Académique Documents
Professionnel Documents
Culture Documents
BRKAGG-2000
BRKAGG-2000 14555_04_2008_c1
Cisco Public
General Prerequisites
Spanning Tree problems and Data Center knowledge Why L2VPN technology is becoming ever important to service providers and enterprise Good understanding of L2VPN technology pseudowires (PWs) operation (AToM, L2TPv3) Basic understanding of network design principles Familiarity with quality of service principles; application will be discussed, with examples Basic understanding of MPLS traffic engineering (MPLS-TE) concepts
BRKAGG-2000 14555_04_2008_c1
Cisco Public
BRKAGG-2000 14555_04_2008_c1
Cisco Public
Summary Technology
AToM/L2TPv3 EoMPLS VPLS TrafficEngineering
BRKAGG-2000 14555_04_2008_c1
Cisco Public
Deployment Objectives
BRKAGG-2000 14555_04_2008_c1
Cisco Public
BRKAGG-2000 14555_04_2008_c1
Cisco Public
Reduced costconsolidate multiple core technologies into a single packet-based network infrastructure Simplify servicesLayer 2 transport provides options for service providers who need to provide L2 connectivity and maintain customer autonomy Protect existing investmentsGreenfield networks to extend customer access to existing Layer 2 networks without deploying a new separate infrastructure Feature supportthrough the use of Cisco IOS features such as IPsSec, QoS, and Traffic Engineering, L2 transport can be tailored to meet customer requirements
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
L2VPN Models
L2VPN Models
Local Switching
MPLS Core
IP Core
CE-TDM VPWS AToM Like-to-Like OR Any-to-Any Point-to-Point P2MP/ MP2MP VPLS L2TPv3 Any-to-Any Service Point-to-Point
T1/E1
Ethernet
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
Ethernet
9
IP/IPSec
MPLS or IP
IP/IPSec
FR/ATM Broadband
Ethernet
SONET
Access
Access
Multiple Access Services Require Multiple Core Technologies = $$$ High Costs/Complex Management
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
10
VC PSN
Attachment Circuit
Tunnel VC
Emulated VC
L2
Tunnels (MPLS, L2TPv3, GRE, IPSec, etc.) Emulated VCs (pseudowires) inside tunnels (many-to-one)
Attachment Circuit
11
Existing Infrastructure
Ethernet
MSE MPLS/IP
Broadband Access
Trunk Replacement
Reduce overlapping core expense; consolidate trunk lines Offer multiservice/common interface (i.e. Ethernet MUX = L2, L3 and Internet) Maintain existing revenues from legacy services
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
12
BTS/NodeB
RAN Edge
GMSC
PSTN
ITP
Pre-Aggregation Site
MSC Server
Abis/Iub Optimization
SGSN
Internet
GGSN
13
L2VPN Deployment
Cisco Public
14
BRKAGG-2000 14555_04_2008_c1
Cisco Public
15
Customer A
Switch
Site#1
Site#2
Logical Connectivity
Switch BPDUs, VTP Messages Switch
BRKAGG-2000 14555_04_2008_c1
Cisco Public
16
e1/0
e2/0
e2/0 PE
e0/0.10 e0/0.10
dot1Q 10 10.10.10.204/24
10.1.1.0/24
10.1.2.0/24
R204 CE
LDP
hostname R201 ! ip cef mpls ip mpls label protocol ldp mpls ldp router-id Loopback0 force ! interface Loopback0 ip address 10.0.0.201 255.255.255.255 ! interface Ethernet0/0.10 description *** To R200 *** encapsulation dot1Q 10 no ip directed-broadcast no cdp enable xconnect 10.0.0.203 10 encapsulation mpls
hostname R203 ! ip cef mpls ip mpls label protocol ldp mpls ldp router-id Loopback0 force ! interface Loopback0 ip address 10.0.0.203 255.255.255.255 ! pseudowire-class eompls encapsulation mpls ! interface Ethernet0/0.10 description *** To R204 encapsulation dot1Q 10 no ip directed-broadcast no cdp enable xconnect 10.0.0.201 10 pw-class eompls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
17
1500
14
4 [0]
1500
18
4 [0]
1500
14
4 [0]
BRKAGG-2000 14555_04_2008_c1
Cisco Public
18
L2 VPN Interworking
BRKAGG-2000 14555_04_2008_c1
Cisco Public
19
L2TPv3
Yes Yes No No Yes
IP Mode
Yes Yes Yes Yes Yes
Ethernet
Yes No No Yes Yes
20
10
MPLS/IP
BRKAGG-2000 14555_04_2008_c1
Cisco Public
21
PE1
PPP/HDLC
MFR
T1/E1 Total 6.144 Mbps CE
Ethernet0/1.10 speed 100
CE3
CE2-HUB
BRKAGG-2000 14555_04_2008_c1
Cisco Public
22
11
VPLS Introduction
BRKAGG-2000 14555_04_2008_c1
Cisco Public
23
VPLS Introduction Pseudo Wire Refresher VPLS Architecture VPLS Configuration Example VPLS Deployment Summary
BRKAGG-2000 14555_04_2008_c1
Cisco Public
24
12
CE
PE
PE
CE
CE
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
25
BRKAGG-2000 14555_04_2008_c1
Cisco Public
26
13
BRKAGG-2000 14555_04_2008_c1
Cisco Public
27
General
IAB Internet
L3VPN BGP/MPLS VPNs (RFC 4364 was 2547bis) IP VPNs using Virtual Routers (RFC 2764) CE based VPNs using IPsec
Routing
MPLS Pseudo Wire Emulation edge-to-edge Forms the backbone transport for VPLS
Security
Transport As of 2-Nov-2006
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
28
14
VPLS Components
Pseudo Wires within LSP Virtual Switch Interface (VSI) terminates PW and provides Ethernet bridge function Attachment circuits Port or VLAN mode Mesh of LSP between N-PEs
CE router
N-PE
N-PE
CE router
CE router
CE router
CE switch
MPLS Core
CE switch
CE router CE switch
BRKAGG-2000 14555_04_2008_c1
N-PE
2008 Cisco Systems, Inc. All rights reserved. Cisco Public
29
Address Learning/Aging
LDP enhanced with additional MAC List TLV (label withdrawal) MAC timers refreshed with incoming frames
Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS) Unidirectional LSP carries VCs between pair of N-PE Per A VPLS use split horizon concepts to prevent loops
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
30
15
VPLS Architecture
BRKAGG-2000 14555_04_2008_c1
Cisco Public
31
PEs
MPLS
Full Mesh LDP Ethernet PW to each peer
PE view
Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection Full mesh topology obviates STP in the SP network Customer STP is transparent to the SP/Customer BPDUs are forwarded transparently
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
32
16
PEs
MPLS
Full Mesh LDP Ethernet PW to each peer
PE view
CE routers/switches see a logical Bridge/LAN VPLS emulates a LAN but not exactly
This raises a few issues which are discussed later
BRKAGG-2000 14555_04_2008_c1
Cisco Public
33
CE
U-PE
N-PE
MPLS Core
N-PE
U-PE
CE
N-PE provides VPLS termination/L3 services U-PE provides customer UNI CE is the customer device
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
34
17
Why H-VPLS?
VPLS
PE CE CE PE PE CE PE-rs MTU-s
H-VPLS
CE CE PE PE CE PE-rs PE-rs
CE
CE
Potential signaling overhead Full PW mesh from the Edge Packet replication done at the Edge Node Discovery and Provisioning extends end to end
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
Minimizes signaling overhead Full PW mesh among Core devices Packet replication done the Core Partitions Node Discovery process
35
Si
Metro A
User Facing Provider Edge (U-PE) U-PE PE-AGG Hub and Spoke
Si
Metro C
GE Ring
P N-PE
U-PE
U-PE Metro D
36
18
CE
1 1 1 1
Pseudo Wire #1 1 2 1 2 1 3 3 3 3 3
N-PE2
CE
2 2 2 2
VFI
3 3 3 3 3 2 2 2 2 2
Pseudo Wire #2
N-PE3
3 3
Broadcast /Multicast
N-PE1
Virtual Forwarding Interface
Pseudo Wires
Local Switching
37
Pseudo Wire #1
U-PE CE
N-PE2
3 3
Pseudo Wire #3 3 3 3 3 3
VFI
2 2 2 2 2
Pseudo Wire #2
Unicast
N-PE3
N-PE1
Virtual Forwarding Interface
Pseudo Wires
NO Split Horizon
BRKAGG-2000 14555_04_2008_c1
Cisco Public
38
19
BRKAGG-2000 14555_04_2008_c1
Cisco Public
39
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
40
20
1.1.1.1
2.2.2.2
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
CE2
gi4/4
pos3/0
pos3/1
VLAN100
PE3
gi4/2 3.3.3.3 VLAN100
CE2
41
CE1
CE2
Subnet 192.168.20.0/24
VLAN100 VLAN100
CE2
VLAN100
42
21
1.1.1.1
2.2.2.2
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
CE2
gi4/4
pos3/0
pos3/1
VLAN100
PE3
gi4/2 3.3.3.3 VLAN100
CE2
l2 vfi VPLS-A manual vpn id 56 neighbor 2.2.2.2 encapsulation mpls neighbor 1.1.1.1 encapsulation mpls
Cisco Public
43
CE1
gi3/0 VLAN100
PE1
pos4/1
MPLS Core
pos4/3
PE2
CE2
gi4/4
pos3/0
3.3.3.3 VLAN100
Interface GigabitEthernet3/0 pos3/1 switchport switchport mode trunk switchport trunk encapsulation dot1q switchport trunk allowed vlan 100 ! PE3 Interface vlan 100 gi4/2no ip address xconnect vfi VPLS-A CE2 ! vlan 100 state active
VLAN100
This command associates the VLAN with the VPLS instance VLAN100 = VCID 56
BRKAGG-2000 14555_04_2008_c1
Cisco Public
44
22
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
45
CE1
gi3/0 All VLANs
PE1
pos4/1
MPLS Core
pos4/3
PE2
CE2
gi4/4
pos3/0
Interface GigabitEthernet3/0 pos3/1 switchport switchport mode dot1qtunnel switchport access vlan 100 l2protocol-tunnel stp ! PE3 Interface vlan 100 gi4/2 no ip address xconnect vfi VPLS-A ! CE2 vlan 100 state active
All VLANs
This command associates the VLAN with the VPLS instance VLAN100 = VCID 56
BRKAGG-2000 14555_04_2008_c1
Cisco Public
46
23
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
47
U-PE1
Cisco 3750ME
1.1.1.1
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
pos4/1 gi3/0 pos3/0 pos3/1 pos4/3 gi4/4 gi1/1/1 fa1/0/1
N-PE1
N-PE2 CE1
CE1
3.3.3.3 gi4/2
N-PE3
CE2
Cisco 3750ME
U-PE3
48
24
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
49
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
pos4/1 pos4/3 gi4/4 gi1/1/1 pos3/0 pos3/1 fa1/0/1 gi3/0
Interface GigabitEthernet4/4 switchport switchport mode trunk N-PE1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 100 ! Interface vlan 100 no CE1 ip address CE2 xconnect vfi VPLS-A ! vlan 100 CE2 state active
N-PE2 CE1
3.3.3.3 gi4/2
N-PE3
interface FastEthernet1/0/1 switchport switchport access vlan 100 switchport mode dot1q-tunnel U-PE3 switchport trunk allow vlan 1-1005 Cisco 3750ME ! interface GigabitEthernet 1/1/1 switchport switchport mode trunk switchport allow vlan 1-1005
CE2
CE1
BRKAGG-2000 14555_04_2008_c1
Cisco Public
50
25
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
51
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
pos4/1 pos4/3 gi4/4 gi1/1/1 pos3/0 pos3/1 fa1/0/1 gi3/0
Interface GigabitEthernet4/4 no switchport ip address 156.50.20.1 255.255.255.252 N-PE1 mpls ip ! l2 vfi VPLS-A manual vpn id 56 neighbor encapsulation mpls CE1 1.1.1.1 CE2 neighbor 3.3.3.3 encapsulation mpls neighbor 4.4.4.4 encaps mpls no-split
N-PE2 CE1
3.3.3.3 gi4/2
CE2 CE1
N-PE3 FastEthernet1/0/1 interface switchport switchport access vlan 500 ! interface vlan500 U-PE3 xconnect 2.2.2.2 56 encapsulation mpls Cisco 3750ME ! interface GigabitEthernet1/1/1 no switchport ip address 156.50.20.2 255.255.255.252 mpls ip
CE2
BRKAGG-2000 14555_04_2008_c1
Cisco Public
52
26
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
53
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
pos4/1 pos4/3 gi4/4 gi1/1/1 pos3/0 pos3/1 fa1/0/1 gi3/0
Interface GigabitEthernet4/4 no switchport ip address 156.50.20.1 255.255.255.252 N-PE1 mpls ip ! l2 vfi PE1-VPLS-A manual vpn id 56 neighbor encapsulation mpls CE1 1.1.1.1 CE2 neighbor 3.3.3.3 encapsulation mpls neighbor 4.4.4.4 encaps mpls no-split
N-PE2 CE1
3.3.3.3 gi4/2
CE2 CE1
N-PE3 FastEthernet1/0/1 interface no switchport xconnect 2.2.2.2 56 encapsulation mpls ! interface GigabitEthernet1/1/1 U-PE3 no Cisco switchport 3750ME ip address 156.50.20.2 255.255.255.252 mpls ip
CE2
BRKAGG-2000 14555_04_2008_c1
Cisco Public
54
27
Configuration Examples
Direct Attachment
Using a Router as a CE (VLAN Based) Using a Switch as a CE (Port Based)
H-VPLS
Ethernet QinQ EoMPLS Pseudo Wire (VLAN Based) EoMPLS Pseudo Wire (Port Based)
Sample Output
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
55
show mpls l2 vc
U-PE1
Cisco 3750ME
1.1.1.1
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
pos4/1 gi3/0 pos3/0 pos3/1 pos4/3 gi4/4 gi1/1/1 fa1/0/1
N-PE1
N-PE2 CE1
CE1
3.3.3.3 gi4/2
N-PE3
CE2
NPE-A#show mpls l2 vc Local circuit Dest address ------------- ------------VFI 1.1.1.1 VFI 3.3.3.3
Cisco 3750ME
U-PE3
VC ID -----10 10
Status -----UP UP
BRKAGG-2000 14555_04_2008_c1
Cisco Public
56
28
U-PE1
Cisco 3750ME
1.1.1.1
Use VC Label 19
2.2.2.2
U-PE2
Cisco 3750ME 4.4.4.4
MPLS Core
pos4/3
Use VC Label 23
gi4/4 gi1/1/1
fa1/0/1
N-PE1
N-PE2 CE1
CE1
3.3.3.3 NPE-2#show mpls l2 vc detail N-PE3 Local interface: VFI VPLS-A up gi4/2 Destination address: 1.1.1.1, VC ID: 10, VC status: up Tunnel label: imp-null, next hop 156.50.20.1 Output interface: POS4/3, imposed label stack {19} Create time: 1d01h, last status U-PE3 change time: 00:40:16 Signaling protocol: LDP, peer 1.1.1.1:0 Cisco 3750ME up MPLS VC labels: local 23, remote 19
CE2
BRKAGG-2000 14555_04_2008_c1
Cisco Public
57
PW Redundancy Concepts
BRKAGG-2000 14555_04_2008_c1
Cisco Public
58
29
PW High Availability
PE1 P1 P3 PE3
Site1 PE2
P2
P4 PE4 CE2
Site2
CE1
Failure in the Provider core mitigated with link redundancy and FRR PE router failure PE Diversity Attachment Circuit failure Need Pair of Attachment Ckts end-to-end CE Router failure Redundant CEs
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
59
PW High Availability
PE1 P1 P3 PE3
Site1 PE2
P2
P4 PE4 CE2
Site2
CE1
Failure in the Provider core mitigated with link redundancy and FRR PE router failure PE Diversity Attachment Circuit failure Need Pair of Attachment Ckts end-to-end CE Router failure Redundant CEs
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
60
30
PE1
x P1 P3
PE3
P2
Site2
Interface e1/0.1 encapsulation dot1q 10 xconnect <PE4 router ID> <VCID> encapsulation mpls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
61
Primary PE4
The TCP session between two LDP peers may go down due to HW/SW failure (RP switchover) If PE3 fails, traffic will be dropped Need PW-redundancy so that pw can be re-routed to the redundant router i.e. PE4
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
62
31
PE1
x P1 P3
PE3 CE2
Site1 PE2
P2
P4 PE4 CE3
Site2
CE1
pe1(config)#int e 0/0.1 pe1(config-subif)#encapsulation dot1q 10 pe1(config-subif)# xconnect <PE3 router ID> <VCID> encapsulation mpls pe1(config-subif-xconn)#backup peer <PE4 router ID> <VCID>
BRKAGG-2000 14555_04_2008_c1
Cisco Public
63
PW RedundancyManual Switchover
PE1
CE1
Site1 PE2
P2
P4 PE4 CE3
Site2
interface Ethernet0/0.1 encapsulation dot1Q 10 xconnect 192.168.1.3 10 encapsulation mpls backup peer 192.168.1.4 10 backup delay 3 10
pe1#sh mpls l2transport vc 10 Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------Et0/0.1 Eth VLAN 20 192.168.1.3 10 UP Et0/0.1 Eth VLAN 20 192.168.1.4 10 DOWN
pe1#sh mpls l2transport vc 10 Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------Et0/0.1 Eth VLAN 20 192.168.1.3 10 DOWN Et0/0.1 Eth VLAN 20 192.168.1.4 10 UP
BRKAGG-2000 14555_04_2008_c1
Cisco Public
64
32
Example 2: xconnect with 1 redundant peer. In this example, once a switchover occurs, we will not fallback to the primary until the secondary xconnect fails.
pseudowire-class test encapsulation mpls ! connect frpw1 serial0/1 50 l2transport xconnect 20.0.0.1 50 pw-class test backup peer 20.0.0.2 50 backup delay 0 never
BRKAGG-2000 14555_04_2008_c1
Cisco Public
65
PW RedundancyConfig Examples
Example 3: Local-switched connection between ATM and FR using Ethernet interworking. The FR circuit is backed up by a MPLS pseudowire
pseudowire-class test encapsulation mpls interworking ethernet connect atm-fr atm1/0 100/100 E0/0.10 100 interworking ethernet backup peer 1.1.1.1 100 pw-class test..
PE2-Backup 1.1.1.1
r201
atm4/0 atm4/0 pe ce
f0/0.10 f0/0.10
ce
Example 4: xconnect with 1 redundant peer. In this example, the switchover will not begin unless the pseudowire has been down for 3 seconds. Once a switchover occurs, we will not fallback to the primary has been re-established and UP for 10 seconds.z`
pseudowire-class test encapsulation mpls connect frpw1 serial0/1 50 l2transport xconnect 20.0.0.1 50 pw-class test backup peer 20.0.0.2 50 backup delay 3 10
BRKAGG-2000 14555_04_2008_c1
Cisco Public
66
33
Tunnel Selection
BRKAGG-2000 14555_04_2008_c1
Cisco Public
67
The selected path must be a label switched path (LSP) destined to the peer PE router If you specify a tunnel (selecting interface):
The tunnel must be an MPLS traffic engineering tunnel The tunnel tailend must be on the remote PE router
BRKAGG-2000 14555_04_2008_c1
Cisco Public
68
34
Autoroute Forwarding Adjacency AToM Tunnel Selection Class Based Tunnel Selection
Static, Autoroute, and Forwarding Adjacency Get You Unequal-Cost Load-Balancing
BRKAGG-2000 14555_04_2008_c1
Cisco Public
69
CE PE1
IP/MPLS
PE2
PE3
ATM
CE
pseudowire-class my-path-pref encapsulation mpls preferred-path interface tunnel 1 disable-fallback ! interface fastEthernet <slot/port>.<subif-id> encapsulation dot1Q 150 xconnect 172.18.255.3 1000 pw-class my-path-pref
Cisco Public
70
35
Site 2
CE1 P3
E2/0.1 Vlan 10
17
Video
10.1.1.0/24
CE1
37
Site 2
E2/0.2 vlan20
38
20 CE1 10.1.1.0/24
E2/0.3 Vlan 30
38 CE2 PE2
P2
P1
Site 2
PE2 sees multiple IGP paths to reach PE1 L2VPN Packets load balanced per customer site according to VC label over two label Switched paths from PE to P
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
71
L2VPN Deployment
pseudowire-class my-path-pref encapsulation mpls preferred-path interface tunnel 1 disable-fallback ! interface fastEthernet <slot/port>.<subif-id> encapsulation dot1Q 150 xconnect 172.18.255.3 1000 pw-class my-path-pref
This configuration will allow one to direct which path pseudowires are to take throughout the network The tunnel head end / tail end must be on the PEs
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
72
36
TE Tunnel 0
CE1 192.168.0.5/32 P3 P4
TE Tunnel 2
Site 2
CE2
30
Site 1
10.1.1.0/24
CE2 CE1
35
Site 2
PE1
Site 1
10.1.1.0/24
CE1
P2
P1
34
PE2 CE2
Site 2
TE Tunnel 1
pseudowire-class test encapsulation mpls preferred-path interface Tunnel0 ! pseudowire-class test1 encapsulation mpls preferred-path interface Tunnel1 ! pseudowire-class test2 encapsulation mpls preferred-path interface Tunnel2
interface Ethernet2/0.1 description green vc xconnect 192.168.0.5 1 encapsulation mpls pw-class test ! interface Ethernet2/0.2 description red vc xconnect 192.168.0.5 20 encapsulation mpls pw-class test1 ! interface Ethernet2/0.3 description dark green vc xconnect 192.168.0.5 30 encapsulation mpls pw-class test2
BRKAGG-2000 14555_04_2008_c1
Cisco Public
73
Site 1
10.1.1.0/24
Site 2
CE1 192.168.0.5/32 P3 P4
30
CE2
Site 1
10.1.1.0/24
CE2 CE1
35
Site 2
PE1
Site 1
10.1.1.0/24
CE1
P2
P1
34
PE2 CE2
Site 2
TE Tunnel 2
74
BRKAGG-2000 14555_04_2008_c1
Cisco Public
37
BRKAGG-2000 14555_04_2008_c1
Cisco Public
75
Data Center Option (A) Utilizing Layer 2 VPN to Provide High Availability Between Two Data Centers and Two Service Providers
6500-DCN-SWITCH ! interface gigabitethernet 1/0/1 COREA channel-group 1 mode on switchport switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 COREB channel-group 1 mode on switchport switchport trunk encapsulation dot1q switchport mode trunk
PE1-COREB ! interface gigabitethernet 1/0/0 no switchport xconnect X.X.X.PE2 70 encapsulation mpls PE2-COREA __________________________________________________ PE2-COREB ! interface gigabitethernet 1/0/0 no switchport xconnect X.X.X.PE1 70 encapsulation mpls PE1-COREA
BRKAGG-2000 14555_04_2008_c1
Cisco Public
76
38
Data Center Option (B) Utilizing Layer 2 VPN to Provide Physical High Availability Between Two Data Centers
6500-DCN-SWITCH ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10
interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 2 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 2/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 2/0/2 channel-group 2 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface Port-channel2 switchport trunk
PE1-COREA interface gigabitethernet 3/0 no switchport xconnect X.X.X.PE2-CORE A 70 encapsulation mpls PE1-COREB interface gigabitethernet 3/0 no switchport xconnect X.X.X.PE2-CORE B 70 encapsulation mpls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
77
Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Two Data Centers STP Free Topology
6500-A
6500-A ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10
6500-B ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10
PE1-COREA interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls
PE1-COREB interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
78
39
Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Two Data Centers STP Free Topology
6500-A
6500-A ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10
6500-B ! interface gigabitethernet 1/0/1 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 1/0/2 channel-group 1 mode on switchport trunk encapsulation dot1q switchport mode trunk ! interface Port-channel1 switchport trunk ! interface gigabitethernet 1/0/4 switchport mode access Switchport access vlan 10
PE1-COREA interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls
PE1-COREB interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls
BRKAGG-2000 14555_04_2008_c1
Cisco Public
79
Data Center Option (D) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Three Data Centers and One Transit Data Center
PE1 interface gigabitethernet 3/0 xconnect 10.1.1.3 20 encapsulation mpls backup peer 10.1.1.2 200
PE2 interface gigabitethernet 3/0 xconnect 10.1.1.3 30 encapsulation mpls backup peer 10.1.1.1 200
Data Center 3 6500 Switch ! interface gigabitethernet 3/0 switchport trunk encapsulation dot1q switchport mode trunk ! interface gigabitethernet 4/0 switchport trunk encapsulation dot1q switchport mode trunk
Q-in-Q
Q-in-Q
BRKAGG-2000 14555_04_2008_c1
Cisco Public
80
40
BRKAGG-2000 14555_04_2008_c1
Cisco Public
81
L2/L3 Distribution
Single active uplink per VLAN (PVST), L2 reconvergence, increased route peering with L3 access
Access
BRKAGG-2000 14555_04_2008_c1
Cisco Public
82
41
Single active uplink per VLAN (PVST), L2 reconvergence, excessive BPDUs L2 Distribution
Dual-Homed Servers to single switch, Single active uplink per VLAN (PVST), L2 reconvergence
L2 Access
BRKAGG-2000 14555_04_2008_c1
Cisco Public
83
BRKAGG-2000 14555_04_2008_c1
Cisco Public
84
42
L2/L3 Distribution
BRKAGG-2000 14555_04_2008_c1
Cisco Public
85
Dual Active Uplinks, Fast L2 convergence, minimized L2 Control Plane, Scalable L2 Distribution
Dual-Homed Servers, Single active uplink per VLAN (PVST), Fast L2 convergence
L2 Access
BRKAGG-2000 14555_04_2008_c1
Cisco Public
86
43
BRKAGG-2000 14555_04_2008_c1
Cisco Public
87
Link Link Management Management Protocol Protocol (LMP) (LMP) used used to to track track and and reject reject Unidirectional Unidirectional Links, Links, Exchange Exchange Chassis Chassis ID ID and and other other information information between between the the 2 2 switches switches
3.
BRKAGG-2000 14555_04_2008_c1
Role Role Resolution Resolution Protocol Protocol (RRP) (RRP) used used to to determine determine compatible compatible Hardware Hardware and and Software Software versions versions to to form form the the VSL VSL as as well well as as determine determine which which switch switch becomes becomes Active Active and and Hot Hot Standby Standby from from a a control control plane plane perspective perspective
Cisco Public
88
44
VSLP VSLP
VSLP VSLP
Switch 1
Switch 2
The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified
vss#ping vss#ping vslp vslp output output interface interface tenGigabitEthernet tenGigabitEthernet 1/5/4 1/5/4 Type Type escape escape sequence sequence to to abort. abort. Sending Sending 5, 5, 100-byte 100-byte VSLP VSLP ping ping to to peer-sup peer-sup via via output output port port 1/5/4, 1/5/4, timeout timeout is is 2 2 seconds: seconds: !!!!! !!!!! Success rate is 100 percent Success rate is 100 percent (5/5), (5/5), round-trip round-trip min/avg/max min/avg/max = = 12/12/16 12/12/16 ms ms vss# vss#
BRKAGG-2000 14555_04_2008_c1
Cisco Public
89
BRKAGG-2000 14555_04_2008_c1
Cisco Public
90
45
EtherChannel Concepts
Multichassis EtherChannel (MEC)
Prior to Virtual Switch, Etherchannels were restricted to reside within the same physical switch. In a Virtual Switch environment, the 2 physical switches form a single logical network entity - therefore Etherchannels can now also be extended across the 2 physical chassis
Virtual Switch Virtual Switch
LACP, LACP, PAGP PAGP or or ON ON EtherChannel EtherChannel modes modes are are supported supported
BRKAGG-2000 14555_04_2008_c1
Cisco Public
EtherChannel Concepts
EtherChannel Hash for MEC
Deciding on which link of a Multi-chassis EtherChannel to use in a Virtual Switch is skewed in favor towards local links in the bundle this is done to avoid overloading the Virtual Switch Link (VSL) with unnecessary traffic loads
Blue Traffic destined for the Server will result in Link A1 in the MEC link bundle being chosen as the destination path
Orange Traffic destined for the Server will result in Link B2 in the MEC link bundle being chosen as the destination path
Link A1
Link B2
MEC
Server
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
92
46
Hardware Requirements
VSL Hardware Requirements
The Virtual Switch Link requires special hardware as noted below
BRKAGG-2000 14555_04_2008_c1
Cisco Public
93
Hardware Requirements
Other Hardware Considerations
BRKAGG-2000 14555_04_2008_c1
Cisco Public
94
47
High Availability
Link Failure, Redundancy Schemes, Dual-Active Detection, GOLD
BRKAGG-2000 14555_04_2008_c1
Cisco Public
95
High Availability
Redundancy Schemes
The default redundancy mechanism between the 2 VSS chassis and their associated supervisors is NSF/SSO, allowing state information and configuration to be synchronized. Additionally, only in NSF/SSO mode does the Standby supervisor PFC, Switch Fabric, modules and their associated DFCs become active
Switch 1 12.2(33)SXH1 Active Switch 2 12.2(33)SXH1 NSF/SSO
VSL
Should a mismatch of information occur between the Active and Standby Chassis, the Standby Chassis will revert to RPR mode, where only configuration is synchronized, but PFC, Switch Fabric and modules will not be brought up
Switch 1 12.2(33)SXH1 Active Switch 2 12.2(33)SXH2 RPR
VSL
BRKAGG-2000 14555_04_2008_c1
Cisco Public
96
48
High Availability
SSO-Aware Protocols
As of Whitney 1, there are over 90 protocols that are SSO-aware. These include information such as ARP, DHCP Snooping, IP Source Guard, NAC Posture database, etc In a VSS environment, failure of either VS will not require this information to be re-populated again
Switch 1
Virtual Switch
Switch 2
DHCP DHCP Snooping Snooping Binding Binding Table Table IP IP Add Add 10.10.10.10 10.10.10.10 172.26.18.2 172.26.18.2 172.26.19.34 172.26.19.34 10.10.10.43 10.10.10.43 MAC MAC Add Add 00:50:56:01:e1:02 00:50:56:01:e1:02 00:02:b3:3f:3b:99 00:02:b3:3f:3b:99 00:16:a1:c2:ee:32 00:16:a1:c2:ee:32 00:16:cb:03:d3:44 00:16:cb:03:d3:44 VLAN VLAN 10 10 18 18 19 19 10 10 Interface Interface Po10 Po10 Po10 Po10 Po20 Po20 Po20 Po20
BRKAGG-2000 14555_04_2008_c1
Cisco Public
97
High Availability
Dual-Active Detection
In a Virtual Switch Domain, one switch is elected as Active and the other is elected as Standby during bootup by VSLP. Since the VSL is always configured as a Port Channel, the possibility of the entire VSL bundle going down is remote, however it is a possibility
Switch 1 Supervisor Virtual Switch Domain Switch 2 Supervisor
VSL
It It is is always always recommended recommended to to deploy deploy the the VSL VSL with with 2 2 or or more more links links and and distribute distribute those those interfaces interfaces across across multiple multiple modules modules to to ensure ensure the the greatest greatest redundancy redundancy
BRKAGG-2000 14555_04_2008_c1
Cisco Public
98
49
High Availability
Dual-Active Detection
If the entire VSL bundle should happen to go down, the Virtual Switch Domain will enter a Dual Active scenario where both switches transition to Active state and share the same network configuration (IP addresses, MAC address, Router IDs, etc) potentially causing communication problems through the network
Switch 1 Supervisor
Switch 2 Supervisor
VSL
2 mechanisms have been implemented in the initial release to detect and recover from a Dual Active scenario: 1. 2.
BRKAGG-2000 14555_04_2008_c1
99
High Availability
1.
Dual-Active DetectionMechanisms
Enhanced Port Aggregation Protocol (PAgP)
2.
BRKAGG-2000 14555_04_2008_c1
Cisco Public
100
50
High Availability
End End with with CNTL/Z. CNTL/Z. interface interface Gig Gig 1/5/1 1/5/1 interface interface Gig Gig 2/5/1 2/5/1
BRKAGG-2000 14555_04_2008_c1
Cisco Public
101
High Availability
Dual-Active Recovery
Upon the restoration of one or more VSL interfaces, VSLP will detect this and will proceed to reload Switch 1 so that it may be able to re-negotiate Active/Standby role after bootup
Switch 1 Switch 2
Switch 2
After role has been resolved and SSO Hot Standby mode is possible, interfaces will be brought up and traffic will resume back to 100% capacity
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
102
51
High Availability
VSL
103
BRKAGG-2000 14555_04_2008_c1
Cisco Public
104
52
BRKAGG-2000 14555_04_2008_c1
Cisco Public
105
BRKAGG-2000 14555_04_2008_c1
Cisco Public
106
53
Data Center Option (E) Utilizing Layer 2 VPN and Virtual Switching New Features
PE1-COREA interface gigabitethernet 3/0 <-6500 B xconnect 10.1.1.2 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.2 40 encapsulation mpls
BRKAGG-2000 14555_04_2008_c1 2008 Cisco Systems, Inc. All rights reserved. Cisco Public
PE1-COREB interface gigabitethernet 3/0 <-6500 A xconnect 10.1.1.1 20 encapsulation mpls ! interface gigabitethernet 4/0 <-6500 B xconnect 10.1.1.1 40 encapsulation mpls
107
Q and A
BRKAGG-2000 14555_04_2008_c1
Cisco Public
108
54
Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press Check the Recommended Reading flyer for suggested books Layer 2 VPN Architectures ISBN: 1-58705-168-0
109
BRKAGG-2000 14555_04_2008_c1
Cisco Public
110
55
BRKAGG-2000 14555_04_2008_c1
Cisco Public
111
56