Implementing VPLS

Layer 2 VPNs and Ethernet Services

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-1

Objectives
Discuss VPLS
Implement VPLS and H-VPLS

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-2

VPLS overview

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-3

VPLS Traffic Forwarding

Initial traffic across all PWs; MAC address is learned.
Split-horizon forwarding is applied to avoid loops between PEs.
Traffic is sent to relevant PWs (all or one).
On PE failure, PWs go down and MACs are flushed.
MAC learning process begins again.
Host B

Host A

PE2
PE1
Host C
MPLS

PE3

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-4

VPLS Topology: PE View

Each PE has a point-to-multipoint view of all other PEs:
- Sees itself as a root bridge with split-horizon loop protection

Full mesh topology obviates STP in the service provider network.

Customer STP is transparent to the service provider:
- Customer BPDUs are forwarded transparently.

CEs

PEs

MPLS

Full mesh LDP

Ethernet PW to each peer
PE view

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-5

Virtual Switch Interface

Software feature for:
Flooding and forwarding
- MAC table instances per customer (port or VLAN) for each PE
- Learning and forwarding process
- Flood unknowns, multicasts, and broadcasts to all other ports

Address learning and aging

- LDP enhanced with additional MAC list TLV (label withdrawal)
- MAC timers refreshed with incoming frames

Loop prevention
- Create full-mesh of PW VCs (EoMPLS)
- Split-horizon concept
- Customer STP BPDUs tunneled through the service provider cloud

Implemented as VFI
- Bridge that connects attachment circuits to PWs
- VLAN extension
2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-6

VPLS Architectures
Nonhierarchical

Two architectures:

CE1

MPLS core
N-PE1

- Nonhierarchical
Single PE (flat)
- Hierarchical (H-VPLS)

VPLS
CE2
N-PE2

With Ethernet access

- 802.1ad (IEEE standard for QinQ)
With MPLS access

CE1

Two PE roles:
- Network-facing PE (N-PE)

U-PE2
CE1

U-PE1

N-PE2

N-PE1

EoMPLS

VPLS

CE1
U-PE2

2012 Cisco and/or its affiliates. All rights reserved.

VPLS

CE2

- User-facing PE (U-PE)
Customer UNI

N-PE1

U-PE1

802.1ad

VPLS termination
Layer 3 services

MPLS core

Hierarchical

N-PE2
SPEDGE v1.04-7

VPLS vs. H-VPLS

Significant signaling overhead

Minimizes signaling overhead

Full PW mesh from the edge

Full PW mesh among core

devices

Node discovery and

provisioning extends end to end

Partitions node discovery process

VPLS

H-VPLS
CE

PE
CE

CE
PE

NPE

PE

UPE

CE
CE

PE

PE

CE

NPE

NPE

CE
PE

PE

CE

UPE

U-PE

NPE
CE

CE

CE

NPE
CE

PE

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-8

H-VPLS Edge: 802.1ad (802.1QinQ)

802.1ad is the IEEE standard for QinQ.
802.1ad outer EtherType: 0x88a8
802.1Q Ethertype: 0x8100
802.3

802.1Q

Full mesh of
pseudowires

802.1ad

MPLS

CEs

Customer
switches

DA

DA

SA

Ethertype

Inner VLAN

SA

Ethertype

Outer VLAN

Customer-applied
VLAN tag (CE VLAN)

DA

SA

NPE
Ethertype

Inner VLAN

PDU

Inner EtherType
0x8100

PDU

802.1Q EtherType 0x8100

2012 Cisco and/or its affiliates. All rights reserved.

NPE

UPE

Outer EtherType:
0x88a8 (802.1ad)

SP-applied VLAN (PE VLAN)

for customer isolation

SPEDGE v1.04-9

H-VPLS Edge: MPLS

PW full mesh in core:
- Split-horizon for loop avoidance

Hub and spoke access PW for access:

- Only one PW per UPE (per service instance) active at
a time

802.3

802.1Q

Single or redundant pseudo-wires

Full mesh of
pseudowires

Active pseudowire
MPLS
in core

MPLS in edge

CEs

Customer
switches

UPE

NPE

Inactive pseudowire

NPEs
One or several redundant
pseudowires to NPE

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-10

VPLS and H-VPLS Evaluation

Flat VPLS

H-VPLS

Pros

Simple provisioning

Suitable for large environments

Reduced replication and signaling
overhead on NPEs
Expansion affects new nodes only

Cons

Scalability limitation to small

environments
PE packet replication
Directed LDP full mesh
n * (n-1)/2 sessions

More complicated provisioning

More complex design and
operations
More expensive hardware for
MPLS-based access

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-11

VPLS Neighbor Autodiscovery

Requires special address family for MP-BGP neighbors
- address-family l2vpn vpls-vpws

Available for VPLS and VPWS

Two signaling methods: LDP and BGP
- Both methods use VLAN IDs, RDs, and RTs to limit discovery scope.
CE
PE

PE

PW full mesh can be

autodiscovered.

CE

PE

PE

CE

CE
PE

CE

2012 Cisco and/or its affiliates. All rights reserved.

PE

CE

SPEDGE v1.04-12

Implementing VPLS and H-VPLS

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-13

VPLS and H-VPLS Configuration Procedure

Prepare MPLS infrastructure:
- PE routers must have a /32 address on their loopbacks.
- PE loopback addresses cannot be summarized in the core.
- Ensure MTU sizes in the core are large enough.

Enable Layer 2 frame transport on both endpoint attachment circuits.

Make sure MTU is the same on both endpoint interfaces.
Configure bridge group and bridge domain.
Assign interface(s) to the bridge domain.
Configure VFI with statically defined PWs or neighbor autodiscovery.

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-14

VPLS Configuration
10.3.1.1

PE3
CE1

VLAN
tag 10

10.1.1.1 PW: 6

MPLS PW: 8
PE1

PE1:
interface Loopback0
ipv4 address 10.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0/0.10
l2transport
encapsulation dot1q 10
!
l2vpn
bridge group VPLS-group1
bridge-domain VPLS-domain1
interface GigabitEthernet0/0/0/0.10
exit
vfi VPLS-vfi1
neighbor 10.2.1.1 pw-id 4
neighbor 10.3.1.1 pw-id 6

2012 Cisco and/or its affiliates. All rights reserved.

PW: 4

10.2.1.1

VLAN
tag 10

CE2

PE2
PE2:
interface Loopback0
ipv4 address 10.2.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0/0.10
l2transport
encapsulation dot1q 10
!
l2vpn
bridge group VPLS-group1
bridge-domain VPLS-domain1
interface GigabitEthernet0/0/0/0.10
exit
vfi VPLS-vfi1
neighbor 10.1.1.1 pw-id 4
neighbor 10.3.1.1 pw-id 8

SPEDGE v1.04-15

VPLS Configuration with VLAN Rewrite

10.3.1.1

PE3
CE1

VLAN
tag 10

10.1.1.1 PW: 6

MPLS PW: 8
PE1

PE1:
interface Loopback0
ipv4 address 10.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0/0.10
l2transport
encapsulation dot1q 10
rewrite ingress tag translate 1-to-1
dot1q 99 symmetric
!
l2vpn
bridge group VPLS-group1
bridge-domain VPLS-domain1
interface GigabitEthernet0/0/0/0.10
exit
vfi VPLS-vfi1
neighbor 10.2.1.1 pw-id 4
neighbor 10.3.1.1 pw-id 6

2012 Cisco and/or its affiliates. All rights reserved.

VLAN
tag 99

PW: 4

10.2.1.1

VLAN
tag 30

CE2

PE2

PE2:
interface Loopback0
ipv4 address 10.2.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0/0.30
l2transport
encapsulation dot1q 30
rewrite ingress tag translate 1-to-1
dot1q 99 symmetric
!
l2vpn
bridge group VPLS-group3
bridge-domain VPLS-domain3
interface GigabitEthernet0/0/0/0.30
exit
vfi VPLS-vfi3
neighbor 10.1.1.1 pw-id 4
neighbor 10.3.1.1 pw-id 8

SPEDGE v1.04-16

H-VPLS with QinQ Access

CE-SW1
802.1Q

Outer QinQ
PW: 6
VLAN 10 10.1.1.1

Fa0/1
Fa0/2
P-SW1
200

PW: 4

PE1

P-SW1:
interface FastEthernet0/1
description CE-SW
switchport access vlan 10
switchport mode dot1q-tunnel
!
interface FastEthernet0/2
description N-PE
switchport mode trunk

10.3.1.1
Outer QinQ

MPLS

10
200

2012 Cisco and/or its affiliates. All rights reserved.

PE3

99
200

10.2.1.1 VLAN 30
PW: 8
PE2

CE-SW2
802.1Q

Fa0/1
Fa0/2
P-SW2
30
200

200

PE1:
interface Loopback0
ipv4 address 10.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0/0.10 l2transport
encapsulation dot1q 10 second-dot1q any
rewrite ingress tag translate 1-to-1 dot1q 99
symmetric
!
l2vpn
bridge group VPLS-group1
bridge-domain VPLS-domain1
interface GigabitEthernet0/0/0/0.10
exit
vfi VPLS-vfi1
neighbor 10.2.1.1 pw-id 4
neighbor 10.3.1.1 pw-id 6
SPEDGE v1.04-17

Verifying VPLS Operation

RP/0/RSP0/CPU0:PE3# show l2vpn bridge-domain detail
Sat Nov 26 13:48:47.127 UTC
Bridge group: VPLS-group3, bridge-domain: VPLS-domain3, id: 1, state: up, ShgId: 0,
MSTi: 0
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 2
Filter MAC addresses:
Create time: 26/11/2011 11:38:38 (02:10:08 ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 1 (1 up), PBBs: 0 (0 up)
< to be continued>

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-18

Verifying VPLS Operation (Cont.)

List of ACs:
AC: GigabitEthernet0/0/0/0.30, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [30, 30]
MTU 1504; XC ID 0x840001; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 31686, sent 27420
bytes: received 2156476, sent 1911176
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
<to be continued>
2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-19

Verifying VPLS Operation (Cont.)

List of Access PWs:
List of VFIs:
VFI VPLS-vfi3
PW: neighbor 10.7.1.1, PW ID 64500:10, state is up ( established )
PW class not set, XC ID 0xfffc0005
Encapsulation MPLS, Auto-discovered (BGP), protocol LDP
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS
-----------Label
BGP Peer ID
LDP ID
AII
AGI
Group ID
Interface
MTU
Control word
PW type
VCCV CV type

Local
-----------------------------30000
10.3.1.1
10.3.1.1
10.3.1.1
64500:10
0x1
VPLS-vfi3
1500
disabled
Ethernet
0x2
(LSP ping verification)
VCCV CC type 0x6
(router alert label)
(TTL expiry)
------------ -----------------------------<output truncated>
2012 Cisco and/or its affiliates. All rights reserved.

Remote
------------------------16002
10.7.1.1
10.7.1.1
10.7.1.1
64500:10
0x1
VPLS-vfi7
1500
disabled
Ethernet
0x2
(LSP ping verification)
0x6
(router alert label)
(TTL expiry)
-------------------------

SPEDGE v1.04-20

Summary
VPLS neighbors can be configured manually or learned by the
autodiscovery process.
VPLS is implemented using bridge groups, bridge domains, and VFIs.

2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-21

 2012 Cisco and/or its affiliates. All rights reserved.

SPEDGE v1.04-22