Metro Ethernet by Cisco

1© 2003 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID

Metro Ethernet Technology & Deployment Deep Dive

Muhammad DurraniCCIE # 12521

Technical Leader , Cisco Systems Inc.

222Presentation_ID

Agenda

• Layer 2 VPN - Introduction• PEW3 Signaling - Concepts• VPLS – Architecture and Standards• VPLS - Forwarding• Scale• Config Examples• Limitations• Future Roadmap• Q&A

* source: IDC

333Presentation_ID

Layer 2 VPN – Introduction

333© 2004 Cisco Systems, Inc. All rights reserved.

444Presentation_ID

VPNTypes, Layers and Implementations

VPN Type Layer ImplementationLeased Line 1 TDM/SDH/SONET

Frame Relay switching

2 DLCI

ATM switching 2 VC/VP

Ethernet/ATM/FR 2 VPWS/VPLS

GRE/UTI/L2TPv3 3 IP Tunnel

IP 3 MP-BGP/RFC2547

IP 3 IPSec

555Presentation_ID

VPN Deployments Today Technology & VPN Diversity

Access

IP/ IPsec

FR/ATMBroadband

Ethernet

Access

IP/ IPsec

FR/ATMBroadband

Ethernet

Only Partial IntegrationDifferent Core Solutions

Different Access Technologies

ATMATM

MPLS or IPMPLS or IP

SONETSONET

Multiple Access Services Require Multiple Core Technologies = $$$ High Costs / Complex Management

666Presentation_ID

Consolidated Core supports …

Access

IP/ IPsec

FR/ATMBroadband

Ethernet

Access

IP/ IPsec

FR/ATMBroadband

Ethernet

Different Access TechnologiesComplete Integration

MPLS or IPMPLS or IP

777Presentation_ID

Why is L2VPN needed?

• Allows SP to have a single infrastructure for both IP and legacy services

• Migration• Provisioning is incremental• Network Consolidation• Capital and Operational savings

• Customer can have their own routing, qos policies, security mechanisms, etc

• Layer 3 (IPv4, IPX, OSPF, BGP, etc …) on CE routers is transparent to MPLS core

• CE1 router sees CE2 router as next-hop• No routing involved with MPLS core

• Open architecture and vendor interoperability

888Presentation_ID

Layer 3 and Layer 2 VPN Characteristics

LAYER 3 VPNs1. Packet based forwarding

e.g. IP2. SP is involved (routing)3. IP specific4. Example: RFC 2547bis VPNs

(L3 MPLS-VPN)

LAYER 2 VPNs1. Frame Based forwarding e.g.

DLCI,VLAN, VPI/VCI2. No SP involvement (Routing)3. Multiprotocol support4. Example: FR—ATM—Ethernet

The Choice of L2VPN over L3VPN Will Depend on How Much Control the Enterprise Wants to Retain. L2 VPN Services Are Complementary to L3 VPN Services

999Presentation_ID

L2VPN Models

L2-VPN ModelsL2-VPN Models

IP Core (L2TPv3)IP Core (L2TPv3)MPLS Core (LDP)MPLS Core (LDP)

P2MP/MP2MPP2MP/MP2MP

PPP/HDLCPPP/HDLC

FRFR ATM AAL5/Cell

ATM AAL5/Cell

EthernetEthernet

Like-to-like -or-Any-to-Any. P2PLike-to-like -or-

Any-to-Any. P2P

VPWSVPWS VPLSVPLS

EthernetEthernet

FRFR ATM AAL5/Cell

ATM AAL5/Cell

EthernetEthernet

Like-to-like -or-Any-to-Any. P2PLike-to-like -or-

Any-to-Any. P2P

VPWSVPWS

PPP/HDLCPPP/HDLCTDMTDM

Pseudo Wire Reference Model

101010Presentation_ID

VegasSJC

AC3

Emulated Service

AC4

MPLS or IP coreAC1 AC2

Pseudo Wires

Customer Site

Customer Site

Customer Site

Customer Site

A pseudo-wire(PW) is a connection between two provider edge (PE) devices which connects two attachment circuits(ACs).


L2VPN – Label Stacking

Length Sequence NumberRsvd Flags

EXP TTL 1VC Label (VC)

EXP TTL0Tunnel Label (LDP/RSVP)

Layer 2 PDU

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

0 0

VC Label

Tunnel Label

Control Word

• Three Layers of Encapsulation• Tunnel Label – Determines path through network• VC Label – Identifies VC at endpoint • Control Word – Contains attributes of L2 payload (optional)

Encap. RequiredCR

EthFRHDLC

PPP

AAL5NoYes

Control Word

No

No

No

Yes


Generic Control Word:VC Information Fields

Control Word

Rsvd

bits 4

Length

8

Sequence Number

16

Flags

4

• Use of control word is optional

• Flags - Carries “flag” bits depending on encapsulation

(FR; FECN, BECN, C/R, DE, ATM; CLP, EFCI, C/R, etc)

• Length - Required for padding small frames when < interface MTU

• Sequence number – Used to detect out of order delivery of frames


PWE3 Signaling – Concepts



Building Blocks for MPLS Based L2VPNs – Control Plane

1. Provision – Config VPN2. Auto-discovery – Advertise loopback & vpn members3. Signaling – Setup pseudowire4. Data Plane – Packet forwarding

CE2

MPLS

2. ControlPlane

3. ControlPlane

CE1

2. ControlPlane

3. ControlPlane

1. VPN101Config

4. Data Plane

1. VPN101Config

4. Data Plane

2. Auto-discovery (BGP)

3. Signaling (LDP)

PE2

Primary

PE1

Primary


L2VPN – Pseudo-Wire Label Binding

PE1P1 P3

P4

PrimaryPrimary

PE2

P2

Site1CE1

Site2CE2

1. Provision AC & PW

2. PE1 binds VCID to VC Label

VC Label TLVVC FEC TLV

Label Mapping Msg

3. PE2 matches its VCID to one received

4. PE2 repeats same steps

Uni-directional PW LSP Established


L2VPN Transports Service:Reference Model

CE-1CE-1

PE1PE1 PE2PE2

CE-2CE-2

Pair of Uni-directionalPW LSPs

Pair of Uni-directionalPW LSPs

End-to-end L2VPN VCsEnd-to-end L2VPN VCs

Pseudo Wire Emulated ServicePseudo Wire Emulated Service

Bi-directionalEthernet

ATMFR

PPPHDLC


ATMFR

PPPHDLC

Tunnel LSPTunnel LSP


ATMFR

PPPHDLC


ATMFR

PPPHDLC

• Pseudowire transport (across PEs) applications

• Local switching (within a PE) applications


VPLS – Architecture and Standards



VPLS & VPWS Standards

• Virtual Private LAN Service (VPLS) is an IETF working group that describes multipoint Ethernet connectivity across an MPLS network

Emulates an Ethernet bridge

Several drafts in existence

VPLS: draft-ietf-l2vpn-vpls-ldp-00.txt (various + Cisco®)

VPLS: draft-ietf-l2vpn-vpls-bgp-00-txt (Juniper)

VPLS: Logical PE – no traction ( Nortel )

VPWS: draft-kompella-ppvpn-l2vpn ( Juniper )

VPWS: Draft-Martini-ppvpn-l2vpn ( Cisco )


VPLS Standards

IETF PWE3 WGPseudo Wire Emulation Edge to Edge

Focused on Point-to-Point “circuit” emulation for L2 transport over packet networks

PSN tunnel -> GRE, MPLS, L2TPService -> Ethernet, ATM, PPP, FR, HDLC and so forth

IETF L2VPN WGVirtual Private LAN Services (VPLS)

Emulate a big-fat virtual Layer-2 SwitchAlso builds on L2 pseudowiresMultipoint to multipointSource Address learning, MAC-based forwarding

Virtual Private Wire-Services (VPWS)Collection of L2 circuits or pseudowiresPoint to point service


VPLS Architectures

• VPLS defines two Architectures Non-Hierarchical (Single PE)

customer connected directly to PE

Hierarchical (Distributed PE)

802.1ad (aka QinQ) Access

MPLS Access

• Each Architecture has different scaling characteristics


What’s VPLS (Virtual Private LAN Services) ?

PE

MPLS

PE

• End-to-end architecture that allows IP/MPLS networks to provide multipoint Ethernet services

• Virtual – multiple instances of this services share the same SP physical infrastructure

• Private – each instance of the service is independent and isolated from one another

• LAN service – provides a multipoint connectivity among the participant endpoints across a MAN/WAN that looks like a LAN

CE CE

VC (virtual circuit)

PE

CE


VPLS Components (1)

• CE—Customer Edge Device; used to connect to the SP’s network• n-PE—Network facing-Provider Edge; acts as a gateway between the MPLS core and edge domain• VSI/VFI—Virtual Switching/Forwarding Instance; describes an Ethernet bridge function within the

n-PE; the VSI/VFI terminates the Pseudowire• PW—Pseudowire; a PW connects two VSI’s; Consists of a pair of MPLS uni-directional VC’s• AC—Attachment Circuit; a customer connection to the service provider; may be a physical port or

Ethernet VLAN• Tunnel LSP—Tunnel Label Switch Path is used to tunnel PW’s between VSI’s

Tunnel LSP Tunnel LSP

Tunnel LSP PW

IP/MPLS

PW

PW

n-PE

Attachment Circuit

CE CEn-PE n-PE

Attachment Circuit

Red VSI Red VSI

CE

Red VSILegend

VPLS Customer Perspective


• Multipoint-to-Multipoint Configuration• Forwarding of Frames based on Learned MAC addresses• Uses a Virtual Forwarding Instances (VFI, like VLAN) for customer

separation

CE1 CE3

All CEs appear connected on a common virtual switch

CE4CE2

Multipoint Bridging Requirements


VPLS simulate a virtual LAN service, it MUST operate like a traditional L2 LAN switch as well

• Flooding/Forwarding– Forwarding based on [VLAN, Destination MAC Address]

– Unknwon Ucast/Mcast/Broadcast – Flood to all ports (IGMP snooping can be used to constrict multicast flooding)

• MAC Learning/Aging/Withdrawal– Dynamic learning based on Source MAC and VLAN

– Refresh aging timers with incoming packet

– MAC withdrawal upon topology changes

• Loop Prevention– Split Horizon to avoid loop

– Spanning Tree (possible but not desirable)


Bridge-domain concept

• Bridge-domain refers to a Layer 2 broadcast domain consisting of a set of physical and/or virtual ports and VFIs/pseudo-wires.

• Data frames are switched within a bridge domain based on their destination mac address.

• Unknown Unicast, Multicast, Broadcast frames flooded within BD.

• Source Mac learning performed.


Bridge Domain Capabilities

VPLS Emulates the Operation of an Ethernet Switch• Flooding/forwarding:

MAC table instances per VPLS instance at each PEVFI will participate in learning, forwarding processACs to PWs (similar to AToM)ACs to ACs (local switching)

• Address learning/aging:MAC timers refreshed with incoming frames

• Loop prevention:Create full-mesh of EoMPLS VCs per VPLS – VC type 5Use “split horizon” concepts to prevent loops


VPLS—Flooding and Forwarding

U-PE B

CustomerEquipment

CE

CE

CE

Ethernet UNI Ethernet UNI

N-PE 3

N-PE 4N-PE 2

N-PE 1

PW

U-PE B

CustomerEquipment

CE

CE

CE


N-PE 3

N-PE 4N-PE 2

N-PE 1

PW

• Flooding (Broadcast, Multicast, Unknown Unicast)

• Dynamic learning of MAC addresses on PHY and VCs

• ForwardingPhysical Port

Virtual Circuit


VPLS: Configuration Example PE PE

Create a L2 VFI with a full mesh of participating VPLS PE nodes

l2vpn

bridge-group 1

bridge-domain PE2-VPLS-A

interface g0/0

vfi 1

neighbor 1.1.1.1 pw-id 1


!

Interface loopback 0

ip address 2.2.2.2 255.255.255.255

l2vpn

bridge-group 1


interface g0/0 ---AC

vfi 1

neighbor 2.2.2.2 pw-id 1 ---PW1

neighbor 3.3.3.3 pw-id 1 ---PW2

!


ip address 1.1.1.1 255.255.255.255

l2vpn

bridge-group 1


interface g0/0

vfi 1



!


ip address 3.3.3.3 255.255.255.255

PE-1

MPLS

Network

PE-2

PE-3

2.2.2.2 / 32

3.3.3.3 / 32

1.1.1.1 / 32


VPLS: Configuration Example PE CE

interface GigabitEthernet0/0

l2transport ---AC interface

no ip address

no ip directed-broadcast

negotiation auto

no cdp enable

end

PE-1MPLS

Network

PE-2

PE-3

G0/0

G0/0G0/0CE1 CE2

CE3


l2transport

no ip address


negotiation auto

no cdp enable

end


l2transport

no ip address


negotiation auto

no cdp enable


VPLS – Forwarding



VPLS Forwarding/MAC Learning Example

CE-2CE-1

N-PE ALo0 6.6.6.6/32

N-PE BLo0 1.1.1.1/32

N-PE CLo0 7.7.7.7/32


VPLS Forwarding/MAC LearningFollowing Are the Steps Involved during MACLearning and Forwarding of a VPLS Instance

Step 1: CE-1 Sends Unicast Frames to CE-2

To VC label 19

To VC label 23

VFI“VPLS_2000”

VFI“VPLS_2000”

VFI“VPLS_2000”

VLAN2000

Gig2/1

Gig3/1

VLAN 2000.1Q

Trunk

VLAN 2000.1Q

Trunk

VLAN2000

VLAN2000

To VC label 20

To VC label 23

VClabel

23

VClabel

19

VClabel

23

VClabel

20

VClabel

24

To VC label 24

To VC label 24VC

label24

VLAN 2000.1Q

Trunk

CE-2

CE-1

N-PE ALo0 6.6.6.6/32

N-PE BLo0 1.1.1.1/32

N-PE CLo0 7.7.7.7/32

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

dmacsmac

M1 M2

11


VPLS Forwarding/MAC LearningStep 2: N-PE A “Learns” CE-1 MAC AddressStep 3: Since M2 Is Unknown, N-PE A

“Replicates” the Frame to All the PWs

To VC label 19

To VC label 23

VFI“VPLS_2000”

VFI“VPLS_2000”

VFI“VPLS_2000”

VLAN2000

Gig2/1

Gig3/1

VLAN 2000.1Q

Trunk

VLAN 2000.1Q

Trunk

VLAN2000

VLAN2000

To VC label 20

To VC label 23

VClabel

23

VClabel

19

VClabel

23

VClabel

20

VClabel

24

To VC label 24

To VC label 24VC

label24

VLAN 2000.1Q

Trunk

CE-2

N-PE ALo0 6.6.6.6/32

N-PE BLo0 1.1.1.1/32

N-PE CLo0 7.7.7.7/32

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

M1 M233

M1 M233

M1 Gig2/122dmacsmac

dmacsmacCE-1


VPLS Forwarding/MAC LearningStep 4: Both N-PE B and N-PE C “Learn” CE-1

MAC Address (Note MAC Is Associated to the Remote VC Label)

Step 5: Since M2 Is Unknown, N-PE B/C “Flood” the Frame to All the Local Ports (and Not the PW)

To VC label 19

To VC label 23

VFI“VPLS_2000”

VFI“VPLS_2000”

VFI“VPLS_2000”

VLAN2000

Gig2/1

Gig3/1

VLAN 2000.1Q

Trunk

VLAN 2000.1Q

Trunk

VLAN2000

VLAN2000

To VC label 20

To VC label 23

VClabel

23

VClabel

19

VClabel

23

VClabel

20

VClabel

24

To VC label 24

To VC label 24VC

label24

VLAN 2000.1Q

Trunk

CE-2

CE-1

N-PE ALo0 6.6.6.6/32

N-PE BLo0 1.1.1.1/32

N-PE CLo0 7.7.7.7/32

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

M1 M255

M1 M255

M1 Gig2/1

M1

M1

44

44

dmacsmac

dmacsmac

6.6.6.6 (23)

6.6.6.6 (24)


VPLS Forwarding/MAC Learning

Step 6: CE-2 Replies back to CE-1Step 7: N-PE B “Learns” CE-2 MAC

Address

To VC label 19

To VC label 23

VFI“VPLS_2000”

VFI“VPLS_2000”

VFI“VPLS_2000”

VLAN2000

Gig2/1

Gig3/1

VLAN 2000.1Q

Trunk

VLAN 2000.1Q

Trunk

VLAN2000

VLAN2000

To VC label 20

To VC label 23

VClabel

23

VClabel

19

VClabel

23

VClabel

20

VClabel

24

To VC label 24

To VC label 24VC

label24

VLAN 2000.1Q

Trunk

CE-2

CE-1

N-PE ALo0 6.6.6.6/32

N-PE BLo0 1.1.1.1/32

N-PE CLo0 7.7.7.7/32

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

M1 Gig2/1

M1

M177

dmac smac

M2 Gig3/16.6.6.6 (23)

6.6.6.6 (24)

M1 M2 66


VPLS Forwarding/MAC LearningStep 8: N-PE B Inspects CAM and Forwards

Frame towards N-PE A (with Remote Label 23—Frame Not Sent to N-PE C)

Step 9: N-PE A “Learns” CE-2 MAC AddressStep 10: N-PE A Forwards Frame to CE-1

Step 11: N-PE C “Ages out” CAM Entry for CE-1

M1 M2

1010

dmac smac

To VC label 19

To VC label 23

VFI“VPLS_2000”

VFI“VPLS_2000”

VFI“VPLS_2000”

VLAN2000

Gig2/1

Gig3/1

VLAN 2000.1Q

Trunk

VLAN 2000.1Q

Trunk

VLAN2000

VLAN2000

To VC label 20

To VC label 23

VClabel

23

VClabel

19

VClabel

23

VClabel

20

VClabel

24

To VC label 24

To VC label 24VC

label24

VLAN 2000.1Q

Trunk

CE-2

CE-1

N-PE ALo0 6.6.6.6/32

N-PE BLo0 1.1.1.1/32

N-PE CLo0 7.7.7.7/32

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

VLAN 2000 CAM Table

MACPort/

Neighbor(Remote VC

label)

M1 Gig2/1

M1M2 Gig3/1

6.6.6.6 (23)

88

M1 M2dmac smac

M2 1.1.1.1 (19)99

1111


VPLS–Loop Free L2VPN

192.168.11.12/24

192.168.11.2/24

192.168.11.1/24

Broadcast Frame

PE-2

PE-3

PE-1

• Full Mesh of PW to guarantee frame delivery-No STP protocols in the Core

• Split-Horizon Forwarding-Packets coming on AC/PW area not sent back on the same AC/PW-Packets received on PW will not be replicated on other PWs in the same VFI


Packet format in VPLS path

DA SA VLAN DATAPR

I

L2 HDR MPLS HDRs DA SA DATA

PE –POP(PE-rs)CLE

CE

PE –POP(PE-rs)

DA SA VLAN DATA

dot1Q MPLS dot1QData Plane:


H-VPLS

393939© 2003, Cisco Systems, Inc. All rights reserved.Presentation_ID


Why H-VPLS?

VPLS H-VPLS

• Minimizes signaling overhead

• Full PW mesh among Core devices only

• Packet replication done in the Core only

• Partitions Node Discovery process

• Potential signaling overhead

• Full PW mesh from the Edge

• Packet replication done at the Edge

• Node Discovery and Provisioning extends end-to-end


IETF’s Way to Build a L2 Core:VPLS—Virtual Private LAN Services (L2VPN WG)

CustomerEquipment

CE

CE

CE


N-PE 3

N-PE 4N-PE 2

N-PE 1

PWVPLS“ w/o Hierarchy

CE

CE

CE

N-PE 3

N-PE 4N-PE 2

N-PE 1

PW

U-PE A

U-PE B

U-PE C

CE

CE

CE

N-PE 3

N-PE 4N-PE 2

N-PE 1

PW

U-PE A

U-PE B

U-PE C

802.1ad 802.1ad

Layer 2 - 802.1adProvider BridgesAccess Network

Layer 3 MPLSAccess Network

PW

PW –AttachmentCircuit

“H-VPLS“ w/ EthernetAccess

-“H-VPLS“ w/ MPLS to the Edge

- Core vs Access PW- uPE connects nPE via Acess PW-Acess PW connects to BD directly-Packet from Access PW replicates to AC and Core PW in same BD domain

Flat VPLS – Ethernet access without QinQ


Ethernet.1Q or access

Ethernet.1Q or access

• Full Mesh – Pseudowires• LDP Signaling

Flat

• Full mesh of directed LDP sessions required between participating PEs• N*(N-1)/2 ; N = number of PE nodes• Limited scalability• Potential signaling and packet replication overhead• Suitable for smaller networks, simple provisioning• Customer VLAN tag is used as VPLS VFI service delimiter


H-VPLS with Ethernet Access QinQ

.1Q Q-in-Q .1QQ-in-Q• Full Mesh – Pseudowires• LDP Signaling

• Best for larger scale deployment• Reduction in packet replication and signaling overhead • Full mesh for Core tier (Hub) only• Expansion affects new nodes only (no re-configuring existing PEs)• QinQ frame in Ethernet access network. S-tag is used as VPLS VFI

service delimiter. Customer tag is invisible.


H-VPLS with MPLS Access

MPLS MPLS• Full Mesh – Pseudowires• LDP

IP / MPLS IP / MPLS

.1Q .1Q

H-VPLS with MPLS Access Split-Horizon Rule


N-PE3 N-PE4N-PE1U-PE3

MPLS MPLS

VFIVFIMPLS

VFI U-PE4

Split-horizon rule

Between no-split-horizon VCs forwardingBetween no-split-horizon VCs and split-horizon VCs forwardingBetween split-horizon VCs blockingBetween ACs and VCs forwardingBetween ACs forwarding

H-VPLS/VPLS Topology Comparison


Flat VPLS – Ethernet access without QinQ

H-VPLS – Ethernet access with QinQ

H-VPLS - MPLS access

Pros •Ethernet network benefit – simple, high bandwidth, cheap, efficient local switching and broadcast/multicast distribution

•Same Ethernet network benefit as flat VPLS

•Hierarchical support via QinQ at access

•Scalable customer VLANs

•Fast L3 IGP convergence

•MPLS TE and FRR (50msec convergence time)

•Advanced MPLS QoS

•Hierarchical support via spoke PW at access

• Spoke PE can have QinQattachment circuit for additional level of hierarchy

Cons •Not hierarchical, not scalable

•Customer VLAN can’t over lap (with exception of VLAN translation).

•High STP re-convergence time

•High STP re-convergence time (potentially improved by different L2 protocols)

•More complicated provisioning

•Requires MPLS to u-PE, potentially more expensive u-PE device


Flexible Design with H-VPLS (1)Node Redundancy

NYC

DC

MPLS VPLS VFI

• Site-to-site L2 circuit. One side have redundant PEs, the other side has single PE• Single PE side use H-VPLS configuration to have two active PWs going to redundant PEs. MAC learning and forwarding are involved• Redundant PE side use EoMPLS configuration, no MAC learning

PE CPEPECPE


Flexible Design with H-VPLS (2)VPLS-on-a-stick Design

• Use H-VPLS for spoke-and-hub topology, point-to-multipoint design

Remote site 1

DC

MPLS VPLS VFI

Remote site 2

Remote Site N

PE CPEPECPE


VPLS Auto Discovery

Two ways to establish VPLS PWs or instances:• LDP based signaling using FEC 128

–PWs need to be configured manually at each PE

• BGP based auto-discovery–Manual provisioning of VPLS neighbors not needed at each PE–LDP FEC 129 signaling required, VPN ID signaled in BGP NLRI–Uses Route Target based filtering

50© 2003 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID

MetroEthernet/L2VPNCase Studies


Agenda

L2VPN architectures

• VPLS for broadcast/multicast distribution

• Ethernet over MPLS for inter-regional ERS connectivity

• L2VPN for Cable Provider

• Inter-AS Pseudowire Stitching

Source: Placeholder for Notes is 14 points


VPLS for MCAST/BCAST distribution

Needs

Customer3

Customer1

Customer4

DistributionServer

Customer2• Application requires the

use of Broadcast (legacy) and Multicast to deliver information to customers

• Shared platform delivering MPLS VPN.

• Recovery must be rapid and reliable.


VPLS for MCAST/BCAST distribution

Solution

Customer3

MPLSCustomer1

Customer4

DistributionServer

Customer2

VPLS VFI

• Replace IP helper commands with VPLS VFI for broadcast and multicast traffic

• Tune the recovery using OSPF knobs to decrease to below original Spanning Tree timers.

• Provide internal and extranet VPN services on the same platform.


Agenda

L2VPN architectures







Metro/DSL aggregation (Continued)

1GbRing

10GbRegional Ring

L3 CoreNetwork

Long Haul IP Backbone

RegionalDistribution

Network

AccessNetwork

1GbRing

1GbRing


Network

10GbRegional Ring

Network Services

DSL Access (Voice/Video/Data-triple play services)

Ethernet direct fiber access

Layer 2 and Layer 3 VPN offering

Metro/DSL aggregation


1GbRing

10GbRegional Ring

L3 CoreNetwork

MPLSCore


Network

AccessNetwork

1GbRing

1GbRing


Network

10GbRegional Ring

Inter-Region EoMPLS

Q-in-Q accessL2 switched

Implemented for Direct Ethernet AccessL2VPN using layer 2 switching within region

Inter-regional connectivity via EoMPLS p2p connections

Layer 2/3 access on same port

QinQ access for E-LAN services

Metro/DSL aggregation



Network


Network

AccessNetwork

L3 CoreNetwork

10GbRegional Ring


10GbRegional Ring

DSL ServicesVideo using routed p2p SVI on a common VLAN per DSLAMSub-second convergence achieved through adjusting rpf and backoff timers.Data services bridge back to BRAS using l2 switching on ringMST instance defined for DSLAM VLANs


Agenda

L2VPN architectures





Cable Network


• Residential servicesInternetVOIP

• Business ServicesLayer 2 E-Line, E-LAN, and bridged cable modemInternetVOIP

1GbRing

10GbRegional Ring

NationalBackbone



NetworkAccessNetwork


Agenda

L2VPN architectures







Customer Requirements

• L2VPN service needs to span two regional provider backbones

• Provisioning in a scalable and direct manner

• Should be able to support multipoint and point to point L2VPN provisioning.


The Solution Multi-segment Pseudowire (switching) with Interworking

Stitch intra-AS and inter-AS PWs

l2 vfi PW-SWITCH-POINT point-to-pointneighbor 172.17.255.1 100 encapsulation mplsneighbor 172.16.255.1 200 encapsulation mpls

IP/MPLS172.16.0.0AS65016

CE1

CE2PE1 PE2ASBR ASBR

IP/MPLS172.17.0.0AS65017

e0/0 e0/0

172.16.255.1

172.17.255.1

Pseudowire segment 1Pseudowire segment 2Pseudowire segment 3

172.17.255.2

S0/0 S0/0

172.16.255.2

Advertise loopback for directed LDP across AS boundaryAdvertise Label to eBGPpeer

Pseudowire switch point


BACKUP SLIDES

636363© 2003, Cisco Systems, Inc. All rights reserved.Presentation_ID


Signaling Standards – BGP v/s LDP

LDP BGPSignaling is Point – Point(uses directed LDP )

Broadcast (via RR or full Mesh )

Label Learning and Withdrawing is faster.

Slower ( Full Mesh and use label Block and new BGP Ext for MAC withdrawal )

Resetting Individual labels is more efficient in LDP.

Troublesome

Sequencing on PW is possible.

Not Possible ??

* source: IDC


Signaling LDP v/s BGP

• BGP requires a lot more messages to be processed than LDP for PtP specific info. Directed LDP requires only a single message to beprocessed by the receiving PE; however, in case of BGP, a singlemessage is sent to RR and the RR sends N messages to the PEs(member of a VPLS) and thus N messages need to be processed by NPEs.

• VPLS w/ BGP signaling still requires N^2 mesh of PWs where there is no mechanism to monitor them w/ BGP signaling; whereas, LDP signaling offers VCCV to monitor them.

• Label-block hack imposes additional constraints on PE in terms of local label assignment.

• Label-block hack requires over-provisioning and allocating labels for inactive PEs therefore consuming memory in FIBs where it could be used for L3VPN routes.

• Label-block hack can complicate redundancy and switch-over operation whereupon at PE restart, its old labels can be in use and thus the PE wants to use new labels to avoid confusion in case BGP update messages are not yet received by the PEs



• Using a single signaling mechanism (based on LDP) for MPLS will allow interoperability among different vendors and different service providers (even with different auto-discovery methods)

• If different signaling is used (e.g., both BGP and LDP is used), then interoperability is only possible when PWs are terminated at the VSIson the ASBRs

Termination of PWs on ASBRs will cause scalability issue for ASBRs

ASBRs need to support both signaling mechanismsASBRs now need to support VSI functionality and need to scale

for all data forwarding requirements between the two Ass



• LDP signaling provides more flexibility for VPLS because it allows different characteristic setting per PW such as:

QoS setting – e.g., different PWs can have different reserved BW

Sequencing: Sequencing is a PtP operation in nature. Sequence numbers among different PtP can have different “start” values. Also re-synching of sequence numbers are PtP operation. Furthermore, sequencing can be turned on/off on a per PW basis and allowing the operator finer control over it.

OAM: It is important to be able to check the health status of each PWseparately because one PW may affect the status of the whole set(Emulated VLAN). Directed LDP provides:

Hello messages to check the health of the associated PWsbetween two PEsSupport for VCCV OAM


Back UP


L2VPN EoMPLS –draft-ietf-pwe3-ethernet-encap-xx.txt

TunnelLabel

VCLabel

Ethernetheader

Ethernetpayload

payloadDA SA L FCS

Original Ethernet or VLAN Frame

Preamble 802.1q

0x8847DA’ SA’ FCS’

• VC type-0x0004 is used for VLAN over MPLS application

• VC type-0x0005 is used for Ethernet port tunneling application (port transparency)


H-VPLS MPLS access

• H-VPLS is a network topology proposal to reduce the number of pseudo wires within the MPLS network.

• reduces signaling and replication overhead to allow large scale deploy-ment. The VPLS core PWs (Hub) are augmented with access PWs (Spoke) to form a two tier Hierarchical VPLS (H-VPLS).

• Access-PW: uPE are connected to nPE bridge domain via Spoke or Access PWs. Split horizon concept modified: Packets coming on Access PW sent to all other PWs and ACs in the bridge domain. Spoke PWs can be created with no-split-horizon option to distinguish from Core PWs (IOS), or, contained directly in BD (not VFI)


H-VPLS MPLS access

• H-VPLS is a network topology proposal to reduce the number of pseudo wires within the MPLS network.

• reduces signaling and replication overhead to allow large scale deploy-ment. The VPLS core PWs (Hub) are augmented with access PWs (Spoke) to form a two tier Hierarchical VPLS (H-VPLS).

• Access-PW: uPE are connected to nPE bridge domain via Spoke or Access PWs. Split horizon concept modified: Packets coming on Access PW sent to all other PWs and ACs in the bridge domain. Spoke PWs can be created with no-split-horizon option to distinguish from Core PWs (IOS), or, contained directly in BD (not VFI)

H-VPLS with MPLS Access Exampleshow CLI


NPE3#sh mpls l2 vc 11

Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ----------VFI vpls11 VFI 10.0.0.1 11 UP VFI vpls11 VFI 10.0.0.4 11 UP VFI vpls11 VFI 10.0.0.7 11 UP

NPE3#sh vfi vpls11

Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: vpls11, state: up, type: multipointVPN ID: 11Local attachment circuits:

Vlan11 Neighbors connected via pseudowires:Peer Address VC ID S10.0.0.1 11 Y10.0.0.4 11 Y10.0.0.7 11 N

H-VPLS with MPLS Access Exampleshow CLI


NPE3#sh mac-add vlan 11Legend: * - primary entry

age - seconds since last seenn/a - not available

vlan mac address type learn age ports------+----------------+--------+-----+----------+--------------------------

11 2222.2211.1111 dynamic Yes 0 10.0.0.1, 1111 2222.2233.3333 dynamic Yes 0 10.0.0.7, 11 spoke PW11 2222.2244.4444 dynamic Yes 0 10.0.0.4, 11

UPE3#sh mpl l2 vc 11

Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ----------Gi2/13 Ethernet 10.0.0.5 11 UP

H-VPLS with QinQ Access Example


93C-tag 11 C-tag C-tag C-tag

N-PE3 N-PE4

U-PE Configuration

! Interface connected to CE! It’s dot1q-tunnel portinterface GigabitEthernet2/13switchportswitchport access vlan 11switchport mode dot1q-tunnelspanning-tree bpdufilter enable

! Interface connected to N-PE! It’s regular dot1q trunk portinterface GigabitEthernet2/47switchportswitchport trunk encapsulation dot1qswitchport mode trunk

N-PE (3&4) Configuration

! Same VPLS VFI config as flat VPLS

! Attachment circuit has two config options

! Option 1 – dot.1q trunk if it connected to U-PE like N-PE3

interface GigabitEthernet5/1switchportswitchport trunk encapsulation dot1qswitchport mode trunk

! Option 2 – dot1q tunnel if it connected to CE directly, like N-PE4interface GigabitEthernet5/1switchportswitchport access vlan 11switchport mode dot1q-tunnel

Spanning-tree bpdufilter enable

VFI

VFI

VFI

N-PE1U-PE3

H-VPLS with MPLS Access Example


N-PE3 N-PE4N-PE1

U-PE3 Configuration

! Regular EoMPLS configuration on U-PE! Use port-mode in this example

interface GigabitEthernet2/13xconnect 10.0.0.3 11 encap mpls

! Uplink is MPLS/IP to support EoMPLS

interface GigabitEthernet2/47ip address 10.0.57.2 255.255.255.252mpls ip

U-PE3

84C-tag C-tag

MPLS MPLS

VFIVFI

U-PE4

MPLS

73 35

VFI

N-PE3 Configuration

! Define VPLS VFIl2 vfi vpls11 manualvpn id 11neighbor 10.0.0.1 encapsulation mplsneighbor 10.0.0.4 encapsulation mplsneighbor 10.0.0.7 encapsulation mpls no-split-horizon

! Attach VFI to VLAN interfaceinterface Vlan11xconnect vfi vpls11

! Attachment circuit is spoke PW for H-VPLS MPLS access! Downlink is MPLS/IP configuration to support H-VPLSinterface GigabitEthernet4/0/1ip address 10.0.57.1 255.255.255.252mpls ip

C-tag C-tag C-tag

Documents

Metro Ethernet by Cisco