019 BRKAGG-2000
50/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 99BRKAGG-200014555_04_2008_c1
1. Enhanced Port Aggregation Protocol (PAgP)
2. Dual-Active Detection over IP-BFD
High Availabili tyDual-Active Detection
2 mechanisms have been implemented in the initial release to detect and recover froma Dual Active scenario:
Virtual Switch Domain
VS State :ActiveControl Plane:ActiveData Plane:Active
VS State :ActiveControl Plane:Active
Data Plane:Active
VSL
Switch 1 Supervisor Switch 2 Supervisor
If the entire VSL bundle should happen to go down, the Virtual Switch Domain willenter a Dual Active scenario where both switches transition to Active state and sharethe same network configuration (IP addresses, MAC address, Router IDs, etc)potentially causing communication problems through the network
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 100BRKAGG-200014555_04_2008_c1
High Availabili tyDual-Active DetectionMechanisms1. Enhanced Port Aggregation Protocol (PAgP)
2. Dual-Active Detection over IP-BFD
7/27/2019 BRKAGG-2000
51/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 101BRKAGG-200014555_04_2008_c1
High Availabili tyDual-Active DetectionExclude Interfaces
vs-vsl#conf tEnter conf i gurat i on commands, one per l i ne. End wi th CNTL/Z.vs-vsl (confi g)#swi tch vi rt ual domai n 100vs-vsl (confi g-vs-domain) #dual- acti ve excl ude i nterf ace Gi g 1/5/1vs-vsl (confi g-vs-domain) #dual- acti ve excl ude i nterf ace Gi g 2/5/1vs-vsl (confi g-vs-domain) # Zvs-vs l#
vs-vs l#c onf tEnt er confi gurat i on commands, one per l i ne. End wi t h CNTL/ Z.vs-vsl (confi g)#swi tch vi rt ual domain 100vs-vsl (confi g-vs-domain) #dual- acti ve exclude i nterface Gi g 1/ 5/1vs-vsl (confi g-vs-domain) #dual- acti ve exclude i nterface Gi g 2/ 5/1vs-vsl (confi g-vs-domain) # Zvs-vs l#
Upon detection of a Dual Active scenario, all interfaces on the previous-Active switch will be brought down so as not to disrupt the functioning ofthe remainder of the network. The exception interfaces include VSLmembers as well as pre-determined interfaces which may be used formanagement purposes
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 102BRKAGG-200014555_04_2008_c1
High Availabili tyDual-Active Recovery
After role has been resolved and SSO Hot Standby mode is possible, interfaceswill be brought up and traffic will resume back to 100% capacity
VSL Up! ReloadVSL Up! Reload
Switch 1 Switch 2
Switch 1 Switch 2
VSLPVSLP VSLPVSLP
Upon the restoration of one or more VSL interfaces, VSLP will detect thisand will proceed to reload Switch 1 so that it may be able to re-negotiateActive/Standby role after bootup
7/27/2019 BRKAGG-2000
52/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 103BRKAGG-200014555_04_2008_c1
High Availabili tyGeneric OnLine Diagnostics (GOLD)
There are 4 new tests that are available in VSS mode:
1. TestVSLLocalLoopback
2. TestVSLBridgeLink3. TestVSLStatus
4. TestVSActiveToStandbyLoopback
VS State :ActiveLocal GOLD:Active
VS State : StandbyLocal GOLD:Active
VSLSwitch 1 Switch 2
Distributed GOLD Manager
Some enhancements to the GOLD framework have been implemented in aVSS environment, which leverages a Distributed GOLD environment. Inthis case, each supervisor runs an instance of GOLD, but is centrallymanaged by the Active Supervisor in the Active chassis
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 104BRKAGG-200014555_04_2008_c1
Virtual Switch SystemDeployment ConsiderationsVirtual Switch will incorporate some deployment considerations as best practice
7/27/2019 BRKAGG-2000
53/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 105BRKAGG-200014555_04_2008_c1
Virtual Switch SystemBenefits
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 106BRKAGG-200014555_04_2008_c1
Virtual Switch SystemSummary
7/27/2019 BRKAGG-2000
54/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 107BRKAGG-200014555_04_2008_c1
Data Center Option (E) Utilizing Layer 2VPN and Virtual Switching New Features
PE1-COREAinterface gigabitethernet 3/0
7/27/2019 BRKAGG-2000
55/56
2006, Cisco Systems, Inc. All rights reserved.esentation_ID.scr
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 109BRKAGG-200014555_04_2008_c1
Recommended Reading
Continue your Cisco Livelearning experience with furtherreading from Cisco Press
Check the RecommendedReading flyer for suggestedbooks
Layer 2 VPN Architectures
ISBN: 1-58705-168-0
Available Onsite at the Cisco Company Store
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 110BRKAGG-200014555_04_2008_c1
Complete Your OnlineSession Evaluation
Give us your feedback and you could winfabulous prizes. Winners announced daily.
Receive 20 Passport points for each sessionevaluation you complete.
Complete your session evaluation online now(open a browser through our wireless networkto access our portal) or visit one of the Internetstations throughout the Convention Center.
Dont forget to activateyourCisco Live virtualaccount for access toall session materialon-demand and returnfor our live virtual eventin October 2008.
Go to the CollaborationZone in World ofSolutions or visitwww.cisco-live.com.
7/27/2019 BRKAGG-2000
56/56
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 111BRKAGG-200014555_04_2008_c1