V1.1
VPLS Principle
Objectives
Understand the basics of mpls layer 2 VPN Understand VPLS principle
Contents
Basic Conception Of MPLS Layer 2 VPN VPLS Overview VPLS PE Functions VPLS Working Process
BGP MPLS/VPN feature
Establish tunnel on public network by LDP (Label distribution protocol)
Implement the following by using MBGP detection and transmission of VPN route Distribute inner layer label to implement address multiplexing
Implement route policy by using the extend attribute RT of BGP
Advantage of layer 3 MPLS VPN
Customer Outsource WAN infrastructure Transfer the route complexity to provider Suitable for middle or small sized company which do no
t want to gain core route capability in the company
Provider Do not need to maintain the route information among all
the core network routers Value added service( chance to gain profit)
Disadvantages of layer 3 MPLS VPN
Control based on policy adds burden to provider Extensibility and management maybe problem to super
network Some customer hope to control their route hierarchy
Layer 2 MPLS VPN
Suitable for the access of big company
Features: Regard the access network as a huge switch Establish tunnel by using MPLS label Do layer 2 switch in the whole network
MPLS LSPATM/FRATM/FR
Advantage of layer 2 MPLS VPN
Customer Easy to implement on the current layer 2 structure Can maintain control of the route Support any layer 3 routing protocol
Provider No extensibility problem due to storing too many
customer VPN routes Comparably simple than layer 3 MPLS VPN that use a
lot of policy control
L2 MPLS VPN classification
VPWS: Virtual Private Wire Service
point to point connection
VPLS: Virtual Private LAN Service
point to multipoint connection
Contents
Basic Conception Of MPLS Layer 2 VPN VPLS Overview VPLS PE Functions VPLS Working Process
Ethernet develop problem
Widely used LAN technology Develop goal is to provide multipoint to multipoint Ethernet
service without the limitation of geography space Construct large scale Ethernet by switches
Instability of STP Broadcast storm Limited numbers of VLAN
Function of VPLS
By using Ethernet and MPLS to satisfy the need of Carrier and customer ,enabling the communication between customer’s networks in different place
VPWS only provide point to point connection, but VPLS provide point to multipoint connection
Carrier’s backbone network
VPLS working principle Establish LSP between
PEs Green user and red user
are in independent VPN Establish point to point
layer 2 VC LSP in LSP tunnel
CE can be switch or router
Any upper layer protocol MPLS backbone network
is like a LAN switch with high reliability and flexibility
VPLS standards
VPLS standard is not decided yet, the widely used are:
Martini draft Rather mature, and widely supported by manufactures Support multiple protocols Suitable to be used within AS Need to be configured manually
Kompella draft Use the same encapsulation as MARTINI Can be configured automatically Can be used between AS Only support IP protocol
VFI—Distinguish VPN user
VFI( Virtual forwarding Instance) create a VPLS instance on PE, different VPLS instan
ces that have the same vc-id on different PE belong to one VPLS and can communicate with each other
Carrier’s backbone network
PE1 CE3
CE2
PE2
Vfi vpls_aVcid=100Peer=PE2Int fei_1/1
Vfi vpls_aVcid=100Peer=PE1Int fei_1/1 fei_1/2
Fei_1/1Fei_1/1
Fei_1/2 CE1
VPLS PE router structure
PE include PW management and VPLS instance PW management is responsible for establishing and
maintaining the PW with other instances on different PE VFI implement MAC learning and MAC switching.
VPLS PE
VPLS PE
VPLS PE
PW management
VPLS instance
Contents
Basic Conception Of MPLS Layer 2 VPN VPLS Overview VPLS PE Functions VPLS Working Process
VPLS working process——establishing PW (Pseudo Wire)
establishing of PW is to exchange inner label or VC label which identifies VPLS between PE
Martini draft make some extensions to LDP, add VC FEC type( 128 type and 129 type)
Carrier’s backbone network
VPN1
VPN2VPN2
VPN1LSP
Assign virtual link label by LDP
Service Provider MPLS Backbone
Learn MAC address by broadcast
PE1
VPLS-B
VPLS
PE2
PE3
MAC XXX
MAC ZZZ
-A MAC YYY
Port 1
Port 1
Port 1
VPLSMAC
AddressLocation Port
100 XXX Local Port 1
PE1
VPLS-B
Service Provider MPLS Backbone
VPLS
PE2
PE3
MAC ZZZ
-A MAC YYY
Port 1
Port 1
Port 1
MACXXX
Learn MAC address by broadcast
VPLSMAC
AddressLocation Port
100 XXX Local Port 1
VPLSMAC
AddressLocation Port
100 XXX Remote Port 1
VPLSMAC
AddressLocation Port
100 XXX Remote Port 1
PE1
VPLS-B
Service Provider MPLS Backbone
VPLS
PE2
PE3
MAC XXX
MAC ZZZ
-A MAC YYY
Port 1
Port 1
Port 1
Learn MAC address by Unicast
VPLSMAC
AddressLocation Port
100 XXX Local Port 1
VPLSMAC
AddressLocation Port
100 XXX Remote Port 1
100 zzz Local Port
VPLSMAC
AddressLocation Port
100 XXX Remote Port 1
PE1
VPLS-B
Service Provider MPLS Backbone
VPLS
PE2
PE3
MAC XXX
MAC ZZZ
-A MAC YYY
Port 1
Port 1
Port 1
Learn MAC address by Unicast
VPLSMAC
AddressLocation Port
100 XXX Local Port 1
100 ZZZ Remote Port1/LSP
VPLSMAC
AddressLocation Port
100 XXX Remote Port 1
100 ZZZ Local Port
VPLSMAC
AddressLocation Port
100 XXX Remote Port 1
PE1
VPLS-B
Service Provider MPLS Backbone
VPLS
PE2
PE3
MAC XXX
MAC ZZZ
-A MAC YYY
Port 1
Port 1
Port 1
Learn MAC address by Unicast
VPLSMAC
AddressLocation Port
100 XXX Local Port 1
100 ZZZ Remote Port1/LSP
VPLSMAC
AddressLocation Port
100 XXX Remote Port 1
100 ZZZ Local Port
VPLSMAC
AddressLocation Port
100 XXX Remote Port 1
100 YYY Local Port1
PE1
VPLS-B
Service Provider MPLS Backbone
VPLS
PE2
PE3
MAC XXX
MAC ZZZ
-A MAC YYY
Port 1
Port 1
Port 1
Learn MAC address by Unicast
VPLSMAC
AddressLocation Port
100 XXX Local Port 1
100 ZZZ Remote Port1/LSP
100 YYY Remote Port1/LSP
VPLSMAC
AddressLocation Port
100 XXX Remote Port 1
100 ZZZ Local Port
VPLSMAC
AddressLocation Port
100 XXX Remote Port 1
100 YYY Local Port1
VPLS loop problem——Horizon split
Virtual forwarding instance on PE is like a layer 2 switch, but it doesn’t need to run STP like traditional L2 switch because MPLS L2 VPN use internal horizon split mechanism to avoid loop.
Contents
Basic Conception Of MPLS Layer 2 VPN VPLS Overview VPLS PE Functions VPLS Working Process
VPLS working process—create inner label
Set VFI on PE, same VPLS has same vc-id in VFI Set interface on PE as layer 2 transparant transfer port Establish session to assign virtual link label by using extend LD
P
CE1
PE1 P PE2
CE2
Fei_1/2Fei_1/1 Fei_3/2
Fei_3/1
Fei_2/1 Fei_2/2
Vfi vpn_aVcid=100,peer=PE2Int fei_1/1
PE1:vcid=100 label:16
PE2:vcid=100 label:22
LDP LDP
Vfi vpn_aVcid=100,peer=PE1Int fei_3/2
VPLS working process—create outside label
PE and equipment run routing protocol and establish LSP by using LDP
CE1
PE1P
PE2
CE2
Fei_1/2Fei_1/1 Fei_3/2
Fei_3/1
Fei_2/1 Fei_2/2
PE1: Lable 3 PE2: Lable 3
PE2: Lable 28 PE1: Lable 72
VPLS working process—form of label table
L2 label table and global label table formed on PE, global label table formed on P
CE1
PE1P
PE2
CE2
Fei_1/2Fei_1/1 Fei_3/2
Fei_3/1
Fei_2/1 Fei_2/2
In-int In-label Dest out-label out-intFei_2/1 28 PE2 pop fei_2/2Fei_2/2 72 PE1 pop fei_2/1
Dest out-label out-intPE2 28 fei_1/2
In-int vc-id Dest out-labelFei_1/1 100 PE2 22
In-int vc-id Dest out-label Fei_3/2 100 PE1 16
Dest out-label out-intPE1 72 fei_3/1
VPLS working process—data forwarding
CE1 wants to communicate with CE2, sending ARP PE1 receives this packet, learn source MAC aaa and record
it in VFI
CE1
MAC:aaa
PE1P
PE2
CE2
MAC:bbb
Fei_1/2Fei_1/1 Fei_3/2
Fei_3/1
Fei_2/1 Fei_2/2
MAC peer-address outIntLab outExtLab outIntaaa local null null fei_1/1
data
S:aaa,D:ffff
VPLS working process—data forwarding
PE send to all the VCs according to destination MAC of packet
Search L2 label table and global label table to encapsulate packet
CE1
MAC:aaa
PE1 PPE2
CE2
MAC:bbb
Fei_1/2Fei_1/1 Fei_3/2
Fei_3/1
Fei_2/1 Fei_2/2
Dest out-label out-intPE2 28 fei_1/2
In-int vc-id Dest out-labelFei_1/1 100 PE2 22
dataS:aaa D:ffff
2228
data
S:aaa,D:ffff
VPLS working process—data forwarding
P search label table to forward data and do Penultimate Hop Popping
CE1
MAC:aaa
PE1 PPE2
CE2
MAC:bbb
Fei_1/2Fei_1/1 Fei_3/2
Fei_3/1
Fei_2/1 Fei_2/2
dataS:aaa D:ffff
2228
In-int In-label Dest out-label out-intFei_2/1 28 PE2 pop fei_2/2Fei_2/2 72 PE1 pop fei_2/1
dataS:aaa D:ffff
22
data
S:aaa,D:ffff
VPLS working process—data forwarding
PE2 learn source MAC and record it in VFI PE2 send packet to CE2
CE1
MAC:aaa
PE1 PPE2
CE2
MAC:bbb
Fei_1/2Fei_1/1 Fei_3/2
Fei_3/1
Fei_2/1 Fei_2/2
data
S:aaa,D:ffff
dataS:aaa D:ffff
2228
dataS:aaa D:ffff
22
MAC peer-address outIntLab outExtLab outIntaaa PE1 16 72 fei_3/1
In-int vc-id Dest out-label Fei_3/2 100 PE1 16
Dest out-label out-intPE1 72 fei_3/1
dataS:aaa,D:ffff
VPLS working process—data forwarding
CE2 send back ARP response to CE1 PE2 learn source MAC and record it in VFI
CE1
MAC:aaa
PE1 PPE2
CE2
MAC:bbb
Fei_1/2Fei_1/1 Fei_3/2
Fei_3/1
Fei_2/1 Fei_2/2
MAC peer-address outIntLab outExtLab outIntaaa PE1 16 72 fei_3/1bbb local null null fei_3/2
dataS:bbb,D:aaa
VPLS working process—data forwarding
PE2 search and forward packet according to destination MAC
CE1
MAC:aaa
PE1 PPE2
CE2
MAC:bbb
Fei_1/2Fei_1/1 Fei_3/2
Fei_3/1
Fei_2/1 Fei_2/2
MAC peer-address outIntLab outExtLab outIntaaa PE1 16 72 fei_3/1bbb local null null fei_3/2
dataS:bbb,D:aaa
dataS:bbb D:aaa
1672
VPLS working process—data forwarding
PE1 learn source MAC in packet and record it in VFI PE1 search and forward packet according to destination MAC
CE1
MAC:aaa
PE1 PPE2
CE2
MAC:bbb
Fei_1/2Fei_1/1 Fei_3/2
Fei_3/1
Fei_2/1 Fei_2/2
dataS:bbb,D:aaa
dataS:bbb D:aaa
1672
dataS:bbb D:aaa
16
MAC peer-address outIntLab outExtLab outIntaaa local null null fei_1/1bbb PE2 22 28 fei_1/2Dest out-label out-int
PE2 28 fei_1/2
In-int vc-id Dest out-labelFei_1/1 100 PE2 22
data
S:bbb,D:aaa
Review
MPLS L2 VPN function VPLS function VFI function MAC address learning process VPLS working process
Question
How does VPLS solve the problem of loop?
Recommended
