Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 An Introduction to VPLS Jeff Apcar, Distinguished Services Engineer.

Similar presentations


Presentation on theme: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 An Introduction to VPLS Jeff Apcar, Distinguished Services Engineer."— Presentation transcript:

1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 An Introduction to VPLS Jeff Apcar, Distinguished Services Engineer APAC Technical Practices, Advanced Services

2 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 2 Agenda  VPLS Introduction  Pseudo Wire Refresher  VPLS Architecture  VPLS Configuration Example  VPLS Deployment  Summary

3 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 3 Do you want to date VPLS? “VPLS is like having Paris Hilton as your girlfriend. The concept is fantastic, but in reality the experience might not be what you expected. But… we’re still willing to give it a go as long as we can understand/handle her behaviour” Me, Just Then

4 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 4 VPLS Introduction

5 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 5 Virtual Private LAN Service (VPLS)  VPLS defines an architecture allows MPLS networks offer Layer 2 multipoint Ethernet Services  SP emulates an IEEE Ethernet bridge network (virtual)  Virtual Bridges linked with MPLS Pseudo Wires Data Plane used is same as EoMPLS (point-to-point) PE CE VPLS is an Architecture CE

6 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 6 Virtual Private LAN Service  End-to-end architecture that allows MPLS networks to provide Multipoint Ethernet services  It is “Virtual” because multiple instances of this service share the same physical infrastructure  It is “Private” because each instance of the service is independent and isolated from one another  It is “LAN Service” because it emulates Layer 2 multipoint connectivity between subscribers

7 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 7 Why Provide A Layer 2 Service?  Customer have full operational control over their routing neighbours  Privacy of addressing space - they do not have to be shared with the carrier network  Customer has a choice of using any routing protocol including non IP based (IPX, AppleTalk)  Customers could use an Ethernet switch instead of a router as the CPE  A single connection could reach all other edge points emulating an Ethernet LAN (VPLS)

8 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 8 VPLS is defined in IETF Application General Ops and Mgmt Routing Security IETF MPLS Transport Formerly PPVPN workgroup VPWS, VPLS, IPLS BGP/MPLS VPNs (RFC 4364 was 2547bis) IP VPNs using Virtual Routers (RFC 2764) CE based VPNs using IPsec Pseudo Wire Emulation edge-to-edge Forms the backbone transport for VPLS IAB ISOC As of 2-Nov-2006 Internet L2VPN L3VPN PWE3

9 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 9 Classification of VPNs CPE Based Layer 3 MPLS VPN Virtual Router GREIPSec Layer 3 P2PVPWSEthernet Frame RelayPPP/HDLCATM/Cell RelayEthernet (P2P)Frame RelayATM Ethernet (P2MP) Ethernet (MP2MP) Network Based Layer 2 VPLS IPLS VPN

10 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 10 ATM AAL5/Cell PPP HDLC EthernetFR L2VPN Models IP L2TPv3 Point-to-Point ATM AAL5/Cell PPP HDLC EthernetFR VPWS Point-to-Point Like-to-Like Any-to-Any Like-to-Like L2VPN MPLS VPLS/IPLS Multipoint Ethernet

11 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 11 IP LAN-Like Service (IPLS)  An IPLS is very similar to a VPLS except The CE devices must be hosts or routers not switches The service will only carry IPv4 or IPv6 packets IP Control packets are also supported – ARP, ICMP Layer 2 packets that do not contain IP are not supported  IPLS is a functional subset of the VPLS service MAC address learning and aging not required Simpler mechanism to match MAC to CE can be used Bridging operations removed from the PE Simplifies hardware capabilities and operation  Defined in draft-ietf-l2vpn-ipls

12 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 12 VPLS Components N-PE MPLS Core CE router CE switch CE router CE switch CE router Attachment circuits Port or VLAN mode Mesh of LSP between N-PEs N-PE Pseudo Wires within LSP Virtual Switch Interface (VSI) terminates PW and provides Ethernet bridge function Targeted LDP between PEs to exchange VC labels for Pseudo Wires Attachment CE can be a switch or router

13 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 13 Virtual Switch Interface  Flooding / Forwarding MAC table instances per customer (port/vlan) for each PE VFI will participate in learning and forwarding process Associate ports to MAC, flood unknowns to all other ports  Address Learning / Aging LDP enhanced with additional MAC List TLV (label withdrawal) MAC timers refreshed with incoming frames  Loop Prevention Create full-mesh of Pseudo Wire VCs (EoMPLS) Unidirectional LSP carries VCs between pair of N-PE Per A VPLS use “split horizon” concepts to prevent loops

14 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 14 Pseudo Wire Refresher

15 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 15 Pseudo Wires in VPLS  IETF working group PWE3 ‘Pseudo Wire Emulation Edge to Edge’; Requirements detailed in RFC3916 Architecture details in RFC3985  Develop standards for the encapsulation & service emulation of “Pseudo Wires” Across a packet switched backbone  A VPLS is based on a full mesh of Pseudo Wires

16 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 16 Pseudo Wire Reference Model (RFC 3916)  A Pseudo Wire (PW) is a connection between two provider edge devices connecting two attachment circuits (ACs)  In an MPLS core a Pseudo Wire uses two MPLS labels Tunnel Label (LSP) identifying remote PE router VC Label identifying Pseudo Wire circuit within tunnel Emulated Service IP/MPLS PE1 Attachment Circuit Pseudo Wire PDUs Customer Site PSN Tunnel (LSP in MPLS) Packet Switched Network (PSN) IP or MPLS Pseudo Wire PE2 CE PW1 PW2 CE

17 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 17 Pseudo Wire Standards (Care for a Martini?)  RFC 4446 – Numeric values for PW types  RFC 4447 – Distribution mechanism for VC labels Previously called draft-martini-l2circuit-trans-mpls  RFC 4448 – Encapsulation for Ethernet using MPLS Previously called draft-martini-l2circuit-encap-mpls  Other drafts are addressing different encapsulations draft-ietf-pwe3-frame-relay/draft-ietf-pwe3-atm-encap draft-ietf-pwe3-ppp-hdlc-encap-mpls Originally part of draft-martini-l2circuit-encap-mpls

18 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 18 MPLS PW Types (RFC 4446) 0x0001 Frame Relay DLCI ( Martini Mode ) 0x0002 ATM AAL5 SDU VCC transport 0x0003 ATM transparent cell transport 0x0004 Ethernet Tagged Mode (VLAN) 0x0005 Ethernet (Port) 0x0006 HDLC 0x0007 PPP 0x0008 SONET/SDH Circuit Emulation 0x0009 ATM n-to-one VCC cell transport 0x000A ATM n-to-one VPC cell transport 0x000B IP Layer2 Transport 0x000C ATM one-to-one VCC Cell Mode 0x000D ATM one-to-one VPC Cell Mode 0x000E ATM AAL5 PDU VCC transport 0x000F Frame-Relay Port mode 0x0010 SONET/SDH Circ. Emu. over Packet 0x0011 Structure-agnostic E1 over Packet 0x0012 Structure-agnostic T1 over Packet 0x0013 Structure-agnostic E3 over Packet 0x0014 Structure-agnostic T3 over Packet 0x0015 CESoPSN basic mode 0x0016 TDMoIP AAL1 Mode 0x0017 CESoPSN TDM with CAS 0x0018 TDMoIP AAL2 Mode 0x0019 Frame Relay DLCI

19 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 19 VC Information Distribution (RFC 4447)  VC labels are exchanged across a targeted LDP session between PE routers Generic Label TLV within LDP Label Mapping Message  LDP FEC element defined to carry VC information Such PW Type (RFC 4446) and VCID  VC information exchanged using Downstream Unsolicited label distribution procedures  Separate “MAC List” TLV for VPLS Defined in draft-ietf-l2vpn-vpls-ldp Use to withdraw labels associated with MAC addresses

20 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 20 VC Label identifies interface Tunnel Label(s) gets to PE router  Unidirectional Tunnel LSP between PE routers to transport PW PDU from PE to PE using tunnel label(s) Both LSPs combined to form single bi-directional Pseudo Wire  Directed LDP session between PE routers to exchange VC information, such as VC label and control information VC Distribution Mechanism using LDP IP/MPLS PE1 LSP created using IGP+LDP or RSVP-TE Customer Site Label Switch Path Directed LDP Session between PE1 and PE2 PE2 CE

21 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 21 PW Encapsulation over MPLS (RFC 4448)  Ethernet Pseudo Wires use 3 layers of encapsulation Tunnel Encapsulation (zero, one or more MPLS Labels) To get PDU from ingress to egress PE; Could be an MPLS label (LDP, TE), GRE tunnel, L2TP tunnel Pseudo Wire Demultiplexer (PW Label) To identify individual circuits within a tunnel; Obtained from Directed LDP session Control Word (Optional) The following is supported when carrying Ethernet Provides the ability to sequence individual frames Avoidance of equal-cost multiple-path load-balancing Operations and Management (OAM) mechanisms  Control word format varies depending on transported PDU Tunnel Label PW Label Control Word Layer 2 PDU

22 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 22 Ethernet PW Tunnel Encapsulation  Tunnel Encapsulation One or more MPLS labels associated with the tunnel Defines the LSP from ingress to egress PE router Can be derived from LDP+IGP, RSVP-TE, BGP IPv4+Label EXPTTL (set to 2)VC Label (VC)1 Tunnel Label (LDP,RSVP,BGP) Layer-2 PDU 0 0 ReservedSequence Number EXPTTL0 PW Demux Tunnel Encaps Control Word

23 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 23 Ethernet PW Demultiplexer  VC Label Inner label used by receiving PE to determine the following Egress interface for L2PDU forwarding (Port based) Egress VLAN used on the CE facing interface (VLAN Based)  EXP can be set to the values received in the L2 frame EXPTTL (set to 2)VC Label (VC)1 Tunnel Label (LDP,RSVP,BGP) Layer-2 PDU 0 0 ReservedSequence Number EXPTTL0 PW Demux Tunnel Encaps Control Word

24 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 24 Ethernet PW Control Word  Control Word is Optional (as per RFC) First nibble is 0x0 to prevent aliasing with IP Packets over MPLS (MAC addresses that start with 0x4 or 0x6) Reserved Should be all zeros, ignored on receive Seq number provides sequencing capability to detect out of order packets - currently not in Cisco’s implementation – processing is optional EXPTTL (set to 2)VC Label (VC)1 Tunnel Label (LDP,RSVP,BGP) Layer-2 PDU PW Demux Tunnel Encaps Control Word 0 0 ReservedSequence Number EXPTTL0

25 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 25 P2P1 PW Operation and Encapsulation IP/MPLS Customer Site Directed LDP Session between PE1 and PE2 PE2 CE LSP “PW1” Lo0: Label 24 for Lo0: Label Pop for Lo0: Label 38 for Lo0: Label 72 for PW1 PE1 LDP Session 2472L2 PDU  This process happens in both directions (Example shows process for PE2  PE1 traffic) 3872L2 PDU72L2 PDU

26 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 26 VPLS Architecture

27 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 27 VPLS Standards  Architecture allows IEEE bridge behaviour in SP plus: Autodiscovery of other N-PE in same VPLS instance Signaling of PWs to interconnect VPLS instances Loop avoidance & MAC Address withdrawal  Two drafts have been approved by IETF L2VPN Working Group  draft-ietf-l2vpn-vpls-ldp Uses LDP for signalling, agnostic on PE discovery method Predominant support from carriers and vendors Cisco supports this draft  draft-ietf-l2vpn-vpls-bgp Uses BGP for signalling and autodiscovery

28 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 28 NMS/OSS Cisco VPLS Building Blocks Tunnel Protocol MPLSIP L2VPN Discovery Centralised DNS Radius Directory Services Distributed BGP Signaling Label Distribution Protocol Point-to-Point Layer 2 VPN Multipoint Layer 2 VPN Layer 3 VPN Forwarding Mechanism Interface-Based/ Sub-Interface Ethernet Switching (VFI) IP Routing Hardware Cisco 7600Catalyst 6500Cisco 12000

29 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 29 VPLS Auto-discovery & Signaling  Draft-ietf-l2vpn-vpls-ldp Does not mandate an auto-discovery protocol Can be BGP, Radius, DNS, or Directory based Uses Directed LDP for label exchange (VC) and PW signaling PWs signal control information as well (for example, circuit state)  Cisco IOS supports Directed LDP for all VC signaling Point-to-point – Cisco IOS Any Transport over MPLS (AToM) Multipoint – Cisco IOS MPLS Virtual Private LAN Services VPN Discovery Centralised DNS Radius Directory Services Distributed BGP Signaling Label Distribution Protocol

30 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 30 VPLS Flooding & Forwarding  Flooding (Broadcast, Multicast, Unknown Unicast)  Dynamic learning of MAC addresses on PHY and VCs  Forwarding Physical Port Virtual Circuit DataSADA? Unknown DA? Pseudo Wire in LSP

31 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 31 MAC Address Learning and Forwarding  Broadcast, Multicast, and Unknown Unicast are learned via the received label associations  Two LSPs associated with a VC (Tx & Rx)  If inbound or outbound LSP is down Then the entire Pseudo Wire is considered down PE1PE2 Send me frames using Label 170 Send me frames using Label 102 CE E0/0E0/1 MAC 2E0/1 MAC AddressAdj MAC 1102 MAC 2170 MAC AddressAdj MAC 1E0/0 Use VC Label 102 MAC1 Use VC Label 170 MAC2 PE2170MAC2MAC1Data PE2102MAC1MAC2Data Directed LDP

32 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 32 MPLS MAC Address Withdrawal Message  Message speeds up convergence process Otherwise PE relies on MAC Address Aging Timer  Upon failure PE removes locally learned MAC addresses  Send LDP Address Withdraw (RFC3036) to remote PEs in VPLS (using the Directed LDP session)  New MAC List TLV is used to withdraw addresses X MAC Withdrawal MAC Withdrawal Directed LDP

33 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 33 MPLS VPLS Topology – PE View  Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection  Full mesh topology obviates STP in the SP network  Customer STP is transparent to the SP / Customer BPDUs are forwarded transparently PEs CEs PE view Full Mesh LDP Ethernet PW to each peer

34 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 34 MPLS PEs CEs PE view Full Mesh LDP Ethernet PW to each peer VPLS Topology – CE View  CE routers/switches see a logical Bridge/LAN  VPLS emulates a LAN – but not exactly… This raises a few issues which are discussed later MPLS VPLS Core MPLS CEs

35 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 35 VPLS Architectures  VPLS defines two Architectures Direct Attachment (Flat) Described in section 4 of Draft-ietf-l2vpn-vpls-ldp Hierarchical or H-VPLS comprising of two access methods Ethernet Edge (EE-H-VPLS) – QinQ tunnels MPLS Edge (ME-H-VPLS) - PWE3 Pseudo Wires (EoMPLS) Described in section 10 of Draft-ietf-l2vpn-vpls-ldp  Each architecture has different scaling characteristics

36 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 36 VPLS Functional Components CE U-PEN-PEMPLS CoreN-PEU-PE CE Customer MxUs SP PoPs Customer MxUs  N-PE provides VPLS termination/L3 services  U-PE provides customer UNI  CE is the custome device

37 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 37 Directed attachment (Flat) Characteristics  Suitable for simple/small implementations  Full mesh of directed LDP sessions required N*(N-1)/2 Pseudo Wires required Scalability issue a number of PE routers grows  No hierarchical scalability  VLAN and Port level support (no QinQ)  Potential signaling and packet replication overhead Large amount of multicast replication over same physical CPU overhead for replication

38 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 38 Direct Attachment VPLS (Flat Architecture) CE N-PEMPLS CoreN-PE CE Ethernet (VLAN/Port Ethernet (VLAN Port) Full Mesh PWs + LDP MAC2MAC1Data PEVCMAC2MAC1Data MAC2MAC1Data 802.1q Customer Pseudo Wire SP Core

39 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 39 Hierarchical VPLS (H-VPLS)  Best for larger scale deployment  Reduction in packet replication and signaling overhead  Consists of two levels in a Hub and Spoke topology Hub consists of full mesh VPLS Pseudo Wires in MPLS core Spokes consist of L2/L3 tunnels connecting to VPLS (Hub) PEs Q-in-Q (L2), MPLS (L3), L2TPv3 (L3)  Some additional H-VPLS terms MTU-sMulti-Tenant Unit Switch capable of bridging (U-PE) PE-r Non bridging PE router PE-rsBridging and Routing capable PE

40 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 40 Why H-VPLS?  Potential signaling overhead  Full PW mesh from the Edge  Packet replication done at the Edge  Node Discovery and Provisioning extends end to end  Minimizes signaling overhead  Full PW mesh among Core devices  Packet replication done the Core  Partitions Node Discovery process VPLSH-VPLS CE PE CE MTU-s CE PE-rs PE-r CE

41 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 41 Ethernet Edge H-VPLS (EE-H-VPLS) CE N-PE PE-rs MPLS Core N-PE PE-rs CE QinQ Tunnel Full Mesh PWs + LDP U-PE MTU-s 802.1q Access QinQ Tunnel MAC2MAC1Data Vlan CE PEPE VCMAC2MAC1Data Vlan CE MAC2MAC1Data Vlan CE Vlan SP 802.1q Customer QinQ SP Edge Pseudo Wire SP Core

42 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 42 Bridge Capability in EE-H-VPLS  Local edge traffic does not have to traverse N-PE MTU-s can switch traffic locally Saves bandwidth capacity on circuits to N-PE CE N-PE PE-rs U-PE MTU-s

43 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 43 MPLS VPLS N-PE P P P P GE Ring Metro A U-PE PE-AGG Metro C U-PE DWDM/ CDWM U-PE User Facing Provider Edge (U-PE) Network Facing Provider Edge (N-PE) Ethernet Edge Topologies U-PE RPR Metro D Large Scale Aggregation PE-AGG Intelligent Edge N-PE Multiservice Core P Efficient Access U-PE Intelligent Edge N-PE Efficient Access U-PE Metro B 10/100/ 1000 Mbps 10/100/ 1000 Mbps 10/100/ 1000 Mbps 10/100/ 1000 Mbps Hub and Spoke Full Service CPE

44 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 44 MPLS Core MPLS Edge H-VPLS CE N-PE PE-rs MPLS Core N-PE PE-rs CE MPLS Pseudo Wire Full Mesh PWs + LDP U-PE PE-rs 802.1q Access MPLS Pseudo Wire MAC2MAC1Data Vlan CE PEPE VCMAC2MAC1Data Vlan CE 802.1q Customer MPLS PW SP Edge Pseudo Wire SP Core PEVCMAC2MAC1Data Vlan CE Same VCID used in Edge and core (Labels may differ) MPLS Acces s

45 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 45 VFI and Split Horizon (VPLS, EE-H-VPLS) VFI Pseudo Wire #2 Virtual Forwarding Interface Pseudo Wires Local Switching  Virtual Forwarding Interface is the VSI representation in IOS Single interface terminates all PWs for that VPLS instance This model applicable in direct attach and H-VPLS with Ethernet Edge Split Horizon Active Broadcast /Multicast Bridging Function (.1Q or QinQ) Pseudo Wire #1 N-PE N-PE2 N-PE3 CE This traffic will not be replicated out PW #2 and visa versa

46 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 46 N-PE1 Pseudo Wire #3 VFI and NO Split Horizon (ME-H-VPLS) VFI Pseudo Wire #2 Virtual Forwarding Interface Pseudo Wires NO Split Horizon  This model applicable H-VPLS with MPLS Edge PW #1, PW #2 will forward traffic to PW #3 (non split horizon port) Split Horizon Active Unicast Pseudo Wire MPLS Based Pseudo Wire #1 U-PE N-PE3 Split Horizon disabled N-PE2 CE

47 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 47 VPLS Logical Topology Comparison Direct AttachH-VPLS – QinQ tunnelH-VPLS - MPLS PW ProsSimple access via Ethernet Hierarchical support via QinQ at access Scalable customer VLANs (4K x 4K) 4K customers supported per Ethernet Access Domain Fast L3 IGP convergence MPLS TE FRR <50msec Hierarchical support via MPLS PW at access ConsNo hierarchical scalability Customer VLAN cannot over lap 4K customer VLAN limit in Ethernet access domain High STP reconvergence time High STP re-convergence time MAC is not scalable as customer MAC still seen on SP network Supported on SIP-600 only as of 12.2(33)SRA More complicated provisioning Requires MPLS to u-PE OSM/SIP-400/600 as U-PE facing card on N-PE (for 7600)

48 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 48 Configuration Examples

49 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 49 Configuration Examples  Direct Attachment Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)  H-VPLS Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)  Sample Output

50 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 50 MPLS Core Direct Attachment Configuration (C7600)  CEs are all part of same VPLS instance (VCID = 56) CE router connects using VLAN 100 over sub-interface PE1 PE2 CE1 CE2 PE gi3/0gi4/4 gi4/2 pos4/1pos4/3 pos3/0pos3/1 VLAN100

51 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 51 interface GigabitEthernet 1/3.100 encapsulation dot1q 100 ip address interface GigabitEthernet 2/0.100 encapsulation dot1q 100 ip address Direct Attachment CE router Configuration  CE routers sub-interface on same VLAN Can also be just port based (NO VLAN) CE1 CE2 VLAN100 Subnet /24 interface GigabitEthernet 2/1.100 encapsulation dot1q 100 ip address

52 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 52 l2 vfi VPLS-A manual vpn id 56 neighbor encapsulation mpls neighbor encapsulation mpls l2 vfi VPLS-A manual vpn id 56 neighbor encapsulation mpls neighbor encapsulation mpls l2 vfi VPLS-A manual vpn id 56 neighbor encapsulation mpls neighbor encapsulation mpls MPLS Core Direct Attachment VSI Configuration  Create the Pseudo Wires between N-PE routers PE1 PE2 CE1 CE2 PE gi3/0gi4/4 gi4/2 pos4/1pos4/3 pos3/0pos3/1 VLAN100

53 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 53 MPLS Core Direct Attachment CE Router (VLAN Based)  Same set of commands on each PE  Configured on the CE facing interface PE1 PE2 CE1 CE2 PE gi3/0gi4/4 gi4/2 pos4/1pos4/3 pos3/0pos3/1 VLAN100 Interface GigabitEthernet3/0 switchport switchport mode trunk switchport trunk encapsulation dot1q switchport trunk allowed vlan 100 ! Interface vlan 100 no ip address xconnect vfi VPLS-A ! vlan 100 state active This command associates the VLAN with the VPLS instance VLAN100 = VCID 56

54 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 54 Configuration Examples  Direct Attachment Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)  H-VPLS Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)  Sample Output

55 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 55 MPLS Core Direct Attachment CE switch (Port Based) PE1 PE2 CE1 CE2 PE gi3/0gi4/4 gi4/2 pos4/1pos4/3 pos3/0pos3/1 All VLANs Interface GigabitEthernet3/0 switchport switchport mode dot1qtunnel switchport access vlan 100 l2protocol-tunnel stp ! Interface vlan 100 no ip address xconnect vfi VPLS-A ! vlan 100 state active This command associates the VLAN with the VPLS instance VLAN100 = VCID 56  If CE was a switch instead of a router then we can use QinQ  QinQ places all traffic (tagged/untagged) from switch into a VPLS

56 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 56 Configuration Examples  Direct Attachment Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)  H-VPLS Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)  Sample Output

57 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 57 MPLS Core H-VPLS Configuration (C7600/3750ME)  U-PEs provide services to customer edge device CE traffic then carried in QinQ or EoMPLS PW to N-PE PW VSI mesh configuration is same as previous examples N-PE1N-PE2 N-PE gi3/0 gi4/2 pos4/1pos4/3 pos3/0pos3/1 U-PE3 Cisco 3750ME CE1CE2 CE1 CE2 CE1 CE2 U-PE1 Cisco 3750ME gi4/4 gi1/1/1 fa1/0/1 U-PE2 Cisco 3750ME

58 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 58 Configuration Examples  Direct Attachment Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)  H-VPLS Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)  Sample Output

59 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 59 MPLS Core H-VPLS QinQ Tunnel (Ethernet Edge) N-PE1N-PE2 N-PE gi3/0gi4/4 gi1/1/1 gi4/2 pos4/1pos4/3 pos3/0pos3/1 U-PE3 Cisco 3750ME CE1CE2 CE1 CE2 U-PE1 Cisco 3750ME Interface GigabitEthernet4/4 switchport switchport mode trunk switchport trunk encapsulation dot1q switchport trunk allowed vlan 100 ! Interface vlan 100 no ip address xconnect vfi VPLS-A ! vlan 100 state active  U-PE carries all traffic from CE using QinQ Outer tag is VLAN100, inner tags are customer’s interface FastEthernet1/0/1 switchport switchport access vlan 100 switchport mode dot1q-tunnel switchport trunk allow vlan ! interface GigabitEthernet 1/1/1 switchport switchport mode trunk switchport allow vlan CE1 CE2 fa1/0/ U-PE2 Cisco 3750ME

60 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 60 Configuration Examples  Direct Attachment Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)  H-VPLS Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)  Sample Output

61 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 61 MPLS Core H-VPLS EoMPLS PW Edge (VLAN Based)  CE interface on U-PE can be access or trunk port xconnect per VLAN is required N-PE1N-PE2 U-PE2 Cisco 3750ME N-PE gi3/0 gi4/2 pos4/1pos4/3 pos3/0pos3/1 U-PE3 Cisco 3750ME CE1CE2 CE1 CE2 U-PE1 Cisco 3750ME interface FastEthernet1/0/1 switchport switchport access vlan 500 ! interface vlan500 xconnect encapsulation mpls ! interface GigabitEthernet1/1/1 no switchport ip address mpls ip gi4/4 gi1/1/1 CE1 CE2 fa1/0/1 Interface GigabitEthernet4/4 no switchport ip address mpls ip ! l2 vfi VPLS-A manual vpn id 56 neighbor encapsulation mpls neighbor encapsulation mpls neighbor encaps mpls no-split Ensures CE traffic passed on PW to/from U-PE

62 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 62 Configuration Examples  Direct Attachment Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)  H-VPLS Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)  Sample Output

63 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 63 MPLS Core H-VPLS EoMPLS PW Edge (Port Based)  CE interface on U-PE can be access or trunk port xconnect for entire PORT is required N-PE1N-PE2 U-PE2 Cisco 3750ME N-PE gi3/0 gi4/2 pos4/1pos4/3 pos3/0pos3/1 U-PE3 Cisco 3750ME CE1CE2 CE1 CE2 U-PE1 Cisco 3750ME interface FastEthernet1/0/1 no switchport xconnect encapsulation mpls ! interface GigabitEthernet1/1/1 no switchport ip address mpls ip gi4/4 gi1/1/1 CE1 CE2 fa1/0/1 Interface GigabitEthernet4/4 no switchport ip address mpls ip ! l2 vfi PE1-VPLS-A manual vpn id 56 neighbor encapsulation mpls neighbor encapsulation mpls neighbor encaps mpls no-split Ensures CE traffic passed on PW to/from U-PE

64 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 64 Configuration Examples  Direct Attachment Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)  H-VPLS Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)  Sample Output

65 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 65 MPLS Core show mpls l2 vc N-PE1N-PE2 U-PE2 Cisco 3750ME N-PE gi3/0 gi4/2 pos4/1pos4/3 pos3/0pos3/1 U-PE3 Cisco 3750ME CE1CE2 CE1 CE2 U-PE1 Cisco 3750ME gi4/4 gi1/1/1 CE1 CE2 fa1/0/1 NPE-A#show mpls l2 vc Local intf Local circuit Dest address VC ID Status VFI VPLS-A VFI UP VFI VPLS-A VFI UP

66 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 66 MPLS Core show mpls l2 vc detail N-PE1N-PE2 U-PE2 Cisco 3750ME N-PE gi3/0 gi4/2 pos4/1pos4/3 pos3/0pos3/1 U-PE3 Cisco 3750ME CE1CE2 CE1 CE2 U-PE1 Cisco 3750ME gi4/4 gi1/1/1 CE1 CE2 fa1/0/1 NPE-2#show mpls l2 vc detail Local interface: VFI VPLS-A up Destination address: , VC ID: 10, VC status: up Tunnel label: imp-null, next hop Output interface: POS4/3, imposed label stack {19} Create time: 1d01h, last status change time: 00:40:16 Signaling protocol: LDP, peer :0 up MPLS VC labels: local 23, remote Use VC Label 19 Use VC Label 23

67 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 67 Deployment Issues

68 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 68 Deployment Issues  MTU Size  Broadcast Handling  Router or a Switch CPE?  Ramblings of an Engineer  A Sample Problem

69 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 69 Pseudo Wire Data Plane Overhead  At imposition, N-PE encapsulates CE Ethernet or VLAN packet to route across MPLS cloud  These are the associated overheads Transport Header is 6 bytes DA + 6 bytes SA + 2 bytes Etype + OPTIONAL 4 Bytes of VLAN Tag (carried in Port based service) At least 2 levels of MPLS header (Tunnel + VC) of 4 bytes each There is an optional 4-Byte control word Inner Label (32-bits) Outer Label (32-bits) Tunnel Header VC Header L2 Header Original Ethernet Frame

70 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 70 Calculating Core MTU Requirements  Core MTU ≥ Edge MTU + Transport Header + AToM Header + (MPLS Label Stack * MPLS Header Size)  Edge MTU is the MTU configured in the CE-facing PE interface  Examples (all in Bytes): 1530 [1526] 1526 [1522] Total EoMPLS Port w/ TE FRR EoMPLS VLAN Mode EoMPLS Port Mode MPLS Header MPLS Stack Edge Transport 4 [0] AToM

71 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 71 Beware the MTU – It Can Get Real Big DASATypeTEVcTuDASATPIDTCITypeDataSFDPre Enterprise MPLS Frame FCS Preamble Start of Frame Delimter Carrier Dest MAC Carrier Source MAC Ether type = 8847Traffic Engineer label EoMPLS Tunnel LabelEoMPLS VC Label Cust Destination MAC Cust Source MAC VLAN Protocol ID = 8100VLAN ID Info Cust Type Cust PacketFrame Check Sequence > Cntrl Control Word 4 Carrier Pseudowire Encapsulation Data portion may be > 1500 if carrying MPLS labels  MTU Sizing Packet size can get very large in backhaul due to multiple tags and labels Ensure core and access Ethernet interfaces are configured with appropriate MTU size

72 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 72 Broadcast/Multicast/Unknown Unicast Handling  VPLS relies on ingress replication Ingress PE replicates the multicast packet to each egress Pseudo Wire (PE neighbour)  Ethernet switches replicate broadcast/multicast flows once per output interface VPLS may duplicate packets over the same physical egress interface – for each PW that interface carriers Unnecessary replication brings the risk of resource exhaustion when the number of PWs increases  Some discussion on maybe using multicast for PWs Rather than full mesh of P2P Pseudo Wires

73 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 73 Switch or Router as CE device  Ethernet Switch as CE device If directly attached SP allocates VLAN could be an issue in customer network SP UNI exposed to L2 network of customer L2 PDUs must be tunnelled such as STP BPDUs No visibility of network behind CE switch Many MAC address can exists on UNI High exposure to broadcast storms  Router as CE device Single MAC Address exists (for interface of router) No SPT interactions Router controls broadcast issues (multicast still happens)

74 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 74 VPLS Caveats (Ramblings of an Engineer)  VPLS may introduce non-deterministic behaviour in SP Core Case in point – learning of VPN routes An MPLS-VPN provides ordered manner to learn VPNv4 routers using MP-BGP – unknown addresses are dropped In VPLS, learning is achieved through flooding MAC address Excessive number of Unknown, Broadcast and Multicast frames could behave as a series of “packet bombs”  Solution: Ingress Threshold Filters (on U-PE or N-PE) How to selectively choose which Ethernet Frames to discard? How to avoid dropping Routing and Keepalives (control) May cause more problems in customer network… How many MAC addresses allowed? Does SP really want to take this responsibility?

75 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 75 VPLS Caveats (Ramblings of an Engineer)  DoS attack has a higher probability of manifesting Whether intentional or by mis-configuration  Since traffic is carried at layer 2, a lot of chatter could be traversing the MPLS core unnecessarily. For example, status requests for printers  How is CoS applied across for a VPLS service? Should all frames on a VPLS interface be afforded the same class of service? Should there be some sort of differentiation?

76 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 76 A Common VPLS Problem  Protocols expect LAN behaviour  VPLS is viewed as an Ethernet network Although it does not necessarily behave like one VPLS is “virtual” in its LAN service There are some behaviours which differ from a real LAN  An example The OSPF designated router problem…

77 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 77 OSPF Designated Router Problem  VPLS View Router A is the DR, Router B is the BDR Router C sees both A and B via Pseudo Wires OSPF DR (A) OSPF Backup DR (B) OSPF Neighbour (C) Pseudo Wires OSPF DR (A) OSPF Backup DR (B) OSPF Neighbour (C)  Router View Router A, B and C behave like they are on a LAN

78 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 78 OSPF Designated Router Problem  Assume PW between A and B loses connectivity Router A and Router B cannot see each other Router C can still see both the Router A and Router B Pseudo Wires OSPF DR (A) OSPF Backup DR (B) OSPF Neighbour (C)  Ethernet frames travel along discrete paths a VPLS Therefore Router C can see both Router A and B But Router A and Router B cannot see each other!  Router B assumes A has failed and becomes the DR Router C now see two DRs on same LAN segment – Problem! No arbitration available between Router A and Router B

79 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 79 Summary

80 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 80 Summary  VPLS has its advantages and benefits Non-IP protocols supported, customers do not have routing interaction etc..  Use routers as the CE device Understand their multicast requirements Then again, maybe MPLS-VPN could do the job?  Avoid switches as CPE Otherwise understand customer’s network requirements Devices, applications (broadcast/multicast vs unicast)

81 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 81 Q & A

82 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 82


Download ppt "© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 An Introduction to VPLS Jeff Apcar, Distinguished Services Engineer."

Similar presentations


Ads by Google