Download ppt - 1 © 2002, Cisco Systems, Inc. All rights reserved. Robert Raszuk – VPLS – Feb 2002 VPLS/TLS/DTLS/VPSN…. Robert Raszuk IOS Engineering – MPLS Development

1© 2002, Cisco Systems, Inc. All rights reserved.Robert Raszuk – VPLS – Feb 2002

VPLS/TLS/DTLS/VPSN….

Robert Raszuk

IOS Engineering – MPLS Development

[email protected]

Tokyo July 12th 2002


Prerequisites

• LDP/TE or any other core tunneling

• Basic knowledge of LAN/STP/VLANs

• P2p draft-martini-encap & signaling


Agenda

• What is VPLS and all of those acronyms

• VPLS building blocks

• What draft talk about what services

• Summary


What is VPLS and all of those acronyms

• VPLS = Virtual Private LAN Service

• TLS = Transparent LAN Service

• VPSN = Virtual Private Switched Network

!!! Those above all mean the same thing = VPLS !!!

• DTLS = Decoupled TLS

• New: Ethernet Virtual Circuit Service (EVCS)

• New: Virtual Private Wire/WAN Service (VPWS)


L2VPN Terminology Clarification

L2VPN

L2 Transport

VPWS

VPLS

MPLS(AToM)

L2TPv3

MPLS

L2TPv3

MPLS

QinQ

L2TPv3

- Ethernet - FR

- ATM - PPP

- HDLC

- Ethernet - FR

- ATM - PPP

- HDLC

- Ethernet



PE

Service Provider Backbone

CE-1

Attachments VCs Emulated VCs or Pseudo Wire Attachments VCs

Tunnel Circuit

Basic L2 Transport:



PE

PE

PE

C E -1

C E -2

C E -3

A ttachment V C s

E mulated V C

E mulated T unnel

VPWS:


What is VPLS and all of those acronyms

• VPLS is a network service providing layer 2 multipoint connectivity between edge devices.

• From customer edge device point of view WAN or Metro infrastructure providing vpls service is not visible. Customer edge devices appear to each other as connected via single logical learning bridge with fully meshed ports.


Agenda




• Summary


VPLS building blocks

• Network elements

• VPLS edge device discovery

• Signaling (also called auto-configuration)

• Packet’s encapsulation

• MAC address learning & re-learning

• Flooding

• Decoupling

• Loop avoidance - STP



Network elements providing two VPLS services:

LAN-10a

PE1PE2

CE1

CE2

L2PE

LAN-10c

CE3

CE4

LAN-10d

LAN-20b

LAN-10b

LAN-20a

VPLS1: LAN10abcdVPLS2: LAN20abCE2–L2PE & CE4-PE2 are VLAN trunksL2PE-PE1 can be QinQ or VLANinMPLS

VPLS aware devices



VPLS Edge device discovery

• Distribution of configuration information indicating mapping of VPLS instances to VPLS edge devices

Example:

PE2

LAN-10c

CE3

CE4

LAN-10d

LAN-20b

Hello I’m PE1

I have VPLS 1 Site_ID 1

I have VPLS 2 Site_ID 5

Can be:

• BGP based

• DNS/Directory based

• NMS

• Partially LDP

• Manual PE1



• Discovery of peer PEs for a VPLS instance (for a given VPN).

• Two primary approaches:

- Directory based approach such as DNS (draft-heinanen-dirldp-eth-vpns.txt)

- BGP based approach (draft-ppvpn-bgpvpn-auto-01.txt)

VPLS Edge device discovery


VPLS building blocks – LDP Autodiscovery

• Each Ethernet Attachment VC is Bound To A “Name” Resolved by Directory Lookup (e.g., DNS)

• Circuit Name Is Associated With A Set Of PE Addresses (e.g., DNS A Resource Records)

acmecorp.tls.sbc.com 10.1.1.1 10.2.2.210.3.3.3

• Binding of of Circuit Name to Ethernet Attachment VC Causes Directory Query

• Reception of New VC over Targeted LDP Signaling Channel Causes Directory Query To Update List of PEs in Circuit

Service Provider

MPLS Network

CE-1 PE1(7600)

CE-2PE3(7600)

CE-3

PE2(7600)

• Example

pe1# config t

pe1 (config)# interface ethernet 1/1

pe1 (config-if)# name acmecorp.tls.sbc.com

pe2 (config)# interface ethernet 2/2

pe2 (config-if)# name acmecorp.tls.sbc.com

Directory(Primary and Secondary)


VPLS building blocks – BGP Autodiscovery

• Each Attachment VC is Associated with an L2VPN Id (Site_id)

Association Is Performed At Time of Attachment VC Provisioning

• BGP Updates Distribute To Be Defined L2VPN NLRIs

Next Hop = PE Reporting the L2VPN, Route Target Contains VPN-Id

Updates Filtered Based on VPN-Id – Just reg ext community filtering

• BGP Updates Sent On Binding of Attachment VC

• BGP Withdrawal Sent on Removal of Binding VC

• Requires BGP Route Reflector or I-BGP Mesh

Service Provider

MPLS Network

CE-1 PE1(7600)

CE-2PE2(7600)

CE-3

PE2(7600)

BGP Route Reflector(Primary and Secondary)



VPLS emulated VCs Signaling

• Distribution of labels as demultiplexors for packets between VPLSs arriving to PE/L2PE from core. Needed because a single PE-PE tunnel can be used for transport data from different VPLS instances

• Two main methods for signaling VPLS:

1. By using BGP (one draft)

2. By using LDP (all other drafts and Industry trend)



Signaling emulated VCs by using BGP

• Can be used as a single protocol for combined discovery & signaling in full mesh topologies.

PE2

LAN-10c

CE3

CE4

LAN-10d

LAN-20b

For VPLS1/PE2 use (base 10, offset 0, length k)

For VPLS2/PE2 use (base 20, offset 0, length j)

I have VPLS1 – Site_ID 1 & VPLS2 – SIte ID 5

So I use the following VPLS VC labels to send to PE2

For VPLS1 10+1=11 & for VPLS 20+5=25

PE1

All needed information received by PE1 with single TCP IBGP session !




• This “trick” with advertising label base and length allows to generate one NLRI for all other PE-s.

• Unique within a VPLS Site_ID added to the label base constitutes a VPLS VC label which in itself carries embedded information about the packet’s originator

• Why not just send labels – simply because learning of MAC is done based on the VPLS VC label and it has to be known apriori what peer has send us a packet with a given MAC based on the VPLS VC label value.




• If L2PEs are being used the advertised label blocks are per VPLS/L2PE pair

• For those who don’t run BGP this is not an option

• Industry (IETF) does not follow this path so vendor interoperabilty is not possible

• Label blocks are getting fragmented at the Pes due to block pre-allocation requirement

• Delay in delivery of control information due to BGP nature and reflection (update generation + advert.)

• Non full mesh topologies require RT filtering on PEs



Signaling emulated VCs by using LDP

• A separate directed LDP session required between each PE pair.

• Watch LDP session’s scalability numbers

• Multiple proposals (see draft section for details)

• General Industry direction for emulated VC setup scheme in all L2VPN applications: L2 p2p Transport, VPWS & VPLS !

• Interoperability with number of vendors worldwide



Packet encapsulation

• PE-s connected via full mesh of tunnels: GRE, MPLS(LDP/TE), L2TPv3 etc …

PE-PE tunnels VPLS VCs

Tunnel header/label

VPLS VC Label

Control Word

Layer2 Frame

Minus preamble

Minus checksum

• VPLS VCs (aka emulated VCs) transported inside those PE-PE tunnels based on draft-martini-encaps.



MAC address learning & re-learning

• VPLS visible from customer devices as a learning bridge with geographically distributed ports:

LAN-10a

PE1PE2

CE1

CE2

L2PE

LAN-10c

CE3

CE4

LAN-10d

LAN-20b

LAN-10b

LAN-20a

PP1

LP1LP2

LP1LP2

PP1

00-10-A4-92-F2-1200-10-A4-92-F2-11

PC1PC2

00-10-A4-92-F2-12 - PP1

00-10-A4-92-F2-11 – VC 2 L2PE

00-10-A4-92-F2-11 - PP1

00-10-A4-92-F2-12 – VC to PE2

L2PE’s VPLS1 FIB PE2’s VPLS1 FIB




• Two modes for learning: qualified and unqualified

• In qualified learning we build FIB per VLAN per VPLS – general agreement to have only one VLAN per VPLS

• In unqualified learning we build FIB per VPLS – in other words per port

• Note that MAC’s being globally unique may relax to need for FIB’s separation

• Virtual Switch Instance VSI – component responsible for the above actions




• End users can move from place to place

• Dual connected switches or hubs may block different ports.

• PE or L2PE needs to be able to signal the need to flash all or subset of MAC entries previously learned via it



Flooding

• When FIB tables do not contain dst MAC address VPLS wide flooding is needed of such a packet.

LAN-10a

PE1PE2

CE1

CE2

L2PE

LAN-10c

CE3

CE4

LAN-10d

LAN-20b

LAN-10b

LAN-20a

PP1

LP1LP2

LP1LP2

PP1

00-10-A4-92-F2-1200-10-A4-92-F2-11

PC1PC2

00-10-A4-92-F2-12 - PP1

00-10-A4-92-F2-11 - L2PE

00-10-A4-92-F2-11 - PP1

??-??-??-??-??-?? – ??

L2PE’s VPLS1 FIB PE2’s VPLS1 FIB



Flooding

• The same is needed for broadcast/multicast

• To be flooded packet may be received from customer port or from other PE-s

• If received from customer port it must be flooded to all other customer ports + all other PE-s

• If received from other PE-s (because of full mesh) it must be flooded only to customer facing ports analogy to “split-horizon” scheme

• With qualified learning the flooding scope may be limited per VLAN if more then one instance per VPLS is ever used



Decoupling

• To offer VPLS service on most of the existing PE routers decoupling of MAC address learning, STP, replication/flooding from control plane’s discovery & signaling is necessary. This also helps to scale provider’s IGP.

LAN-10a

PE1CE1

CE2

L2PE

LAN-10b

LAN-20a



Decoupling

• STP on L2PE is needed when L2PE is connected to multiple PE boxes to select active ports

• L2PE uses per interface MPLS or VLAN stacking to send customer L2 frames to PE

• L2PE-PE exchange information about VPLS #, Site-id#, connected PE as well as assigned by PE MPLS/VLAN encapsulation value per VPLS # to be used on L2PE-PE link

• PE generates and advertises to other PE-s VPLS VC label blocks each representing single L2PE-VPLS pair



Decoupling

• PE also generates MPLS labels or VLAN tags for L2PE-PE trunk identifying VPLS-L2PE coming to PE

• L2PE does flooding and packet replication freeing PE from doing it

• L2PE does MAC learning both from the customer ports (trivial) and from the network.

• If from the network the MAC’s originator Site_id is deducted from the originally advertised per VPLS/SiteID label base or VLAN tag base or label.

• L2PE can load balance per VPLS when multihomed



Loop avoidance - STP

• To avoid the need of running STP per VPLS between and on all provider’s network elements participating in a given VPLS – full mesh of tunnels between those elements (PE or L2PE devices) is mandated.

• STP will typically be run by redundantly connected customer devices using VPLS.

• In the fully meshed topology L2PE may select without running STP which PE’s port can be used when the packet with the identical MAC is received from more then one core facing interface


Agenda




• Summary


What draft talk about what services

VPLS

related

IETF

drafts:

• draft-lasserre-tls-mpls-00.txt

• draft-lasserre-vkompella-ppvpn-vpls-02.txt

• draft-khandekar-ppvpn-hvpls-mpls-00.txt

• draft-sajassi-vpls-architectures-00.txt

• draft-heinanen-dns-ldp-vpls-00.txt

• draft-tsenevir-gre-vpls-00.txt

• draft-augustyn-vpls-arch-00.txt

• draft-kompella-ppvpn-vpls-00.txt

• draft-kompella-ppvpn-dtls-01.txt


Lasserre-Vkompella

PE –POP(PE-rs)

PE-CLE (MTU-s)

CE

CE

PE-CLE (MTU-s)

PE –POP(PE-rs)

MPLS MPLSMPLSData Plane:

Directed LDP

LDP

Control Plane:

Ether Pkt Ether PktL2 Hdr Ether PktL2 HdrMPLS Ether PktL2 Hdr Ether Pkt

Directed LDP Directed LDP


Sajassi draft

PE –POP(PE-rs)

PE-CLE (MTU-s)

CE

CE

PE-CLE (MTU-s)

PE –POP(PE-rs)

QinQ QinQMPLSData Plane:

LDP

Control Plane:

Ether Pkt Ether PktE Hdr Ether PktL2 HdrMPLS Ether PktE Hdr Ether Pkt

Directed LDP


MPLS-Lite

PE –POP(PE-rs)

PE-CLE (MTU-s)

CE

CE

PE-CLE (MTU-s)

PE –POP(PE-rs)

QinQ QinQMPLSData Plane:

Directed LDP

LDP

Control Plane:

Ether Pkt Ether PktE Hdr Ether PktL2 HdrMPLS Ether PktE Hdr Ether Pkt

Directed LDP Directed LDP



draft-lasserre-vkompella-ppvpn-vpls-02.txt

• PE must be able to flood, fwd or filter bridges frames

• VPLS VCs use martini-encaps

• For VPLS VC signaling uses martini-sig draft

• Proposes the addition of new VC Type (in the VC TLV) “Ethernet VPLS” codepoint 0x000B where VCID will become a VPN_ID (VPLS ID)

• Proposes to introduce a new optional 1 byte interface parameter to martini-sig: “VPLS learning mode” to distinguish qualified from unqualified learning modes



draft-lasserre-vkompella-ppvpn-vpls-02.txt cd …

• Defines a new TLV “MAC TLV” type 0x0404 used for explicit removal of listed in it MAC addresses from all peer’s FIB tables for use in LDP Address Withdraw Message

• When the length field of MAC TLV indicates an empty list all MACs received from a VPLS VC of a given peer are removed

• Proposes to use two MAC aging timers: short for locally learned MACs – longer for MACs learned via VPLS VCs from other PE-s



• In qualified learning this is actually one VSI per VLAN per VPLS per PE.

• Defines much broader & complete then any existing draft the QinQ case between L2PE(PE-CLE) and PE

• Modified MAC address deletion which mean the message should be sent from MTU-s to backup PEs and NOT the primary PEs.




• Offers pretty attractive idea to eliminate the need to have all VPLS capable devices fully meshed by tunneling the emulated VPLS VC via non VPLS capable PE-s to those selected for given VPLS as well as capable to do all VPLS functions

• Reduces number of emulated VCs - reduces signaling

• If auto discovery is not used it reduces the number of configuration tasks when add/delete the L2PE (aka MTU) devices

• Very much alike what L2TP or GRE tunnel do today




• Very nicely glues martini based p2p VCs with p2mp VPLS concept !

• Relaxes the need to have VPLS capable device in every POP




draft-heinanen-dns-ldp-vpls-00.txt

• Uses DNS (draft-luciani-ppvpn-vpn-discovery) for PE discovery

• Uses LDP for VPLS VC signaling

• Introduces a new VPN ID FEC TLV

draft-tsenevir-gre-vpls-00.txt

• Proposes VPLS over GRE

• VPLS VC demux based on GRE network wide uniqe key



draft-augustyn-vpls-arch-00.txt

• Some requirements & just an overall architecture proposal. No new protocol definitions.

draft-mroz-ppvpn-inter-as-lsps-00.txt

• Proposes a way to establish a VPLS VC across AS-es

• Uses EBGP ipv4+label code to distribute PE-s /32s between AS-es

• More or less exactly the same thing as we do in our mpls-vpn inter-as case .



draft-kompella-ppvpn-vpls-00.txt

• Discovery & Signalling with BGP

• Defines a new BGP NLRI for VPLS

• Defines new bgp ext community as a container for control information for a VPLS VC

+------------------------------------+

| Length (2 octets) |

+------------------------------------+

| Route Distinguisher (8 octets) |

+------------------------------------+

| VE ID (2 octets) |

+------------------------------------+

| Label-block Offset (2 octets) |

+------------------------------------+

| Label Base (3 octets) |

+------------------------------------+

| Variable TLVs (0 to N octets) |

| ... |

+------------------------------------+

+------------------------------------+

| Extended community type (2 octets) |

+------------------------------------+

| Encaps Type (1 octet) |

+------------------------------------+

| Control Flags (1 octet) |

+------------------------------------+

| Layer-2 MTU (2 octet) |

+------------------------------------+

| Reserved (2 octets) |

+------------------------------------+



draft-rosen-ppvpn-l2-signaling-00.txt

• Proposes a way to eliminate the need to configure VPLS VC on both ends by extending martini signaling

• Proposes to build an emulated VC by not pair of <PE1, PE2, Vcid, VC_type> but by pair of <PE1, SAI, PE2, TAI> where …AI is an src/dst Attachment ID

• TAIs and PE2 address can be learn via auto discovery mechanism which is not specified in the draft

• In VPLS AI can be composed by concatenation of VPLS#+VLANid connecting customer switches to PE



draft-lasserre-tls-mpls-00.txt

• Proposes to use IGP extension do discover VPLS capable PE-s (draft-tsenevir-8021qospf-00.txt)

• Once directed LDP sessions are established between each PE-PE, extends draft-martini signalling VC FEC with the new parameter: 7-byte VPN_ID (VPLS_ID)

• Assumes replication/flooding capable PE


Agenda




• Summary


Summary

• Main problem – MAC addresses can’t be summarized !

• Fully VPLS capable devices must be able to replicate flood and filter packets

• VPLS has some applications in MANs – I can’t see then pushing away L3 services from WANs

• All L2 applications are IMHO only current moment’s industry fashion borned mostly due to the believe of some that flat networks/ethernet rock

• L3 routing and L3 services are still the main element with far greater scalability !


Thank you !

This presentation can be found at:

ftp://ftp-eng.cisco.com/rraszuk/vpls

Ack: Some slides were borrowed from Ali Sajassi. Thx !