0% found this document useful (0 votes)
225 views61 pages

VPLS Deployment-Cisco

The document discusses deploying Virtual Private LAN Service (VPLS) which allows MPLS networks to provide multipoint Ethernet services by emulating a Layer 2 Ethernet network. VPLS defines an architecture where multiple instances of the service can share the same physical infrastructure while each instance remains independent and isolated. The key concepts discussed are virtual switching instances (VSI) which emulate broadcast domains, attachment circuits (AC) to connect customer edge devices, virtual circuits (VC) to encapsulate data between provider edges, and MAC address learning to forward traffic like a physical switch.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
225 views61 pages

VPLS Deployment-Cisco

The document discusses deploying Virtual Private LAN Service (VPLS) which allows MPLS networks to provide multipoint Ethernet services by emulating a Layer 2 Ethernet network. VPLS defines an architecture where multiple instances of the service can share the same physical infrastructure while each instance remains independent and isolated. The key concepts discussed are virtual switching instances (VSI) which emulate broadcast domains, attachment circuits (AC) to connect customer edge devices, virtual circuits (VC) to encapsulate data between provider edges, and MAC address learning to forward traffic like a physical switch.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 61

Deploy VPLS

APNIC Technical Workshop


October 23 to 25, 2017.
Selangor, Malaysia
Hosted by:

Issue Date: [201609]


Revision: [01]
Acknowledgement
• Cisco Systems

2
VPLS Overview

3
Virtual Private LAN Service

• End-to-end architecture that allows MPLS networks to


provide Multipoint Ethernet services

• Multiple instances of this service share


Virtual the same physical infrastructure

• Each instance of the service is


Private independent and isolated from one another

LAN • It emulates Layer 2 multipoint connectivity


Service between subscribers
Virtual Private LAN Service (VPLS)
• VPLS defines an architecture allows MPLS networks offer Layer
2 multipoint Ethernet Services
• SP emulates an IEEE Ethernet bridge network (virtual)
• Virtual Bridges linked with MPLS Pseudo Wires
– Data Plane used is same as VPWS(point-to-point)
VPLS
PE PE
CE CE

CE
Ethernet Advantage
• Flexible logical interface definitions based on VLANs
• Flexible bandwidth provisioning
• Ubiquitous, low-cost interface technology
• Compatibility with technology currently deployed in
enterprise LAN networks
• Outstanding bandwidth-to-cost ratio
• Simplified operational support requirements

http://www.cisco.com/en/US/products/hw/routers/ps368/products_white_paper09186a00801df1df.shtml

6
VPLS Topology

Headquarter CE-A1 CE-A3


of Company A Branch of
Company A
MPLS CORE
CE-B1
Eth0/1 GE0/1
Branch of
Company B

CE-B3
Headquarter
of Company B

CE-A2
GE0/1 Branch of
Company A
GE0/1
Branch of
Company B CE-B2

7
VPLS Basic Concepts

CE-A1 CE-A3
PE1 PE3

VSI VSI CE-B3


CE-B1

VSI VSI

AC
PE2
VC

VSI
Full-mesh of PWs CE-A2
between VSIs VSI

CE-B2

• VSI (Virtual Switching Instance)


• AC (Attachment Circuit)
• VC (Virtual Circuit)

8
VPLS Basic Concepts CE-A1
PE1

VSI
PE3

VSI
CE-A3

CE-B3
CE-B1
VSI VSI

PE2

VSI

VSI • Also called VFI (Virtual Forwarding Instance) in Cisco VSI


CE-A2

• Emulates L2 broadcast domain among ACs and VCs CE-B2

• Unique per service. Multiple VSIs can exist same PE

AC • Connect to CE device, it could be Ethernet physical or


logical port
• One or multiple ACs can belong to same VSI

VC • EoMPLS data encapsulation, tunnel label used to


reach remote PE, VC label used to identify VSI
• One or multiple VCs can belong to same VSI
• PEs must have a full-mesh of PWs in the VPLS core

9
VPLS Control Plane
• Tunnel label is distributed by LDP
• VC label is distributed by targeted LDP or BGP

CE-A1 CE-A3
PE1 PE3
P

CE-B1 P
CE-B3

P
LDP
Peer

CE-B2 CE-A2

PE2

10
Data Plane of VPLS

L2 Frame L2 Frame
50 200 L2 Frame

200 L2 Frame
45 200 L2 Frame
CE1 CE2
P P

50 100 L2 Frame
PE PE
100 L2 Frame
45 100 L2 Frame
CE3
L2 Frame
L2 Frame

CE4

11
VPLS Traffic Encapsulation
Tunnel Label Tunnel Label (LDP) EXP 0 TTL

VC Label VC Label (VC) EXP 1 TTL (Set to 2)

Layer 2 Frame

Three-level encapsulation:
1. Packets switched between PEs using Tunnel label
2. VC label identifies PW, VC label signaled between PEs
Virtual Switch
• A Virtual Switch MUST operate like a conventional Layer2
switch
• Flooding / Forwarding;
– Unicast forwarding if destination MAC address is learned before,
otherwise flood all (Broadcast/ Multicast/ Unknown Unicast frame)
– MAC table instances per customer and per customer VLAN for each
PE
– VSI will participate in learning, forwarding process
• Address Learning / Aging:
– Self Learn/data plane help learning source MAC address to Port
– Refresh MAC timers with incoming frames
• Loop Prevention:
– Use “split horizon” concepts instead of STP to prevent loops

13
VPLS MAC Address Learning (1)
ARP Broadcast

PE1 PE3
CE-1 CE-3

PW3
PE1 VSI MAC Table PE3 VSI MAC Table
VSI MAC Port VSI MAC Port

VPN1 CE-1 VLAN 20, Eth 0/1


PW2 VPN1 CE-1 PW3
PW1

PE2 PE2 VSI MAC Table


VSI MAC Port

VPN1 CE-1 PW1

CE-2

14
VPLS MAC Address Learning (2)
ARP Broadcast
ARP Reply
PE1 PE3
CE-1 CE-3

PW3
PE1 VSI MAC Table PE3 VSI MAC Table
VSI MAC Port VSI MAC Port

VPN1 CE-1 VLAN 20, Eth 0/1 PW2 VPN1 CE-1 PW3

VPN1 CE-2 PW1 PW1

PE2 PE2 VSI MAC Table


VSI MAC Port
A timer is associated with
VPN1 CE-1 PW1
stored MAC addresses. After
the timer expires, the entry is VPN1 CE-2 VLAN 20, Eth 0/1
removed from the table. CE-2

15
MAC Address Withdrawal Message
(LDP) Targeted LDP

• Message speeds up convergence process


– Otherwise PE relies on MAC Address Aging Timer
• Upon failure PE removes locally learned MAC addresses
• Send LDP Address Withdraw (RFC3036) to remote PEs in VPLS
(using the Directed LDP session)
• New MAC List TLV is used to withdraw addresses
Full Mesh between PEs
• The full mesh between PEs ensure that each host can
receive traffic from all other hosts.
• PW signal plane can be LDP or BGP.

PE1 PE4

PE2 PE3

17
Split Horizon
• The split horizon between PEs ensures loop-free in VPLS
forwarding.
PE1 PE4

CE-1 CE-2

PE4 forwards the frame


received from PW only
to attachment circuits,
but not the other PW.

CE-2
PE3
PE2

18
Abstraction of VPLS
Provisioning Model
• What information needs to be configured and in what entities
• Semantic structure of the endpoint identifiers (e.g. VPN ID)

Discovery
• Provisioning information is distributed by a "discovery process“
• Distribution of endpoint identifiers

Signaling
• When the discovery process is complete, a signaling protocol
is automatically invoked to set up pseudowires (PWs)

19
Discovery and Signaling Alternatives
• VPLS Signaling VPN Discovery
– LDP-based (RFC 4762)
– BGP-based (RFC 4761) Manual BGP
No Auto-Discovery Auto-Discovery
• VPLS with LDP-signaling and No
auto-discovery
– Operational complexity for larger RFC
RFC
4761
deployments Signaling
6074

• BGP-based Auto-Discovery
Static
(BGP-AD) (RFC 6074) No Signaling LDP BGP
– Enables discovery of PE devices in
a VPLS instance
• BGP Signaling (RFC 4761)

20
VPLS Signaled
with LDP

21
PW Control Plane Operation
• LDP Signaling PEs advertize local VC label
using LDP label-mapping
4 message:
Label TLV + PW FEC TLV

2
New targeted LDP session
between PE routers established,
in case one does not already PE-1 PE-2
exist

CE-1 CE-2

MPLS
Core
1 Interface A Interface B

PW manually Local_int = A Local_int = B


provisioned – Remote Remote PE = PE2_ip Remote PE = PE1_ip PW manually
PE info included VC-id <123>
PEs assigns
VC-id <123> provisioned – Remote
PE info included
1
local VC label
to PW

5 PEs bind remote


label for PW with Local Label X 3 Local Label Y 3
matching VC-id
Remote Label Y 5 Remote Label X
Configuration Example of VPLS
Signaled with LDP (Manually)
• Task: Configure MPLS VPLS (LDP based)on Cisco IOS XE (Version 3.16) to make
the following CEs communication with each other.
• Prerequisite configuration:
– 1. IP address configuration on all the routers (Including PE & CE)
– 2. IGP configuration on PE & P routers
– 3. LDP configuration on PE & P routers
VPNA CE3
100.1.1.3/24

10.0.0.3/32
PE3
10.0.0.1/32 10.0.0.2/32

VPNA GE0/0/5 GE0/0/5


VPNA
100.1.1.1/24 100.1.1.2/24

CE1 PE1 PE2 CE2


MPLS Network

23
Configure L2 VFI
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
On PE1:
l2 vfi VPLS-CUST1-ETHERNET manual
vpn id 1
bridge-domain 1
neighbor 10.0.0.2 encapsulation mpls Configure the neighbors manually.
neighbor 10.0.0.3 encapsulation mpls

On PE2:

l2 vfi VPLS-CUST1-ETHERNET manual


vpn id 1
bridge-domain 1
neighbor 10.0.0.1 encapsulation mpls
neighbor 10.0.0.3 encapsulation mpls

24
Configure L2 VFI (continued)
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
On PE3:
l2 vfi VPLS-CUST1-ETHERNET manual
vpn id 1
bridge-domain 1
neighbor 10.0.0.1 encapsulation mpls
neighbor 10.0.0.2 encapsulation mpls

Bridge domain
—A set of logical ports that share the same flooding or broadcast
characteristics

25
Configure Bridge Domain
• Configuration steps:
– 2. Configure bridge domain under the interface on PE connecting to
CE
Following is the configuration on PE1, similar configurations on the
other PEs.
interface GigabitEthernet0/0/5
no ip address
negotiation auto Specifies the service instance ID.
no cdp enable
service instance 10 ethernet
encapsulation untagged
bridge-domain 1 Binds a service instance to a bridge domain instance.

Service instance could be considered as a way through which you can use a
single port as a combination of layer 2 and layer 3 ports.
Multiple service instances can be created under one physical interface.

26
Verify LDP Targeted Peers
• After the configuration, verify the results:
– 1. Check the LDP targeted peers on PEs
PE1#show mpls ldp discovery
Local LDP Identifier:
10.0.0.1:0

....(omitted)

Targeted Hellos:
10.0.0.1 -> 10.0.0.2 (ldp): active/passive, xmit/recv
LDP Id: 10.0.0.2:0
10.0.0.1 -> 10.0.0.3 (ldp): active/passive, xmit/recv
LDP Id: 10.0.0.3:0

27
Verify the VC Status
– 2. Check the VC status on PEs

PE1#show mpls l2transport vc 1


Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI VPLS-CUST1-ETHERNET \
vfi 10.0.0.2 1 UP
VFI VPLS-CUST1-ETHERNET \
vfi 10.0.0.3 1 UP

28
Verify VFI Information
– 3. Check the vfi information:

PE1#show vfi name VPLS-CUST1-ETHERNET


Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: VPLS-CUST1-ETHERNET, state: up, type: multipoint, signaling: LDP


VPN ID: 1
Bridge-Domain 1 attachment circuits:
Neighbors connected via pseudowires:
Peer Address VC ID S
10.0.0.2 1 Y
10.0.0.3 1 Y

29
Verify L2transport Bindings
– 4. Check the l2transport bindings:

PE1#show mpls l2transport binding

Destination Address: 10.0.0.2,VC ID: 1


Local Label: 1000
Cbit: 1, VC Type: Ethernet, GroupID: n/a
MTU: 1500, Interface Desc: n/a
VCCV: CC Type: CW [1], RA [2]
CV Type: LSPV [2]
Remote Label: 702
Cbit: 1, VC Type: Ethernet, GroupID: n/a
MTU: 1500, Interface Desc: n/a
VCCV: CC Type: CW [1], RA [2]
CV Type: LSPV [2]
Destination Address: 10.0.0.3,VC ID: 1
Local Label: 1019
Cbit: 1, VC Type: Ethernet, GroupID: n/a
MTU: 1500, Interface Desc: n/a
VCCV: CC Type: CW [1], RA [2]
CV Type: LSPV [2]
Remote Label: 904
Cbit: 1, VC Type: Ethernet, GroupID: n/a
MTU: 1500, Interface Desc: n/a
VCCV: CC Type: CW [1], RA [2]
CV Type: LSPV [2]

30
Verification of MAC Address Table
– 5. Check the MAC address table on both PE and CE
PE1#show bridge-domain
Bridge-domain 1 (3 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
Maximum address limit: 16000
GigabitEthernet0/0/5 service instance 10
vfi VPLS-CUST1-ETHERNET neighbor 10.0.0.2 1
vfi VPLS-CUST1-ETHERNET neighbor 10.0.0.3 1
Nile Mac Address Entries
BD mac addr type ports
----------------------------------------------------------------------------
1 0042.6856.3805 DYNAMIC Gi0/0/5.Efp10
1 0078.88f7.1405 DYNAMIC 10.0.0.2, 1
1 0078.88f8.fb85 DYNAMIC 10.0.0.3, 1

CE1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 100.1.1.1 - 0042.6856.3805 ARPA GigabitEthernet0/0/5
Internet 100.1.1.2 0 0078.88f7.1405 ARPA GigabitEthernet0/0/5
Internet 100.1.1.3 0 0078.88f8.fb85 ARPA GigabitEthernet0/0/5

31
BGP Auto-Discovery (BGP-AD)
• Eliminates need to manually provision
VPLS neighbors
BGP Update
BGP message with
• Automatically detects when new PEs are session VPLS NLRI
added / removed from the VPLS domain PE1 BGP RR PE3

CE-A1 CE-A3
• Uses BGP Update messages to advertize VSI VSI
PE/VFI mapping (VPLS NLRI)
• Typically used in conjunction with BGP PE2 I am a new PE with
Route Reflectors to minimize iBGP full- ACs on BLACK
Pseudowire VFI
mesh peering requirements VSI

• Two (2) RFCs define use of BGP for VPLS CE-A2


AD1
– RFC 6074 – when LDP used for PW signaling
– RFC 4761 – when BGP used for PW signaling

(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values

32
What is Discovered? NLRI + Extended
Communities
BGP Update Messages
BGP ASN = 100 BGP ASN = 100
BGP Rtr ID = 1.1.1.10 PE-1 PE-2 BGP Rtr ID = 2.2.2.20
BGP neighbor = 2.2.2.20 BGP neighbor
CE-2 = 1.1.1.10
CE-1
L2VPN Rtr ID = MPLS L2VPN Rtr ID =
10.10.10.10 20.20.20.20
VPN ID = 111 Core VPN ID = 111
RT = auto (100:111) RT = auto (100:111)
RD = auto (100:111) RD = auto (100:111)
VPLS-ID = auto (100:111) VPLS-ID = auto (100:111)

Source Address = 1.1.1.10 Source Address = 2.2.2.20


Destination Address = 2.2.2.20 Destination Address = 1.1.1.10

Length = 14 Length = 14
NLRI Route Distinguisher = 100:111 Route Distinguisher = 100:111
L2VPN Router ID = 10.10.10.10 L2VPN Router ID = 20.20.20.20

Extended VPLS-ID = 100:111 VPLS-ID = 100:111


Communities
Route Target = 100:111 Route Target = 100:111

33
Configuration Example of VPLS
Signaled with LDP (AD)
• Task: Configure MPLS VPLS (LDP based Autodiscovery)on Cisco IOS XE (Version
3.16) to make the following CEs communication with each other.
• Prerequisite configuration:
– 1. IP address configuration on all the routers
– 2. IGP configuration on PE & P routers
– 3. LDP configuration on PE & P routers
VPNA CE3
100.1.1.3/24
GE0/0/5

10.0.0.3/32
PE3
10.0.0.1/32 10.0.0.2/32

GE0/0/5 GE0/0/5
VPNA VPNA
100.1.1.1/24 100.1.1.2/24

CE1 PE1 PE2 CE2


MPLS Network

34
Configure L2 VFI
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
On PE1(Similar configurations on the other PEs):
l2 vfi VPLS-CUST1-ETHERNET autodiscovery
vpn id 1
bridge-domain 1
vpls-id 100:10
Optional commands. VPLS Autodiscovery
rd 100:10 automatically generates a VPLS ID, an
route-target export 100:10 RD, and RT.
route-target import 100:10

35
Configure L2 VFI (continued)
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
On PE2:
l2 vfi VPLS-CUST1-ETHERNET autodiscovery
vpn id 1
bridge-domain 1
vpls-id 100:10
rd 100:20
route-target export 100:10
route-target import 100:10
On PE3:
l2 vfi VPLS-CUST1-ETHERNET autodiscovery
vpn id 1
bridge-domain 1
vpls-id 100:10
rd 100:30
route-target export 100:10
route-target import 100:10

36
Configure BGP Neighbors in VPLS
• Configuration steps:
– 2. Configure BGP neighbors in VPLS on PEs
On PE1, similar configurations on the other PEs:

router bgp 100


neighbor 10.0.0.2 remote-as 100
neighbor 10.0.0.2 update-source loopback 0
neighbor 10.0.0.3 remote-as 100
neighbor 10.0.0.3 update-source loopback 0
address-family l2vpn vpls
neighbor 10.0.0.2 activate
neighbor 10.0.0.2 send-community both
neighbor 10.0.0.3 activate
neighbor 10.0.0.3 send-community both

37
Configure Interface in Bridge Domain
• Configuration steps:
– 3. Configure bridge domain under the interface on PE connecting to
CE
On PE1:
interface GigabitEthernet0/0/5
no ip address
service instance 10 ethernet Specifies the service instance ID.
encapsulation untagged
negotiation auto
no cdp enable
bridge-domain 1 Binds a service instance to a bridge domain instance.

38
Verify LDP Targeted Peers
• After the configuration, verify the results:
– 1. Check the LDP targeted peers on PEs

PE1#show mpls ldp discovery

Local LDP Identifier:


10.0.0.1:0
Discovery Sources:
......
Targeted Hellos: 10.0.0.1 -> 10.0.0.2 (ldp): active/passive, xmit/recv
LDP Id: 10.0.0.2:0
10.0.0.1 -> 10.0.0.3 (ldp): active/passive, xmit/recv
LDP Id: 10.0.0.3:0

39
Verify VC Status
– 2. Check the VC status on PEs

PE1#show mpls l2transport vc 1


Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI VPLS-CUST1-ETHERNET \
vfi 10.0.0.2 1 UP
VFI VPLS-CUST1-ETHERNET \
vfi 10.0.0.3 1 UP

PE1#show vfi name VPLS-CUST1-ETHERNET


Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: VPLS-CUST1-ETHERNET, state: up, type: multipoint, signaling: LDP


VPN ID: 1, VPLS-ID: 100:10
RD: 100:10, RT: 100:1,100:10,
Bridge-Domain 1 attachment circuits:
Neighbors connected via pseudowires:
Peer Address VC ID Discovered Router ID S
10.0.0.2 1 10.0.0.2 Y
10.0.0.3 1 10.0.0.3 Y

40
Verify BGP VPLS
– 3. Check the BGP VPLS status on PEs

PE1#show bgp l2vpn vpls all


BGP table version is 44, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I
invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:10
*> 100:10:10.0.0.1/96
0.0.0.0 32768 ?
Route Distinguisher: 100:20
*>i 100:20:10.0.0.2/96
10.0.0.2 0 100 0 ?
Route Distinguisher: 100:30
*>i 100:30:10.0.0.3/96
10.0.0.3 0 100 0 ?

41
Verification – LDP bindings
– 4. Check the l2transport bindings:
PE1#show mpls l2transport binding

Destination Address: 10.0.0.2,VC ID: 1


Local Label: 911
Cbit: 1, VC Type: Ethernet, GroupID: n/a
MTU: 1500, Interface Desc: n/a
VCCV: CC Type: CW [1], RA [2]
CV Type: LSPV [2]
Remote Label: 712
Cbit: 1, VC Type: Ethernet, GroupID: n/a
MTU: 1500, Interface Desc: n/a
VCCV: CC Type: CW [1], RA [2]
CV Type: LSPV [2]
Destination Address: 10.0.0.3,VC ID: 1
Local Label: 906
Cbit: 1, VC Type: Ethernet, GroupID: n/a
MTU: 1500, Interface Desc: n/a
VCCV: CC Type: CW [1], RA [2]
CV Type: LSPV [2]
Remote Label: 1239
Cbit: 1, VC Type: Ethernet, GroupID: n/a
MTU: 1500, Interface Desc: n/a
VCCV: CC Type: CW [1], RA [2]
CV Type: LSPV [2]

42
Verification – MAC Address Table
– 5. Check the MAC address table on both PE and CE

PE1#show mac-address-table dynamic bdomain 1


Nile Mac Address Entries

BD mac addr type ports


-----------------------------------------------------------------------------------
1 0078.88f7.1405 DYNAMIC 10.0.0.2, 1
1 0078.88f8.fb85 DYNAMIC 10.0.0.3, 1
1 0042.6856.3805 DYNAMIC Gi0/0/5.Efp10

CE1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 100.1.1.1 - 0042.6856.3805 ARPA GigabitEthernet0/0/5
Internet 100.1.1.2 0 0078.88f7.1405 ARPA GigabitEthernet0/0/5
Internet 100.1.1.3 0 0078.88f8.fb85 ARPA GigabitEthernet0/0/5

43
VPLS Signaled
with BGP

44
RFC
VC Signaled with BGP 4761

• BGP is running as the signaling protocol to transmit Layer 2


information and VE labels between PEs.
• BGP was chosen as the means for exchanging L2VPN
information for two reasons:
– It offers mechanisms for both auto-discovery and signaling
– It allows for operational convergence
Length (2 octets)
Route Distinguisher (8 octets)

VPLS VPLS Edge ID (2 octets)


NLRI VE Block Offset (2 octets)
VE Block Size (2 octets)
Label Base (3 octets)

45
VPLS Signaled with BGP
• BGP Signaled VPWS uses VPN targets to control the receiving and
sending of VPN routes, which improves flexibility of the VPN
networking.
BGP Session

CE2
CE1 P P

PE1 PE2
MPLS Core iBGP Update L2VPN
iBGP Update L2VPN
RD:100:10, VE-ID=1, RD:100:10, VE-ID=12,
Label-Block Offset:11 Label-Block Offset:1
Label-Block Range:10 Label-Block Range:10
Label Base:100 Label Base:200
Layer-2 Info: Ethernet, Layer-2 Info: Ethernet,
RT:100:10, Next Hop: 10.0.0.1 RT:100:10, Next Hop: 10.0.0.4

46
VE Label in BGP Signaled VPLS

• VE labels are assigned through a label block that is pre-


allocated for each CE.
• The size of the label block determines the number of
connections that can be set up between the local CE and
other CEs.
• Additional labels can be assigned to L2VPNs in the label
block for expansion in the future. PEs calculates inner
labels according to these label blocks and use the inner
labels to transmit packets.

47
Basic Concepts

Concepts Explanation
VE ID A VE ID uniquely identifies a CE in a VPN.

Label Block A contiguous set of labels.

Label Base What is the smallest label in one label block?

Label Range How many labels in one label block?

Block Offset Value used to identify a label block from which a label
value is selected to set up pseudowires for a remote site.
Note:
In Cisco & Juniper, initial offset is 1.
In Huawei, initial offset is 0 by default, can be changed to be 1.

48
Example of Label Block
PE1 Label Block

100
• As in the topology, 2 CEs CE1 Label Block 1
101
are attached to PE1 to set Label Base = 100
Label Range = 5 102
up L2VPN with other sites. Block Offset = 1 103
104
CE2 Label Block 1 105
Label Base = 105 106
Label Range = 4
CE1 107
Block Offset = 1
108
PE1 CE1 Label Block 2 109
Label Base = 109 110
CE2
Label Range = 3
Block Offset = 6 111

49
VC Label Calculation
𝑩𝒍𝒐𝒄𝒌 𝑶𝒇𝒇𝒔𝒆𝒕 <= 𝑹𝒆𝒎𝒐𝒕𝒆 𝑽𝑬 𝑰𝑫 < 𝑩𝒍𝒐𝒄𝒌 𝑺𝒊𝒛𝒆 + 𝑩𝒍𝒐𝒄𝒌𝑶𝒇𝒇𝒔𝒆𝒕
Label= 𝑳𝒂𝒃𝒆𝒍 𝑩𝒂𝒔𝒆 + 𝑹𝒆𝒎𝒐𝒕𝒆 𝑽𝑬 𝑰𝑫 − 𝑩𝒍𝒐𝒄𝒌 𝑶𝒇𝒇𝒔𝒆𝒕
Local VE-id 1 Remote VE-id 3 Local VE-id 3 Remote VE-id 1
Local Label 102 Remote Label 200 Local Label 200 Remote Label 102

100+3-1 200+1-1

CE1 LB=100 LB=200 CE3


Label LR=10 BGP Session LR=8 Label
Block 1 LO=1 Block 1
LO=1

CE1 CE3

PE1 PE2
Traffic between CE1 – CE3 50 200 L2 Payload 60 102 L2 Payload

50
VC Label Calculation
Local VE-id 1 Remote VE-id 3 Local VE-id 3 Remote VE-id 1
Local Label 102 Remote Label 200 Local Label 200 Remote Label 102

CE1 LB=100 LB=200 CE3


Label LR=10 BGP Session LR=8 Label
Block 1 LO=1 Block 1
LO=1

CE1 CE3

PE1 PE2

CE1 LB=150 LB=208 CE15


Label LR=10 LR=8 Label CE15
Block 2 LO=11 Block 1
LO=1

Local VE-id 1 Remote VE-id 15 Local VE-id 15 Remote VE-id 1


Local Label 154 Remote Label 208 Local Label 208 Remote Label 154

150+15-11 208+1-1

51
Configuration Example of VPLS
Signaled with BGP
• Task: Configure MPLS VPLS (BGP based)on Cisco IOS XE (Version 3.16) to make
the following CEs communication with each other.
• Prerequisite configuration:
– 1. IP address configuration on all the routers
– 2. IGP configuration on PE & P routers
– 3. LDP configuration on PE & P routers
VPNA CE3
100.1.1.3/24

10.0.0.3/32
PE3
10.0.0.1/32 10.0.0.2/32

VPNA GE0/0/5 GE0/0/5


VPNA
100.1.1.1/24 100.1.1.2/24

CE1 PE1 PE2 CE2


MPLS Network

52
Configure L2 VFI
• Configuration steps:
– 1. Configure l2 vfi on all the PEs

On PE1, similar configurations on other PEs:

l2vpn vfi context VPLS-CUST1


vpn id 200
autodiscovery bgp signaling bgp
ve id 1010 Specifies VPLS Endpoint Device ID.
ve range 50 Specifies the VE device ID range value, it is
route-target export 100:20 label block size.
route-target import 100:20

Specifies RT. Can be generated automatically

53
Configure L2 VFI (continued)
• Configuration steps:
– 1. Configure l2 vfi on all the PEs
On PE2
l2vpn vfi context VPLS-CUST1
vpn id 200
autodiscovery bgp signaling bgp
ve id 1030
ve range 50
route-target export 100:20
route-target import 100:20

On PE3
l2vpn vfi context VPLS-CUST1
vpn id 200
autodiscovery bgp signaling bgp
ve id 1040
ve range 50
route-target export 100:20
route-target import 100:20

54
Configure BGP Neighbors in VPLS
• Configuration steps:
– 2. Configure BGP neighbors in VPLS on PEs
On PE1:

router bgp 100


neighbor 10.0.0.2 remote-as 100
neighbor 10.0.0.2 update-source loopback 0
neighbor 10.0.0.3 remote-as 100
neighbor 10.0.0.3 update-source loopback 0
address-family l2vpn vpls
neighbor 10.0.0.2 activate Specifies that a communities attribute
neighbor 10.0.0.2 send-community both should be sent to a BGP neighbor.
neighbor 10.0.0.2 suppress-signaling-protocol ldp
neighbor 10.0.0.3 activate
neighbor 10.0.0.3 send-community both Suppresses LDP signaling
neighbor 10.0.0.3 suppress-signaling-protocol ldp and enables BGP signaling

55
Configure Interface in Bridge Domain
• Configuration steps:
– 3. Configure bridge domain under the interface on PE connecting to
CE
On PE1:
bridge-domain 1
member Ethernet0/0 service-instance 100
member vfi VPLS-CUST1 Create bridge-domain and add service intance & VFI.

interface GigabitEthernet0/0/5
no ip address
service instance 100 ethernet
encapsulation untagged Specifies the service instance ID.
negotiation auto
no cdp enable

56
Verify VPLS BGP Signaling
• After the configuration, verify the results:
– 1. Check the BGP signaling:
PE1#show bgp l2vpn vpls all
BGP table version is 68, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? – incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
*> 100:200:VEID-1010:Blk-1000/136
0.0.0.0 32768 ?
*>i 100:200:VEID-1030:Blk-1000/136
10.0.0.2 0 100 0 ?
*>i 100:200:VEID-1040:Blk-1050/136
10.0.0.3 0 100 0 ?

RD, generated Specifies Specifies


automatically with VEID. label block
AS number and VPN offset.
ID.

57
View Prefixes in Detail
– 2. View the prefix in detail:
PE1#show bgp l2vpn vpls rd 100:200 ve-id 1030 block-offset 1000
BGP routing table entry for 100:200:VEID-1030:Blk-1000/136, version 81
Paths: (1 available, best #1, table L2VPN-VPLS-BGP-Table)
Not advertised to any peer
Refresh Epoch 2
Local
10.0.0.2 (metric 3) from 10.0.0.2 (10.0.0.2)
Origin incomplete, metric 0, localpref 100, valid, internal, best
AGI version(0), VE Block Size(50) Label Base(1075)
Extended Community: RT:100:20 RT:100:200 L2VPN L2:0x0:MTU-1500
mpls labels in/out exp-null/1075
rx pathid: 0, tx pathid: 0x0

PE1#show bgp l2vpn vpls rd 100:200 ve-id 1040 block-offset 1000


BGP routing table entry for 100:200:VEID-1040:Blk-1000/136, version 82
Paths: (1 available, best #1, table L2VPN-VPLS-BGP-Table)
Not advertised to any peer Refresh Epoch 2
Local
10.0.0.3 (metric 1) from 10.0.0.3 (10.0.0.3)
Origin incomplete, metric 0, localpref 100, valid, internal, best
AGI version(0), VE Block Size(50) Label Base(925)
Extended Community: RT:100:20 RT:100:200 L2VPN L2:0x0:MTU-1500
mpls labels in/out exp-null/925
rx pathid: 0, tx pathid: 0x0

58
Verify the VFI State
– 3. Check the VFI state:
PE3#show bgp l2vpn vpls rd 100:200 ve-id 1010 block-offset 1000
BGP routing table entry for 100:200:VEID-1010:Blk-1000/136, version 74
Paths: (1 available, best #1, table L2VPN-VPLS-BGP-Table)
Not advertised to any peer Refresh Epoch 4
Local
10.0.0.1 (metric 1) from 10.0.0.1 (10.0.0.1)
Origin incomplete, metric 0, localpref 100, valid, internal, best
AGI version(0), VE Block Size(50) Label Base(775)
Extended Community: RT:100:20 RT:100:200 L2VPN L2:0x0:MTU-1500
mpls labels in/out exp-null/775
rx pathid: 0, tx pathid: 0x0

PE1#show l2vpn vfi name VPLS-CUST1


Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: VPLS-CUST1, state: up, type: multipoint, signaling: BGP
VPN ID: 200, VE-ID: 1010, VE-SIZE: 50
RD: 100:200, RT: 100:200, 100:20,
Bridge-Domain 2 attachment circuits:
Pseudo-port interface: pseudowire100024
Interface Peer Address VE-ID Local Label Remote Label S
pseudowire100035 10.0.0.2 1030 805 1085 Y
pseudowire100039 10.0.0.3 1040 815 935 Y

59
Calculate the Labels
• On PE1:
– Local label for VE-id 1030 (on PE2):
– Local label = 775 (Label base) + 1030 (remote VE-id) – 1000 (offset)
= 805
• On PE1:
– Local label for VE-id 1040 (on PE3):
– Local label = 775 (Label base) + 1040 (remote VE-id) – 1000 (offset)
= 815
• On PE2:
– Local label for VE-id 1010 (on PE1):
– Local label = 1075 (Label base) + 1010 (remote VE-id) –1000 (offset)
= 1085

60
Questions?

Issue Date:
Revision:

You might also like