VPLS Deployment-Cisco
VPLS Deployment-Cisco
2
VPLS Overview
3
Virtual Private LAN Service
CE
Ethernet Advantage
• Flexible logical interface definitions based on VLANs
• Flexible bandwidth provisioning
• Ubiquitous, low-cost interface technology
• Compatibility with technology currently deployed in
enterprise LAN networks
• Outstanding bandwidth-to-cost ratio
• Simplified operational support requirements
http://www.cisco.com/en/US/products/hw/routers/ps368/products_white_paper09186a00801df1df.shtml
6
VPLS Topology
CE-B3
Headquarter
of Company B
CE-A2
GE0/1 Branch of
Company A
GE0/1
Branch of
Company B CE-B2
7
VPLS Basic Concepts
CE-A1 CE-A3
PE1 PE3
VSI VSI
AC
PE2
VC
VSI
Full-mesh of PWs CE-A2
between VSIs VSI
CE-B2
8
VPLS Basic Concepts CE-A1
PE1
VSI
PE3
VSI
CE-A3
CE-B3
CE-B1
VSI VSI
PE2
VSI
9
VPLS Control Plane
• Tunnel label is distributed by LDP
• VC label is distributed by targeted LDP or BGP
CE-A1 CE-A3
PE1 PE3
P
CE-B1 P
CE-B3
P
LDP
Peer
CE-B2 CE-A2
PE2
10
Data Plane of VPLS
L2 Frame L2 Frame
50 200 L2 Frame
200 L2 Frame
45 200 L2 Frame
CE1 CE2
P P
50 100 L2 Frame
PE PE
100 L2 Frame
45 100 L2 Frame
CE3
L2 Frame
L2 Frame
CE4
11
VPLS Traffic Encapsulation
Tunnel Label Tunnel Label (LDP) EXP 0 TTL
Layer 2 Frame
Three-level encapsulation:
1. Packets switched between PEs using Tunnel label
2. VC label identifies PW, VC label signaled between PEs
Virtual Switch
• A Virtual Switch MUST operate like a conventional Layer2
switch
• Flooding / Forwarding;
– Unicast forwarding if destination MAC address is learned before,
otherwise flood all (Broadcast/ Multicast/ Unknown Unicast frame)
– MAC table instances per customer and per customer VLAN for each
PE
– VSI will participate in learning, forwarding process
• Address Learning / Aging:
– Self Learn/data plane help learning source MAC address to Port
– Refresh MAC timers with incoming frames
• Loop Prevention:
– Use “split horizon” concepts instead of STP to prevent loops
13
VPLS MAC Address Learning (1)
ARP Broadcast
PE1 PE3
CE-1 CE-3
PW3
PE1 VSI MAC Table PE3 VSI MAC Table
VSI MAC Port VSI MAC Port
CE-2
14
VPLS MAC Address Learning (2)
ARP Broadcast
ARP Reply
PE1 PE3
CE-1 CE-3
PW3
PE1 VSI MAC Table PE3 VSI MAC Table
VSI MAC Port VSI MAC Port
VPN1 CE-1 VLAN 20, Eth 0/1 PW2 VPN1 CE-1 PW3
15
MAC Address Withdrawal Message
(LDP) Targeted LDP
PE1 PE4
PE2 PE3
17
Split Horizon
• The split horizon between PEs ensures loop-free in VPLS
forwarding.
PE1 PE4
CE-1 CE-2
CE-2
PE3
PE2
18
Abstraction of VPLS
Provisioning Model
• What information needs to be configured and in what entities
• Semantic structure of the endpoint identifiers (e.g. VPN ID)
Discovery
• Provisioning information is distributed by a "discovery process“
• Distribution of endpoint identifiers
Signaling
• When the discovery process is complete, a signaling protocol
is automatically invoked to set up pseudowires (PWs)
19
Discovery and Signaling Alternatives
• VPLS Signaling VPN Discovery
– LDP-based (RFC 4762)
– BGP-based (RFC 4761) Manual BGP
No Auto-Discovery Auto-Discovery
• VPLS with LDP-signaling and No
auto-discovery
– Operational complexity for larger RFC
RFC
4761
deployments Signaling
6074
• BGP-based Auto-Discovery
Static
(BGP-AD) (RFC 6074) No Signaling LDP BGP
– Enables discovery of PE devices in
a VPLS instance
• BGP Signaling (RFC 4761)
20
VPLS Signaled
with LDP
21
PW Control Plane Operation
• LDP Signaling PEs advertize local VC label
using LDP label-mapping
4 message:
Label TLV + PW FEC TLV
2
New targeted LDP session
between PE routers established,
in case one does not already PE-1 PE-2
exist
CE-1 CE-2
MPLS
Core
1 Interface A Interface B
10.0.0.3/32
PE3
10.0.0.1/32 10.0.0.2/32
23
Configure L2 VFI
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
On PE1:
l2 vfi VPLS-CUST1-ETHERNET manual
vpn id 1
bridge-domain 1
neighbor 10.0.0.2 encapsulation mpls Configure the neighbors manually.
neighbor 10.0.0.3 encapsulation mpls
On PE2:
24
Configure L2 VFI (continued)
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
On PE3:
l2 vfi VPLS-CUST1-ETHERNET manual
vpn id 1
bridge-domain 1
neighbor 10.0.0.1 encapsulation mpls
neighbor 10.0.0.2 encapsulation mpls
Bridge domain
—A set of logical ports that share the same flooding or broadcast
characteristics
25
Configure Bridge Domain
• Configuration steps:
– 2. Configure bridge domain under the interface on PE connecting to
CE
Following is the configuration on PE1, similar configurations on the
other PEs.
interface GigabitEthernet0/0/5
no ip address
negotiation auto Specifies the service instance ID.
no cdp enable
service instance 10 ethernet
encapsulation untagged
bridge-domain 1 Binds a service instance to a bridge domain instance.
Service instance could be considered as a way through which you can use a
single port as a combination of layer 2 and layer 3 ports.
Multiple service instances can be created under one physical interface.
26
Verify LDP Targeted Peers
• After the configuration, verify the results:
– 1. Check the LDP targeted peers on PEs
PE1#show mpls ldp discovery
Local LDP Identifier:
10.0.0.1:0
....(omitted)
Targeted Hellos:
10.0.0.1 -> 10.0.0.2 (ldp): active/passive, xmit/recv
LDP Id: 10.0.0.2:0
10.0.0.1 -> 10.0.0.3 (ldp): active/passive, xmit/recv
LDP Id: 10.0.0.3:0
27
Verify the VC Status
– 2. Check the VC status on PEs
28
Verify VFI Information
– 3. Check the vfi information:
29
Verify L2transport Bindings
– 4. Check the l2transport bindings:
30
Verification of MAC Address Table
– 5. Check the MAC address table on both PE and CE
PE1#show bridge-domain
Bridge-domain 1 (3 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
Maximum address limit: 16000
GigabitEthernet0/0/5 service instance 10
vfi VPLS-CUST1-ETHERNET neighbor 10.0.0.2 1
vfi VPLS-CUST1-ETHERNET neighbor 10.0.0.3 1
Nile Mac Address Entries
BD mac addr type ports
----------------------------------------------------------------------------
1 0042.6856.3805 DYNAMIC Gi0/0/5.Efp10
1 0078.88f7.1405 DYNAMIC 10.0.0.2, 1
1 0078.88f8.fb85 DYNAMIC 10.0.0.3, 1
CE1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 100.1.1.1 - 0042.6856.3805 ARPA GigabitEthernet0/0/5
Internet 100.1.1.2 0 0078.88f7.1405 ARPA GigabitEthernet0/0/5
Internet 100.1.1.3 0 0078.88f8.fb85 ARPA GigabitEthernet0/0/5
31
BGP Auto-Discovery (BGP-AD)
• Eliminates need to manually provision
VPLS neighbors
BGP Update
BGP message with
• Automatically detects when new PEs are session VPLS NLRI
added / removed from the VPLS domain PE1 BGP RR PE3
CE-A1 CE-A3
• Uses BGP Update messages to advertize VSI VSI
PE/VFI mapping (VPLS NLRI)
• Typically used in conjunction with BGP PE2 I am a new PE with
Route Reflectors to minimize iBGP full- ACs on BLACK
Pseudowire VFI
mesh peering requirements VSI
(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
32
What is Discovered? NLRI + Extended
Communities
BGP Update Messages
BGP ASN = 100 BGP ASN = 100
BGP Rtr ID = 1.1.1.10 PE-1 PE-2 BGP Rtr ID = 2.2.2.20
BGP neighbor = 2.2.2.20 BGP neighbor
CE-2 = 1.1.1.10
CE-1
L2VPN Rtr ID = MPLS L2VPN Rtr ID =
10.10.10.10 20.20.20.20
VPN ID = 111 Core VPN ID = 111
RT = auto (100:111) RT = auto (100:111)
RD = auto (100:111) RD = auto (100:111)
VPLS-ID = auto (100:111) VPLS-ID = auto (100:111)
Length = 14 Length = 14
NLRI Route Distinguisher = 100:111 Route Distinguisher = 100:111
L2VPN Router ID = 10.10.10.10 L2VPN Router ID = 20.20.20.20
33
Configuration Example of VPLS
Signaled with LDP (AD)
• Task: Configure MPLS VPLS (LDP based Autodiscovery)on Cisco IOS XE (Version
3.16) to make the following CEs communication with each other.
• Prerequisite configuration:
– 1. IP address configuration on all the routers
– 2. IGP configuration on PE & P routers
– 3. LDP configuration on PE & P routers
VPNA CE3
100.1.1.3/24
GE0/0/5
10.0.0.3/32
PE3
10.0.0.1/32 10.0.0.2/32
GE0/0/5 GE0/0/5
VPNA VPNA
100.1.1.1/24 100.1.1.2/24
34
Configure L2 VFI
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
On PE1(Similar configurations on the other PEs):
l2 vfi VPLS-CUST1-ETHERNET autodiscovery
vpn id 1
bridge-domain 1
vpls-id 100:10
Optional commands. VPLS Autodiscovery
rd 100:10 automatically generates a VPLS ID, an
route-target export 100:10 RD, and RT.
route-target import 100:10
35
Configure L2 VFI (continued)
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
On PE2:
l2 vfi VPLS-CUST1-ETHERNET autodiscovery
vpn id 1
bridge-domain 1
vpls-id 100:10
rd 100:20
route-target export 100:10
route-target import 100:10
On PE3:
l2 vfi VPLS-CUST1-ETHERNET autodiscovery
vpn id 1
bridge-domain 1
vpls-id 100:10
rd 100:30
route-target export 100:10
route-target import 100:10
36
Configure BGP Neighbors in VPLS
• Configuration steps:
– 2. Configure BGP neighbors in VPLS on PEs
On PE1, similar configurations on the other PEs:
37
Configure Interface in Bridge Domain
• Configuration steps:
– 3. Configure bridge domain under the interface on PE connecting to
CE
On PE1:
interface GigabitEthernet0/0/5
no ip address
service instance 10 ethernet Specifies the service instance ID.
encapsulation untagged
negotiation auto
no cdp enable
bridge-domain 1 Binds a service instance to a bridge domain instance.
38
Verify LDP Targeted Peers
• After the configuration, verify the results:
– 1. Check the LDP targeted peers on PEs
39
Verify VC Status
– 2. Check the VC status on PEs
40
Verify BGP VPLS
– 3. Check the BGP VPLS status on PEs
41
Verification – LDP bindings
– 4. Check the l2transport bindings:
PE1#show mpls l2transport binding
42
Verification – MAC Address Table
– 5. Check the MAC address table on both PE and CE
CE1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 100.1.1.1 - 0042.6856.3805 ARPA GigabitEthernet0/0/5
Internet 100.1.1.2 0 0078.88f7.1405 ARPA GigabitEthernet0/0/5
Internet 100.1.1.3 0 0078.88f8.fb85 ARPA GigabitEthernet0/0/5
43
VPLS Signaled
with BGP
44
RFC
VC Signaled with BGP 4761
45
VPLS Signaled with BGP
• BGP Signaled VPWS uses VPN targets to control the receiving and
sending of VPN routes, which improves flexibility of the VPN
networking.
BGP Session
CE2
CE1 P P
PE1 PE2
MPLS Core iBGP Update L2VPN
iBGP Update L2VPN
RD:100:10, VE-ID=1, RD:100:10, VE-ID=12,
Label-Block Offset:11 Label-Block Offset:1
Label-Block Range:10 Label-Block Range:10
Label Base:100 Label Base:200
Layer-2 Info: Ethernet, Layer-2 Info: Ethernet,
RT:100:10, Next Hop: 10.0.0.1 RT:100:10, Next Hop: 10.0.0.4
46
VE Label in BGP Signaled VPLS
47
Basic Concepts
Concepts Explanation
VE ID A VE ID uniquely identifies a CE in a VPN.
Block Offset Value used to identify a label block from which a label
value is selected to set up pseudowires for a remote site.
Note:
In Cisco & Juniper, initial offset is 1.
In Huawei, initial offset is 0 by default, can be changed to be 1.
48
Example of Label Block
PE1 Label Block
100
• As in the topology, 2 CEs CE1 Label Block 1
101
are attached to PE1 to set Label Base = 100
Label Range = 5 102
up L2VPN with other sites. Block Offset = 1 103
104
CE2 Label Block 1 105
Label Base = 105 106
Label Range = 4
CE1 107
Block Offset = 1
108
PE1 CE1 Label Block 2 109
Label Base = 109 110
CE2
Label Range = 3
Block Offset = 6 111
49
VC Label Calculation
𝑩𝒍𝒐𝒄𝒌 𝑶𝒇𝒇𝒔𝒆𝒕 <= 𝑹𝒆𝒎𝒐𝒕𝒆 𝑽𝑬 𝑰𝑫 < 𝑩𝒍𝒐𝒄𝒌 𝑺𝒊𝒛𝒆 + 𝑩𝒍𝒐𝒄𝒌𝑶𝒇𝒇𝒔𝒆𝒕
Label= 𝑳𝒂𝒃𝒆𝒍 𝑩𝒂𝒔𝒆 + 𝑹𝒆𝒎𝒐𝒕𝒆 𝑽𝑬 𝑰𝑫 − 𝑩𝒍𝒐𝒄𝒌 𝑶𝒇𝒇𝒔𝒆𝒕
Local VE-id 1 Remote VE-id 3 Local VE-id 3 Remote VE-id 1
Local Label 102 Remote Label 200 Local Label 200 Remote Label 102
100+3-1 200+1-1
CE1 CE3
PE1 PE2
Traffic between CE1 – CE3 50 200 L2 Payload 60 102 L2 Payload
50
VC Label Calculation
Local VE-id 1 Remote VE-id 3 Local VE-id 3 Remote VE-id 1
Local Label 102 Remote Label 200 Local Label 200 Remote Label 102
CE1 CE3
PE1 PE2
150+15-11 208+1-1
51
Configuration Example of VPLS
Signaled with BGP
• Task: Configure MPLS VPLS (BGP based)on Cisco IOS XE (Version 3.16) to make
the following CEs communication with each other.
• Prerequisite configuration:
– 1. IP address configuration on all the routers
– 2. IGP configuration on PE & P routers
– 3. LDP configuration on PE & P routers
VPNA CE3
100.1.1.3/24
10.0.0.3/32
PE3
10.0.0.1/32 10.0.0.2/32
52
Configure L2 VFI
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
53
Configure L2 VFI (continued)
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
On PE2
l2vpn vfi context VPLS-CUST1
vpn id 200
autodiscovery bgp signaling bgp
ve id 1030
ve range 50
route-target export 100:20
route-target import 100:20
On PE3
l2vpn vfi context VPLS-CUST1
vpn id 200
autodiscovery bgp signaling bgp
ve id 1040
ve range 50
route-target export 100:20
route-target import 100:20
54
Configure BGP Neighbors in VPLS
• Configuration steps:
– 2. Configure BGP neighbors in VPLS on PEs
On PE1:
55
Configure Interface in Bridge Domain
• Configuration steps:
– 3. Configure bridge domain under the interface on PE connecting to
CE
On PE1:
bridge-domain 1
member Ethernet0/0 service-instance 100
member vfi VPLS-CUST1 Create bridge-domain and add service intance & VFI.
interface GigabitEthernet0/0/5
no ip address
service instance 100 ethernet
encapsulation untagged Specifies the service instance ID.
negotiation auto
no cdp enable
56
Verify VPLS BGP Signaling
• After the configuration, verify the results:
– 1. Check the BGP signaling:
PE1#show bgp l2vpn vpls all
BGP table version is 68, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? – incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
*> 100:200:VEID-1010:Blk-1000/136
0.0.0.0 32768 ?
*>i 100:200:VEID-1030:Blk-1000/136
10.0.0.2 0 100 0 ?
*>i 100:200:VEID-1040:Blk-1050/136
10.0.0.3 0 100 0 ?
57
View Prefixes in Detail
– 2. View the prefix in detail:
PE1#show bgp l2vpn vpls rd 100:200 ve-id 1030 block-offset 1000
BGP routing table entry for 100:200:VEID-1030:Blk-1000/136, version 81
Paths: (1 available, best #1, table L2VPN-VPLS-BGP-Table)
Not advertised to any peer
Refresh Epoch 2
Local
10.0.0.2 (metric 3) from 10.0.0.2 (10.0.0.2)
Origin incomplete, metric 0, localpref 100, valid, internal, best
AGI version(0), VE Block Size(50) Label Base(1075)
Extended Community: RT:100:20 RT:100:200 L2VPN L2:0x0:MTU-1500
mpls labels in/out exp-null/1075
rx pathid: 0, tx pathid: 0x0
58
Verify the VFI State
– 3. Check the VFI state:
PE3#show bgp l2vpn vpls rd 100:200 ve-id 1010 block-offset 1000
BGP routing table entry for 100:200:VEID-1010:Blk-1000/136, version 74
Paths: (1 available, best #1, table L2VPN-VPLS-BGP-Table)
Not advertised to any peer Refresh Epoch 4
Local
10.0.0.1 (metric 1) from 10.0.0.1 (10.0.0.1)
Origin incomplete, metric 0, localpref 100, valid, internal, best
AGI version(0), VE Block Size(50) Label Base(775)
Extended Community: RT:100:20 RT:100:200 L2VPN L2:0x0:MTU-1500
mpls labels in/out exp-null/775
rx pathid: 0, tx pathid: 0x0
59
Calculate the Labels
• On PE1:
– Local label for VE-id 1030 (on PE2):
– Local label = 775 (Label base) + 1030 (remote VE-id) – 1000 (offset)
= 805
• On PE1:
– Local label for VE-id 1040 (on PE3):
– Local label = 775 (Label base) + 1040 (remote VE-id) – 1000 (offset)
= 815
• On PE2:
– Local label for VE-id 1010 (on PE1):
– Local label = 1075 (Label base) + 1010 (remote VE-id) –1000 (offset)
= 1085
60
Questions?
Issue Date:
Revision: