Metro Ethernet Technology & Deployment

Deep Dive

Muhammad Durrani
CCIE # 12521
Technical Leader , Cisco Systems Inc.
Session Number
Presentation_ID © 2003 Cisco Systems, Inc. All rights reserved. 1
 Agenda

• Layer 2 VPN - Introduction

• PEW3 Signaling - Concepts
• VPLS – Architecture and Standards
• VPLS - Forwarding
• Scale
• Config Examples
• Limitations
• Future Roadmap
• Q&A

Presentation_ID * source: IDC 2

 Layer 2 VPN – Introduction

Presentation_ID © 2004 Cisco Systems, Inc. All rights reserved. 3

 VPN
Types, Layers and Implementations

VPN Type Layer Implementation

Leased Line 1 TDM/SDH/SONET

Frame Relay 2 DLCI

switching
ATM switching 2 VC/VP

Ethernet/ATM/FR 2 VPWS/VPLS

GRE/UTI/L2TPv3 3 IP Tunnel

IP 3 MP-BGP/RFC2547

IP 3 IPSec
Presentation_ID 4
 VPN Deployments Today
Technology & VPN Diversity

Access Different Access Technologies Access

Different Core Solutions
Only Partial Integration

IP/ IPsec MPLS or IP IP/ IPsec

FR/ATM FR/ATM
Broadband ATM Broadband

Ethernet SONET Ethernet

Multiple Access Services Require Multiple Core Technologies = $$$ High

Presentation_ID Costs / Complex Management 5
 Consolidated Core supports …

Access Different Access Technologies Access

Complete Integration

IP/ IPsec IP/ IPsec

MPLS or IP

FR/ATM FR/ATM
Broadband Broadband

Ethernet Ethernet

Presentation_ID 6
 Why is L2VPN needed?
• Allows SP to have a single infrastructure for both IP
and legacy services
• Migration
• Provisioning is incremental
• Network Consolidation
• Capital and Operational savings
• Customer can have their own routing, qos policies,
security mechanisms, etc
• Layer 3 (IPv4, IPX, OSPF, BGP, etc …) on CE routers is
transparent to MPLS core
• CE1 router sees CE2 router as next-hop
• No routing involved with MPLS core
• Open architecture and vendor interoperability
Presentation_ID 7
 Layer 3 and Layer 2 VPN Characteristics
LAYER 3 VPNs LAYER 2 VPNs
1. Packet based forwarding 1. Frame Based forwarding e.g.
e.g. IP DLCI,VLAN, VPI/VCI
2. SP is involved (routing) 2. No SP involvement (Routing)
3. IP specific 3. Multiprotocol support
4. Example: RFC 2547bis VPNs 4. Example: FR—ATM—Ethernet
(L3 MPLS-VPN)

The Choice of L2VPN over L3VPN Will Depend on How Much

Control the Enterprise Wants to Retain.
L2 VPN Services Are Complementary to L3 VPN Services
Presentation_ID 8
 L2VPN Models
L2-VPN Models

MPLS Core (LDP) IP Core (L2TPv3)

VPWS VPLS VPWS

P2MP/
Like-to-like -or- Like-to-like -or-
MP2MP
Any-to-Any. P2P Any-to-Any. P2P

Ethernet

FR ATM PPP/ FR ATM PPP/

TDM HDLC
AAL5/Cell AAL5/Cell HDLC

Ethernet Ethernet
Presentation_ID 9
 Pseudo Wire Reference Model

Customer Customer
Site Site
MPLS or IP core AC2
AC1

Pseudo Wires

SJC Vegas

AC3 AC4
Customer Customer
Site Site

Emulated Service

A pseudo-wire(PW) is a connection between two provider edge

(PE) devices which connects two attachment circuits(ACs).

Presentation_ID 10
 L2VPN – Label Stacking
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Tunnel Label Tunnel Label (LDP/RSVP) EXP 0 TTL

VC Label VC Label (VC) EXP 1 TTL

Control Word Rsvd Flags 0 0 Length Sequence Number

Layer 2 PDU

• Three Layers of Encapsulation

Control Word
• Tunnel Label – Determines path through network Encap. Required
• VC Label – Identifies VC at endpoint CR No

• Control Word – Contains attributes of L2 payload AAL5 Yes

(optional) Eth No
FR Yes
HDLC No
PPP No

Presentation_ID 11
 Generic Control Word:
VC Information Fields

Control Word
bits 4 4 8 16

Rsvd Flags Length Sequence Number

• Use of control word is optional

• Flags - Carries “flag” bits depending on encapsulation
(FR; FECN, BECN, C/R, DE, ATM; CLP, EFCI, C/R, etc)
• Length - Required for padding small frames when <
interface MTU
• Sequence number – Used to detect out of order
delivery of frames
Presentation_ID 12
 PWE3 Signaling – Concepts

Presentation_ID © 2004 Cisco Systems, Inc. All rights reserved. 13

 Building Blocks for MPLS Based L2VPNs – Control
Plane
2. Control 2. Control
Plane 2. Auto-discovery (BGP) Plane CE2
CE1
1. VPN101 1. VPN101
Config Config
MPLS
4. Data 4. Data
PE1 Plane Plane PE2

3. Control 3. Control
3. Signaling (LDP) Primary
Primary Plane Plane

1. Provision – Config VPN

2. Auto-discovery – Advertise loopback & vpn members
3. Signaling – Setup pseudowire
4. Data Plane – Packet forwarding
Presentation_ID 14
 L2VPN – Pseudo-Wire Label Binding
2. PE1 binds Label Mapping Msg
VCID to VC 4. PE2
VC FEC TLV repeats
Label
VC Label TLV same steps

PE1 PE2
P1 P3
CE1 CE2
Site1 Primary
Primary Site2

P2 P4

3. PE2
1. Provision matches its
AC & PW VCID to one
received
Uni-directional PW LSP Established
Presentation_ID 15
 L2VPN Transports Service:
Reference Model
End-to-end L2VPN VCs

Pair of Uni-directional
Bi-directional
PW LSPs Bi-directional
Ethernet Ethernet
ATM ATM
FR FR
CE-1 PPP CE-2
PPP
HDLC HDLC

PE1 PE2
Tunnel LSP

Pseudo Wire Emulated Service

• Pseudowire transport (across PEs) applications

• Local switching (within a PE) applications
Presentation_ID 16
VPLS – Architecture and Standards

Presentation_ID © 2004 Cisco Systems, Inc. All rights reserved. 17

 VPLS & VPWS Standards

• Virtual Private LAN Service (VPLS) is an IETF

working group that describes multipoint Ethernet
connectivity across an MPLS network
Emulates an Ethernet bridge
Several drafts in existence
VPLS: draft-ietf-l2vpn-vpls-ldp-00.txt (various + Cisco®)
VPLS: draft-ietf-l2vpn-vpls-bgp-00-txt (Juniper)
VPLS: Logical PE – no traction ( Nortel )
VPWS: draft-kompella-ppvpn-l2vpn ( Juniper )
VPWS: Draft-Martini-ppvpn-l2vpn ( Cisco )

Presentation_ID 18
 VPLS Standards

IETF PWE3 WG
Pseudo Wire Emulation Edge to Edge
Focused on Point-to-Point “circuit” emulation for L2 transport
over packet networks
PSN tunnel -> GRE, MPLS, L2TP
Service -> Ethernet, ATM, PPP, FR, HDLC and so forth

IETF L2VPN WG
Virtual Private LAN Services (VPLS)
Emulate a big-fat virtual Layer-2 Switch
Also builds on L2 pseudowires
Multipoint to multipoint
Source Address learning, MAC-based forwarding
Virtual Private Wire-Services (VPWS)
Collection of L2 circuits or pseudowires
Point to point service

Presentation_ID 19
 VPLS Architectures

• VPLS defines two Architectures

Non-Hierarchical (Single PE)
customer connected directly to PE
Hierarchical (Distributed PE)
802.1ad (aka QinQ) Access
MPLS Access

• Each Architecture has different scaling

characteristics

Presentation_ID 20
 What’s VPLS (Virtual Private LAN Services) ?
VC (virtual circuit)

PE PE
CE CE

MPLS

PE

CE
• End-to-end architecture that allows IP/MPLS networks to provide
multipoint Ethernet services
• Virtual – multiple instances of this services share the same SP
physical infrastructure
• Private – each instance of the service is independent and isolated
from one another
• LAN service – provides a multipoint connectivity among the
participant endpoints across a MAN/WAN that looks like a LAN
Presentation_ID 21
 VPLS Components (1)

Attachment Circuit Attachment Circuit

IP/MPLS
n-PE n-PE
CE CE
PW

Tunnel LSP PW

PW

P
Tu

LS
n-PE
nn

el
el
Red VSI Red VSI

nn
LS

Tu
P
CE
Red VSI
Legend
• CE—Customer Edge Device; used to connect to the SP’s network
• n-PE—Network facing-Provider Edge; acts as a gateway between the MPLS core and edge domain
• VSI/VFI—Virtual Switching/Forwarding Instance; describes an Ethernet bridge function within the
n-PE; the VSI/VFI terminates the Pseudowire
• PW—Pseudowire; a PW connects two VSI’s; Consists of a pair of MPLS uni-directional VC’s
• AC—Attachment Circuit; a customer connection to the service provider; may be a physical port or
Ethernet VLAN
• Tunnel LSP—Tunnel Label Switch Path is used to tunnel PW’s between VSI’s

Presentation_ID 22
 VPLS Customer Perspective

All CEs appear connected on a common

virtual switch

CE1 CE3

CE2 CE4

• Multipoint-to-Multipoint Configuration
• Forwarding of Frames based on Learned MAC addresses
• Uses a Virtual Forwarding Instances (VFI, like VLAN) for customer
separation
Presentation_ID 23
Multipoint Bridging Requirements

VPLS simulate a virtual LAN service, it MUST operate like a

traditional L2 LAN switch as well
• Flooding/Forwarding
– Forwarding based on [VLAN, Destination MAC Address]
– Unknwon Ucast/Mcast/Broadcast – Flood to all ports (IGMP snooping can
be used to constrict multicast flooding)
• MAC Learning/Aging/Withdrawal
– Dynamic learning based on Source MAC and VLAN
– Refresh aging timers with incoming packet
– MAC withdrawal upon topology changes
• Loop Prevention
– Split Horizon to avoid loop
– Spanning Tree (possible but not desirable)

Presentation_ID 24
 Bridge-domain concept

• Bridge-domain refers to a Layer 2 broadcast

domain consisting of a set of physical and/or virtual
ports and VFIs/pseudo-wires.
• Data frames are switched within a bridge domain
based on their destination mac address.
• Unknown Unicast, Multicast, Broadcast frames
flooded within BD.
• Source Mac learning performed.

Presentation_ID 25
 Bridge Domain Capabilities
VPLS Emulates the Operation of an
Ethernet Switch
• Flooding/forwarding:
MAC table instances per VPLS instance at each PE
VFI will participate in learning, forwarding process
ACs to PWs (similar to AToM)
ACs to ACs (local switching)
• Address learning/aging:
MAC timers refreshed with incoming frames
• Loop prevention:
Create full-mesh of EoMPLS VCs per VPLS – VC type 5
Use “split horizon” concepts to prevent loops

Presentation_ID 26
 VPLS—Flooding and Forwarding

Customer • Flooding (Broadcast,

Equipment
N-PE 1 N-PE 3
Multicast, Unknown
CE Unicast)
CE • Dynamic learning of
PW
CE MAC addresses on
U-PE B
N-PE 2 N-PE 4 PHY and VCs
Ethernet UNI Ethernet UNI
• Forwarding
Customer Physical Port
Equipment
N-PE 1 N-PE 3 Virtual Circuit
CE
CE
PW
CE
U-PE B
N-PE 2 N-PE 4
Ethernet UNI Ethernet UNI

Presentation_ID 27
VPLS: Configuration Example
PE Æ PE
Create a L2 VFI with a full mesh of participating VPLS PE nodes

1.1.1.1 / 32 PE-1 PE-2 2.2.2.2 / 32

MPLS
l2vpn
Network
bridge-group 1 l2vpn
bridge-domain PE1-VPLS-A bridge-group 1
interface g0/0 Å---AC bridge-domain PE2-VPLS-A
vfi 1 interface g0/0
l2vpn
neighbor 2.2.2.2 pw-id 1 Å---PW1 vfi 1
bridge-group 1 PE-3 3.3.3.3 / 32
neighbor 3.3.3.3 pw-id 1 Å---PW2 neighbor 1.1.1.1 pw-id 1
bridge-domain PE3-VPLS-A
! neighbor 3.3.3.3 pw-id 1
interface g0/0
Interface loopback 0 !
vfi 1
ip address 1.1.1.1 255.255.255.255 Interface loopback 0
neighbor 1.1.1.1 pw-id 1
ip address 2.2.2.2 255.255.255.255
neighbor 2.2.2.2 pw-id 1
!
Interface loopback 0
ip address 3.3.3.3 255.255.255.255
Presentation_ID 28
VPLS: Configuration Example
PE Æ CE

PE-1 PE-2
CE1 G0/0 G0/0 CE2
MPLS
Network

interface GigabitEthernet0/0
PE-3 interface GigabitEthernet0/0
l2transport Å---AC interface
l2transport
no ip address
no ip address
no ip directed-broadcast G0/0
no ip directed-broadcast
interface
negotiation auto
CE3 GigabitEthernet0/0 negotiation auto
no cdp enable
l2transport no cdp enable
end
no ip address end
no ip directed-broadcast
negotiation auto
no cdp enable

Presentation_ID 29
 VPLS – Forwarding

Presentation_ID © 2004 Cisco Systems, Inc. All rights reserved. 30

 VPLS Forwarding/MAC Learning Example

N-PE B
Lo0 1.1.1.1/32

N-PE A
Lo0 6.6.6.6/32

CE-2
CE-1

N-PE C
Lo0 7.7.7.7/32

Presentation_ID 31
 VPLS Forwarding/MAC Learning
VLAN 2000 CAM Table
Following Are the Steps Involved during MAC Port/
Neighbor
Learning and Forwarding of a VPLS Instance MAC (Remote VC
label)

Step 1: CE-1 Sends Unicast Frames to CE-2 N-PE B

Lo0 1.1.1.1/32

N-PE A Gig3/1
Lo0 6.6.6.6/32 VFI VLAN
“VPLS_2000”
Gig2/1 2000 VLAN 2000
To VC label 23
VFI VC .1Q
VLAN
“VPLS_2000”
To VC label 19
label
19 VC
Trunk CE-2
VLAN 2000 2000 VC
.1Q label
label
CE-1 Trunk 23
20

smac dmac

M1 M2

To VC label 20

To VC label 23
VC VLAN 2000 CAM Table
label
24 Port/
1 MAC Neighbor
(Remote VC
label)
VLAN 2000 CAM Table
Port/
VC
Neighbor To VC label 24
MAC (Remote VC
label
23
label) VC
To VC label 24 label
24
VFI VLAN
“VPLS_2000” 2000 VLAN 2000
.1Q
Trunk

N-PE C
Lo0 7.7.7.7/32

Presentation_ID 32
 VPLS Forwarding/MAC Learning
VLAN 2000 CAM Table
Step 2: N-PE A “Learns” CE-1 MAC Address Port/
Neighbor
Step 3: Since M2 Is Unknown, N-PE A MAC (Remote VC
label)
“Replicates” the Frame to All the PWs
N-PE B
Lo0 1.1.1.1/32

N-PE A Gig3/1
Lo0 6.6.6.6/32 VFI VLAN
“VPLS_2000”
Gig2/1 2000 VLAN 2000
To VC label 23
VFI VC .1Q
VLAN
“VPLS_2000”
To VC label 19
label
19 VC
Trunk CE-2
VLAN 2000 2000 VC
.1Q label
label
CE-1 Trunk 23 smac dmac
20

3 M1 M2

To VC label 20

To VC label 23
VC VLAN 2000 CAM Table
label
24 Port/
Neighbor
MAC (Remote VC
label)
VLAN 2000 CAM Table
Port/
VC
Neighbor To VC label 24
MAC (Remote VC
label
23
label) VC
To VC label 24 label
2 M1 Gig2/1 24
VFI VLAN
smac dmac 2000 VLAN 2000
“VPLS_2000”
3 M1 M2 .1Q
Trunk

N-PE C
Lo0 7.7.7.7/32

Presentation_ID 33
 VPLS Forwarding/MAC Learning
Step 4: Both N-PE B and N-PE C “Learn” CE-1 VLAN 2000 CAM Table
MAC Address (Note MAC Is Associated Port/
Neighbor
to the Remote VC Label) MAC (Remote VC
4 label) smac dmac
Step 5: Since M2 Is Unknown, N-PE B/C
“Flood” the Frame to All the Local M1 6.6.6.6 (23) 5 M1 M2
N-PE B
Ports (and Not the PW) Lo0 1.1.1.1/32

N-PE A Gig3/1
Lo0 6.6.6.6/32 VFI VLAN
“VPLS_2000”
Gig2/1 2000 VLAN 2000
To VC label 23
VFI VC .1Q
VLAN
“VPLS_2000”
To VC label 19
label
19 VC
Trunk CE-2
VLAN 2000 2000 VC
.1Q label
label
CE-1 Trunk 23
20

To VC label 20

To VC label 23
VC VLAN 2000 CAM Table
label
24 Port/
Neighbor
4 MAC (Remote VC
label)
VLAN 2000 CAM Table
M1 6.6.6.6 (24)
Port/
VC
Neighbor To VC label 24
MAC (Remote VC
label
23
label) VC
To VC label 24 label
M1 Gig2/1 24
VFI VLAN
“VPLS_2000” 2000 VLAN 2000
.1Q
Trunk smac dmac

N-PE C 5 M1 M2
Lo0 7.7.7.7/32

Presentation_ID 34
 VPLS Forwarding/MAC Learning
VLAN 2000 CAM Table
Step 6: CE-2 Replies back to CE-1 Port/ dmac smac
Neighbor
Step 7: N-PE B “Learns” CE-2 MAC MAC (Remote VC
7 label) M1 M2 6
Address
M1 6.6.6.6 (23)
N-PE B
M2 Gig3/1 Lo0 1.1.1.1/32

N-PE A Gig3/1
Lo0 6.6.6.6/32 VFI VLAN
“VPLS_2000”
Gig2/1 2000 VLAN 2000
To VC label 23
VFI VC .1Q
VLAN
“VPLS_2000”
To VC label 19
label
19 VC
Trunk CE-2
VLAN 2000 2000 VC
.1Q label
label
CE-1 Trunk 23
20

To VC label 20

To VC label 23
VC VLAN 2000 CAM Table
label
24 Port/
Neighbor
MAC (Remote VC
label)
VLAN 2000 CAM Table
M1 6.6.6.6 (24)
Port/
VC
Neighbor To VC label 24
MAC (Remote VC
label
23
label) VC
To VC label 24 label
M1 Gig2/1 24
VFI VLAN
“VPLS_2000” 2000 VLAN 2000
.1Q
Trunk

N-PE C
Lo0 7.7.7.7/32

Presentation_ID 35
 VPLS Forwarding/MAC Learning
Step 8: N-PE B Inspects CAM and Forwards VLAN 2000 CAM Table
Frame towards N-PE A (with Remote Port/
Neighbor
Label 23—Frame Not Sent to N-PE C) MAC (Remote VC
label)
Step 9: N-PE A “Learns” CE-2 MAC Address
Step 10: N-PE A Forwards Frame to CE-1 M1 6.6.6.6 (23)
N-PE B
M2 Gig3/1 Lo0 1.1.1.1/32
dmac smac
N-PE A
Lo0 6.6.6.6/32
M1 M2 8 VFI
Gig3/1
VLAN
“VPLS_2000”
Gig2/1 2000 VLAN 2000
To VC label 23
VFI VC .1Q
VLAN
“VPLS_2000”
To VC label 19
label
19 VC
Trunk CE-2
VLAN 2000 2000 VC
.1Q label
label
CE-1 Trunk 23
20

dmac smac

M1 M2

To VC label 20

To VC label 23
VC VLAN 2000 CAM Table
label
Port/
10 24
MAC Neighbor
(Remote VC
label)
VLAN 2000 CAM Table 11
Port/
VC
Neighbor To VC label 24
MAC (Remote VC
label
23
label) VC
To VC label 24 label
M1 Gig2/1 24
9 VFI VLAN
M2 1.1.1.1 (19) “VPLS_2000” 2000 VLAN 2000
.1Q
Trunk

Step 11: N-PE C “Ages out” CAM Entry for CE-1 N-PE C
Lo0 7.7.7.7/32

Presentation_ID 36
 VPLS–Loop Free L2VPN

Broadcast Frame

192.168.11.1/24 PE-1 PE-2 192.168.11.12/24

PE-3

192.168.11.2/24

• Full Mesh of PW to guarantee frame delivery

-No STP protocols in the Core
• Split-Horizon Forwarding
-Packets coming on AC/PW area not sent back on the same AC/PW
-Packets received on PW will not be replicated on other PWs in the same VFI

Presentation_ID 37
 Packet format in VPLS path

PRI
DA SA VLAN DATA

L2 HDR MPLS HDRs DA SA DATA

DA SA VLAN DATA

PE –POP
CLE
(PE-rs)
PE –POP
(PE-rs)
CE

dot1Q MPLS dot1Q

Data Plane:
Presentation_ID 38
 H-VPLS

Presentation_ID © 2003, Cisco Systems, Inc. All rights reserved. 39

 Why H-VPLS?
VPLS H-VPLS

• Potential signaling overhead • Minimizes signaling overhead

• Full PW mesh from the Edge • Full PW mesh among Core devices only
• Packet replication done at the Edge • Packet replication done in the Core only
• Node Discovery and Provisioning • Partitions Node Discovery process
extends end-to-end

Presentation_ID 40
 IETF’s Way to Build a L2 Core:
VPLS—Virtual Private LAN Services (L2VPN WG)
Customer
Equipment N-PE 1 N-PE 3
CE
VPLS“ w/o Hierarchy CE
PW
CE
Layer 2 - 802.1ad
N-PE 2 N-PE 4
Provider Bridges
Ethernet UNI Ethernet UNI Access Network

“H-VPLS“ w/ Ethernet N-PE 1 N-PE 3

U-PE A
Access CE
802.1ad 802.1ad CE
U-PE C
PW
CE Layer 3 MPLS
U-PE B
N-PE 2 N-PE 4 Access Network

N-PE 1 N-PE 3
U-PE A
CE
PW
CE
-“H-VPLS“ w/ MPLS to the U-PE C
PW PW –
Edge CE
U-PE B Attachment
- Core vs Access PW N-PE 2 N-PE 4 Circuit
- uPE connects nPE via Acess PW
-Acess PW connects to BD directly
-Packet from Access PW replicates to AC and Core PW in same BD domain
Presentation_ID 41
 Flat VPLS – Ethernet access without QinQ

Flat

Ethernet • Full Mesh – Pseudowires Ethernet

.1Q or access • LDP Signaling .1Q or access

• Full mesh of directed LDP sessions required between participating PEs

• N*(N-1)/2 ; N = number of PE nodes
• Limited scalability
• Potential signaling and packet replication overhead
• Suitable for smaller networks, simple provisioning
• Customer VLAN tag is used as VPLS VFI service delimiter
Presentation_ID 42
 H-VPLS with Ethernet Access QinQ

.1Q Q-in-Q
• Full Mesh – Pseudowires
Q-in-Q
.1Q
• LDP Signaling

• Best for larger scale deployment

• Reduction in packet replication and signaling overhead
• Full mesh for Core tier (Hub) only
• Expansion affects new nodes only (no re-configuring existing PEs)
• QinQ frame in Ethernet access network. S-tag is used as VPLS VFI
service delimiter. Customer tag is invisible.
Presentation_ID 43
 H-VPLS with MPLS Access

IP / MPLS IP / MPLS

.1Q • Full Mesh – Pseudowires .1Q

MPLS • LDP MPLS

Presentation_ID 44
 H-VPLS with MPLS Access Split-Horizon Rule

MPLS MPLS
MPLS
VFI VFI

N-PE3 N-PE4 U-PE4

U-PE3 N-PE1 VFI

Split-horizon rule

ƒ Between no-split-horizon VCs Æ forwarding

ƒ Between no-split-horizon VCs and split-horizon VCs Æ forwarding
ƒ Between split-horizon VCs Æ blocking
ƒ Between ACs and VCs Æ forwarding
ƒ Between ACs Æ forwarding

Presentation_ID 45
 H-VPLS/VPLS Topology Comparison

Flat VPLS – Ethernet H-VPLS – Ethernet access H-VPLS - MPLS access

access without QinQ with QinQ
Pros •Ethernet network benefit •Same Ethernet network •Fast L3 IGP convergence
– simple, high bandwidth, benefit as flat VPLS
•MPLS TE and FRR (50msec
cheap, efficient local
•Hierarchical support via convergence time)
switching and
QinQ at access
broadcast/multicast •Advanced MPLS QoS
distribution •Scalable customer VLANs
•Hierarchical support via
spoke PW at access
• Spoke PE can have QinQ
attachment circuit for
additional level of hierarchy
Cons •Not hierarchical, not •High STP re-convergence •More complicated
scalable time (potentially improved by provisioning
different L2 protocols)
•Customer VLAN can’t •Requires MPLS to u-PE,
over lap (with exception potentially more expensive u-
of VLAN translation). PE device
•High STP re-convergence
time

Presentation_ID 46
 Flexible Design with H-VPLS (1)
Node Redundancy

• Site-to-site L2 circuit. One side have redundant PEs, the other side has single PE
• Single PE side use H-VPLS configuration to have two active PWs going to
redundant PEs. MAC learning and forwarding are involved
• Redundant PE side use EoMPLS configuration, no MAC learning

DC

NYC
VPLS VFI

MPLS

CPE PE PE CPE
Presentation_ID 47
 Flexible Design with H-VPLS (2)
VPLS-on-a-stick Design

• Use H-VPLS for spoke-and-hub topology, point-to-multipoint design

Remote
site 1

DC
Remote
site 2
VPLS VFI

MPLS

Remote
Site N

CPE PE PE CPE
Presentation_ID 48
 VPLS Auto Discovery

Two ways to establish VPLS PWs or instances:

• LDP based signaling using FEC 128
–PWs need to be configured manually at each PE
• BGP based auto-discovery
–Manual provisioning of VPLS neighbors not needed at
each PE
–LDP FEC 129 signaling required, VPN ID signaled in BGP
NLRI
–Uses Route Target based filtering

Presentation_ID 49
 MetroEthernet/L2VPN
Case Studies

Session Number
Presentation_ID © 2003 Cisco Systems, Inc. All rights reserved. 50
 Agenda
L2VPN architectures

• VPLS for broadcast/multicast distribution

• Ethernet over MPLS for inter-regional ERS
connectivity
• L2VPN for Cable Provider
• Inter-AS Pseudowire Stitching

Source: Placeholder for Notes is 14 points

Presentation_ID 51
 VPLS for MCAST/BCAST distribution

Needs
• Application requires the
Customer1 Customer2
use of Broadcast (legacy)
and Multicast to deliver
information to customers
• Shared platform delivering
MPLS VPN. Customer3 Customer4

• Recovery must be rapid

and reliable.

Distribution
Server

Presentation_ID 52
 VPLS for MCAST/BCAST distribution

Solution
• Replace IP helper
Customer1 Customer2
commands with VPLS VFI MPLS
for broadcast and multicast
traffic
• Tune the recovery using
OSPF knobs to decrease to Customer3 Customer4
below original Spanning
Tree timers.
• Provide internal and
extranet VPN services on VPLS VFI
the same platform.
Distribution
Server

Presentation_ID 53
 Agenda
L2VPN architectures

• VPLS for broadcast/multicast distribution

• Ethernet over MPLS for inter-regional ERS
connectivity
• L2VPN for Cable Provider
• Inter-AS Pseudowire Stitching

Source: Placeholder for Notes is 14 points

Presentation_ID 54
 Metro/DSL aggregation (Continued)
Access Regional L3 Core Regional
Network Distribution Network Distribution
Network Network

1Gb
Ring

1Gb 10Gb Long Haul 10Gb

Regional Ring IP Backbone Regional Ring
Ring
1Gb
Ring

Network Services
DSL Access (Voice/Video/Data-triple play services)
Ethernet direct fiber access
Layer 2 and Layer 3 VPN offering

Presentation_ID 55
Metro/DSL aggregation
Regional L3 Core Regional
Access
Distribution Network Distribution
Network
Network Network

Inter-Region EoMPLS
1Gb
Ring

1Gb 10Gb MPLS 10Gb

Regional Ring Core Regional Ring
Ring
1Gb
Ring
Q-in-Q access
L2 switched

Implemented for Direct Ethernet Access

L2VPN using layer 2 switching within region
Inter-regional connectivity via EoMPLS p2p connections
Layer 2/3 access on same port
QinQ access for E-LAN services
Presentation_ID 56
Metro/DSL aggregation
Access Regional L3 Core Regional
Network Distribution Network Distribution
Network Network

10Gb Long Haul 10Gb

Regional Ring IP Backbone Regional Ring

DSL Services
Video using routed p2p SVI on a common VLAN per DSLAM
Sub-second convergence achieved through adjusting rpf and
backoff timers.
Data services bridge back to BRAS using l2 switching on ring
MST instance defined for DSLAM VLANs
Presentation_ID 57
 Agenda
L2VPN architectures

• VPLS for broadcast/multicast distribution

• Ethernet over MPLS for inter-regional ERS
connectivity
• L2VPN for Cable Provider
• Inter-AS Pseudowire Stitching

Presentation_ID 58
Cable Network
Regional
Access Distribution National
Network Network
Backbone
1Gb
Ring

Long Haul
10Gb IP Backbone
Regional Ring

• Residential services
ƒ Internet
ƒ VOIP
• Business Services
ƒ Layer 2 E-Line, E-LAN, and bridged cable modem
ƒ Internet
ƒ VOIP
Presentation_ID 59
 Agenda
L2VPN architectures

• VPLS for broadcast/multicast distribution

• Ethernet over MPLS for inter-regional ERS
connectivity
• L2VPN for Cable Provider
• Inter-AS Pseudowire Stitching

Source: Placeholder for Notes is 14 points

Presentation_ID 60
 Customer Requirements

• L2VPN service needs to span two regional provider

backbones
• Provisioning in a scalable and direct manner
• Should be able to support multipoint and point to
point L2VPN provisioning.

Presentation_ID 61
 The Solution
Multi-segment Pseudowire (switching) with Interworking

Stitch intra-AS and inter-AS PWs

l2 vfi PW-SWITCH-POINT point-to-point

neighbor 172.17.255.1 100 encapsulation mpls
neighbor 172.16.255.1 200 encapsulation mpls

172.16.255.1
CE1
IP/MPLS
172.16.0.0
AS65016
e0/0 e0/0
IP/MPLS
ASBR ASBR 172.17.0.0
PE1 AS65017 PE2
CE2

S0/0 S0/0

172.16.255.2 172.17.255.1
172.17.255.2

Advertise loopback for

directed LDP across AS
boundary Pseudowire segment 1
Advertise Label to eBGP Pseudowire segment 2
peer Pseudowire segment 3
Pseudowire switch point
Presentation_ID 62
 BACKUP
SLIDES

Presentation_ID © 2003, Cisco Systems, Inc. All rights reserved. 63

 Signaling Standards – BGP v/s LDP

LDP BGP
Signaling is Point – Point Broadcast (via RR or full Mesh )
(uses directed LDP )

Label Learning and Slower ( Full Mesh and use

Withdrawing is faster. label Block and new BGP Ext
for MAC withdrawal )
Resetting Individual labels is Troublesome
more efficient in LDP.

Sequencing on PW is Not Possible ??

possible.

Presentation_ID * source: IDC 64

 Signaling LDP v/s BGP
• BGP requires a lot more messages to be processed than LDP for PtP
specific info. Directed LDP requires only a single message to be
processed by the receiving PE; however, in case of BGP, a single
message is sent to RR and the RR sends N messages to the PEs
(member of a VPLS) and thus N messages need to be processed by N
PEs.
• VPLS w/ BGP signaling still requires N^2 mesh of PWs where there is
no mechanism to monitor them w/ BGP signaling; whereas, LDP
signaling offers VCCV to monitor them.
• Label-block hack imposes additional constraints on PE in terms of local
label assignment.
• Label-block hack requires over-provisioning and allocating labels for
inactive PEs therefore consuming memory in FIBs where it could be
used for L3VPN routes.
• Label-block hack can complicate redundancy and switch-over operation
whereupon at PE restart, its old labels can be in use and thus the PE
wants to use new labels to avoid confusion in case BGP update
messages are not yet received by the PEs

Presentation_ID 65
 Signaling LDP v/s BGP

• Using a single signaling mechanism (based on LDP) for MPLS will

allow interoperability among different vendors and different service
providers (even with different auto-discovery methods)
• If different signaling is used (e.g., both BGP and LDP is used), then
interoperability is only possible when PWs are terminated at the VSIs
on the ASBRs
Termination of PWs on ASBRs will cause scalability issue for
ASBRs
ASBRs need to support both signaling mechanisms
ASBRs now need to support VSI functionality and need to scale
for all data forwarding requirements between the two Ass

Presentation_ID 66
 Signaling LDP v/s BGP
• LDP signaling provides more flexibility for VPLS because it
allows different characteristic setting per PW such as:
QoS setting – e.g., different PWs can have different reserved BW

Sequencing: Sequencing is a PtP operation in nature. Sequence

numbers among different PtP can have different “start” values. Also re-
synching of sequence numbers are PtP operation. Furthermore,
sequencing can be turned on/off on a per PW basis and allowing the
operator finer control over it.
OAM: It is important to be able to check the health status of each PW
separately because one PW may affect the status of the whole set
(Emulated VLAN). Directed LDP provides:
Hello messages to check the health of the associated PWs
between two PEs
Support for VCCV OAM

Presentation_ID 67
 Back UP

Presentation_ID 68
 L2VPN EoMPLS –
draft-ietf-pwe3-ethernet-encap-xx.txt

Original Ethernet or VLAN Frame

Preamble DA SA 802.1q L payload FCS

DA’ SA’ 0x8847

Tunnel VC Ethernet Ethernet FCS’
Label Label header payload

• VC type-0x0004 is used for VLAN over MPLS application

• VC type-0x0005 is used for Ethernet port tunneling
application (port transparency)

Presentation_ID 69
 H-VPLS MPLS access

• H-VPLS is a network topology proposal to reduce the number

of pseudo wires within the MPLS network.
• reduces signaling and replication overhead to allow large
scale deploy-ment. The VPLS core PWs (Hub) are augmented
with access PWs (Spoke) to form a two tier Hierarchical VPLS
(H-VPLS).
• Access-PW: uPE are connected to nPE bridge domain via
Spoke or Access PWs. Split horizon concept modified:
Packets coming on Access PW sent to all other PWs and ACs
in the bridge domain. Spoke PWs can be created with no-split-
horizon option to distinguish from Core PWs (IOS), or,
contained directly in BD (not VFI)

Presentation_ID 70
 H-VPLS MPLS access

• H-VPLS is a network topology proposal to reduce the number

of pseudo wires within the MPLS network.
• reduces signaling and replication overhead to allow large
scale deploy-ment. The VPLS core PWs (Hub) are augmented
with access PWs (Spoke) to form a two tier Hierarchical VPLS
(H-VPLS).
• Access-PW: uPE are connected to nPE bridge domain via
Spoke or Access PWs. Split horizon concept modified:
Packets coming on Access PW sent to all other PWs and ACs
in the bridge domain. Spoke PWs can be created with no-split-
horizon option to distinguish from Core PWs (IOS), or,
contained directly in BD (not VFI)

Presentation_ID 71
H-VPLS with MPLS Access Example
show CLI

NPE3#sh mpls l2 vc 11

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------
VFI vpls11 VFI 10.0.0.1 11 UP
VFI vpls11 VFI 10.0.0.4 11 UP
VFI vpls11 VFI 10.0.0.7 11 UP

NPE3#sh vfi vpls11

Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: vpls11, state: up, type: multipoint

VPN ID: 11
Local attachment circuits:
Vlan11
Neighbors connected via pseudowires:
Peer Address VC ID S
10.0.0.1 11 Y
10.0.0.4 11 Y
10.0.0.7 11 N

Presentation_ID 72
H-VPLS with MPLS Access Example
show CLI

NPE3#sh mac-add vlan 11

Legend: * - primary entry
age - seconds since last seen
n/a - not available

vlan mac address type learn age ports

------+----------------+--------+-----+----------+--------------------------
11 2222.2211.1111 dynamic Yes 0 10.0.0.1, 11
11 2222.2233.3333 dynamic Yes 0 10.0.0.7, 11 Å spoke PW
11 2222.2244.4444 dynamic Yes 0 10.0.0.4, 11

UPE3#sh mpl l2 vc 11

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------
Gi2/13 Ethernet 10.0.0.5 11 UP

Presentation_ID 73
 H-VPLS with QinQ Access Example
C-tag 11 C-tag
VFI
U-PE3 N-PE3
N-PE1
U-PE Configuration
! Interface connected to CE
! It’s dot1q-tunnel port
interface GigabitEthernet2/13
switchport
switchport access vlan 11
switchport mode dot1q-tunnel
spanning-tree bpdufilter enable
! Interface connected to N-PE
! It’s regular dot1q trunk port
interface GigabitEthernet2/47
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
Presentation_ID
3 9 C-tag C-tag
VFI
VFI N-PE4
N-PE (3&4) Configuration
! Same VPLS VFI config as flat VPLS
! Attachment circuit has two config options
! Option 1 – dot.1q trunk if it connected to U-PE like N-PE3
interface GigabitEthernet5/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
! Option 2 – dot1q tunnel if it connected to CE directly, like N-PE4
interface GigabitEthernet5/1
switchport
switchport access vlan 11
switchport mode dot1q-tunnel
Spanning-tree bpdufilter enable
74
 H-VPLS with MPLS Access Example
C-tag 3 7 C-tag 4 8 C-tag 5 3 C-tag C-tag

MPLS MPLS
MPLS
VFI VFI

N-PE3 N-PE4 U-PE4

U-PE3 N-PE1 VFI

U-PE3 Configuration
! Regular EoMPLS configuration on U-PE
! Use port-mode in this example
interface GigabitEthernet2/13
xconnect 10.0.0.3 11 encap mpls
! Uplink is MPLS/IP to support EoMPLS
interface GigabitEthernet2/47
ip address 10.0.57.2 255.255.255.252
mpls ip
Presentation_ID
N-PE3 Configuration
! Define VPLS VFI
l2 vfi vpls11 manual
vpn id 11
neighbor 10.0.0.1 encapsulation mpls
neighbor 10.0.0.4 encapsulation mpls
neighbor 10.0.0.7 encapsulation mpls no-split-horizon
! Attach VFI to VLAN interface
interface Vlan11
xconnect vfi vpls11
! Attachment circuit is spoke PW for H-VPLS MPLS access
! Downlink is MPLS/IP configuration to support H-VPLS
interface GigabitEthernet4/0/1
ip address 10.0.57.1 255.255.255.252
mpls ip
75