EVC Atahar Khan CCIE SP 44012 Cisco Systems

Agenda L2VPN overview Ethernet Virtual Circuits (EVC)

L2VPN Overview

What is L2VPN ? We call L2VPN any method which allow to have a LAN shared across multiple remote location across a non L2 network The network in the middle can be : IPv4 Routed network  L2TPv3 can be use MPLS network  EoMPLS or VPLS Another switched Network  QinQ The PE to CE interface might not be Ethernet Atom : tunnel of anything over MPLS network L2TPv3 : encapsulate anything over ipv4 network Interworking : allow to interconnect one L2 tech to another (FR to ATM or Eth to ATM or…) Those technique can be combined to achieve LAN transparency ! Cisco Systems

L2VPN Models L2TPv3 AToM L2-VPN Models MPLS Core IP core VPWS VPLS P2MP/ MP2MP Point-to-Point Point-to-Point Ethernet FR ATM AAL5/Cell PPP/ HDLC FR ATM AAL5/Cell PPP/ HDLC Ethernet Ethernet

Virtual Private Wire Service (VPWS) Reference Model L2transport over IP = L2TPv3 L2transport over MPLS = AToM SE = Service Endpoint Customer Site PSN = Packet Switched Network Customer Site PSN Tunnel PWES Pseudo Wires PWES PE PE PWES Customer Site PWES Customer Site Emulated Service A Pseudowire (PW) is a connection between two Provider Edge (PE) devices which connects two pseudowire End-Services (PWESs) of the same type Service Types: Ethernet 802.1Q (VLAN) ATM VC or VP HDLC PPP Frame Relay VC PWES Cisco Systems

Ethernet Virtual Circuits (EVC)

The Challenges On traditional switches, we require the switch to do two things: 1.) Have the VLAN configured globally 2.) Perform MAC learning in this VLAN switches have a finite amount of CAM space for MAC Learning limiting the number of hosts we can support. Since the 802.1q VLAN tag is only 12-bits wide we can only configure a maximum of 4096 VLANs. In modern provider and cloud environments there is a need to scale beyond these limitations. VLAN translation can not be done. Cisco Systems

EVC Advantages The VLAN tag is used for classification and the Service Instance defines the forwarding action. we could allocate one VLAN to different customers on every switchport and forward each customer's traffic across different MPLS Pseudowires, but never actually configure the VLAN globally. Customer VLAN ID preservation/ translation. Cisco Systems

CE-VLAN ID Preservation Application (1) ERS services with same End to End CE-VLAN ID Cisco Systems

CE-VLAN ID Preservation Application (2) Corporate Customers with all remote offices using the same CE-VLAN ID Also useful for SP deploying Managed CPEs NEED OF VLAN TRANSLATION !!! Cisco Systems

EVC – Flexible Frame Matching Service instance Service instance ... Provide classification of L2 flows on Ethernet interfaces Are also referred to as EVC service-instances Support dot1q and Q-in-Q Support VLAN lists Support VLAN ranges Support VLAN Lists and Ranges combined Coexist with routed subinterfaces Match VLAN: 14 14 100 Match VLAN range: 100-102 101 102 200 Match VLAN list: 200, 203, 210 203 INTERFACE 210 Match VLAN: 300,100 300,100 400,1 Match outer VLAN 400, inner VLAN range: 1-3 400,2 400,3 400,11 Match outer 400, inner VLAN list: 11,17,34 400,17 400,34 Cisco Systems

Exact vs. Non-Exact EVC only supports Non-Exact matching ‘encap dot1q 10’ matches any packets with outmost tag equals to 10: ‘encap dot1q 10 sec 100’ matches any packets with outmost tag as 10 and second most tag as 100 10 10 200 10 100 10 1000 100 Cisco Systems

Longest tag match Int G3/0/0 EVC supports longest tag matching within the same GigE port. Matching double tag at first, then single tag, then default tag (similar concept as routing table lookup) 10 dot1q 10 sec 100 sec 128-133 10 200 10 100 Int G3/0/0 10 130 Cisco Systems

EVC – Flexible VLAN Tag Manipulation EVCs allow us to classify inbound frames in a highly flexible manner based on 1 or more VLAN tags or CoS values. Here are some examples Configuration Effect encapsulation dot1q 10 Match the single VLAN tag 10 encapsulation dot1q 25 second-dot1q 13 Match first VLAN tag 25 and second tag 13 encapsulation dot1q any second-dot1q 22 Match any double tagged frame with a second tag of 22 encapsulation dot1q 16 cos 4 Match a single tag 16 when it has CoS value 4 encapsulation dot1q untagged Match the native (untagged) VLAN encapsulation dot1q default The catch all class for all traffic not previously classified Cisco Systems

Encap match order From most specific to most general No exact match based on outmost tag # Encap untag matches untagged packet Encap default catches all remaining traffic w/o specific match. If there is no encap untag configured, it also catches untag packet. Cisco Systems

Encapsulation Rewrite CLI interface gig 1/1/1 service instance 1 ethernet encapsulation dot1q 10 rewrite ingress tag ? pop Pop the tag push Rewrite Operation of push translate Translate Tag . Configuration Effect rewrite ingress tag pop 1 symmetric remove the top 802.1q tag rewrite ingress tag pop 2 symmetric remove the top two 802.1q tags rewrite ingress tag translate 1-to-1 dot1q  28 symmetric remove the top tag and replace it with 28 rewrite ingress tag translate 2-to-2 dot1 22 second-dot1q 23 remove the top two tags and replace them with 22 and 23 (23 will be the inner tag) rewrite ingress tag push dot1q 56 second-dot1q 55 push two new tags on top of the existing frame. The top tag will be 56; inner tag of 55 Cisco Systems

Encapsulation Rewrite CLI - Symmetric . Cisco Systems

Here's a sample topology, with two access switches processing different VLANs. The service instance configurations are on PE Blue and PE Purple

EVC – Flexible Forwarding Model Service instance P-to-P Local Connect MPLS L3/VRF or EoMPLS/VPLS BD SVI MPLS UPLINK P-to-P EoMPLS BD EoMPLS/VPLS SVI BD L2 Bridging PVC / DLCI L2 inter-working Physical Ports ATM / FR

Flexible Service Mapping Configuration Example core interface, L2 trunk or L3 MPLS Access port service instance 1 ethernet encapsulation dot1q 20 second-dot1q 10 rewrite ingress tag pop 1 sym bridge-domain 10 c-mac 802.1ah (PBB or .1ah over VPLS service instance 2 ethernet encapsulation dot1q 11-100 rewrite ingress tag push dot1q 101 xconnect 1.1.1.1 101 en mpls E-LINE (VPWS) service instance 3 ethernet encapsulation dot1q 101 second-dot1q 10 rewrite ingre tag translate 2-to-1 100 bridge-domain 200 Interface vlan 200 xconnect vfi myvpls E-LAN (VPLS or Local bridging) Local connect service instance 4 ethernet encapsulation dot1q 102 rewrite ingress tag pop 1 bridge-domain 201 Interface vlan 201 ip address 2.2.2.2 255.255.255.0 ip vrf myvrf L3 termination Service instance or Ethernet Flow Point Cisco Systems

EVC (Service Instance) Example Here is an example of an interface configured with a bridge-domain: interface g0/2   service instance 1 ethernet     encapsulation dot1q 11     rewrite ingres tag pop 1 symmetric     bridge-domain 22 ! interface Vlan22   ip address 192.168.1.1 255.255.255.0

EVC – Local & remote bridging example LOCAL Switching interface g0/2   service instance 1 ethernet     encapsulation dot1q 10     rewrite ingres tag pop 1 symmetric     bridge-domain 22   service instance 2 ethernet     encapsulation dot1q 11     rewrite ingress tag pop 1 symmetric    bridge-domain 22 ! interface Vlan44   ip address 192.168.1.1 255.255.255.0 Remote Connection interface g0/2   service instance 1 ethernet     encapsulation dot1q 10     rewrite ingres tag pop 1 symmetric     bridge-domain 22 split-horizon   service instance 2 ethernet     encapsulation dot1q 11     rewrite ingress tag pop 1 symmetric ! interface Vlan44  xconnect 192.168.1.1 12 encapsulation mpls Cisco Systems

Cisco Systems