Implementation and Utilization of Layer 2 VPN Technologies: BRKAGG-2000

Implementation and Utilization of Layer 2 VPN Technologies
BRKAGG-2000
BRKAGG-2000 14555_04_2008_c1
2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr
General Prerequisites
Spanning Tree problems and Data Center knowledge Why L2VPN technology is becoming ever important to service providers and enterprise Good understanding of L2VPN technology pseudowires (PWs) operation (AToM, L2TPv3) Basic understanding of network design principles Familiarity with quality of service principles; application will be discussed, with examples Basic understanding of MPLS traffic engineering (MPLS-TE) concepts
BRKAGG-2000 14555_04_2008_c1
Cisco Public
L2VPN Deployment Objectives

Quick review of the motivating factors for L2VPN adoption Outline common service requirements for L2VPN and how they are being addressed by Service Providers and Enterprise Quick overview EoMPLS and VPLS Using Traffic Engineering with Layer 2 VPN Position Layer 2 VPN for Data Center
BRKAGG-2000 14555_04_2008_c1
Cisco Public
Summary Technology
AToM/L2TPv3 EoMPLS VPLS TrafficEngineering
BRKAGG-2000 14555_04_2008_c1
Cisco Public
Deployment Objectives
BRKAGG-2000 14555_04_2008_c1
Cisco Public
Why Is L2VPN Needed?

It allows SP and Enterprise to have a single infrastructure for both IP and legacy services
For SP Move legacy ATM/FR traffic to MPLS/IP core without interrupting current services Enterprise allow them to build better DataCenter and spam across L2 AC across WAN/MPLS and provide better HA
Help SP provide new P2P Layer 2 tunnelling services

Customer can have its own routing, QoS policy, etc.
A migration step towards IP/MPLS VPN
BRKAGG-2000 14555_04_2008_c1
Cisco Public
Benefits for L2VPNs

New service opportunities:
Virtual leased line service Offer PVC-like Layer 2-based service
Reduced costconsolidate multiple core technologies into a single packet-based network infrastructure Simplify servicesLayer 2 transport provides options for service providers who need to provide L2 connectivity and maintain customer autonomy Protect existing investmentsGreenfield networks to extend customer access to existing Layer 2 networks without deploying a new separate infrastructure Feature supportthrough the use of Cisco IOS features such as IPsSec, QoS, and Traffic Engineering, L2 transport can be tailored to meet customer requirements
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
L2VPN Models
L2VPN Models
Local Switching
MPLS Core
IP Core
CE-TDM VPWS AToM Like-to-Like OR Any-to-Any Point-to-Point P2MP/ MP2MP VPLS L2TPv3 Any-to-Any Service Point-to-Point
T1/E1
Ethernet FR ATM AAL5/Cell PPP/ HDLC FR ATM AAL5/Cell PPP/ HDLC
Ethernet
Ethernet
9
Motivation for L2VPNs
Ive Really Got to Consolidate These Networks
IP/IPSec
MPLS or IP
IP/IPSec
FR/ATM Broadband ATM Ethernet
FR/ATM Broadband
Ethernet
SONET
Access
Access
Multiple Access Services Require Multiple Core Technologies = $$$ High Costs/Complex Management
10
Generic L2 VPN Architecture

Emulated VC/PW
L2
VC PSN
Attachment Circuit
Tunnel VC
Emulated VC
L2
Tunnels (MPLS, L2TPv3, GRE, IPSec, etc.) Emulated VCs (pseudowires) inside tunnels (many-to-one)
Attachment Circuit
Attachment VCs (e.g., FR DLCI, PPP) mapped to emulated VCs

11
Motivation for L2VPNs

New Service Growth
How Can I Leverage My Packet Infrastructure?

Edge Packet Switched Network
Existing Infrastructure
Ethernet
MSE MPLS/IP
Broadband Access
Frame Relay ATM
Trunk Replacement
Reduce overlapping core expense; consolidate trunk lines Offer multiservice/common interface (i.e. Ethernet MUX = L2, L3 and Internet) Maintain existing revenues from legacy services
12
New Evolution for Circuit Emulation

Radio Access Network Backbone Network
MSC BSC/RNC MGW
SS7oIP
BTS/NodeB
RAN Edge
GMSC
PSTN
ITP
Pre-Aggregation Site
IP/MPLS Backbone Pseudo Wires
Broadband Ethernet Backhaul
MSC Server
Abis/Iub Optimization
MGW IP POP at cellsite PW/Abis/Iub IP/MPLS

SONET/SDH/Ethernet/DSL
BRKAGG-2000 14555_04_2008_c1
SGSN
Internet
GGSN
FR/ATM IP/MPLS SONET/SDH

Cisco Public
13
L2VPN Deployment
Laying the Groundwork for Successful Deployment

The Need to Knows of Your Infrastructure: What is the aggregate bandwidth requirements for converged services? What are the minimum platform requirements to run the planned services? What software features will be required to meet all of my planned needs?such as:
L2VPN functionality (like-to-like, any-to-any, etc.) VPLS functionality (point-to-multipoint) Q-in-Q OAM requirements IGP, EGP, and TE requirements Cisco Express Forwarding (CEF, dCEF)
BRKAGG-2000 14555_04_2008_c1
Cisco Public
14
Ethernet over MPLS Overview
BRKAGG-2000 14555_04_2008_c1
Cisco Public
15
EoMPLS Reference Model

Physical Connectivity
Customer A
10720 Switch MPLS Enabled PE P Targeted LDP Session Between PE Routers 12000 MPLS Enabled PE 10720
Customer A
Switch
Site#1
Site#2
Logical Connectivity
Switch BPDUs, VTP Messages Switch
BRKAGG-2000 14555_04_2008_c1
Cisco Public
16
A Typical Configuration: EoMPLS VLAN

R201 10.0.0.201 R202 10.0.0.202 R203 10.0.0.203 e0/0.10 R200 CE e0/0.10 PE
dot1Q 10 10.10.10.200/24
e1/0
e1/0 P LDP Targeted LDP
e2/0
e2/0 PE
e0/0.10 e0/0.10
dot1Q 10 10.10.10.204/24
10.1.1.0/24
10.1.2.0/24
R204 CE
LDP
hostname R201 ! ip cef mpls ip mpls label protocol ldp mpls ldp router-id Loopback0 force ! interface Loopback0 ip address 10.0.0.201 255.255.255.255 ! interface Ethernet0/0.10 description *** To R200 *** encapsulation dot1Q 10 no ip directed-broadcast no cdp enable xconnect 10.0.0.203 10 encapsulation mpls
hostname R203 ! ip cef mpls ip mpls label protocol ldp mpls ldp router-id Loopback0 force ! interface Loopback0 ip address 10.0.0.203 255.255.255.255 ! pseudowire-class eompls encapsulation mpls ! interface Ethernet0/0.10 description *** To R204 encapsulation dot1Q 10 no ip directed-broadcast no cdp enable xconnect 10.0.0.201 10 pw-class eompls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
17
Calculating MTU Requirements for the Core

Core MTU Edge MTU + Transport Header + AToM Header + (MPLS Label Stack * MPLS Header Size) Edge MTU is the MTU configured in the CE-facing PEs interface Examples (all in bytes):
Edge Transport AToM MPLS Stack MPLS Header Total
EoMPLS Port Mode
1500
14
4 [0]
1526 [1522] 1530 [1526] 1530 [1526]
EoMPLS VLAN Mode
1500
18
4 [0]
EoMPLS Port w/ TE FRR
1500
14
4 [0]
BRKAGG-2000 14555_04_2008_c1
Cisco Public
18
L2 VPN Interworking
BRKAGG-2000 14555_04_2008_c1
Cisco Public
19
Interworking Modes and Features

The AC are terminated locally!!! There are two types of Interworking (a.k.a. any-2-any)
Ethernet (AKA bridged)Ethernet frames are extracted from the AC and sent over the PW; VLAN Tag is removed; CEs can run Ethernet, BVI, or RBE IP (a.k.a. routed)IP packets are extracted from the AC and sent over the PW
AToM Frame Relay to Ethernet/VLAN Frame Relay to PPP Frame Relay to ATM AAL5 Ethernet/VLAN to ATM AAL5 Ethernet to VLAN
L2TPv3
Yes Yes No No Yes
IP Mode
Yes Yes Yes Yes Yes
Ethernet
Yes No No Yes Yes
20
Yes Yes Yes Yes Yes
10
Configuration Example Frame-Relay to Ethernet

Frame Link frame-relay switching ! pseudowire-class atom_fr_vlan encapsulation mpls interworking ip ! interface POS3/0 encapsulation frame-relay clock source internal frame-relay lmi-type ansi frame-relay intf-type dce ! connect fr-vlan POS3/0 210 l2transport xconnect 192.168.200.2 210 pw-class atom_fr_vlan Ethernet/VLAN Link frame-relay switching ! pseudowire-class atom_vlan_fr encapsulation mpls interworking ip ! interface GigabitEthernet4/0.310 encapsulation dot1Q 310 xconnect 192.168.200.1 210 pw-class atom_vlan_fr
MPLS/IP
VLAN 310 DLCI 210
interface POS5/0.210 point-to-point ip address 172.16.1.1 255.255.255.0 frame-relay interface-dlci 210
interface GigabitEthernet6/0.310 encapsulation dot1Q 310 ip address 172.16.1.2 255.255.255.0
BRKAGG-2000 14555_04_2008_c1
Cisco Public
21
Local Switching InterWorking

interface Serial1/0/1:0 encapsulation frame-relay MFR100 ! interface Serial1/0/2:0 encapsulation frame-relay MFR100 ! interface Serial1/0/3:0 encapsulation frame-relay MFR100 ! interface MFR100 frame-relay lmi-type ansi frame-relay intf-type dce ! interface GigabitEthernet0/1.10 encapsulation dot1Q 10
connect FR_to_Ether MFR100 Ethernet0/1.10 interworking ip
Ethernet0/1.20 speed 100
PE1
PPP/HDLC
MFR
T1/E1 Total 6.144 Mbps CE
Ethernet0/1.10 speed 100
CE3
CE2-HUB
BRKAGG-2000 14555_04_2008_c1
Cisco Public
22
11
VPLS Introduction
BRKAGG-2000 14555_04_2008_c1
Cisco Public
23
VPLS Introduction Pseudo Wire Refresher VPLS Architecture VPLS Configuration Example VPLS Deployment Summary
BRKAGG-2000 14555_04_2008_c1
Cisco Public
24
12
Virtual Private LAN Service (VPLS)

VPLS defines an architecture allows MPLS networks offer Layer 2 multipoint Ethernet Services SP emulates an IEEE Ethernet bridge network (virtual) Virtual Bridges linked with MPLS Pseudo Wires
Data Plane used is same as EoMPLS (point-to-point)
VPLS is an Architecture
CE
PE
PE
CE
CE
25
Virtual Private LAN Service

End-to-end architecture that allows MPLS networks to provide Multipoint Ethernet services It is Virtual because multiple instances of this service share the same physical infrastructure It is Private because each instance of the service is independent and isolated from one another It is LAN Service because it emulates Layer 2 multipoint connectivity between subscribers
BRKAGG-2000 14555_04_2008_c1
Cisco Public
26
13
Why Provide a Layer 2 Service?

Customer have full operational control over their routing neighbours Privacy of addressing space - they do not have to be shared with the carrier network Customer has a choice of using any routing protocol including non IP based (IPX, AppleTalk) Customers could use an Ethernet switch instead of a router as the CPE A single connection could reach all other edge points emulating an Ethernet LAN (VPLS)
BRKAGG-2000 14555_04_2008_c1
Cisco Public
27
VPLS Is Defined in IETF

VPWS, VPLS, IPLS Application ISOC
General
L2VPN Formerly PPVPN workgroup
IAB Internet
L3VPN BGP/MPLS VPNs (RFC 4364 was 2547bis) IP VPNs using Virtual Routers (RFC 2764) CE based VPNs using IPsec
PWE3 IETF Ops and Mgmt
Routing
MPLS Pseudo Wire Emulation edge-to-edge Forms the backbone transport for VPLS
Security
Transport As of 2-Nov-2006
28
14
VPLS Components
Pseudo Wires within LSP Virtual Switch Interface (VSI) terminates PW and provides Ethernet bridge function Attachment circuits Port or VLAN mode Mesh of LSP between N-PEs
CE router
N-PE
N-PE
CE router
CE router
CE router
CE switch
MPLS Core
CE switch
Targeted LDP between PEs to exchange VC labels for Pseudo Wires
CE router CE switch
Attachment CE can be a switch or router
BRKAGG-2000 14555_04_2008_c1
N-PE
2008 Cisco Systems, Inc. All rights reserved. Cisco Public
29
Virtual Switch Interface

Flooding/Forwarding
MAC table instances per customer (port/vlan) for each PE VFI will participate in learning and forwarding process Associate ports to MAC, flood unknowns to all other ports
Address Learning/Aging
LDP enhanced with additional MAC List TLV (label withdrawal) MAC timers refreshed with incoming frames
Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS) Unidirectional LSP carries VCs between pair of N-PE Per A VPLS use split horizon concepts to prevent loops
30
15
VPLS Architecture
BRKAGG-2000 14555_04_2008_c1
Cisco Public
31
VPLS TopologyPE View

CEs
PEs
MPLS
Full Mesh LDP Ethernet PW to each peer
PE view
Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection Full mesh topology obviates STP in the SP network Customer STP is transparent to the SP/Customer BPDUs are forwarded transparently
32
16
VPLS TopologyCE View

CEs
PEs
MPLS
Full Mesh LDP Ethernet PW to each peer
PE view
CE routers/switches see a logical Bridge/LAN VPLS emulates a LAN but not exactly
This raises a few issues which are discussed later
BRKAGG-2000 14555_04_2008_c1
Cisco Public
33
VPLS Functional Components

Customer MxUs SP PoPs Customer MxUs
CE
U-PE
N-PE
MPLS Core
N-PE
U-PE
CE
N-PE provides VPLS termination/L3 services U-PE provides customer UNI CE is the customer device
34
17
Why H-VPLS?
VPLS
PE CE CE PE PE CE PE-rs MTU-s
H-VPLS
CE CE PE PE CE PE-rs PE-rs
CE CE PE PE PE-rs PE-rs PE-rs CE PE CE PE-r
CE
CE
Potential signaling overhead Full PW mesh from the Edge Packet replication done at the Edge Node Discovery and Provisioning extends end to end
Minimizes signaling overhead Full PW mesh among Core devices Packet replication done the Core Partitions Node Discovery process
35
Ethernet Edge Topologies

Full Service CPE Efficient Access U-PE Large Scale Aggregation PE-AGG Intelligent Edge N-PE Multiservice Core P Intelligent Edge N-PE Efficient Access U-PE Full Service CPE
Si
Metro A
User Facing Provider Edge (U-PE) U-PE PE-AGG Hub and Spoke
Si
Metro C
10/100/ 1000 Mbps
GE Ring
10/100/ 1000 Mbps
P N-PE
U-PE
MPLS VPLS Metro B N-PE P DWDM/ CDWM P RPR

10/100/ 1000 Mbps
N-PE U-PE Network Facing Provider Edge (N-PE)

10/100/ 1000 Mbps
U-PE Metro D
36
18
VFI and Split Horizon (VPLS, EE-H-VPLS)

This traffic will not be replicated out PW #2 and visa versa
CE
1 1 1 1
Pseudo Wire #1 1 2 1 2 1 3 3 3 3 3
N-PE2
CE
2 2 2 2
VFI
3 3 3 3 3 2 2 2 2 2
Pseudo Wire #2
N-PE3
3 3
Broadcast /Multicast
N-PE1
Virtual Forwarding Interface
Bridging Function (.1Q or QinQ)
Pseudo Wires
Local Switching
Split Horizon Active
Virtual Forwarding Interface is the VSI representation in IOS

Single interface terminates all PWs for that VPLS instance This model applicable in direct attach and H-VPLS with Ethernet Edge
37
VFI and No Split Horizon (ME-H-VPLS)

CE
Split Horizon disabled
Pseudo Wire #1
U-PE CE
N-PE2
3 3
Pseudo Wire #3 3 3 3 3 3
VFI
2 2 2 2 2
Pseudo Wire #2
Unicast
N-PE3
N-PE1
Virtual Forwarding Interface
Pseudo Wire MPLS Based
Pseudo Wires
NO Split Horizon
Split Horizon Active
This model applicable H-VPLS with MPLS Edge

PW #1, PW #2 will forward traffic to PW #3 (non split horizon port)
BRKAGG-2000 14555_04_2008_c1
Cisco Public
38
19
VPLS Configuration Example
BRKAGG-2000 14555_04_2008_c1
Cisco Public
39
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
40
20
Direct Attachment Configuration (C7600)
1.1.1.1
2.2.2.2
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
CE2
gi4/4
pos3/0
pos3/1
VLAN100
PE3
gi4/2 3.3.3.3 VLAN100
CE2
CEs are all part of same VPLS instance (VCID = 56)

CE router connects using VLAN 100 over sub-interface
41
Direct Attachment CE Router Configuration

interface GigabitEthernet 2/1.100 encapsulation dot1q 100 ip address 192.168.20.1 interface GigabitEthernet 1/3.100 encapsulation dot1q 100 ip address 192.168.20.2
CE1
CE2
Subnet 192.168.20.0/24
VLAN100 VLAN100
interface GigabitEthernet 2/0.100 encapsulation dot1q 100 ip address 192.168.20.3
CE2
VLAN100
CE routers sub-interface on same VLAN

Can also be just port based (NO VLAN)
42
21
Direct Attachment VSI Configuration

l2 vfi VPLS-A manual vpn id 56 neighbor 2.2.2.2 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls l2 vfi VPLS-A manual vpn id 56 neighbor 1.1.1.1 encapsulation mpls neighbor 3.3.3.3 encapsulation mpls
1.1.1.1
2.2.2.2
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
CE2
gi4/4
pos3/0
pos3/1
VLAN100
PE3
gi4/2 3.3.3.3 VLAN100
CE2
l2 vfi VPLS-A manual vpn id 56 neighbor 2.2.2.2 encapsulation mpls neighbor 1.1.1.1 encapsulation mpls
Create the Pseudo Wires between N-PE routers

BRKAGG-2000 14555_04_2008_c1
Cisco Public
43
Direct Attachment CE Router (VLAN Based)

Same set of commands on each PE Configured on the CE facing interface
1.1.1.1 2.2.2.2
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
CE2
gi4/4
pos3/0
3.3.3.3 VLAN100
Interface GigabitEthernet3/0 pos3/1 switchport switchport mode trunk switchport trunk encapsulation dot1q switchport trunk allowed vlan 100 ! PE3 Interface vlan 100 gi4/2no ip address xconnect vfi VPLS-A CE2 ! vlan 100 state active
VLAN100
This command associates the VLAN with the VPLS instance VLAN100 = VCID 56
BRKAGG-2000 14555_04_2008_c1
Cisco Public
44
22
Direct Attachment
H-VPLS
Sample Output
45
Direct Attachment CE Switch (Port Based)

If CE was a switch instead of a router then we can use QinQ QinQ places all traffic (tagged/untagged) from switch into a VPLS
1.1.1.1 2.2.2.2
CE1
gi3/0 All VLANs
PE1
pos4/1
MPLS Core
pos4/3
PE2
CE2
gi4/4
pos3/0
3.3.3.3 All VLANs
Interface GigabitEthernet3/0 pos3/1 switchport switchport mode dot1qtunnel switchport access vlan 100 l2protocol-tunnel stp ! PE3 Interface vlan 100 gi4/2 no ip address xconnect vfi VPLS-A ! CE2 vlan 100 state active
All VLANs
This command associates the VLAN with the VPLS instance VLAN100 = VCID 56
BRKAGG-2000 14555_04_2008_c1
Cisco Public
46
23
Direct Attachment
H-VPLS
Sample Output
47
H-VPLS Configuration (C7600/3750ME)
U-PE1
Cisco 3750ME
1.1.1.1
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
pos4/1 gi3/0 pos3/0 pos3/1 pos4/3 gi4/4 gi1/1/1 fa1/0/1
N-PE1
N-PE2 CE1
CE1
CE2 CE2 CE1
3.3.3.3 gi4/2
N-PE3
CE2
Cisco 3750ME
U-PE3
U-PEs provide services to customer edge device

CE traffic then carried in QinQ or EoMPLS PW to N-PE PW VSI mesh configuration is same as previous examples
48
24
Direct Attachment
H-VPLS
Sample Output
49
H-VPLS QinQ Tunnel (Ethernet Edge)

U-PE carries all traffic from CE using QinQ
Outer tag is VLAN100, inner tags are customers
U-PE1
Cisco 3750ME 1.1.1.1 2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
pos4/1 pos4/3 gi4/4 gi1/1/1 pos3/0 pos3/1 fa1/0/1 gi3/0
Interface GigabitEthernet4/4 switchport switchport mode trunk N-PE1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 100 ! Interface vlan 100 no CE1 ip address CE2 xconnect vfi VPLS-A ! vlan 100 CE2 state active
N-PE2 CE1
3.3.3.3 gi4/2
N-PE3
interface FastEthernet1/0/1 switchport switchport access vlan 100 switchport mode dot1q-tunnel U-PE3 switchport trunk allow vlan 1-1005 Cisco 3750ME ! interface GigabitEthernet 1/1/1 switchport switchport mode trunk switchport allow vlan 1-1005
CE2
CE1
BRKAGG-2000 14555_04_2008_c1
Cisco Public
50
25
Direct Attachment
H-VPLS
Sample Output
51
H-VPLS EoMPLS PW Edge (VLAN Based)

CE interface on U-PE can be access or trunk port
xconnect per VLAN is required
U-PE1
Cisco 3750ME 1.1.1.1 2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
Interface GigabitEthernet4/4 no switchport ip address 156.50.20.1 255.255.255.252 N-PE1 mpls ip ! l2 vfi VPLS-A manual vpn id 56 neighbor encapsulation mpls CE1 1.1.1.1 CE2 neighbor 3.3.3.3 encapsulation mpls neighbor 4.4.4.4 encaps mpls no-split
N-PE2 CE1
3.3.3.3 gi4/2
CE2 CE1
N-PE3 FastEthernet1/0/1 interface switchport switchport access vlan 500 ! interface vlan500 U-PE3 xconnect 2.2.2.2 56 encapsulation mpls Cisco 3750ME ! interface GigabitEthernet1/1/1 no switchport ip address 156.50.20.2 255.255.255.252 mpls ip
CE2
Ensures CE traffic passed on PW to/from U-PE
BRKAGG-2000 14555_04_2008_c1
Cisco Public
52
26
Direct Attachment
H-VPLS
Sample Output
53
H-VPLS EoMPLS PW Edge (Port Based)

CE interface on U-PE can be access or trunk port
xconnect for entire PORT is required
U-PE1
Cisco 3750ME 1.1.1.1 2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
Interface GigabitEthernet4/4 no switchport ip address 156.50.20.1 255.255.255.252 N-PE1 mpls ip ! l2 vfi PE1-VPLS-A manual vpn id 56 neighbor encapsulation mpls CE1 1.1.1.1 CE2 neighbor 3.3.3.3 encapsulation mpls neighbor 4.4.4.4 encaps mpls no-split
N-PE2 CE1
3.3.3.3 gi4/2
CE2 CE1
N-PE3 FastEthernet1/0/1 interface no switchport xconnect 2.2.2.2 56 encapsulation mpls ! interface GigabitEthernet1/1/1 U-PE3 no Cisco switchport 3750ME ip address 156.50.20.2 255.255.255.252 mpls ip
CE2
Ensures CE traffic passed on PW to/from U-PE
BRKAGG-2000 14555_04_2008_c1
Cisco Public
54
27
Direct Attachment
H-VPLS
Sample Output
55
show mpls l2 vc
U-PE1
Cisco 3750ME
1.1.1.1
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
pos4/1 gi3/0 pos3/0 pos3/1 pos4/3 gi4/4 gi1/1/1 fa1/0/1
N-PE1
N-PE2 CE1
CE1
CE2 CE2 CE1
3.3.3.3 gi4/2
N-PE3
CE2
Local intf ------------VFI VPLS-A VFI VPLS-A
NPE-A#show mpls l2 vc Local circuit Dest address ------------- ------------VFI 1.1.1.1 VFI 3.3.3.3
Cisco 3750ME
U-PE3
VC ID -----10 10
Status -----UP UP
BRKAGG-2000 14555_04_2008_c1
Cisco Public
56
28
show mpls l2 vc detail
U-PE1
Cisco 3750ME
1.1.1.1
Use VC Label 19
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
pos4/3
Use VC Label 23
pos4/1 gi3/0 pos3/0 pos3/1
gi4/4 gi1/1/1
fa1/0/1
N-PE1
N-PE2 CE1
CE1
CE2 CE2 CE1
3.3.3.3 NPE-2#show mpls l2 vc detail N-PE3 Local interface: VFI VPLS-A up gi4/2 Destination address: 1.1.1.1, VC ID: 10, VC status: up Tunnel label: imp-null, next hop 156.50.20.1 Output interface: POS4/3, imposed label stack {19} Create time: 1d01h, last status U-PE3 change time: 00:40:16 Signaling protocol: LDP, peer 1.1.1.1:0 Cisco 3750ME up MPLS VC labels: local 23, remote 19
CE2
BRKAGG-2000 14555_04_2008_c1
Cisco Public
57
PW Redundancy Concepts
BRKAGG-2000 14555_04_2008_c1
Cisco Public
58
29
PW High Availability
PE1 P1 P3 PE3
Site1 PE2
P2
P4 PE4 CE2
Site2
CE1
Failure in the Provider core mitigated with link redundancy and FRR PE router failure PE Diversity Attachment Circuit failure Need Pair of Attachment Ckts end-to-end CE Router failure Redundant CEs
59
PW High Availability
PE1 P1 P3 PE3
Site1 PE2
P2
P4 PE4 CE2
Site2
CE1
Failure in the Provider core mitigated with link redundancy and FRR PE router failure PE Diversity Attachment Circuit failure Need Pair of Attachment Ckts end-to-end CE Router failure Redundant CEs
60
30
L2VPN NetworksDual Homed PW Sites Without Redundancy Feature

interface e 1/0.1 encapsulation dot1q 10 xconnect <PE3 router ID> <VCID> encapsulation mpls
PE1
x P1 P3
PE3
Site1 PE2 CE1
P2
P4 PE4 CE2 CE3
Site2
Interface e1/0.1 encapsulation dot1q 10 xconnect <PE4 router ID> <VCID> encapsulation mpls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
61
High Availability in L2VPN Networks

PE3 PE1 P1 Site1 Primary Standby P2 P4 Site2 P3 Primary
Primary PE4
The TCP session between two LDP peers may go down due to HW/SW failure (RP switchover) If PE3 fails, traffic will be dropped Need PW-redundancy so that pw can be re-routed to the redundant router i.e. PE4
62
31
Dual Homed PW Sites with Redundancy Feature
PE1
x P1 P3
PE3 CE2
Site1 PE2
P2
P4 PE4 CE3
Site2
CE1
pe1(config)#int e 0/0.1 pe1(config-subif)#encapsulation dot1q 10 pe1(config-subif)# xconnect <PE3 router ID> <VCID> encapsulation mpls pe1(config-subif-xconn)#backup peer <PE4 router ID> <VCID>
BRKAGG-2000 14555_04_2008_c1
Cisco Public
63
PW RedundancyManual Switchover
pe1>xconnect backup force-switchover peer 192.168.1.3 10
Maintenance Required PE3 P1 P3 CE2
PE1
CE1
Site1 PE2
P2
P4 PE4 CE3
Site2
interface Ethernet0/0.1 encapsulation dot1Q 10 xconnect 192.168.1.3 10 encapsulation mpls backup peer 192.168.1.4 10 backup delay 3 10
pe1#sh mpls l2transport vc 10 Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------Et0/0.1 Eth VLAN 20 192.168.1.3 10 UP Et0/0.1 Eth VLAN 20 192.168.1.4 10 DOWN
pe1#sh mpls l2transport vc 10 Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------Et0/0.1 Eth VLAN 20 192.168.1.3 10 DOWN Et0/0.1 Eth VLAN 20 192.168.1.4 10 UP
BRKAGG-2000 14555_04_2008_c1
Cisco Public
64
32
PW RedundancyConfig Examples (1/2)

Example 1: MPLS xconnect with 1 redundant peer. The debounce timer is set to 3 seconds so that we dont allow a switchover until the connection has been deemed down for 3 seconds.
interface serial0/0 xconnect 10.0.0.1 100 encapsulation mpls backup peer 10.0.0.2 200 backup delay 3 10
Example 2: xconnect with 1 redundant peer. In this example, once a switchover occurs, we will not fallback to the primary until the secondary xconnect fails.
pseudowire-class test encapsulation mpls ! connect frpw1 serial0/1 50 l2transport xconnect 20.0.0.1 50 pw-class test backup peer 20.0.0.2 50 backup delay 0 never
BRKAGG-2000 14555_04_2008_c1
Cisco Public
65
PW RedundancyConfig Examples
Example 3: Local-switched connection between ATM and FR using Ethernet interworking. The FR circuit is backed up by a MPLS pseudowire
pseudowire-class test encapsulation mpls interworking ethernet connect atm-fr atm1/0 100/100 E0/0.10 100 interworking ethernet backup peer 1.1.1.1 100 pw-class test..
PE2-Backup 1.1.1.1
r201
atm4/0 atm4/0 pe ce
f0/0.10 f0/0.10
ce
Example 4: xconnect with 1 redundant peer. In this example, the switchover will not begin unless the pseudowire has been down for 3 seconds. Once a switchover occurs, we will not fallback to the primary has been re-established and UP for 10 seconds.z`
pseudowire-class test encapsulation mpls connect frpw1 serial0/1 50 l2transport xconnect 20.0.0.1 50 pw-class test backup peer 20.0.0.2 50 backup delay 3 10
BRKAGG-2000 14555_04_2008_c1
Cisco Public
66
33
Tunnel Selection
BRKAGG-2000 14555_04_2008_c1
Cisco Public
67
What If the Core Uses Traffic Engineering?

Need to Use the Command preferred-path {interface | peer} Under the pseudowire-class; Have in Mind That:
The selected path must be a label switched path (LSP) destined to the peer PE router If you specify a tunnel (selecting interface):
The tunnel must be an MPLS traffic engineering tunnel The tunnel tailend must be on the remote PE router
If you specify an IP address (selecting peer):

The address must be the IP address of a loopback interface on the remote PE router, not necessarily the LDP router-id address; peer means targeted LDP peer The address must have a /32 mask There must be an LSP destined to that selected address The LSP does not have to be a TE tunnel
BRKAGG-2000 14555_04_2008_c1
Cisco Public
68
34
Forwarding Traffic into a TE Tunnel

Static routing Policy routing
Global table onlynot from VRF at present
Autoroute Forwarding Adjacency AToM Tunnel Selection Class Based Tunnel Selection
Static, Autoroute, and Forwarding Adjacency Get You Unequal-Cost Load-Balancing
BRKAGG-2000 14555_04_2008_c1
Cisco Public
69
Coupling Layer-2 Services with MPLS TEAToM Tunnel Selection

Static mapping between pseudo-wire and TE Tunnel on PE Implies PE-to-PE TE deployment TE tunnel defined as preferred path for pseudo-wire Traffic will fall back to peer LSP if tunnel goes down
BRKAGG-2000 14555_04_2008_c1
CE PE1
IP/MPLS
PE2
PE3
ATM
ATM TE LSP Layer 2 Circuit Layer 2 Circuit
CE
pseudowire-class my-path-pref encapsulation mpls preferred-path interface tunnel 1 disable-fallback ! interface fastEthernet <slot/port>.<subif-id> encapsulation dot1Q 150 xconnect 172.18.255.3 1000 pw-class my-path-pref
Cisco Public
70
35
MPLS Forwarding (AToM Traffic)

Voice
10.1.1.0/24
Site 2
CE1 P3
E2/0.1 Vlan 10
17
CE2 P4 23 PE1 23 37 17 CE2
Video
10.1.1.0/24
CE1
37
Site 2
E2/0.2 vlan20
38
20 CE1 10.1.1.0/24
E2/0.3 Vlan 30
38 CE2 PE2
P2
P1
Site 2
PE2 sees multiple IGP paths to reach PE1 L2VPN Packets load balanced per customer site according to VC label over two label Switched paths from PE to P
71
L2VPN Deployment
Tunnel Selection for Bandwidth Protection

preferred path [interface tunnel tunnel-number | peer / {ip address | host name}] [disable-fallback]
pseudowire-class my-path-pref encapsulation mpls preferred-path interface tunnel 1 disable-fallback ! interface fastEthernet <slot/port>.<subif-id> encapsulation dot1Q 150 xconnect 172.18.255.3 1000 pw-class my-path-pref
This configuration will allow one to direct which path pseudowires are to take throughout the network The tunnel head end / tail end must be on the PEs
72
36
ATOM: Preferred Path TE Tunnels

Three TE tunnels (Tunnel 0, Tunnel 1 and Tunnel2) between PE1 and PE2 Preferred path can be used to map each vc (or multiple vcs) traffic into different TE tunnels Site 1
10.1.1.0/24
TE Tunnel 0
CE1 192.168.0.5/32 P3 P4
TE Tunnel 2
Site 2
CE2
30
Site 1
10.1.1.0/24
CE2 CE1
35
Site 2
PE1
Site 1
10.1.1.0/24
CE1
P2
P1
34
PE2 CE2
Site 2
TE Tunnel 1
pseudowire-class test encapsulation mpls preferred-path interface Tunnel0 ! pseudowire-class test1 encapsulation mpls preferred-path interface Tunnel1 ! pseudowire-class test2 encapsulation mpls preferred-path interface Tunnel2
interface Ethernet2/0.1 description green vc xconnect 192.168.0.5 1 encapsulation mpls pw-class test ! interface Ethernet2/0.2 description red vc xconnect 192.168.0.5 20 encapsulation mpls pw-class test1 ! interface Ethernet2/0.3 description dark green vc xconnect 192.168.0.5 30 encapsulation mpls pw-class test2
BRKAGG-2000 14555_04_2008_c1
Cisco Public
73
ATOM: Preferred Path TE Tunnels

Each vc is mapped to a different tunnel
pe2#sh mpls l2transport vc detail | in label Output interface: Tu0, imposed label stack {30 16} MPLS VC labels: local 16, remote 16 Tunnel label: 3, next hop point2point Output interface: Tu1, imposed label stack {34 37} MPLS VC labels: local 17, remote 37 Tunnel label: 3, next hop point2point Output interface: Tu2, imposed label stack {35 38} MPLS VC labels: local 37, remote 38
Site 1
10.1.1.0/24
Site 2
CE1 192.168.0.5/32 P3 P4
30
CE2
Site 1
10.1.1.0/24
CE2 CE1
35
Site 2
PE1
Site 1
10.1.1.0/24
CE1
P2
P1
34
PE2 CE2
Site 2
TE Tunnel 2
74
BRKAGG-2000 14555_04_2008_c1
Cisco Public
37
Data Center Implementation with Layer 2 VPN PWE
BRKAGG-2000 14555_04_2008_c1
Cisco Public
75
Data Center Option (A) Utilizing Layer 2 VPN to Provide High Availability Between Two Data Centers and Two Service Providers
6500-DCN-SWITCH ! interface gigabitethernet 1/0/1 COREA channel-group 1 mode on switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 COREB channel-group 1 mode on switchport switchport trunk encapsulation dot1q switchport mode trunk
PE1-COREB ! interface gigabitethernet 1/0/0 no switchport xconnect X.X.X.PE2 70 encapsulation mpls PE2-COREA __________________________________________________ PE2-COREB ! interface gigabitethernet 1/0/0 no switchport xconnect X.X.X.PE1 70 encapsulation mpls PE1-COREA
BRKAGG-2000 14555_04_2008_c1
Cisco Public
76
38
Data Center Option (B) Utilizing Layer 2 VPN to Provide Physical High Availability Between Two Data Centers
6500-DCN-SWITCH ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10
interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 2 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 2/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 2/0/2 channel-group 2 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface Port-channel2 switchport trunk
PE1-COREA interface gigabitethernet 3/0 no switchport xconnect X.X.X.PE2-CORE A 70 encapsulation mpls PE1-COREB interface gigabitethernet 3/0 no switchport xconnect X.X.X.PE2-CORE B 70 encapsulation mpls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
77
Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Two Data Centers STP Free Topology
6500-A
6500-A ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10
6500-B ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10
PE1-COREA interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls
PE1-COREB interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
78
39
Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Two Data Centers STP Free Topology
6500-A
6500-A ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10
6500-B ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10
PE1-COREA interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
79
Data Center Option (D) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Three Data Centers and One Transit Data Center
PE1 interface gigabitethernet 3/0 xconnect 10.1.1.3 20 encapsulation mpls backup peer 10.1.1.2 200
PE2 interface gigabitethernet 3/0 xconnect 10.1.1.3 30 encapsulation mpls backup peer 10.1.1.1 200
Data Center 3 6500 Switch ! interface gigabitethernet 3/0 switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 4/0 switchport trunk encapsulation dot1q switchport mode trunk
Q-in-Q
PE3 interface gigabitethernet 3/0 xconnect 10.1.1.1 20 encapsulation mpls
Q-in-Q
PE3 interface gigabitethernet 4/0 xconnect 10.1.1.1 30 encapsulation mpls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
80
40
Virtual Switching and Layer 2 VPN in Data Center
BRKAGG-2000 14555_04_2008_c1
Cisco Public
81
Current Network Challenges

Enterprise Campus
Traditional Enterprise Campus deployments have been designed in such a way that allows for scalability, differentiated services and high availability. However they also face many challenges, some of which are listed in the below diagram
Extensive routing topology, Routing reconvergence

L3 Core
L2/L3 Distribution
FHRP, STP, Asymmetric routing, Policy Management
Single active uplink per VLAN (PVST), L2 reconvergence, increased route peering with L3 access
Access
BRKAGG-2000 14555_04_2008_c1
Cisco Public
82
41
Current Network Challenges

Data Center
Traditional Data Center designs are requiring ever increasing Layer 2 adjacencies between Server nodes due to prevalence of Virtualization technology. However, they are pushing the limits of Layer 2 networks, placing more burden on loop-detection protocols such as Spanning Tree
FHRP, HSRP, VRRP Spanning Tree Policy Management L2/L3 Core
Single active uplink per VLAN (PVST), L2 reconvergence, excessive BPDUs L2 Distribution
Dual-Homed Servers to single switch, Single active uplink per VLAN (PVST), L2 reconvergence
L2 Access
BRKAGG-2000 14555_04_2008_c1
Cisco Public
83
Introduction to Virtual Switch

Concepts
Virtual Switch System is a new technology break through for the Catalyst 6500 family
BRKAGG-2000 14555_04_2008_c1
Cisco Public
84
42
Virtual Switch System

Enterprise Campus
A Virtual Switch-enabled Enterprise Campus network takes on multiple benefits including simplified management & administration, facilitating greater high availability, while maintaining a flexible and scalable architecture
Reduced routing neighbors, Minimal L3 reconvergence

L3 Core
L2/L3 Distribution
No FHRPs No Looped topology Policy Management
Multiple active uplinks per VLAN, No STP convergence

Access
BRKAGG-2000 14555_04_2008_c1
Cisco Public
85

Data Center
A Virtual Switch-enabled Data Center allows for maximum scalability so bandwidth can be added when required, but still providing a larger Layer 2 hierarchical architecture free of reliance on Spanning Tree
Single router node, Fast L2 convergence, Scalable architecture L2/L3 Core
Dual Active Uplinks, Fast L2 convergence, minimized L2 Control Plane, Scalable L2 Distribution
Dual-Homed Servers, Single active uplink per VLAN (PVST), Fast L2 convergence
L2 Access
BRKAGG-2000 14555_04_2008_c1
Cisco Public
86
43
Virtual Switch Architecture

Virtual Switch Link
The Virtual Switch Link is a special link joining each physical switch together - it extends the out of band channel allowing the active control plane to manage the hardware in the second chassis
BRKAGG-2000 14555_04_2008_c1
Cisco Public
87

VSL Initialization
Before the Virtual Switch domain can become active, the Virtual Switch Link (VSL) must be brought online to determine Active and Standby roles. The initialization process essentially consists of 3 steps: 1. 2.
Link Link Bringup Bringup to to determine determine which which ports ports form form the the VSL VSL
Link Link Management Management Protocol Protocol (LMP) (LMP) used used to to track track and and reject reject Unidirectional Unidirectional Links, Links, Exchange Exchange Chassis Chassis ID ID and and other other information information between between the the 2 2 switches switches
LMP LMP RRP RRP
LMP LMP RRP RRP
3.
BRKAGG-2000 14555_04_2008_c1
Role Role Resolution Resolution Protocol Protocol (RRP) (RRP) used used to to determine determine compatible compatible Hardware Hardware and and Software Software versions versions to to form form the the VSL VSL as as well well as as determine determine which which switch switch becomes becomes Active Active and and Hot Hot Standby Standby from from a a control control plane plane perspective perspective
Cisco Public
88
44

VSLP Ping
A new Ping mechanism has been implemented in VSS mode to allow the user to objectively verify the health of the VSL itself. This is implemented as a VSLP Ping
VSL
VSLP VSLP VSLP VSLP
VSLP VSLP
VSLP VSLP
Switch 1
Switch 2
The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified
vss#ping vss#ping vslp vslp output output interface interface tenGigabitEthernet tenGigabitEthernet 1/5/4 1/5/4 Type Type escape escape sequence sequence to to abort. abort. Sending Sending 5, 5, 100-byte 100-byte VSLP VSLP ping ping to to peer-sup peer-sup via via output output port port 1/5/4, 1/5/4, timeout timeout is is 2 2 seconds: seconds: !!!!! !!!!! Success rate is 100 percent Success rate is 100 percent (5/5), (5/5), round-trip round-trip min/avg/max min/avg/max = = 12/12/16 12/12/16 ms ms vss# vss#
BRKAGG-2000 14555_04_2008_c1
Cisco Public
89
VSS EtherChannel Concepts

Overview, Protocols, Load Balancing, Enhancements with VSL
BRKAGG-2000 14555_04_2008_c1
Cisco Public
90
45
EtherChannel Concepts
Multichassis EtherChannel (MEC)
Prior to Virtual Switch, Etherchannels were restricted to reside within the same physical switch. In a Virtual Switch environment, the 2 physical switches form a single logical network entity - therefore Etherchannels can now also be extended across the 2 physical chassis
Virtual Switch Virtual Switch
LACP, LACP, PAGP PAGP or or ON ON EtherChannel EtherChannel modes modes are are supported supported
Regular EtherChannel on single chassis
Multichassis EtherChannel across 2 VSLenabled Chassis

91
BRKAGG-2000 14555_04_2008_c1
Cisco Public
EtherChannel Concepts
EtherChannel Hash for MEC
Deciding on which link of a Multi-chassis EtherChannel to use in a Virtual Switch is skewed in favor towards local links in the bundle this is done to avoid overloading the Virtual Switch Link (VSL) with unnecessary traffic loads
Blue Traffic destined for the Server will result in Link A1 in the MEC link bundle being chosen as the destination path
Orange Traffic destined for the Server will result in Link B2 in the MEC link bundle being chosen as the destination path
Link A1
Link B2
MEC
Server
92
46
Hardware Requirements
VSL Hardware Requirements
The Virtual Switch Link requires special hardware as noted below
BRKAGG-2000 14555_04_2008_c1
Cisco Public
93
Hardware Requirements
Other Hardware Considerations
BRKAGG-2000 14555_04_2008_c1
Cisco Public
94
47
High Availability
Link Failure, Redundancy Schemes, Dual-Active Detection, GOLD
BRKAGG-2000 14555_04_2008_c1
Cisco Public
95
High Availability
Redundancy Schemes
The default redundancy mechanism between the 2 VSS chassis and their associated supervisors is NSF/SSO, allowing state information and configuration to be synchronized. Additionally, only in NSF/SSO mode does the Standby supervisor PFC, Switch Fabric, modules and their associated DFCs become active
Switch 1 12.2(33)SXH1 Active Switch 2 12.2(33)SXH1 NSF/SSO
VSL
Should a mismatch of information occur between the Active and Standby Chassis, the Standby Chassis will revert to RPR mode, where only configuration is synchronized, but PFC, Switch Fabric and modules will not be brought up
Switch 1 12.2(33)SXH1 Active Switch 2 12.2(33)SXH2 RPR
VSL
BRKAGG-2000 14555_04_2008_c1
Cisco Public
96
48
High Availability
SSO-Aware Protocols
As of Whitney 1, there are over 90 protocols that are SSO-aware. These include information such as ARP, DHCP Snooping, IP Source Guard, NAC Posture database, etc In a VSS environment, failure of either VS will not require this information to be re-populated again
Switch 1
Virtual Switch
Switch 2
DHCP DHCP Snooping Snooping Binding Binding Table Table IP IP Add Add 10.10.10.10 10.10.10.10 172.26.18.2 172.26.18.2 172.26.19.34 172.26.19.34 10.10.10.43 10.10.10.43 MAC MAC Add Add 00:50:56:01:e1:02 00:50:56:01:e1:02 00:02:b3:3f:3b:99 00:02:b3:3f:3b:99 00:16:a1:c2:ee:32 00:16:a1:c2:ee:32 00:16:cb:03:d3:44 00:16:cb:03:d3:44 VLAN VLAN 10 10 18 18 19 19 10 10 Interface Interface Po10 Po10 Po10 Po10 Po20 Po20 Po20 Po20
BRKAGG-2000 14555_04_2008_c1
Cisco Public
97
High Availability
Dual-Active Detection
In a Virtual Switch Domain, one switch is elected as Active and the other is elected as Standby during bootup by VSLP. Since the VSL is always configured as a Port Channel, the possibility of the entire VSL bundle going down is remote, however it is a possibility
Switch 1 Supervisor Virtual Switch Domain Switch 2 Supervisor
VSL
VS State : Active Control Plane: Active Data Plane: Active
VS State : Standby Control Plane: Standby Data Plane: Active
It It is is always always recommended recommended to to deploy deploy the the VSL VSL with with 2 2 or or more more links links and and distribute distribute those those interfaces interfaces across across multiple multiple modules modules to to ensure ensure the the greatest greatest redundancy redundancy
BRKAGG-2000 14555_04_2008_c1
Cisco Public
98
49
High Availability
Dual-Active Detection
If the entire VSL bundle should happen to go down, the Virtual Switch Domain will enter a Dual Active scenario where both switches transition to Active state and share the same network configuration (IP addresses, MAC address, Router IDs, etc) potentially causing communication problems through the network
Switch 1 Supervisor
Virtual Switch Domain
Switch 2 Supervisor
VSL
2 mechanisms have been implemented in the initial release to detect and recover from a Dual Active scenario: 1. 2.
BRKAGG-2000 14555_04_2008_c1
Enhanced Port Aggregation Protocol (PAgP) Dual-Active Detection over IP-BFD

99
High Availability
1.
Dual-Active DetectionMechanisms
Enhanced Port Aggregation Protocol (PAgP)
2.
Dual-Active Detection over IP-BFD
BRKAGG-2000 14555_04_2008_c1
Cisco Public
100
50
High Availability
Dual-Active DetectionExclude Interfaces

Upon detection of a Dual Active scenario, all interfaces on the previousActive switch will be brought down so as not to disrupt the functioning of the remainder of the network. The exception interfaces include VSL members as well as pre-determined interfaces which may be used for management purposes
vs-vsl#conf vs-vsl#conf t t Enter Enter configuration configuration commands, commands, one one per per line. line. vs-vsl(config)#switch vs-vsl(config)#switch virtual virtual domain domain 100 100 vs-vsl(config-vs-domain)#dual-active vs-vsl(config-vs-domain)#dual-active exclude exclude vs-vsl(config-vs-domain)#dual-active vs-vsl(config-vs-domain)#dual-active exclude exclude vs-vsl(config-vs-domain)# vs-vsl(config-vs-domain)# ^Z ^Z vs-vsl# vs-vsl#
End End with with CNTL/Z. CNTL/Z. interface interface Gig Gig 1/5/1 1/5/1 interface interface Gig Gig 2/5/1 2/5/1
BRKAGG-2000 14555_04_2008_c1
Cisco Public
101
High Availability
Dual-Active Recovery
Upon the restoration of one or more VSL interfaces, VSLP will detect this and will proceed to reload Switch 1 so that it may be able to re-negotiate Active/Standby role after bootup
Switch 1 Switch 2
VSL VSL Up! Up! Reload Reload
Switch 1 VSLP VSLP VSLP VSLP
Switch 2
After role has been resolved and SSO Hot Standby mode is possible, interfaces will be brought up and traffic will resume back to 100% capacity
102
51
High Availability
Generic OnLine Diagnostics (GOLD)

Some enhancements to the GOLD framework have been implemented in a VSS environment, which leverages a Distributed GOLD environment. In this case, each supervisor runs an instance of GOLD, but is centrally managed by the Active Supervisor in the Active chassis
Switch 1 Switch 2
VSL
VS State : Active Local GOLD: Active
Distributed GOLD Manager
VS State : Standby Local GOLD: Active
There are 4 new tests that are available in VSS mode: 1. 2. 3. 4.

BRKAGG-2000 14555_04_2008_c1
TestVSLLocalLoopback TestVSLBridgeLink TestVSLStatus TestVSActiveToStandbyLoopback

103

Deployment Considerations
Virtual Switch will incorporate some deployment considerations as best practice
BRKAGG-2000 14555_04_2008_c1
Cisco Public
104
52

Benefits
BRKAGG-2000 14555_04_2008_c1
Cisco Public
105

Summary
BRKAGG-2000 14555_04_2008_c1
Cisco Public
106
53
Data Center Option (E) Utilizing Layer 2 VPN and Virtual Switching New Features
PE1-COREA interface gigabitethernet 3/0 <-6500 B xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls
107
Q and A
BRKAGG-2000 14555_04_2008_c1
Cisco Public
108
54
Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press Check the Recommended Reading flyer for suggested books Layer 2 VPN Architectures ISBN: 1-58705-168-0
Available Onsite at the Cisco Company Store

109
Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Passport points for each session evaluation you complete. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Dont forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008. Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.
BRKAGG-2000 14555_04_2008_c1
Cisco Public
110
55
BRKAGG-2000 14555_04_2008_c1
Cisco Public
111
56

Implementation and Utilization of Layer 2 VPN Technologies: BRKAGG-2000

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Implementation and Utilization of Layer 2 VPN Technologies: BRKAGG-2000

Transféré par

Droits d'auteur :

Formats disponibles

Implementation and Utilization of Layer 2 VPN Technologies

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

2008 Cisco Systems, Inc. All rights reserved.

L2VPN Deployment Objectives

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

2008 Cisco Systems, Inc. All rights reserved.

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Why Is L2VPN Needed?

Help SP provide new P2P Layer 2 tunnelling services

A migration step towards IP/MPLS VPN

2008 Cisco Systems, Inc. All rights reserved.

Benefits for L2VPNs

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Ethernet FR ATM AAL5/Cell PPP/ HDLC FR ATM AAL5/Cell PPP/ HDLC

Motivation for L2VPNs

Ive Really Got to Consolidate These Networks

FR/ATM Broadband ATM Ethernet

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Generic L2 VPN Architecture

Attachment VCs (e.g., FR DLCI, PPP) mapped to emulated VCs

Motivation for L2VPNs

How Can I Leverage My Packet Infrastructure?

Frame Relay ATM

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

New Evolution for Circuit Emulation

IP/MPLS Backbone Pseudo Wires

Broadband Ethernet Backhaul

MGW IP POP at cellsite PW/Abis/Iub IP/MPLS

FR/ATM IP/MPLS SONET/SDH

2008 Cisco Systems, Inc. All rights reserved.

Laying the Groundwork for Successful Deployment

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Ethernet over MPLS Overview

2008 Cisco Systems, Inc. All rights reserved.

EoMPLS Reference Model

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

A Typical Configuration: EoMPLS VLAN

e1/0 P LDP Targeted LDP

2008 Cisco Systems, Inc. All rights reserved.

Calculating MTU Requirements for the Core

EoMPLS Port Mode

1526 [1522] 1530 [1526] 1530 [1526]

EoMPLS VLAN Mode

EoMPLS Port w/ TE FRR

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

2008 Cisco Systems, Inc. All rights reserved.

Interworking Modes and Features

Yes Yes Yes Yes Yes

2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

Configuration Example Frame-Relay to Ethernet

VLAN 310 DLCI 210

interface POS5/0.210 point-to-point ip address 172.16.1.1 255.255.255.0 frame-relay interface-dlci 210

interface GigabitEthernet6/0.310 encapsulation dot1Q 310 ip address 172.16.1.2 255.255.255.0

2008 Cisco Systems, Inc. All rights reserved.

Local Switching InterWorking

connect FR_to_Ether MFR100 Ethernet0/1.10 interworking ip