1 / 82

An Introduction to VPLS

An Introduction to VPLS. Jeff Apcar, Distinguished Services Engineer APAC Technical Practices, Advanced Services. Agenda. VPLS Introduction Pseudo Wire Refresher VPLS Architecture VPLS Configuration Example VPLS Deployment Summary. Do you want to date VPLS?.

manning
Download Presentation

An Introduction to VPLS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction to VPLS Jeff Apcar, Distinguished Services Engineer APAC Technical Practices, Advanced Services

  2. Agenda • VPLS Introduction • Pseudo Wire Refresher • VPLS Architecture • VPLS Configuration Example • VPLS Deployment • Summary

  3. Do you want to date VPLS? “VPLS is like having Paris Hilton as your girlfriend. The concept is fantastic, but in reality the experience might not be what you expected. But… we’re still willing to give it a go as long as we can understand/handle her behaviour” Me, Just Then

  4. VPLS Introduction

  5. Virtual Private LAN Service (VPLS) • VPLS defines an architecture allows MPLS networks offer Layer 2 multipoint Ethernet Services • SP emulates an IEEE Ethernet bridge network (virtual) • Virtual Bridges linked with MPLS Pseudo Wires • Data Plane used is same as EoMPLS (point-to-point) VPLS is an Architecture PE PE CE CE CE

  6. Virtual Private LAN Service • End-to-end architecture that allows MPLS networks to provide Multipoint Ethernet services • It is “Virtual” because multiple instances of this service share the same physical infrastructure • It is “Private” because each instance of the service is independent and isolated from one another • It is “LAN Service” because it emulates Layer 2 multipoint connectivity between subscribers

  7. Why Provide A Layer 2 Service? • Customer have full operational control over their routing neighbours • Privacy of addressing space - they do not have to be shared with the carrier network • Customer has a choice of using any routing protocol including non IP based (IPX, AppleTalk) • Customers could use an Ethernet switch instead of a router as the CPE • A single connection could reach all other edge points emulating an Ethernet LAN (VPLS)

  8. VPLS is defined in IETF VPWS, VPLS, IPLS Application ISOC L2VPN General Formerly PPVPN workgroup IAB L3VPN Internet BGP/MPLS VPNs (RFC 4364 was 2547bis) IP VPNs using Virtual Routers (RFC 2764) CE based VPNs using IPsec PWE3 IETF Ops and Mgmt Routing MPLS Pseudo Wire Emulation edge-to-edge Forms the backbone transport for VPLS Security Transport As of 2-Nov-2006

  9. Classification of VPNs VPN NetworkBased CPE Based Layer 2 Layer 3 Layer 3 Ethernet P2P VPWS VPLSIPLS MPLS VPN VirtualRouter IPSec GRE Frame Relay ATM Frame Relay PPP/HDLC ATM/Cell Relay Ethernet (P2P) Ethernet (P2MP) Ethernet (MP2MP)

  10. L2VPN Models L2VPN MPLS IP Like-to-LikeAny-to-Any Like-to-Like VPWSPoint-to-Point VPLS/IPLSMultipoint L2TPv3Point-to-Point PPPHDLC PPPHDLC ATMAAL5/Cell ATMAAL5/Cell Ethernet FR Ethernet Ethernet FR

  11. IP LAN-Like Service (IPLS) • An IPLS is very similar to a VPLS except • The CE devices must be hosts or routers not switches • The service will only carry IPv4 or IPv6 packets • IP Control packets are also supported – ARP, ICMP • Layer 2 packets that do not contain IP are not supported • IPLS is a functional subset of the VPLS service • MAC address learning and aging not required • Simpler mechanism to match MAC to CE can be used • Bridging operations removed from the PE • Simplifies hardware capabilities and operation • Defined in draft-ietf-l2vpn-ipls

  12. VPLS Components Pseudo Wires within LSP Virtual Switch Interface (VSI) terminates PW and provides Ethernet bridge function Attachment circuits Port or VLAN mode Mesh of LSP between N-PEs N-PE N-PE CE router CE router CE router CE router CE switch CE switch MPLS Core Targeted LDP between PEs to exchange VC labels for Pseudo Wires CE router Attachment CE can be a switch or router CE switch N-PE

  13. Virtual Switch Interface • Flooding / Forwarding • MAC table instances per customer (port/vlan) for each PE • VFI will participate in learning and forwarding process • Associate ports to MAC, flood unknowns to all other ports • Address Learning / Aging • LDP enhanced with additional MAC List TLV (label withdrawal) • MAC timers refreshed with incoming frames • Loop Prevention • Create full-mesh of Pseudo Wire VCs (EoMPLS) • Unidirectional LSP carries VCs between pair of N-PE Per • A VPLS use “split horizon” concepts to prevent loops

  14. Pseudo Wire Refresher

  15. Pseudo Wires in VPLS • IETF working group PWE3 • ‘Pseudo Wire Emulation Edge to Edge’; • Requirements detailed in RFC3916 • Architecture details in RFC3985 • Develop standards for the encapsulation & service emulation of “Pseudo Wires” • Across a packet switched backbone • A VPLS is based on a full mesh of Pseudo Wires

  16. Pseudo Wire Reference Model (RFC 3916) Emulated Service • A Pseudo Wire (PW) is a connection between two provider edge devices connecting two attachment circuits (ACs) • In an MPLS core a Pseudo Wire uses two MPLS labels • Tunnel Label (LSP) identifying remote PE router • VC Label identifying Pseudo Wire circuit within tunnel Pseudo Wire PSN Tunnel (LSP in MPLS) Customer Site Customer Site CE CE IP/MPLS PW1 Attachment Circuit PW2 PE1 PE2 CE Customer Site CE Customer Site Pseudo Wire PDUs Packet Switched Network (PSN) IP or MPLS

  17. Pseudo Wire Standards (Care for a Martini?) • RFC 4446 – Numeric values for PW types • RFC 4447 – Distribution mechanism for VC labels • Previously called draft-martini-l2circuit-trans-mpls • RFC 4448 – Encapsulation for Ethernet using MPLS • Previously called draft-martini-l2circuit-encap-mpls • Other drafts are addressing different encapsulations • draft-ietf-pwe3-frame-relay/draft-ietf-pwe3-atm-encap • draft-ietf-pwe3-ppp-hdlc-encap-mpls • Originally part of draft-martini-l2circuit-encap-mpls

  18. 0x0001 Frame Relay DLCI ( Martini Mode ) 0x0002 ATM AAL5 SDU VCC transport 0x0003 ATM transparent cell transport 0x0004 Ethernet Tagged Mode (VLAN) 0x0005 Ethernet (Port) 0x0006 HDLC 0x0007 PPP 0x0008 SONET/SDH Circuit Emulation 0x0009 ATM n-to-one VCC cell transport 0x000A ATM n-to-one VPC cell transport 0x000B IP Layer2 Transport 0x000C ATM one-to-one VCC Cell Mode 0x000D ATM one-to-one VPC Cell Mode 0x000E ATM AAL5 PDU VCC transport 0x000F Frame-Relay Port mode 0x0010 SONET/SDH Circ. Emu. over Packet 0x0011 Structure-agnostic E1 over Packet 0x0012 Structure-agnostic T1 over Packet 0x0013 Structure-agnostic E3 over Packet 0x0014 Structure-agnostic T3 over Packet 0x0015 CESoPSN basic mode 0x0016 TDMoIP AAL1 Mode 0x0017 CESoPSN TDM with CAS 0x0018 TDMoIP AAL2 Mode 0x0019 Frame Relay DLCI MPLS PW Types (RFC 4446)

  19. VC Information Distribution (RFC 4447) • VC labels are exchanged across a targeted LDP session between PE routers • Generic Label TLV within LDP Label Mapping Message • LDP FEC element defined to carry VC information • Such PW Type (RFC 4446) and VCID • VC information exchanged using Downstream Unsolicited label distribution procedures • Separate “MAC List” TLV for VPLS • Defined in draft-ietf-l2vpn-vpls-ldp • Use to withdraw labels associated with MAC addresses

  20. VC Distribution Mechanism using LDP Directed LDP Session between PE1 and PE2 Tunnel Label(s) gets to PE router • Unidirectional Tunnel LSP between PE routers to transport PW PDU from PE to PE using tunnel label(s) • Both LSPs combined to form single bi-directional Pseudo Wire • Directed LDP session between PE routers to exchange VC information, such as VC label and control information Label Switch Path Customer Site Customer Site CE CE IP/MPLS PE1 PE2 CE Customer Site CE Customer Site LSP created using IGP+LDP or RSVP-TE VC Label identifies interface

  21. PW Encapsulation over MPLS (RFC 4448) • Ethernet Pseudo Wires use 3 layers of encapsulation • Tunnel Encapsulation (zero, one or more MPLS Labels) • To get PDU from ingress to egress PE; • Could be an MPLS label (LDP, TE), GRE tunnel, L2TP tunnel • Pseudo Wire Demultiplexer (PW Label) • To identify individual circuits within a tunnel; • Obtained from Directed LDP session • Control Word (Optional) • The following is supported when carrying Ethernet • Provides the ability to sequence individual frames • Avoidance of equal-cost multiple-path load-balancing • Operations and Management (OAM) mechanisms • Control word format varies depending on transported PDU Layer 2 PDU ControlWord PW Label TunnelLabel

  22. Ethernet PW Tunnel Encapsulation 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 • Tunnel Encapsulation • One or more MPLS labels associated with the tunnel • Defines the LSP from ingress to egress PE router • Can be derived from LDP+IGP, RSVP-TE, BGP IPv4+Label Tunnel Encaps Tunnel Label (LDP,RSVP,BGP) EXP 0 TTL PW Demux VC Label (VC) EXP 1 TTL (set to 2) Control Word 0 0 0 0 Reserved Sequence Number Layer-2 PDU

  23. Ethernet PW Demultiplexer 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 • VC Label • Inner label used by receiving PE to determine the following • Egress interface for L2PDU forwarding (Port based) • Egress VLAN used on the CE facing interface (VLAN Based) • EXP can be set to the values received in the L2 frame Tunnel Encaps Tunnel Label (LDP,RSVP,BGP) EXP 0 TTL PW Demux VC Label (VC) EXP 1 TTL (set to 2) Control Word 0 0 0 0 Reserved Sequence Number Layer-2 PDU

  24. Ethernet PW Control Word 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 • Control Word is Optional (as per RFC) • 0 0 0 0 First nibble is 0x0 to prevent aliasing with IP Packets over MPLS (MAC addresses that start with 0x4 or 0x6) • Reserved Should be all zeros, ignored on receive • Seq number provides sequencing capability to detect out of order packets - currently not in Cisco’s implementation – processing is optional Tunnel Encaps Tunnel Label (LDP,RSVP,BGP) EXP 0 TTL PW Demux VC Label (VC) EXP 1 TTL (set to 2) Control Word 0 0 0 0 Reserved Sequence Number Layer-2 PDU

  25. 72 L2 PDU 38 24 72 72 L2 PDU L2 PDU PW Operation and Encapsulation Label 72 for PW1 • This process happens in both directions • (Example shows process for PE2  PE1 traffic) Directed LDP Session between PE1 and PE2 LSP Lo0: IP/MPLS “PW1” P1 P2 Label 38 for Lo0: Label 24 for Lo0: PE2 PE1 Label Pop for Lo0: CE Customer Site CE Customer Site LDPSession LDPSession LDPSession

  26. VPLS Architecture

  27. VPLS Standards • Architecture allows IEEE 802.1 bridge behaviour in SP plus: • Autodiscovery of other N-PE in same VPLS instance • Signaling of PWs to interconnect VPLS instances • Loop avoidance & MAC Address withdrawal • Two drafts have been approved by IETF L2VPN Working Group • draft-ietf-l2vpn-vpls-ldp • Uses LDP for signalling, agnostic on PE discovery method • Predominant support from carriers and vendors • Cisco supports this draft • draft-ietf-l2vpn-vpls-bgp • Uses BGP for signalling and autodiscovery

  28. Cisco VPLS Building Blocks NMS/OSS Point-to-Point Layer 2 VPN Multipoint Layer 2 VPN Layer 3 VPN Layer 2 VPN Forwarding Mechanism Interface-Based/ Sub-Interface Ethernet Switching (VFI) IP Routing L2VPN Discovery Centralised DNS Radius Directory Services Distributed BGP Label Distribution Protocol Signaling Tunnel Protocol MPLS IP Cisco 7600 Catalyst 6500 Cisco 12000 Hardware

  29. VPN Discovery Centralised DNS Radius Directory Services Distributed BGP Label Distribution Protocol Signaling VPLS Auto-discovery & Signaling • Draft-ietf-l2vpn-vpls-ldp • Does not mandate an auto-discovery protocol • Can be BGP, Radius, DNS, or Directory based • Uses Directed LDP for label exchange (VC) and PW signaling • PWs signal control information as well (for example, circuit state) • Cisco IOS supports Directed LDP for all VC signaling • Point-to-point – Cisco IOS Any Transport over MPLS (AToM) • Multipoint – Cisco IOS MPLS Virtual Private LAN Services

  30. Data SA DA? VPLS Flooding & Forwarding • Flooding (Broadcast, Multicast, Unknown Unicast) • Dynamic learning of MAC addresses on PHY and VCs • Forwarding • Physical Port • Virtual Circuit Unknown DA? Pseudo Wire in LSP

  31. Data Data MAC2 MAC1 MAC1 MAC2 102 170 PE2 PE2 MAC Address Learning and Forwarding Send me frames using Label 102 Send me frames using Label 170 Directed LDP • Broadcast, Multicast, and Unknown Unicast are learned via the received label associations • Two LSPs associated with a VC (Tx & Rx) • If inbound or outbound LSP is down • Then the entire Pseudo Wire is considered down MAC1 MAC2 PE1 PE2 CE CE Use VC Label 102 E0/0 Use VC Label 170 E0/1 MAC Address Adj MAC Address Adj MAC 2 170 MAC 2 E0/1 MAC 1 E0/0 MAC 1 102

  32. MAC Address Withdrawal Message Directed LDP • Message speeds up convergence process • Otherwise PE relies on MAC Address Aging Timer • Upon failure PE removes locally learned MAC addresses • Send LDP Address Withdraw (RFC3036) to remote PEs in VPLS (using the Directed LDP session) • New MAC List TLV is used to withdraw addresses MAC Withdrawal MPLS X MACWithdrawal

  33. VPLS Topology – PE View • Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection • Full mesh topology obviates STP in the SP network • Customer STP is transparent to the SP / Customer BPDUs are forwarded transparently CEs MPLS PEs Full Mesh LDP Ethernet PW to each peer PE view

  34. CEs CEs MPLS MPLS MPLS VPLS Core PEs Full Mesh LDP Ethernet PW to each peer PE view VPLS Topology – CE View • CE routers/switches see a logical Bridge/LAN • VPLS emulates a LAN – but not exactly… • This raises a few issues which are discussed later

  35. VPLS Architectures • VPLS defines two Architectures • Direct Attachment (Flat) • Described in section 4 of Draft-ietf-l2vpn-vpls-ldp • Hierarchical or H-VPLS comprising of two access methods • Ethernet Edge (EE-H-VPLS) – QinQ tunnels • MPLS Edge (ME-H-VPLS) - PWE3 Pseudo Wires (EoMPLS) • Described in section 10 of Draft-ietf-l2vpn-vpls-ldp • Each architecture has different scaling characteristics

  36. VPLS Functional Components Customer MxUs Customer MxUs • N-PE provides VPLS termination/L3 services • U-PE provides customer UNI • CE is the custome device SP PoPs CE CE U-PE N-PE MPLS Core N-PE U-PE

  37. Directed attachment (Flat) Characteristics • Suitable for simple/small implementations • Full mesh of directed LDP sessions required • N*(N-1)/2 Pseudo Wires required • Scalability issue a number of PE routers grows • No hierarchical scalability • VLAN and Port level support (no QinQ) • Potential signaling and packet replication overhead • Large amount of multicast replication over same physical • CPU overhead for replication

  38. Data MAC1 MAC2 VC PE Data Data MAC1 MAC1 MAC2 MAC2 Direct Attachment VPLS (Flat Architecture) CE CE N-PE MPLS Core N-PE Ethernet (VLAN/Port Ethernet(VLAN Port) Full Mesh PWs + LDP 802.1q Customer Pseudo WireSP Core

  39. Hierarchical VPLS (H-VPLS) • Best for larger scale deployment • Reduction in packet replication and signaling overhead • Consists of two levels in a Hub and Spoke topology • Hub consists of full mesh VPLS Pseudo Wires in MPLS core • Spokes consist of L2/L3 tunnels connecting to VPLS (Hub) PEs • Q-in-Q (L2), MPLS (L3), L2TPv3 (L3) • Some additional H-VPLS terms • MTU-s Multi-Tenant Unit Switch capable of bridging (U-PE) • PE-r Non bridging PE router • PE-rs Bridging and Routing capable PE

  40. Potential signaling overhead Full PW mesh from the Edge Packet replication done at the Edge Node Discovery and Provisioning extends end to end Minimizes signaling overhead Full PW mesh among Core devices Packet replication done the Core Partitions Node Discovery process Why H-VPLS? VPLS H-VPLS PE CE CE CE PE-rs MTU-s PE PE CE CE CE PE PE PE-rs PE-rs CE CE PE PE PE-rs PE-r PE-rs PE-rs CE CE CE PE CE

  41. Data VlanCE MAC1 MAC2 Data VlanCE VlanSP MAC1 MAC2 Ethernet Edge H-VPLS (EE-H-VPLS) U-PEMTU-s N-PEPE-rs N-PEPE-rs U-PEMTU-s CE CE MPLS Core 1 2 3 802.1qAccess QinQTunnel QinQTunnel 802.1qAccess Full Mesh PWs + LDP 802.1q Customer 1 QinQ SP Edge 2 Data VlanCE MAC1 MAC2 VC PE Pseudo WireSP Core 3

  42. Bridge Capability in EE-H-VPLS U-PEMTU-s N-PEPE-rs • Local edge traffic does not have to traverse N-PE • MTU-s can switch traffic locally • Saves bandwidth capacity on circuits to N-PE CE

  43. Ethernet Edge Topologies FullService CPE Efficient Access U-PE Large Scale Aggregation PE-AGG IntelligentEdge N-PE MultiserviceCore P IntelligentEdge N-PE EfficientAccess U-PE FullService CPE User Facing Provider Edge (U-PE) Metro C Metro A U-PE PE-AGG Hub and Spoke 10/100/ 1000 Mbps 10/100/ 1000 Mbps GE Ring U-PE P P N-PE MPLS VPLS Metro B 10/100/ 1000 Mbps N-PE P P DWDM/ CDWM RPR N-PE 10/100/ 1000 Mbps U-PE Network Facing Provider Edge (N-PE) U-PE Metro D

  44. Data VlanCE MAC1 MAC2 MPLS Edge H-VPLS U-PEPE-rs N-PEPE-rs N-PEPE-rs U-PEPE-rs CE CE MPLS Core MPLS Core MPLS Access MPLS Access 1 2 MPLSPseudo Wire 3 802.1qAccess MPLSPseudo Wire 802.1qAccess Full Mesh PWs + LDP Same VCID used in Edge and core (Labels may differ) 1 802.1q Customer 2 Data VlanCE MAC1 MAC2 VC PE MPLS PW SP Edge 3 Data VlanCE MAC1 MAC2 VC PE Pseudo WireSP Core

  45. This traffic will not be replicated out PW #2 and visa versa 1 3 2 3 3 2 1 3 3 3 1 2 3 2 1 3 1 3 2 3 3 2 3 1 3 3 3 1 2 3 3 2 3 1 3 3 1 3 3 3 2 1 2 1 2 1 Broadcast/Multicast VFI and Split Horizon (VPLS, EE-H-VPLS) Pseudo Wire #1 • Virtual Forwarding Interface is the VSI representation in IOS • Single interface terminates all PWs for that VPLS instance • This model applicable in direct attach and H-VPLS with Ethernet Edge CE N-PE2 VFI Pseudo Wire #2 CE N-PE3 N-PE1 VirtualForwardingInterface Bridging Function (.1Q or QinQ) Pseudo Wires Local Switching Split Horizon Active

  46. 1 3 3 2 3 2 3 1 1 3 2 3 3 3 1 2 3 2 3 1 1 2 1 2 1 Unicast VFI and NO Split Horizon (ME-H-VPLS) Pseudo Wire #1 Pseudo Wire #3 N-PE1 CE Split Horizon disabled • This model applicable H-VPLS with MPLS Edge • PW #1, PW #2 will forward traffic to PW #3 (non split horizon port) VFI N-PE2 Pseudo Wire #2 U-PE CE N-PE3 VirtualForwardingInterface Pseudo WireMPLS Based Pseudo Wires NO Split Horizon Split Horizon Active

  47. VPLS Logical Topology Comparison

  48. Configuration Examples

  49. Configuration Examples • Direct Attachment • Using a Router as a CE (VLAN Based) • Using a Switch as a CE (Port Based) • H-VPLS • Ethernet QinQ • EoMPLS Pseudo Wire (VLAN Based) • EoMPLS Pseudo Wire (Port Based) • Sample Output

  50. Direct Attachment Configuration (C7600) • CEs are all part of same VPLS instance (VCID = 56) • CE router connects using VLAN 100 over sub-interface 1.1.1.1 MPLS Core 2.2.2.2 PE2 PE1 CE1 CE2 pos4/1 pos4/3 gi3/0 gi4/4 VLAN100 pos3/0 pos3/1 VLAN100 PE3 gi4/2 CE2 3.3.3.3 VLAN100

More Related