Mpls l2 VPN Principle

AR Series Routers VRP3.
30 Training Presentation Slides
MPLS L2 VPN
ISSUE 1.0
Huawei-3Com Training Center
Objectives
Provide
a architectural overview to MPLS
L2 VPN
Give
a rough discussion to data flow of
general MPLS L2 VPN

Provide
a general discussion to Martini
and Kompella signaling method
Course Contents
MPLS L2 VPN Overview
MPLS L2 VPN Data Flow
Signaling Methods
Whats L2 VPN
rt5
rt2
dlci:506
dlci:504
dlci:201
dlci:203
SB
We will refer to these VPNs as

"Layer 2 VPNs" because the
service provider providers only a
layer 2 interface to its customer,
and the customer is responsible
for creating and managing the
layer 3 overlay.
rt1
dlci:102
dlci:103
SC
Frame Relay Network
dlci:605
dlci:604
dlci:302
dlci:405
SA
dlci:406
rt6
rt3
dlci:301
rt4
Traditional
L2 VPN is based on circuit-like technology.
It just use virtual circuit to construct connections among VPN

sites.
It provide better flexibility than leased line.
Problems of Traditional L2 VPN

However, many of these service providers would like to replace their
Frame Relay or ATM infrastructures with an IP infrastructure.
Problems
Too complex control information
Too much configuration Jobs
Total system has to share same l2 technology.
MPLS
L2 VPN intends to solve all these problems by following
technologies:
Solution 1: Tunnel Technology
Solution 2: Pre-provision
Solution 3: IP Backbone
Basic Scenarios of MPLS L2 VPN

rt5
rt2
dlci:201
dlci:506
dlci:504
dlci:203
rt1
dlci:605
dlci:102
dlci:103
rt6
dlci:604
dlci:302
dlci:405
rt3
dlci:301
rt4
dlci:406
Tunnel
Emulated Virtual Circuit
Obviously,
this solution provide better scalability and flexibility.
Whats tunnel?
Label:17
A
B
LFIB of A
in
Label:18
Label:101
NHLFE
in
push 17, send to B
101 pop, send to up layer
Tunnel
LFIB of B
NHLFE
Label:100
in
LFIB of C
NHLFE
17 Swap 18, send to C
100 Swap 101, send to A
push 100, send to B
just has the traditional meanings. Tunnel here just
could be GRE or other tunnel. Certainly, two MPLS LSPs can

do same job.
X
and Y here indicate the data transported in the tunnel.
Whats Emulated VC?

Below
scenarios illustrate how to connect 2 local Frame Relay
DLCI by 2 MPLS LSP emulated VC in a MPLS tunnel.

(Question: why we need tunnel?)
EVC LSP
dlci 150
1000
LFIB of A
in
NHLFE
101
B
2000
LFIB of B
Dlci:150 push 1000, send to C

C
18
17
101
in
Tunnel LSP
NHLFE
C
dlci 250
100
in
NHLFE
LFIB of C
Dlci:250 push 2000, send to A
push 17, send to B
pop, send to up layer

1000
2000 pop, send to dlci 150
push 100, send to B
send to dlci 250
How do these VCs and tunnels work?

L2 frame
150
250
18 1000
17 1000
A
C
B
LFIB of A
in
NHLFE
LFIB of B
Dlci:150 push 1000, send to C

C
101
in
NHLFE
in
NHLFE
LFIB of C
Dlci:250 push 2000, send to A
push 17, send to B

1000
2000 pop, send to dlci 150

This
is MPLS L2 VPN!
push 100, send to B
send to dlci 250
But MPLS L2 VPN is not only this!

We
have seen basic thoughts of MPLS L2 VPN. But that not all.
Since following essential questions still havent been answered:
How to transmit L2 data in the MPLS network according control

information which is illustrated in before slides?
Whats the encapsulation?
How to simulate different l2 network behaviors in MPLS network?
How to establish all the control information?

How to establish the tunnel?
How to establish the EVC (Emulated Virtual Circuit)?
10
Course Contents
Signaling Methods
11
MPLS L2VPN Data Flow
L2
Encapsulation
Data
12
Flow Model
L2 Data Encapsulation
Generally,
L2 data transmitted in backbone has 3 parts of
encapsulation:
Tunnel Header
It contains the information needed to transport the L2 PDU across
backbone;
Demultiplexer Field
It is used to distinguish individual emulated virtual circuits within a
single tunnel;
Emulated VC Encapsulation
It contains the information about the enclosed layer 2 PDU which is
necessary in order to properly emulate the corresponding layer 2
protocol.
13
Tunnel & Demultiplexer Encapsulation

Tunnel
here could be based on any tunnel encapsulation
technology: MPLS, GRE, etc.

MPLS
Here
label should be used be as demultiplexer Field.
is a typical encapsulation manner:

S
Tunnel Label
EXP
14
S
TTL
EVC Label
EXP
TTL
Emulated VC Encapsulation
Quotes
from draft-martini-l2circuit-encap-mpls-04.txt
In most cases, it is not necessary to transport the layer 2

encapsulation across the network; rather, the layer 2 header
can be stripped at R1(the ingress edge router), and reproduced
at R2(the egress edge router). This is done using information
carried in the
control word, as well as information that
may already have been signaled from R1 to R2.
Tunnel
Demultiplexer Control word
15
L2 Encapsulations
Control Word Details
Flags
The
is protocol specific.
value of the length field, if non-zero, can be used to
remove any padding.

The
sequence number could be used to guarantee ordered
packet delivery.
16
Layer 2 Frame Encapsulation

Layer
2 frames could be transmitted
Frame Relay
ATM AAL5 CPCS-SDU
ATM Cell
Ethernet VLAN
Ethernet
HDLC
PPP
Following are the Protocol-Specific Details for flags

17
Frame Relay
B:
BECN
F:
FECN
D:
DE
C:
C/R
18
ATM AAL5 CPCS-SDU
T: Transport
type
E:
EFCI
L:
CLP
C:
Command / Response
19
Ethernet VLAN & Ethernet
Ethernet
frame without the preamble or FCS is transported as
a single packet. The control word is OPTIONAL.

The
4 byte VLAN tag is transported as is, and MAY be
overwritten by the egress router.
20
PPP & HDLC

The
HDLC PDU is transported in its entirety, including the
HDLC address, control and protocol fields, but excluding

HDLC flags and the FCS.
The
PPP PDU is transported in its entirety, including the
protocol field, but excluding any media-specific framing

information, such as HDLC address and control fields or FCS.
21
MPLS L2VPN Data Flow
L2
Encapsulation
Data
22
Flow Model
L2 Data Flow Model

What
MPLS L2 VPN stipulate is L2 network, and all L2
network could be classified as:
LAN: Ethernet, Ethernet with VLAN
WAN: Frame Relay, ATM, HDLC, PPP, Ethernet (PTP), Ethernet

with VLAN (PTP)
So,
all MPLS L2 VPN could be classified as:
VPLS: Virtual private LAN service
VPWS: Virtual private Wire service
23
VPWS Scenarios
CE2
dlci:201
PE2
dlci:102
CE1
dlci:203
dlci:103
dlci:302 CE3
PE3
PE1
VPWS
dlci:301
provide simple point-to-point services. CE must
configure a VC to any site it willing to communicate with.
24
PE Model
PE
model in VPWS is very simple: they just works the same
thing like WAN switch. Just take MPLS-emulated VC like PVC

in frame relay network. (Another approximated conclusion is:
Just take tunnel as interface, and take EVC as PVC)
25
VPWS Data Forwarding Information

Before
L2 data forwarding happening, all equipment involved
must have the forwarding information established.

IP
CE2
DLCI
IN
102
100
NHLFE
IP
swap 101, send to PE2
CE1
CE2
CE1
P
PE2
PE1
IN
102
NHLFE
IN
push 1000; push 100, send to P
26
NHLFE
101
pop; send to up layer
1000
pop; send DLCI 201
DLCI
201
VPWS Data Flow

CE2
dlci:201
201
demultiplexer
control word
tunnel
PE2
dlci:203
1001000
102
dlci:102
dlci:103
CE1
dlci:302 CE3
dlci:301
PE1
The
In
PE3
forwarding action is simple: just searching and sending.
order to communication with CE2 & CE3, CE1 has to
configure 2 address maps. The total system works like a

Frame Relay network.
27
VPLS Scenarios
CE2
PE2
P
CE1
CE3
PE3
PE1
VPLS
provide an LAN-like services. Any CE only need 1
connection to PE.
28
PE Model
PE
here simulate a virtual LAN switch for each VPN. VSI
works in a same manner with LAN Switch.

MAC Address Table
Physical Ethernet Interfaces

MAC Interface
Logical Ethernet Interfaces

Control Flow
Tunnel LSP
Data Flow
incoming LSP
Forwarding Engine
out going LSP
VSI: Virtual Switching Instances

29
VPLS Forwarding Information

Just
like LAN switch, VPLS forwarding information is not
completely established before data forwarding happen.
VSI has been established before the happening of data

forwarding, which means that MPLS tunnel and VC LSP has
been established.
MAC address table contents are dynamically maintained by

forwarding action.
30
VPLS Data Flow

When
data forwarding happens, VPLS dynamically establish
some control information (Just like LAN Switch).
CE2
VSI of the VPLS in PE1
MAC
Interface
E0
E0
Interface
E1
PE2
MAC address table Interface List
E0
A, B
Attributes
MAC
E0
E0
Physical Link
VIF 0
out lsp:(100, 1000)
in lsp:(201,2000)
VIF 1
out lsp:(150, 1500)
in lsp:(301,3000)
101 1000 A, B
Interface
E1
E0
E1
CE1
A, B
A, B
100 1000 A, B
MAC
Interface
Interface
Attributes
VIF 0
E0
Physical Link
VIF 0
out lsp:(200, 2000)
in lsp:(101,1000)
VIF 1
out lsp:(250, 2500)
in lsp:(301,3000)
E0
PE1
IN
150 1500 A, B
P
151 1500 A, B
NHLFE
100
Swap 101, send to PE2;
150
200
250
MAC
300
350
PE3
31
Interface
VIF 0
A, B
E0
E1 CE3
MAC
Interface
E1
E0
Interface
Attributes
E0
Physical Link
VIF 0
out lsp:(300, 3000)
in lsp:(151,1500)
VIF 1
out lsp:(350, 3500)
in lsp:(251,2500)
Course Contents
Signaling Methods
32
Signaling Methods
General
Martini
Concept
Method
Kompella
33
Method
General Concept
Signaling
is not an very accuracy item. Basically, signaling
here has relation with following three technologies:
Tunnel Signaling
VC Signaling
VPN Topology Discovery
34
Tunnel Signaling
Tunnel
Signaling is the technology used to establish tunnel.
Some of them are used very widely (not limit in L2 VPN):
MPLS Tunnel
LDP/CR-LDP
RSVP-TE
PE
PE
Traditional Tunnel
L2TP
GRE
IPSEC
PE
35
VC Signaling
VC
signaling means the technology used to establish
emulated VC between PES. Major differences among different

MPLS L2 VPN technologies lies in this point.
Typical
VPWS technologies
Martini Solution (LDP)
Kompella Solution (BGP)
Typical
CE
Dlci 290, name vc1
I bind vc1 with label1000
VPLS technologies
Martini Extensive Solution (LDP)
Other Solutions (LDP or BGP)
I bind vc1 with label2000
PE
Dlci 190, name vc1

CE
36
PE
VPN Topology Discovery

VPN
topology discovery means the distribution of the site
information that make up of VPN. It is a very important

element of constructing scalable L2 VPN.
Most
implementation adopts BGP as topology discovering
technology.
VPLS V1
VPLS V1
37
VPLS V1
Signaling Methods
General
Martini
Concept
Method
Kompella
38
Method
Martini MPLS L2 VPN

Martini
L2 VPN is defined by following 2 drafts:
draft-martini-l2circuit-encap-mpls-04
draft-martini-l2circuit-trans-mpls-08
Martini
solution is a VPWS technology:
Tunnel Signaling Technology: LDP
VC Signaling Technology: LDP Remote Peer
39
Basic Thoughts of Martini Signaling

Major
tasks of Martini Signaling are:
Tunnel signaling
LDP is used to establish MPLS tunnels between PEs. However,
other tunnels also could be used.
VC signaling
PE names each attached VC by a 32 bits number: VC-ID.
LDP remote peer relationship is established between 2 PES, then it
is used to distribute and maintain label & VC bindings.
(1,1000;PE1)
(1,2000;PE2)
VC-ID:1
DLCI:100 PE1
PE2
CE1
40
VC-ID:1
DLCI:200
CE2
How could LDP do it?

A
new LDP FEC TLV is defined:
VC FEC
41
Fields in VC FEC
C
= 1 means control word will present on this VC.
VC
Type: Frame Relay DLCI, ATM AAL5 VCC transport, ATM
transparent cell transport, Ethernet VLAN, Ethernet, HDLC,

PPP, CEM, ATM VCC cell transport, ATM VPC cell transport
Group
ID: An arbitrary 32 bit value which represents a group
of VCs that is used to create groups in the VC space.

VC
ID: A non zero 32-bit connection ID that together with the
VC type, identifies a particular VC.
Interface parameters: This variable length field is used to

provide interface specific parameters, such as interface MTU.
42
Signaling Details
Tunnel
IN
Signaling
It could be based on any form of signaling technology.
NHLFE
IN
push 201, send to b

PE2
100
NHLFE
push 101, send to c
PE1
200
LDP Label Mapping

DCLI 500
PE1
d
(PE1,100;a)
(PE2,201;b)
CE1
IN
100
200
NHLFE
b
P
(PE1,101;c)
DCLI 600
(PE2,200;d)
Swap 101, send to d

Swap 201, send to a
43
PE2
CE1
Signaling Details
VC
IN
Signaling
LDP Remote Peer, Downstream Unsolicited label distribution
IN
NHLFE
PE2
100
dlci 500
1000
NHLFE
push 101, send to c
push 1000, send to PE1
pop, send to dlci 600
PE1
200
dlci 600
2000
push 201, send to b

push 2000, send to PE2
pop, send to dlci 500
(VC1,1000;PE1)
DCLI 500
CE1
PE1
IN
(VC1,2000;PE2)
b
NHLFE
PE2
44
DCLI 600
Swap 101, send to d

Swap 201, send to a
100
200
CE1
Summary of Martini Solution

Its
simple, and so it is efficient. (VPLS signaling could be
simply based this solution).

It
just provide point to point connecting services, so it seems
that it is too simple.
45
Signaling Methods
General
Martini
Concept
Method
Kompella
46
Method
Kompella MPLS L2VPN Solution

Kompella
draft-martini-l2circuit-encap-mpls-04
draft-kompella-ppvpn-l2vpn-00.txt
Kompella
solution is defined by following 2 drafts
solution is a VPWS technology:
Tunnel Signaling Technology: LDP
VC Signaling Technology: BGP
significant features
Topology auto discovery
Auto Configuration
47
General Concept
Kompella
is a similar L2 VPN solution as Martini solution
They share same tunnel technology.
They are based on similar transporting encapsulation.
Basic thoughts of VC signaling are same: establish a binding

between 2 simplex LSP and a VC.
Compares
to Martini solution, Kompella solution provides 3
additional features
Topology auto discovery. (Martini just provide point to point

connection services)
Automatic configuration. (Just plug CE, then it will work) .
Layer 2 interworking.
48
Basic Thoughts of Kompella Signaling

Signaling
Protocols
MBGP(BGP Multiprotocol Extensions): A series of extended

communities are defined. They are used both for topology
discovery and VC signaling.
Basic
thoughts of Kompella Signaling
PE identify each attached CE with a CE-ID. CE-IDs are unique

in the scope of one VPN.
PE use MBGP to distribute bindings of each attached CE (say

CEI) with a list of labels to all other PEs. Any other PE will pick
one label in the list for the VC encapsulation when it want to
forward traffic from one of its own attached CE to CEI.
BGP extended community RT (Route Target) is used to

distinguish different VPNs.
49
Rough Overview-Tunnel Signaling

By
common LDP (or other tunnel technology), tunnels could
be established between all PEs.

IN
NHLFE
PEB
Push 201, send from a;
PEC
Push 301, send from a;
100
Pop, send to up layer;
150
PEA
IN
NHLFE
PEA
Push 101, send from b;
PEC
Push 351, send from b;
200
250
PEB
CE:1
CE:2
c
PEC
CE:3
50
B
IN
NHLFE
PEA
Push 151, send from c;
PEB
Push 251, send from c;
300
350
Rough Overview-VC Signaling

IN
NHLFE
1-2
Push 2000, send to PEB;
1-3
Push 3000, send to PEC;
1000
1001
Here need a mapping algorithm!

RT(100:1),CE-ID(1),
Label Block(1000, 1001)
PEA
CE:1
NHLFE
2-1
Push 1000, send to PEA;
2-3
Push 3001, send to PEC;
2000
2001
RT(100:1),CE-ID(2),
RT(100:1),CE-ID(1),
RT(100:1),CE-ID(3),
PEB
RT(100:1),CE-ID(3),
RT(100:1),CE-ID(3),
PEC
CE:3
C
You
IN
IN
NHLFE
3-1
Push 1001, send to PEA;
3-2
Push 2001, send to PEB;
3000
3001
neednt configure CE-CE connections manually!
51
CE:2
Rough Overview: Data Flow

IN
NHLFE
IN
NHLFE
1-2
Push 2000, push 201; send from a;
2-1
Push 1000, push 101; send from b;
1-3
Push 3000, push 301; send from a;
2-3
Push 3001, push 351; send from b;
1000
Pop, send from 2-1;
2000
Pop, send from 1-2;
1001
Pop, send from 3-1;
Pop, send from 3-2;
201 2000
2001
100
200
150
1->2
250
PEA
PEB
CE:1
CE:2
351 2001
151 1001
3->1
2->3
PEC
CE:3
52
IN
NHLFE
3-1
Push 1001, push 151; send from c;
3-2
Push 2001, push 251; send from c;
3000
Pop, send from 1-3;
3001
Pop, send from 2-3;
300
350
CE-Labels Binding: Analysis

As
we have discussed, Its naturally to ask all labels bind with one CE
should be continuous.
Could
it be one contiguous block?
The amounts of labels of a CE reflects amounts of remote CEs it need to

connect with. When a new CE is added to the VPN, and if one
contiguous label block is used, here are following 2 solutions:
Reallocation: Reallocate attached added VC and reallocate all labels bound
with the respect CE.
Pre-provision: pre-allocate local VCs (Frame Relay DLCIs, ATM VPI/VCIs
etc. ) and labels corresponded for future usage.
Reallocation is not a good solution. Pre-provision is a good idea, but you

could not always know everything in the future.
So, following label space arrangement is used in this solution.
53
CE-Labels Binding: label space arrangement

Basic
thoughts
All labels bound with a CE is composed of a number of label

block.
A label block is a set of contiguous labels.
Some
9 DLCIs:
100-109
concepts
CE Range; Label block ( Label base, Label range); Block Offset.
Here label 1000 is just used

for algorithm simplicity.
Block Offset: 1
1000 1001 1002 1003
Label Base: 1000
Label Range: 4
Labels bound with

this CE could be:
5
2000 2001 2002
3000 3001 3002
Label Base: 2000

Label Range:3
Label Base: 3000

Label Range: 3
54
CE1
Its range is 9.
It intends to
connect with
CE2 to CE10
CE-Labels Binding: Distribution & Usage

Suppose
CE1 we just discussed is in a below network:
PEB will use choose label 2001 for CE6->CE1 traffic.

1
1000 1001 1002 1003
2000 2001 2002
6->1
PEA
PEB
CE6
CE1
55
3000 3001 3002
How could BGP do this?

A
new AFI for L2-VPN, a new SAFI, and also a new NLRI
format
for
carrying
the
individual
L2-VPN
label-block
information are introduced to MBGP.

L2VPN
NLRIs MUST be accompanied by one or more
extended communities. RT is one of them.

RD is used to distinguish bindings
belong to different VPNs.
Example: Circuit Status Vector TLV.
56
BGP Extended Communities for L2VPN

Route
Target
It is used to construct VPN topology.
Layer2-Info
Extended Community
It is used to carry layer 2 specific information in a VPN.
57
L2 Interworking
Kompella
solution of MPLS L2 VPN could provide Layer 2
interworking, where there is no restriction on Layer 2, but

Layer 3 must be IP.
The
idea is straight: only transport IP packets in the
backbone. The encapsulation is:
58
Questions
59
Thank You !
Huawei-3Com Technology Co., Ltd.
www.huawei-3com.com

Mpls l2 VPN Principle

Uploaded by

Copyright:

Available Formats

Mpls l2 VPN Principle

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mpls l2 VPN Principle

Uploaded by

Copyright:

Available Formats

AR Series Routers VRP3.

30 Training Presentation Slides

Huawei-3Com Training Center

a architectural overview to MPLS

a rough discussion to data flow of

general MPLS L2 VPN

a general discussion to Martini

and Kompella signaling method

We will refer to these VPNs as

L2 VPN is based on circuit-like technology.

It just use virtual circuit to construct connections among VPN

It provide better flexibility than leased line.

Problems of Traditional L2 VPN

Too complex control information

Too much configuration Jobs

Total system has to share same l2 technology.

L2 VPN intends to solve all these problems by following

Solution 1: Tunnel Technology

Basic Scenarios of MPLS L2 VPN

this solution provide better scalability and flexibility.

push 17, send to B

101 pop, send to up layer

17 Swap 18, send to C

18 pop, send to up layer

100 Swap 101, send to A

push 100, send to B

just has the traditional meanings. Tunnel here just

could be GRE or other tunnel. Certainly, two MPLS LSPs can

and Y here indicate the data transported in the tunnel.

Whats Emulated VC?

scenarios illustrate how to connect 2 local Frame Relay

DLCI by 2 MPLS LSP emulated VC in a MPLS tunnel.

Dlci:150 push 1000, send to C

Dlci:250 push 2000, send to A

push 17, send to B

17 Swap 18, send to C

pop, send to up layer

100 Swap 101, send to A

18 pop, send to up layer

2000 pop, send to dlci 150

push 100, send to B

send to dlci 250

How do these VCs and tunnels work?

Dlci:150 push 1000, send to C

Dlci:250 push 2000, send to A

push 17, send to B

17 Swap 18, send to C

pop, send to up layer

100 Swap 101, send to A

18 pop, send to up layer

2000 pop, send to dlci 150

push 100, send to B

send to dlci 250

But MPLS L2 VPN is not only this!

Since following essential questions still havent been answered:

How to transmit L2 data in the MPLS network according control

How to establish all the control information?

MPLS L2VPN Data Flow

L2 data transmitted in backbone has 3 parts of