Atom

AToM Training
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. www.cisco.com

Cisco Confidential 11
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

L2 VPN à Why ???
§ Quote from draft-ietf-pwe3-framework-00.txt:

“ Although Internet traffic is the fastest growing traffic segment, it
does not generate the highest revenue per bit. For example, Frame
Relay traffic currently generates a higher revenue per bit than do
native IP services. ”
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2

L2 VPN à Why ???
§ Traditional Service Providers:
Ø Migration to packet based IP/MPLS network with minimal impact to
their L2 customer base
Ø Leverage one network infrastructure and provide new services
(Internet Access & VPN)
Ø Decouple Edge and Core L2 technology
Ø Core Bandwidth Increase
§ ISP/MPLS-VPN Providers:
Ø Leverage an existing MPLS network to offer L2 services in addition
to L3 services
Ø Transparent to customer’s IGP

L2 Transport
§ L2 transport is standardized by IETF’s PWE3 working
group
§ PWE3: Pseudo Wire Edge to Edge Emulation
Ø Service emulation over a pseudo-wire where the
service is (FR, ATM, Ethernet, PPP, HDLC) and the
pseudo wire is (MPLS, L2TP, GRE)
Ø Implementation details for providing l2 transport such
as encapsulation & signaling necessary for extending
a L1/L2 circuit over a packet-based network

L2 Transport: PWE3 Reference Model
|<------------
|<------------ emulated service(ES) ------------>|
------------>|
|<--
|<--End
End--
-->|
>||<------
|<------ pseudo- ----->||<--
pseudo-wire(PW) ----->||<--End
End--
-->|
>|
Service Service
PSN Tunnel
Site1A
PWES
PE1 PE2 PWES Site1B
SE 1A
IP/MPLS SE 1B
Core
Site 2B
PWES
IP Network
Site 2A SE 2B
PWES
SE 2A
Pseudo-Wire Reference Model

PWES à Pseudo-
Pseudo-Wire End Services
PE à Pseudo-
Pseudo-Wire Endpoint or Provider Edge
PSN Tunnel à Packet Switched Network Tunnel
SE à Service Endpoint or Customer Edge (CE)

Standards: IETF Working Groups à PWE3
• Standards/Drafts:
Ø Cisco’s AToM:
- draft-martini-l2circuit-trans-mpls-**.txt
- draft-martini-l2circuit-encap-mpls-**.txt
Ø Cisco’s L2TPv3:
- draft-ietf-l2tpext-l2tp-base-**.txt

L2VPN
§ Traditional L2VPNs are built with leased lines, virtual circuits such as
ATM PVCs or FR DLCIs
§ L2VPN can now be built using L2 transport mechanisms standardize d by
IETF’s PWE3 working group (aka AToM or L2TPv3)
§ Similar to L3VPN service except that packet forwarding is based on L2
information rather than L3
§ L2 VPN is a service model for interconnecting multiple customers sites
using L2 circuits or L2 transports, taking into consideration factors such
as management, QoS, security, provisioning, etc.

Standards: IETF Working Groups à PPVPN
§ L2VPNs are standardized by IETF’s PPVPN working group
§ PPVPN: Provider Provisioned Virtual Private Network
Ø Implementation & scalability aspects of VPNs
Ø Standards/Drafts:
• L3VPNs (RFC2547bis)
• L2VPNs leveraging the L2 transport work from PWE3
- draft-rosen-ppvpn-l2vpn-**.txt (VPWS)
- draft-sajassi-vpls-architectures-**.txt (VPLS)
- draft-lasserre-vkompella-ppvpn-vpls-**.txt(VPLS)

L2-VPN Models
L2-VPN Models
MPLS Core IP core
VPWS VPLS
Like-to-like -or- P2MP/

Any-to-Any MP2MP L2TPv3 Any-to-any service
AToM Point-to-Point Point-to-Point
Point-to-Point
Ethernet
FR ATM PPP/ FR ATM PPP/

AAL5/Cell HDLC AAL5/Cell HDLC
Ethernet Ethernet

L2VPN Components(Draft-ietf-ppvpn-l2vpn)
Attachments VCs Emulated VCs Attachments VCs
CE-1 PE
Service Provider
Tunnel Circuit
Backbone

L2VPN Types
§ If the relationship between Attachment VCs and

Emulated VCs is fixed, then L2VPN is VPWS
§ If the relationship between Attachment VCs and
Emulated VCs is dynamic and it determined by DA
MAC or DA MAC + VLAN, then L2VPN is VPLS

What is VPLS?
§ A Virtual Private LAN Services (VPLS) is a multipoint Layer 2 VPN
that connects two or more customer devices using Ethernet
bridging techniques
§ VPLS is an ARCHITECTURE defined within IETF Draft-lasserre-
vkompella-ppvpn-vpls-02.txt
§ A VPLS emulates an Ethernet Switch with each EMS being
analogous to a VLAN

What VPLS is Not?
§ …a service
§ …a complete solution
§ …as scalable as L3VPNs
§ …a standard
§ …a proven market
§ …about End-to-End Ethernet
§ …cheap to install and maintain because it’s Ethernet

How did we arrive at VPLS?
§ IETF definition of pseudo-wires enabled the concept of forwarding Ethernet frames over
MPLS LSPs
Martini Draft
§ By linking Virtual Switches using Pseudo-wires, virtual LAN services are possible
Riverstone’s draft-lasserre-ppvpn-vpls
§ Several competing drafts were then presented that described Hierarchical VPLS to address
shortfalls within draft-lasserre
Notably draft-sajassi-vpls-architectures & draft-khandakhar-ppvpn-hvpls
§ The latest VPLS Draft-lasserre-vkompella-ppvpn-vpls-02 is a merger of
draft-lasserre-ppvpn-vpls
draft-khandekhar-ppvpn-hvpls, and
draft-sajassi-vpls-architectures
§ Most other drafts have now expired although new ones have been proposed

The IEEE and VPLS
§ IEEE have engaged informally with the IETF to ensure
compatibility between the IETF definition of a bridge and the
IEEE’s definition
§ IEEE have also agreed a PAR (802.1ad) authorising investigation
of an IEEE Metro Ethernet standard
§ Some areas of investigation are
Tag Stacking (QinQ) standardisation
Layer 2 OAM (L2Trace and L2PING)

New VPLS Drafts
§ Draft-shah-ppvpn-ipls-00
Cisco co-authored (Eric Rosen)
Addresses MAC learning challenged devices such as routers
H-VPLS addresses these devices too
§ Draft-sajassi-mvpls-00
Cisco Authored (Ali Sajassi)
Uses Multicast to discover address locations and auto-discovery
§ Draft-sodder-ppvpn-vhls-xx
Proposes MAC-in-MAC as a transport
Expanded 802.1q “like” field - 24 bit VLAN index
Similar to Nortel’s Logical PE

New VPLS Drafts – MAC-in-MAC
§ Draft-sodder-ppvpn-vhls-01 is attracting some attention as it “simplifies” the
core requirements for MAC address learning and also addresses VLAN index
scaling
§ The draft addresses the problem at the expense of the edge device in terms
of complexity and scaling
Edge device must hold SP and Customer MAC addresses
Must impose/dispose of SP MAC headers
Obviates the need for an MPLS core and pseudo-wires
Does not address flooding considerations
Solution breaks 802.1q, .1w/s bridges
§ Little traction within the IETF or IEEE as the draft either breaks or overlaps
with existing implementations

Cisco’s Commitment to Standards
§ Cisco 7600 has implemented VPLS as per draft-sajassi-vpls-architecture
§ Committed to delivering H-VPLS as per draft-lasserre-vkompella-ppvpn-vpls-
01
§ H-VPLS on 12000, 7600, 6500, 3750 Metro
§ MAC-in-MAC is being investigated
§ Cisco is active within the IETF PPVPN working group (Ali Sajassi)
§ Cisco is active within the IEEE 802.1ad committee (Norm Finn)
§ Cisco is active within the Metro Ethernet Forum (Bob Klessig)

VPLS Operation

19

VPN & VPLS Desirable Characteristics
§ Auto-discovery of VPN membership
Reduces VPN configuration and errors associated with
configuration
§ Signaling of connections between PE devices

associated with a VPN
§ Forwarding of frames
AToM uses Interface based forwarding
VPLS uses IEEE 802.1q Ethernet Bridging techniques
§ Loop prevention
MPLS core will use a full mesh of PWs and “split-horizon”
forwarding
H-VPLS edge domain may use IEEE 802.1s Spanning Tree,
RPR, or SONET Protection

Cisco VPLS Building Blocks
Layer 2 VPN Point-to-Point Multipoint

Layer 3 VPN
Layer 2 VPN Layer 2 VPN
Forwarding Interface-Based/ Ethernet

IP Routing
Mechanism Sub-Interface Switching (VFI)
VPN Centralized Distributed

Discovery DNS Radius Directory Services BGP NMS/
OSS
Signaling Label Distribution
Protocol
Tunnel MPLS IP
Protocol
Hardware Cisco 7600 Catalyst 6500 Cisco 12000
A Comprehensive Solution: Robust, Flexible, Scalable, Manageable


VPLS Auto-discovery & Signaling

Discovery DNS Radius Directory Services BGP
Signaling Label Distribution

Protocol
§ Draft-ietf-l2vpn-vpls-ldp-xx does not mandate an auto-discovery protocol

Can be BGP, Radius, DNS, AD based
§ Draft-ietf-l2vpn-vpls-ldp-01 describes using Targeted LDP for Label exchange
and PW signaling
PWs signal other information such as Attachment Circuit State, Sequencing
information, etc
Cisco IOS supports Targeted LDP for AToM and Virtual Private LAN Services

VPLS Components
Attachment Circuit
n-PE n-PE
CE CE
PW
Tunnel LSP PW CE
CE
PW
CE CE
P
Tu
LS
nn
Red VSI
el
Red VSI
el
nn
LS
Tu
Directed LDP Blue VSI
P
Blue VSI
Green VSI session between Green VSI
participating PEs CE
CE Full Mesh of PWs

between VSIs
n-PE
Legend
Blue VSI
CE - Customer Edge Device Red VSI
n-PE - network facing-Provider Edge
VSI - Virtual Switch Instance
PW - Pseudo-Wire
Tunnel LSP - Tunnel Label Switch Path that
provides PW transport

VPLS: Layer 2 Forwarding Instance
Requirements
A Virtual Switch MUST operate like a conventional L2 switch!
Flooding / Forwarding:
§ MAC table instances per customer and per customer VLAN (L2-VRF
idea) for each PE
§ VSI will participate in learning, forwarding process
§ Uses Ethernet VC-Type defined in pwe3-control-protocol-xx
Address Learning / Aging:

§ Self Learn Source MAC to port associations
§ Refresh MAC timers with incoming frames
§ New additional MAC TLV to LDP for MAC withdrawal* ß Not Req.
Loop Prevention:
§ Create partial or full-mesh of EoMPLS VCs per VPLS
§ Use “split horizon” concepts to prevent loops
§ Announce EoMPLS VPLS VC tunnels

VPLS Overview:
Flooding & Forwarding
?
Data SA ?
§ Flooding (Broadcast, Multicast, Unknown Unicast)

§ Dynamic learning of MAC addresses on PHY and VCs
§ Forwarding
Physical port
Virtual circuit

VPLS Overview:
MAC Address Learning
Send me traffic 102 MAC 1 MAC 2 Data Send me traffic
with Label 102 with Label 201
PE1 PE2
CE VC Label 102 ßTx CE
Tx à VC Label 201
E0/0 E0/1
MAC Address Adj MAC Address Adj

MAC 2 201 MAC 2 E0/1
MAC 1 E0/0 Data MAC 1 MAC 2 201 MAC 1 102
MAC x xxx MAC x xxx
§ Broadcast, Multicast, and unknown Unicast are learned via the

received label associations
§ Two LSPs associated with an VC (Tx & Rx)
§ If inbound or outbound LSP is down, then the entire circuit is
considered down

VPLS Overview:
MAC Address Withdrawal
LDP Address Withdrawal
§ Primary link can cause MAC Address Withdrawal by:

§ Sending a sending a notification message:
– PE removes any locally learned MAC addresses and sends LDP address
withdrawal (RFC3036) to remote PEs in VPLS
– Done via newly defined MAC TLV
§ Or, wait for regular address timeouts (default, 300 seconds)

VPLS Overview:
VPLS Loop Prevention
CEs
PEs MPLS Network
- LDP between VPLS members
PE view - EoMPLS PW to each peer
§ Each PE has a P2MP view of all other PEs it sees it self as a root
bridge, split horizon loop protection
§ Full mesh topology obviates STP requirements in the service provider
network
§ Customer STP is transparent to the SP / customer BPDUs are
forwarded transparently
§ Traffic received from the network will not be forwarded back to the
network

VPLS Architecture

29

VPLS & H-VPLS
§ VPLS
192.168.11.25/24
VPLS 192.168.11.11/24
Single Flat Hierarchy

192.168.11.1/24 MPLS to the Edge
192.168.11.2/24
192.168.11.12/24
§ H-VPLS
H-VPLS u-PE
u-PE PE-CLE
PE-CLE n-PE n-PE MTU-s
Two Tier Hierarchy MTU-s PE-POP PE-POP
GE PE-rs PE-rs
MPLS or Ethernet Edge PW
MPLS Core
Ethernet Edge MPLS Core MPLS Edge

Point-to-Point or Ring

VPLS Architecture:
Characteristics - Direct Attachment (Flat)
Overview:
§ Okay for small customer implementations
§ Simple provisioning
§ Full mesh of directed LDP sessions required between participating PEs
§ VLAN and Port level support (no QinQ)
Drawbacks:
§ No hierarchical scalability
§ Scaling issues:
PE packet replication
Full mesh causes classic - N*(N-1) / 2 concerns

VPLS & H-VPLS
§ VPLS
192.168.11.25/24
VPLS 192.168.11.11/24
Single Flat Hierarchy

192.168.11.1/24 MPLS to the Edge
192.168.11.2/24
192.168.11.12/24
§ H-VPLS
H-VPLS u-PE
u-PE PE-CLE
PE-CLE n-PE n-PE MTU-s
Two Tier Hierarchy MTU-s PE-POP PE-POP
GE PE-rs PE-rs
MPLS or Ethernet Edge PW
MPLS Core
Ethernet Edge MPLS Core MPLS Edge


VPLS Architecture:
Characteristics – H-VPLS
Benefits:
§ Best for larger scale deployment
§ Reduction in packet replication and signaling overhead on PEs
§ Full mesh for core tier (Hub) only
§ Attachment VCs “virtual switch ports” effected through Layer 2 tunneling
mechanisms (AToM, L2TPv3, QinQ)
§ Expansion affects new nodes only (no re-configuring existing PEs)
Drawbacks:
§ More complicated provisioning
§ MPLS Edge H-VPLS requires MPLS to u-PE
Complex operational support
Complex network design
Expensive Hardware support

VPLS Architecture:
Architecture – Ethernet Edge H-VPLS
3550s 7600s
802.3 .1Q QinQ Full Mesh LDP

u-PE n-PE n-PE
CE1 CE4
101
102
MPLS Network
CE2a
400
401
CE2b
SP applied VLAN
Tags for Customer n-PE
isolation (PE-VLAN) VPLS functioning
Customer applied between
VLAN Tags for participating PEs
WG isolation (CE-
VLAN)
Dot1q Tunneling
Ether
Data 401 102 Type SA DA

VPLS Architecture:
Architecture – Ethernet Edge H-VPLS
3550s 7600s
802.3 .1Q QinQ Full Mesh LDP

u-PE n-PE- n-PE
CE1 CE4
101 PoP
102
MPLS Network
CE2a
400
401
CE2b
SP applied VLAN
Tags for Customer n-PE
isolation (PE-VLAN) VPLS functioning
Customer applied
PW – VC Label is between
VLAN Tags for imposed at VSI participating PEs
WG isolation (CE-
VLAN)
Ether
Data 401 Type SA DA 25 47

VPLS Architecture:
Architecture – MPLS Edge H-VPLS
L2VPN 7600s
Router AToM
802.3 .1Q or Full Mesh LDP
PE-CLE L2TPv3 PE-PoP PE-PoP
CE1 CE4
PSN MPLS Network

CE2a
400
401
CE2b
SP applied VC-Label
& Tunnel LSP Label PE-PoP
VPLS functioning
Customer applied
between
VLAN Tags for WG
participating PEs
isolation (CE-VLAN)
Ether
Data 401 Type
SA DA 1000 33

VPLS Architecture:
Architecture – MPLS Edge H-VPLS
L2VPN 7600s
Router AToM
802.3 .1Q or Full Mesh LDP
u-PE L2TPv3 n-PE n-PE
CE1 CE4
PSN MPLS Network

CE2a
400
401
CE2b
AToM or L2TPv3
Header is now n-PE
removed.
PW – VC & Tunnel VPLS functioning
Customer applied
labels are imposed between
VLAN Tags for WG
participating PEs
isolation (CE-VLAN)
Ether
Data 401 Type SA DA 25 47

VPLS Enabled
Services

38

Summary of Ethernet-based Services
Ethernet-Based Services
Layer 1 Layer 2 Layer 3
Point-to-Point Multipoint
Ethernet
Ethernet
Ethernet
Ethernet Ethernet
Ethernet Ethernet
Ethernet Ethernet
Ethernet
Relay
Relay MPLS
MPLS
Private
Private Wire
Wire Relay
Relay Multipoint
Multipoint
Multipoint
Multipoint VPN
VPN
Line
Line Service
Service Service
Service Service
Service
Service
Service
Transparent LAN Service/

Hybrid ERS+EMS Emulated LAN
Analogous to Frame Relay
Similar to ERS only w/ VLAN transparency

Analogous to Private Line

Ethernet Multipoint Service (EMS)
Multipoint Port-Based Service
Ethernet Virtual
P2P MP
Connection
Architecture VPWS VPLS EoS/xWDM
Customer
Router Bridge
Equipment
Service Service VLAN L2 PDU

Bundling
Characteristics Multiplexing Transparency Transparency

Ethernet Multipoint Service (EMS)
§ Multipoint service where all devices are direct peers

§ No Service Multiplexing—all VLANs are presented to all sites (“all-to-one”
bundling)
§ Transparent to Customer BPDUs
§ Also called Transparent LAN Service (TLS), E-LAN, or VPLS
§ Routers and/or Switches as CE Devices

Ethernet Relay Multipoint Service
(ERMS)
Multipoint VLAN-Based Service
Ethernet Virtual
P2P MP
Connection
Architecture VPWS VPLS EoS/xWDM
Customer
Router Bridge
Equipment
Service Service VLAN L2 PDU

Bundling
Characteristics Multiplexing Transparency Transparency

Ethernet Relay Multipoint Service
(ERMS)
§ Both P2P and MP2MP Services can coexist on the same UNI
§ Service multiplexed UNI (e.g. 802.1Q trunk)
§ Recommend Routers as CE Devices

VPLS Deployment
Scenarios

44

VPLS Deployment:
SMB Connectivity
SFO-PE NYC-PE
CE-SITE1 MPLS Network CE-SITE2
DFW-PE
CE-SITE3
§ New Layer 2 multipoint service offering

§ Enterprise maintains routing and administrative autonomy
§ Layer 3 protocol independence
§ Full mesh between customer sites

VPLS Deployment:
Layer 2 Multipoint Transit Provider
CE-1
SP-A Transit Provider SP-A

Network
VPLS
LDP CE-1
AToM / L2TPv3
§ SP-As PEs appear back to back and packets are forwarded

§ No LDP or Route exchange with transit provider
§ Provides optimal traffic path to carrier’s PE
§ Doesn’t require full mesh provisioning for transit provider

AToM Concepts &
Protocol Overview

What is AToM ?
§ Defines Cisco’s approach for L2 transport over MPLS (Point to
Point transport)
§ Based on Martini drafts for encapsulation & Transport of Layer 2
PDUs
§ Currently in Deployed in 7200/7500/7600/12000

Any Transport = …
draft-martini-l2circuit-trans-mpls-xx.txt
draft-martini-l2circuit-encap-mpls-xx.txt
§ ATM AAL5 PDU
§ ATM cells (non AAL5 mode)
§ FR PDU
§ Ethernet
§ 802.1Q (Ethernet VLAN)
§ Cisco-HDLC
§ PPP
draft-anavi-tdmoip-xx.txt
draft-malis-sonet-ces-mpls-xx.txt
§ TDM

AToM Idea
§ The Layer 2 transport service over MPLS is implemented through the

use of two level label switching between the edge routers
Very similar to RFC2547 (MPLS-VPN)
§ The label used to route the packet over the MPLS backbone to the
destination PE is called the
“tunnel label”
§ The label used to determine the egress interface is referred to as the VC
label
§ The egress PE allocates a VC label and binds the Layer 2 egress
interface to the VC in question, then it signals this label to the ingress PE
via the targeted LDP session

AToM
VC
VC
LDP
Loopback 0
LDP
LDP
LSP
LSP
LDP VC
LDP
Loopback 0
Tunnel LSP Could Be TE LSP or LDP LSP

AToM: Label Bindings
VC L-27
L30
L25
Pop
L20
§ VC Label
= ‘L27’ in this example, cf later

AToM: Virtual Circuit FEC Element
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
VC TLV (0x80) C VC-

VC-type VC info length
Group ID
VC ID
Interface Parameters
C: Control Word (1 bit) – Control word present if bit set

VC-type (15 bits) - Type of VC e.g FR, ATM, VLAN, Ethernet, PPP, HDLC
VC info length (8 bits) – Length of VCID field and interface parameters
Group ID (32 bits) – Represents a groups of VCs. Can be used for mass label
withdrawal
VC ID (32 bits) – Connection identifier used in conjunction with the VC-type to
identify a particular VC
Interface Parameters (Variable) – Edge facing interface parameters, such as MTU
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Courtesy: Jim Guichard 53

LDP Label Mapping Exchange
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| Label Mapping (0x0400) | Message Length | LDP Label Mapping
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Message (Specified in
| Message ID |
RFC 3036)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| FEC (0x0100) | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VC tlv (0x80) |C| VC Type |VC info Length | FEC TLV Header
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ (Specified in RFC 3036)
| Group ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VC ID |
Virtual Circuit FEC Element
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Interface parameters |
(Specified in draft-martini-
| " | l2circuit-trans-mpls)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| Generic Label (0x0200) | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Label TLV Header
| Label |
(Specified in RFC 3036)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Optional Parameters |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

AToM: Label Forwarding
L27 From Left to Right
dlci
101
L27 L30
L27 L25
L27 L20
L27
L27 dlci
202

AToM: Control Word
Label (LSP) EXP 0 TTL
Label (VC) EXP 1 TTL
0000 Flags Length Sequence Number
L2 PDU
ATM TELC Transport Type, EFCI, CLP, C/RC/R

FR BFDC BECN, FECN, DE, C/R

AToM Terminology
§ Emulated Service or the end-to-end L2 connectivity between customer sites offered by
AToM can be described in terms of…
<Attachment VC, Emulated VC, Attachment VC>
< CE1 <−> PE1, PE1 <−> PE2, PE2 <−> CE2>
§ AVC is identified by a L2 circuit identifier such as

– FR DLCI, Ethernet VLAN, ATM PVC etc
§ EVC is identified by a VC Identifier with a corresp. ‘VC Label’

§ EVC is carried in an MPLS Tunnel between the PEs
§ Tunnel can be an MPLS LSP or RSVP-TE with corresp. Tunnel labels
§ Multiple EVCs from multiple
customers can be multiplexed
EVC Tunnel
onto the same
Tunnel between the PEs AVC AVC
MPLS
Core
AVC
AVC IP Network

AToM Protocol
§ Protocols necessary to implement the Emulated service can be categorized
as..
Ø Control Plane Functions (Signaling)
Ø Emulated VC signaling à LDP draft-martini-l2circuit-trans-mpls
Ø MPLS Tunnel signaling à LDP/TDP(LSP) or RSVP(TE)
Ø Data Plane Functions (Encapsulation)
Ø Attachment VC termination à draft-martini-l2circuit-encap-mpls
Ø Emulated VC termination à draft-martini-l2circuit-encap-mpls
Ø Emulated VC tunneling à draft-martini-l2circuit-encap-mpls

AToM: Control Plane (Signaling)
§ Need for Emulated VC and Tunnel Signaling:
AToM/L2 transport is implemented using two level label switching
between the PEs (similar to RF2547/L3VPNs)
Distribution of Tunnel Labels (LDP or TDP) for Tunnel setup
Distribution of VC Labels (LDP only) for Emulated VC setup

AToM: Control Plane (Signaling)
§ Emulated VC signaling must be done via LDP
Directed LDP session between PEs
Existing Label mapping messages used
New VC FEC element =128 created for distributing VC labels
§ Tunnel Signaling outside the scope of draft-martini-

l2circuit-trans-mpls

AToM: Control Plane Example
interface s1/0
encapsulation frame-relay
Directed LDP session interface s2/0
erame-relay interface-type dce erame-relay interface-type dce
connect s1/0 555 l2transport connect s1/0 955 l2transport

mpls l2 route 10.13.1.96 10555955 mpls l2 route 10.13.1.55 10555955”
Site1A
TUNNEL LSP
DLCI 555 DLCI 955 Site1B

PE1 PE2 CE 1B
CE 1A
MPLS
Core
1.55 1.96 Site 2B
Site 2A
DLCI 956
DLCI 556 IP Network
CE 2B
CE 2A
Step1: ‘mpls l2 route 10.13.1.96 10555955’ added to PE1à1.55

Step2: Targetted Hellos to 10.13.1.96
Step3: Directed LDP session setup with 10.13.1.96 and ready to
exchange VC labels

AToM: Discovery Phase
RSP-PE-STHEAST-5#sh mpls ldp discovery detail
Local LDP Identifier:
10.13.1.55:0
Discovery Sources:
Interfaces:
POS11/0/0 (tdp): xmit/recv
TDP Id: 10.13.1.58:0
Src IP addr: 10.13.5.41; Transport IP addr: 10.13.1.58
FastEthernet10/0/0.441 (tdp): xmit/recv
TDP Id: 10.13.1.59:0
FastEthernet10/0/1.432 (tdp): xmit/recv
TDP Id: 10.13.1.58:0
Targeted Hellos:
10.13.1.55 -> 10.13.1.96 (ldp): active/passive, xmit/recv
LDP Id: 10.13.1.96:0

AToM: Targetted LDP session
§ RSP-PE-STHEAST-5#sh mpls ldp neighbor 10.13.1.96
Peer LDP Ident: 10.13.1.96:0; Local LDP Ident 10.13.1.55:0
TCP connection: 10.13.1.96.11014 - 10.13.1.55.646
State: Oper; Msgs sent/rcvd: 2773/2779; Downstream
Up time: 1d10h
LDP discovery sources:
Targeted Hello 10.13.1.55 -> 10.13.1.96, active, passive
Addresses bound to peer LDP Ident:
10.13.1.96 10.13.9.30 10.13.9.46 10.13.0.96
10.13.9.66
§ RSP-PE-STHEAST-5#

interface s1/0
Directed LDP session interface s2/0
erame-relay interface-type dce erame-relay interface-type dce
connect s1/0 555 l2transport connect s1/0 955 l2transport

mpls l2 route 10.13.1.96 10555955 mpls l2 route 10.13.1.55 10555955”
Site1A
TUNNEL LSP

PE1 PE2 CE 1B
CE 1A
MPLS
Core
1.55 1.96 Site 2B
Site 2A
DLCI 956
DLCI 556 IP Network
CE 2B
CE 2A
Step 4A: PE-CE interface on PE1 is ‘no shutd’…

- PE1 will allocate a VC label for DLCI 555
- binds it to VC ID: 10555955
- encodes the VC Label TLV with the VC label
- encodes the VC FEC TLV with the VC ID
- advertises the label to 10.13.1.96

AToM: Label Mapping
§ RSP-PE-STHEAST-5#debug mpls l2transport signaling message
*Apr 24 17:14:10.374 EDT: AToM LDP [10.13.1.96]: Sending label m apping msg vc type 1, cbit 1, vc id
10555955, group id 33, vc label 180, status 0, mtu 1500
§ RSP-PE-STHEAST-5#sh mpls l2transport binding 10555955
Destination Address: 10.13.1.96, VC ID: 10555955
Local Label: 180
Cbit: 1, VC Type: FR DLCI, GroupID: 33
MTU: 1500, Interface Desc: n/a
Remote Label: unassigned
§ RSP-PE-STHEAST-5#sh mpls l2transport vc 10555955 detail
Local interface: Se8/0/0/2:0 up, line protocol up, FR DLCI 555 up
Destination address: 10.13.1.96, VC ID: 10555955, VC status: down
Tunnel label: not ready, LFIB entry present
Output interface: unknown, imposed label stack {}
Create time: 20:36:57, last status change time: 00:31:21
Signaling protocol: LDP, peer 10.13.1.96:0 up
MPLS VC labels: local 180, remote unassigned
Group ID: local 33, remote unknown
MTU: local 1500, remote unknown
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 0, send 0
byte totals: receive 0, send 0
packet drops: receive 0, send 0

Directed LDP session
“mpls l2 route 10.13.1.96 10555955” “mpls l2 route 10.13.1.55 10555955”
Site1A
TUNNEL LSP

PE1 PE2 CE 1B
CE 1A
MPLS
Core
1.55 1.96 Site 2B
Site 2A
DLCI 956
DLCI 556 IP Network
CE 2B
CE 2A
Step 4B: PE-CE interface on PE2 is ‘no shutd’…

- PE2 will allocate a VC label for DLCI 955
- binds it to VC ID: 10555955
- encodes the VC Label TLV with the VC label
- encodes the VC FEC TLV with the VC ID
- advertises the label to 10.13.1.55

AToM: Label Mapping
Apr 24 17:24:53.700 EDT: AToM LDP [10.13.1.55]: Sending label ma pping msg
vc type 1, cbit 1, vc id 10555955, group id 37, vc label 204, st atus 0, mtu 1500
§ RSP-PE-NTHEAST-6#sh mpls l2transport binding 10555955
Local Label: 204
Remote Label: 180
§ RSP-PE-NTHEAST-6#sh mpls l2transport vc 10555955 detail
Local interface: Se2/0/0/2:0 up, line protocol up, FR DLCI 955 up
Destination address: 10.13.1.55, VC ID: 10555955, VC status: up
Tunnel label: 56, next hop 10.13.9.29
Output interface: Gi1/0/0.412, imposed label stack {56 180}
MPLS VC labels: local 204, remote 180
Group ID: local 37, remote 33
MTU: local 1500, remote 1500
VC statistics:

Directed LDP session
“mpls l2 route 10.13.1.96 10555955” “mpls l2 route 10.13.1.55 10555955”
Site1A
TUNNEL LSP

PE1 PE2 CE 1B
CE 1A
MPLS
Core
1.55 1.96 Site 2B
Site 2A
DLCI 956
DLCI 556 IP Network
CE 2B
CE 2A
Step 5a: PE-CE interface on PE1 is ‘shutd’…

- PE1 will send a Label Withdrawal message to 10.13.1.96
- status of the VC is down
Step 5b: PE-CE interface on PE2 is ‘shutd’…
- PE2 will send a Label Withdrawal message to 10.13.1.55
- status of the VC is same as in (5a)

AToM: Label Withdrawal
RSP-
RSP-PE-
PE-STHEAST-
STHEAST-5(config-
5(config-if)#sh
*Apr 24 17:51:57.260 EDT: AToM LDP [10.13.1.96]: Sending label withdraw
withdraw msg
vc type 1, cbit 1, vc id 10555955, group id 33, vc label 180, status
status 0, mtu 1500
§ RSP-PE-NTHEAST-6#sh mpls l2transport binding 10555955
Local Label: unassigned.
Remote Label: 204
§ RSP-PE-STHEAST-5#sh mpls l2transport vc 10555955 detail
Local interface: Se8/0/0/2:0 admin down, line protocol down, FR DLCI 555 admin down
Destination address: 10.13.1.96, VC ID: 10555955, VC status: down
Tunnel label: not ready, LFIB entry present
Output interface: unknown, imposed label stack {}
MPLS VC labels: local unassigned, remote 204
Group ID: local unknown, remote 37
MTU: local unknown, remote 1500
VC statistics:

Why LDP signaling is useful between PEs
To transport circuit status

– eg. FR: If PE1 sees an issue with dlci 555, it withdraws the VC label
so that PE2 can signal the issue on the right via LMI
– useful for FR, ATM, HDLC, Ethernet…
§ In-Sequence delivery
– Required for ATM and FR. If Ethernet used for non-IP applications, in-
sequence delivery is also required
– PE1 and PE2 can use LDP to synch their sequence numbers after
reload/reboot…
§ Explicit Goal for PEW3 IETF WG

AToM: Data Plane (Martini Encapsulation)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 01
Tunnel label Tunnel Label EXP 0 TTL
VC label VC Label EXP 1 TTL
Control Word Rsvd Flags 0 0 Length Sequence number
L2 Frame L2 PDU

Tunnel Label
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 01
Control Word(Optional) Rsvd Flags 0 0 Length Sequence number
L2 Frame L2 PDU
Tunnel Label:
Ø IGP or Outer label that can be distributed by any of the existing mechanisms and is
outside the scope of martini draft
Ø label associated with the tunnel i.e. MPLS LSP or RSVP-TE used to deliver the packet from
the ingress PE to egress PE

VC Label
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 01
L2 Frame L2 PDU
VC Label:
Ø Inner label that is used by receiving PE to determine the following information and do
disposition on the received packet…
Ø egress or CE facing interface that the packet should be forwarded to
Ø L2 ID such as VLAN or DLCI or PVC used on the CE facing interface
Ø can use static labels (not done in Cisco implementation) or if signaling is used, LDP must be
used using downstream unsolicited mode.
EXP can be set to the values received in the L2 frame, ATM CLP or FR DE bit or it can be set by the
PE via CLI or as a result of some QoS policy
TTL is recommended to be set to ‘2’

Control Word
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 01
L2 Frame L2 PDU
Control Word (CW):

Ø Optional or Mandatory depending on the type of L2 transport
Ø Rsvd: Reserved for future use
Ø Sequence number:
- provides sequencing capability to detect out of order packets if needed
- currently not in Cisco’s implementation
- Optional
Flags: to carry control bits (ATM CLP, FR DE) in the recvd. L2 frame across the MPLS network
Length: used to indicate the actual packet length if any padding was done to the packet

Control Word
§ Control Word (CW) whether used or not must be indicated to both PEs(local &
remote) either by manual configuration or using signaling
§ Mandatory: CW Field must be present whether its used or not
- Frame Relay (use is optional)
• FECN/BECN/DE & C/R bits are transported in the 4 bit FLAG field of the control word
• Above values can be modified from ‘0’ à ‘1’ to indicate congestion in the transport
network but not vice-versa
- AAL5 (use is optional though desirable)
• First Flag bit indicates whether the packet contains an ATM Cell or a AAL5 CPCS-SDU
• EFCI and CLP bit is transported in the 4 bit FLAG field
§ Optional: CW Field can be present and maybe used
- If used, then the CW Flag bits must be set to ‘0’ and must be ignored by the receiving or
egress PE
- Ethernet (VLAN and PORT based)
- ATM Cell Relay
- PPP
- HDLC

Configuration & Packet
Flows

Configuration Guidelines
§ VC Ids must match on either side
§ MTUs on the PE-CE link on both the local and remote
ends must match on either side
§ VC Ids must be unique between a pair of routers
§ Attachment Circuit Ids(FR DLCI, AAL5 PVC, Ethernet
VLAN) does not need to match

AToM
Transport of Ethernet over MPLS

(7600 focus)

EoMPLS Implementation based on Martini
Draft
• Three main requirements for transport of Ethernet

frames
802.1q VLAN to 802.1q VLAN transport;
802.1q VLAN port to port transport;
Ethernet port to port transport; (all traffic)
• Phase 1 of AToM supports 802.1q VLAN to VLAN
transport ONLY (i.e. EoMPLS)
VC-type 0x0004 within draft-martini-l2circuit-trans-mpls;
Support for VC-type 0x0005 port-to-port Ethernet trunking &
port-to-port VLAN trunking
ISL encapsulation is NOT supported

Draft-martini
Cisco’s implementation of MPLS based Layer 2 VPNs uses draft-
martini-l2circuit-* drafts.
The basic idea is to tunnel L2 packets through the MPLS cloud using
an LSP tunnel (similar to RFC2547 VPNs)
A Layer 2 “circuit” is allocated a label and LDP is used to distribute
the label-circuit mapping.

Draft-martini
Directed LDP sessions are used between the LSRs. The

mode is set to downstream unsolicited.
If there is an existing session (only platform label space
is permitted for directed sessions, anyway) , there isn’t
a need to create a new session.

EoMPLS Implementation based on
Martini Draft
• Martini VC Types used in EoMPLS

VC type 4 = Ethernet VLAN = All Pkts are
tagged and VLANID is constant.
VC type 5 = Ethernet = Pkts are untagged and
tagged(VLANID changes).
PS-542
2884_05_2001_c4
Presentation_ID ©©2001,
2006 Cisco Systems,Inc.
Cisco Systems, Inc.AllAllrights
rights reserved. Cisco Confidential
reserved. 82
82

Packet Format from
CE to CE through
EoMPLS cloud.

VC LABEL BINDING MESSAGE
LABEL MAPPING MESSAGE CONTAINS

VC Forward Equivalence Class (FEC) ELEMENT TYPE 0X80(128)
And Associated LABEL
•VC Type
ØC bit – Control Word (0 for Ethernet/VLAN)
Ø0x0004 – Ethernet VLAN
Ø0x0005 – Ethernet Port-Based
•VC Info Length
ØLength of VC ID and Variable Interface Parameters field
•Group ID
ØUsed to manage a group of VCs common to an LSP(No need to match)
•VC ID
•Interface Parameters
ØMTU of ‘Customer’ Facing Interface (VLAN)
Format of LDP Binding Message
VC TLV VC Type VC Info Len Group ID VC ID Interface Parameters…….
VC label bindings are distributed using the LDP downstream unsolicited mode

Packet Format CE — LER
Original Ethernet Frame
DA SA 8000 V HL TOS ….
DA SA 8000 V HL TOS …
VLAN Encapsulated Frame
DA SA 8100 Pbits Cbit VLAN ID Ethernet Frame
4 Byte 802.1q Header

11.10.128.204/32
• 2 Byte EtherType Field (8100) PE2 11.10.128.201/32
Core-1 Core-3
• 3 P bits PE4
GE2/1
• C bit
• 12 bit VID TDP/LDP TDP/LDP
CE2
CE1

Packet Format LER—LSR
VLAN Encapsulated Frame
DA SA 8100 Pbits Cbit VLAN ID Ethernet Frame
MPLS Labeled Packet
DA SA 8847 MPLS LSEs DA SA 8100 Pbits Cbit VLAN ID Ethernet Frame
LSE (Label Stack Entries)

• 20 Bit Label
11.10.128.204/32
• 3 Bit Experimental Field (Exp) 11.10.128.201/32
PE2
Core-1 Core-3
• 1 Bit Bottom of Stack Indicator (S) GE2/1 PE4
• 1 Byte TTL
TDP/LDP TDP/LDP
CE2
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
CE1 86

Packet Format LER—LSR (Cont.)
MPLS Labeled Packet
DA SA 8847 00037 0 FE 00012 1 02 DA SA …
• Tunnel Label Entry

- Label 55 (37)
- Exp = 0
11.10.128.204/32
-S=0 11.10.128.201/32
PE2
Core-1 Core-3
- TTL = FE GE2/1 PE4
• VC Label
- Label 18 (12) TDP/LDP TDP/LDP
- Exp = 0
- S=1 CE2
CE1
- TTL = 02
Detailed packet header explanation at:
http://www-tac.cisco.com/Teams/NSA/MPLS/EOMPLS/pac1.htm

Packet Format LSR—LSR
MPLS Labeled Packet
DA SA 8847 00088 0 FD 00012 1 02 DA SA …
• Tunnel Label Entry

- Label 136 (88) 11.10.128.204/32
- Exp/S = 0 PE2 11.10.128.201/32
Core-1 Core-3
GE2/1 PE4
- TTL = FD
• VC Label
TDP/LDP TDP/LDP
- Label 18 (12)
- Exp/S = 1
CE2
- TTL = 02
CE1

Packet Format LSR—LER
MPLS Labeled Packet
DA SA 8847 00012 1 01 DA SA …
•VC Label
- Label 18 (12)
- Exp/S = 1
11.10.128.204/32
- TTL = 01
PE2 11.10.128.201/32
Core-1 Core-3 PE4
GE2/1
TDP/LDP TDP/LDP
CE2
CE1

Configuring EoMPLS
Basic EoMPLS Topology
Scenario Overview
IOS Configuration for EoMPLS
on 7600
Verifying configuration

Scenario Overview
§ 2 Cisco 7600 routers, used to initiate the EoMPLS tunnel
§ 6 Cisco 12410 routers, representing the SP core routers
§ 2 Cisco 6509 Layer-2 switches where the clients attach
§ 2 Cisco 4000 Layer-2 switches where PC attach

Basic EoMPLS Scenario

Brief overview for EoMPLS Case Study
All inter-router connections are Gigabit-Ethernet based. Each 7600

attaches to a GSR via a Gigabit Ethernet WAN OSR module, and
the GSR routers are connected in a “back-to-back” using POS.
Each PC is on VLAN 1. Both 6509 switches connect to the 7600
routers via 802.1q trunks, where VLAN 25 exists.

IOS EoMPLS Configuration for 7600A
25.25.25.1
PC1
dot1q
1/2 4000A
dot1q
1/1
6509A
dot1q
2/1
7600A
lo 1.1.1.1/32

IOS EoMPLS Configuration for 7600B
mpls label protocol ldp

mpls ldp loop-detection
tag-switching tdp router-id Loopback0
!
interface Loopback0
ip address 1.1.1.2 255.255.255.255
ip router isis EPGN
isis circuit-type level-2-only
!
interface GE-WAN3/1 OSM Module
ip address 10.80.10.1 255.255.255.0
ip router isis EPGN
mpls label protocol ldp
tag-switching mtu 1548
tag-switching ip
isis circuit-type level-2-only
!
interface Vlan1
mpls l2transport route 1.1.1.1 1ßto 7600A
!
router isis EPGN
net 49.0000.0000.0222.00
is-type level-2-only

Verify EoMPLS Connection 1st step ?
§ 7600A_MSFC2#sho mpls ldp neighbor
§ Peer LDP Ident: 1.1.1.2:0; Local LDP Ident 1.1.1.1:0
§ TCP connection: 1.1.1.2.11002 - 1.1.1.1.646
§ State: Oper; Msgs sent/rcvd: 4297/4296; Downstream
§ Up time: 2d13h
§ LDP discovery sources:
§ Targeted Hello 1.1.1.1 -> 1.1.1.2, active, passive
§ Addresses bound to peer LDP Ident:
§ 1.1.1.2 127.0.0.12 10.90.10.1 25.25.25.2

Verify EoMPLS Tunnel

EoMPLS icmp ping test
§ PC-1#ping 25.25.25.2
§ Type escape sequence to abort.
§ Sending 5, 100-byte ICMP Echos to 25.25.25.2, timeout is 2 seconds:
§ .!!!!
§ Success rate is 80 percent (4/5), round-trip min/avg/max = 2/38/142 ms
§ PC-1#

7600A Verify ARP Table
§ 7600A_MSFC2#sho arp
§ Protocol Address Age (min) Hardware Addr Type Interface
§ Internet 25.25.25.1 - 0007.0d0f.6bfc ARPA Vlan1
§ Internet 25.25.25.3 101 0007.0d0f.6bff ARPA Vlan1
§ Internet 25.25.25.2 41 0007.0d0d.d3fc ARPA Vlan1
§ Internet 25.25.25.4 100 0005.dded.afff ARPA Vlan1
§ Internet 10.80.10.1 - 0007.0d0f.6bfc ARPA GE-WAN3/1
§ Internet 10.80.10.2 160 0004.de57.2840 ARPA GE-WAN3/1

Basic EoMPLS Scenario

EoMPLS Encapsulation Details
• Ethernet PDUs are transported without the preamble,
SFD and FCS
but including all VLAN information such as VCID
• The control word is optional
C bit is set by default in Cisco implementation (except 7600)
• If the control word is used then the flags must be set to
zero
The VLAN tag is transmitted unchanged but may be
overwritten by the egress PE router
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Rsvd 0 0 0 0 0 0 Length Sequence number Optional
Ethernet PDU

EoMPLS Transport Formats
Ethernet II Encapsulation
<7 octets> <1 octet> <6 octets> <6 octets> <2 octets> <2 octets> <2 octets> <46-1500> <4 octets>
Preamble SFD DA SA TPID TCI Ethertype Data FCS
Transported using AToM
Preamble SFD DA SA OUI

TPID TCI Length AA-
AA-AA-
AA-03 Ethertype Data FCS
0x00-
0x00-00-
00-00
<7 octets> <1 octet> <6 octets> <6 octets> <2 octets> <2 octets> <2 octets> <3 octets> <3 octets> <2 octets> <46-1492> <4 octets>
802.3/802.2/SNAP Encapsulation

INTRODUCTION TO
PSEUDOWIRE SWITCHING AND
BGP-BASED VPLS AUTO
DISCOVERY

Pseudowire Switching

Inter-Autonomous System Pseudowire
Introduction
AS10 AS20
Provider A Provider B
• We will refer to Inter-Autonomus System (Inter AS) provider model

when a pseudowire spans across 2 different service provider or
administrative domains.
Problem
• End to end pseudowire deployment not possible across multiple ASes
with our current implementation
• Changes in the control and data plane code are required for inter-
working them across multiple ASes

Inter-Autonomous System Pseudowire
Introduction (Cont)
Switch Points
AS10 AS20
Provider A Provider B
• Pseudowire switching solves this problem by inter-connecting

pseudowires belonging to different autonomous systems and thus
providing an end-2-end path
• Switch point refers to the ASBR where pseudowire switching is
performed
• Achieved through inter-working of data and control planes at the
switch point

Pseudowire Switching Model
attached-circuit 3
attached-circuit 1 pwvc 11
PE-3
PE-1 pwvc 151
pwvc 111
AS 1
AS 2
Pwvc 112
pwvc 12 ASBR-2 pwvc 152
PE-2 ASBR-1
attached-circuit 4 PE-4
attached-circuit 6
attached-circuit pseudo-wire Pseudo-wire pseudo-wire attached-circuit
L2 signalling (UNI) LDP / L2TPv3 LDP/L2TPv3 LDP / L2TPv3 L2 signalling (UNI)
VPWS VPWS VPWS
• Based upon draft-ietf-pwe3-segmented-pw-xx

• The Pseudowires that comprise the end-to-end solution can be of the same
(L2TPv3-to-L2TPv3) or different types (L2TPv3-to-AToM)
• Each pseudo wire segment can independently employ draft- martini or L2TPv3
signaling and encapsulations
• The ASBRs are responsible for "cross-connecting" the pseudowire control
channels and pseudowire data planes
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. 107
Cisco Confidential

Pseudowire Switching Model (cont)
Pros
•Per-AS pseudowire control and encapsulation independence
•BGP-enabled policy control of inter-AS pseudowire reduces pseudowire
control channel burden on PE. This reduces the number of required Inter-AS
pseudowire control channels
• Security model : light trustiness (LDP, IGP cross boundary of SP’s but is
limited to neighbour ASBR)
• Link between ASBR’s is independent of attached-circuit media, on same
link, we could have ATM, FR, Ethernet pseudowire, and/or other services (IP,
MPLS-VPN, …)
Cons
•ASBR nodes must store ALL L2VPN NLRIs as well as maintain attachment
circuit state for each pseudowire domain that it straddles.
•QoS Model: Functions such as shaping and policing on per pseudo wire
basis will be required

Packet Handling at Switch Point
VC label handling
• Swapping the incoming VC label in the packet with the outgoing VC label, imposing
new IGP labels, and adding new L2 encapsulation
Outgoing VC label TTL value

• Decrement incoming VC label TTL by one and copy it to outgoing VC label TTL field
(ingress PE sets TTL to 255, used to be 2)
Outgoing VC label EXP bits
• Copy incoming VC label EXP into outgoing VC label EXP field
AToM control word processing
• AToM control word is not processed and sequence number not validated
MTU
• End to end attachment circuit MTU must match and are passed transparently through
switch point

Pseudowire Switching Configuration
Steps
AS 100 AS 200
PE1 PE2
Lpbk: 6.6.6.6
Lpbk: 2.2.2.2 VCID: 2000
VCID: 1000 PE_Agg_1 PE_Agg_2
.1 .2
Lpbk: 3.3.3.3 Lpbk: 5.5.5.5

VCID 1: 1000 60.60.60.0/30 VCID 1: 2000
VCID 2: 3000 VCID 2: 3000
Step #1: Configure Inter-AS with “ send label ” at the

ASBRs (PE_Agg_1/2) so VC label can be exchanged
across the AS boundary.
Step #2: Configure the ACs and PWs on PE1 and PE2
Step #3: Configure L2 VFIs on ASBRs (PE_Agg_1/2)

Step #1 Configure Inter-AS with “ send label ”
at the ASBRs
AS 100 AS 200
PE1 PE2
Lpbk: 6.6.6.6
Lpbk: 2.2.2.2 VCID: 2000
.1 .2
Lpbk: 3.3.3.3 Lpbk: 5.5.5.5

VCID 1: 1000 60.60.60.0/30 VCID 1: 2000
VCID 2: 3000 VCID 2: 3000
PE_Agg_1 PE_Agg_2
! !!
!
router bgp 100 router
router bgp 100 routerbgp
bgp200
200
nonosynchronization no synchronization
synchronization no synchronization
bgp
bgplog-neighbor-changes bgp
log-neighbor-changes bgplog-neighbor-changes
log-neighbor-changes
network 60.60.60.0 mask 255.255.255.252 network
network 60.60.60.0 mask 255.255.255.252 network 60.60.60.0
60.60.60.0mask
mask255.255.255.252
255.255.255.252
neighbor 60.60.60.2 remote-as 200 neighbor
neighbor 60.60.60.1 remote-as100
60.60.60.1 remote-as
neighbor 60.60.60.2 remote-as 200 100
neighbor
neighbor60.60.60.2
60.60.60.2send-label neighbor
send-label neighbor60.60.60.1
60.60.60.1send-label
send-label
no auto-summary no
no auto-summary noauto-summary
auto-summary

Step #2 Configure the ACs and PWs on PE1
and PE2
AS 100 AS 200
PE1 PE2
Lpbk: 6.6.6.6
Lpbk: 2.2.2.2 VCID: 2000
.1 .2
Lpbk: 3.3.3.3 Lpbk: 5.5.5.5

VCID 1: 1000 60.60.60.0/30 VCID 1: 2000
VCID 2: 3000 VCID 2: 3000
pseudowire-class
pseudowire-classip_mode
ip_mode PE1 pseudowire-class
pseudowire-classip_mode
ip_mode PE2
encapsulation
encapsulationmpls mpls encapsulation mpls
encapsulation mpls
!! !
!
interface
interfaceATM3/3
ATM3/3 interface ATM3/3
interface ATM3/3
no ip address no
no ip address noipipaddress
address
no
noipipdirected-broadcast
directed-broadcast no ip directed-broadcast
no ip directed-broadcast
atm
atmclock
clockINTERNAL
INTERNAL atm clock INTERNAL
atm clock INTERNAL
no atm enable-ilmi-trap no atm enable-ilmi-trap
no atm enable-ilmi-trap no atm enable-ilmi-trap
no
noatm
atmilmi-keepalive
ilmi-keepalive nonoatm
atmilmi-keepalive
ilmi-keepalive
pvc
pvc 100/100l2transport
100/100 l2transportencapsulation
encapsulationaal5snap
aal5snap pvc 100/100 l2transport encapsulation aal5snap
pvc 100/100 l2transport encapsulation aal5snap
xconnect 3.3.3.3 1000 pw-class ip_mode xconnect 5.5.5.5 2000 pw-class ip_mode
xconnect 3.3.3.3 1000 pw-class ip_mode xconnect 5.5.5.5 2000 pw-class ip_mode
!! !
!

Step #3 Configure L2 VFIs on ASBRs
(PE_Agg_1/2)
AS 100 AS 200
PE1 PE2
Lpbk: 6.6.6.6
Lpbk: 2.2.2.2 VCID: 2000
.1 .2
Lpbk: 3.3.3.3 Lpbk: 5.5.5.5

VCID 1: 1000 60.60.60.0/30 VCID 1: 2000
VCID 2: 3000 VCID 2: 3000
PE_Agg_1 PE_Agg_2
PE1_Agg_1#sh
PE1_Agg_1#shrun run| |bbl2l2vfi
vfi PE1_Agg_2#sh
PE1_Agg_2#shrun run| |bbl2l2vfi
vfi
l2l2vfi tac-training point-to-point
vfi tac-training point-to-point l2l2vfi tac-training point-to-point
vfi tac-training point-to-point
neighbor
neighbor2.2.2.2
2.2.2.21000
1000encapsulation
encapsulationmpls
mpls neighbor
neighbor6.6.6.6
6.6.6.62000
2000encapsulation
encapsulationmpls
mpls
neighbor
neighbor5.5.5.5
5.5.5.53000
3000encapsulation
encapsulationmpls
mpls neighbor
neighbor3.3.3.3
3.3.3.33000
3000encapsulation
encapsulationmpls
mpls

Availability – PW Switching
§ Shipping on the Cisco 12000 in 12.0(31)S - E2, E3,

E4+, E5 and E6 supported
§ Planned for Cisco 7600 in the Barracuda release

VPLS Configuration

Virtual Private LAN Services (VPLS)
VPLS Is an Architecture
PE PE
CE MPLS CE
Network
CE
§ VPLS defines an architecture that delivers Ethernet multipoint

services over an MPLS network
§ VPLS operation emulates an IEEE Ethernet bridge
§ Cisco implementation is based upon
draft-ietf-l2vpn-vpls-ldp-xx

VPLS Components
Attachment Circuit
n-PE n-PE
CE CE
PW
Tunnel LSP PW CE
CE
PW
CE CE
P
LS
Tu
nn
el
Red VSI Red VSI
nn
el
LS
Tu
P
Blue VSI Directed LDP Blue VSI

Green VSI Session Between Green VSI
Participating PEs CE
CE Full Mesh of PWs

Between VSIs
LEGEND n-PE
Blue VSI
CE - Customer Edge Device
n-PE - network facing-Provider Edge Red VSI
VSI - Virtual Switch Instance
PW - Pseudo-Wire
Tunnel LSP - Tunnel Label Switch Path that
provides PW transport

VPLS Overview
§ A VPLS instance has two components:

– A set of filtering databases called VSIs among the participating
PEs (one VSI per PE)
– A full-mesh of PWs among the participating PEs
§ The full-mesh of PWs represent a broadcast domain (e.g.

VLAN) in bridge world
§ A VSI represent a filtering DB in the bridge world
§ A VPLS as defined corresponds to a bridge in which
each broadcast domain is associated with its own filtering
DB in a PE

VPLS and H-VPLS
192.168.11.25/24
VPLS 192.168.11.11/24
§ VPLS
192.168.11.1/24
- Single flat hierarchy
- MPLS to the EDGE
192.168.11.2/24
H-VPLS
§ H-VPLS u-PE
PE-CLE n-PE n-PE
u-PE
PE-CLE
MTU-s
MTU-s PE-POP PE-POP
- Two (or More) Tier GE PE-rs PE-rs
PW
Hierarchy
- MPLS or
Ethernet Edge
- MPLS Core
ETHERNET EDGE MPLS CORE MPLS EDGE
AGG-1001
Presentation_ID © 2006
© 2006 Cisco Systems, Cisco
Inc. Systems,
All rights Inc. All rights
reserved. Ciscoreserved.
Confidential 119

VPLS: Configuration Example (Manual
Mode)
Create a L2 VFI with a Full Mesh of Participating VPLS PE Nodes
1.1.1.1 / 32 PE-1 PE-2 2.2.2.2 / 32
MPLS Network
l2 vfi Customer-A manual

l2 vfi Customer-A manual
vpn id 100
vpn id 100
neighbor 1.1.1.1 encapsulation mpls
PE-3 3.3.3.3 / 32 !
!
Interface loopback 0
Interface loopback 0 l2 vfi Customer-A manual
ip address 2.2.2.2 255.255.255.255
ip address 1.1.1.1 255.255.255.255 vpn id 100
!
ip address 3.3.3.3 255.255.255.255

VPLS: Configuration Example
PE à CE
PE-1 PE-2
CE1 FE0/0 FE0/0 CE1
MPLS Network
Interface fastethernet0/0 PE-3 Interface fastethernet0/0

switchport switchport
switchport mode dot1qtunnel switchport mode dot1qtunnel
switchport access vlan 100 FE0/1 switchport access vlan 100
! !
Interface vlan 100 CE1 Interface vlan 100
no ip address no ip address
Interface fastethernet0/1
xconnect vfi Customer-A xconnect vfi Customer-A
switchport
! !
switchport mode dot1qtunnel
vlan 100 vlan 100
switchport access vlan 100
state active state active
!
Interface vlan 100
no ip address
xconnect vfi Customer-A

Cual es el problema con VPLS?

VPLS Auto Discovery

VPLS Auto-Discovery and Signaling

Discovery DNS Radius Directory Services BGP
Label Distribution
Signaling
Protocol
§ Draft-ietf-l2vpn-vpls-ldp-xx does not mandate an auto-discovery

protocol
Can be BGP, RADIUS, DNS, AD based
§ Draft-ietf-l2vpn-vpls-ldp-xx describes using Targeted LDP for Label

exchange and PW signaling
PWs signal other information such as attachment circuit state, sequencing
information, etc.
Cisco IOS supports targeted LDP for AToM and virtual private
LAN services

Auto Provisioning: A Series of Associations
PE3
PE2
Association 1: AC/CE to VPN(id) VPN(a)
CE2 LDP
Associate an AC with a VPN(id)
(and Authenticate the AC if needed) QoS
...
Association 2: PE to VPN(id)
PE4
Associate a set of PEs with a

VPN(id)
VPN(a)
Association 3: PWPE-VPN(id) Parameters
LDP
Associate PW transport and QoS
CE3
control parameters (p) to the PE6 PE5 ...
corresponding AC pair
PW Signaling
Create and maintain PWPE-VPN(id)

BGP-based Auto-Discovery: Summary
• There is no need to create an explicit list of PEs and
associate them with a given VPN
• When a VPLS instance is created by “l2 vfi” command on
that PE, the corresponding VPN-id is distributed by that
PE via MP iBGP updates and all the other PEs will
become aware of it
• The formats for RD are BGP-ASN:VFI-VPN-ID (default),
ASN:nn or IP-address:nn
• Each VSI must have an import and export RT. By default,
the RT for each VFI will have the same value as the RD.
• There is only a single broadcast domain per filtering DB
(e.g., there is one-to-one correspondence)
• After distribution of PW related parameters, the PWs are
setup through targeted LDP signaling

Configuration Steps (Auto Discovery)
1. Establish BGP sessions & activate it for the

L2VPN/VPLS address-family
2. Create VPLS instance & Associated I/Fs to it
3. Establish import/export rules (or use the default
mode)

VPLS: Configuration Example (BGP Auto
Discovery)
1.1.1.1 / 32 PE-1 PE-2 2.2.2.2 / 32

! Activation of Standard IPv4 BGP Session
! Activation of Standard IPv4 BGP Session MPLS Network
router BGP 1
router BGP 1
no bgp default ipv4-unicast
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source loopback0
neighbor 1.1.1.1 activate
PE-3 3.3.3.3 / 32 neighbor 3.3.3.3 update-source loopback0
router BGP 1 neighbor 3.3.3.3 activate!
neighbor 3.3.3.3 activate!
no bgp default ipv4-unicast ! AF Configuration for L2VPN Route Exchange
! AF Configuration for L2VPN Route Exchange
neighbor 1.1.1.1 remote-as 1 address-family l2vpn
address-family l2vpn
neighbor 2.2.2.2 activate neighbor 1.1.1.1 update-source loopback0 neighbor 1.1.1.1 send-community extended
neighbor 2.2.2.2 send-community extended
neighbor 1.1.1.1 activate neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended <snip> exit-address-family
exit-address-family
address-family l2vpn !
!
<snip>
exit-address-family
!

PE à PE
Neighbor statements are no longer used to identify PE VPLS peers
1.1.1.1 / 32 PE-1 PE-2 2.2.2.2 / 32
MPLS Network
l2 vfi Customer-A discovery l2 vfi Customer-A discovery
vpn id 100 vpn id 100
! !
Interface loopback 0 Interface loopback 0

PE-3 3.3.3.3 / 32 ip address 2.2.2.2 255.255.255.255
ip address 1.1.1.1 255.255.255.255
l2 vfi Customer-A discovery

vpn id 100
!
ip address 3.3.3.3 255.255.255.255

PE à CE
PE-1 PE-2
CE1 FE0/0 FE0/0 CE1
MPLS Network
Interface fastethernet0/0 PE-3 Interface fastethernet0/0

switchport switchport
switchport mode dot1qtunnel switchport mode dot1qtunnel
switchport access vlan 100 FE0/1 switchport access vlan 100
! !
Interface vlan 100 CE1 Interface vlan 100
no ip address no ip address
Interface fastethernet0/1
xconnect vfi Customer-A xconnect vfi Customer-A
switchport
! !
switchport mode dot1qtunnel
vlan 100 vlan 100
switchport access vlan 100
state active state active
!
Interface vlan 100
no ip address
xconnect vfi Customer-A

Standard Track
§ Framework for Layer 2 Virtual Private Networks

(L2VPNs) (draft-ietf-l2vpn-l2-framework-05.txt)
§ Provisioning, Autodiscovery, and Signaling in L2VPNs
(draft-ietf-l2vpn-signaling-06.txt)
§ Using RADIUS for PE-Based VPN Discovery (draft-ietf-
l2vpn-radius-pe-discovery-02.txt)

Caveats
§ Since Split Horizon is enabled for PW built between Auto-

discovered neighbors, Auto-Discovery of H-VPLS nodes (u-PE’s)
is not supported (manual configuration is required for H-VPLS)
§ Tunnel Selection is not supported (i.e. multiple TE Tunnels are not
discovered nor is a preferred path selected)
§ The same discovery mechanism must be used to build a PW
between two PE peers (i.e. it is NOT vaild for PE A to be manually
configured for PE B and PE B be dynamically configured to
discover PE A
§ BGP Peering via direct peer definition and Route Reflectors is
supported. BGP Confederations are NOT supported.

Availability – BGP-Based VPLS Auto Discovery
§ Insertion platform is Cisco 7600 in Barracuda release

§ Cisco 12000 support is TBD

Q&A


Atom

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Atom

Transféré par

Droits d'auteur :

Formats disponibles

AToM Training

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. www.cisco.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

§ Quote from draft-ietf-pwe3-framework-00.txt:

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Pseudo-Wire Reference Model

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

MPLS Core IP core

Like-to-like -or- P2MP/

FR ATM PPP/ FR ATM PPP/

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Attachments VCs Emulated VCs Attachments VCs

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

§ If the relationship between Attachment VCs and

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. www.cisco.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

§ Signaling of connections between PE devices

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Layer 2 VPN Point-to-Point Multipoint

Forwarding Interface-Based/ Ethernet

VPN Centralized Distributed

Hardware Cisco 7600 Catalyst 6500 Cisco 12000

A Comprehensive Solution: Robust, Flexible, Scalable, Manageable

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

VPN Centralized Distributed

Signaling Label Distribution

§ Draft-ietf-l2vpn-vpls-ldp-xx does not mandate an auto-discovery protocol

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

CE Full Mesh of PWs

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Address Learning / Aging:

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

§ Flooding (Broadcast, Multicast, Unknown Unicast)

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

MAC Address Adj MAC Address Adj

§ Broadcast, Multicast, and unknown Unicast are learned via the

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

§ Primary link can cause MAC Address Withdrawal by:

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PEs MPLS Network

- LDP between VPLS members

PE view - EoMPLS PW to each peer

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. www.cisco.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Single Flat Hierarchy

Ethernet Edge MPLS Core MPLS Edge

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Single Flat Hierarchy