implementation and utilization of layer 2 vpn technologies
TRANSCRIPT
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAGG-200014555_04_2008_c1 2
Implementation and Utilization of Layer 2 VPN Technologies
BRKAGG-2000
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3BRKAGG-200014555_04_2008_c1
General Prerequisites
Spanning Tree problems and Data Center knowledge
Why L2VPN technology is becoming ever important to service providers and enterprise
Good understanding of L2VPN technology pseudowires (PWs) operation (AToM, L2TPv3)
Basic understanding of network design principles
Familiarity with quality of service principles; application will be discussed, with examples
Basic understanding of MPLS traffic engineering (MPLS-TE) concepts
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4BRKAGG-200014555_04_2008_c1
L2VPN Deployment Objectives
Quick review of the motivating factors for L2VPN adoption
Outline common service requirements for L2VPN and how they are being addressed by Service Providers and Enterprise
Quick overview EoMPLS and VPLS
Using Traffic Engineering with Layer 2 VPN
Position Layer 2 VPN for Data Center
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
3
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5BRKAGG-200014555_04_2008_c1
Summary Technology
AToM/L2TPv3
EoMPLS
VPLS
Traffic—Engineering
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6BRKAGG-200014555_04_2008_c1
Deployment Objectives
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
4
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7BRKAGG-200014555_04_2008_c1
Why Is L2VPN Needed?
It allows SP and Enterprise to have a single infrastructure for both IP and legacy services
For SP Move legacy ATM/FR traffic to MPLS/IP core without interrupting current services
Enterprise allow them to build better DataCenter and spam across L2 AC across WAN/MPLS and provide better HA
Help SP provide new P2P Layer 2 tunnelling servicesCustomer can have its own routing, QoS policy, etc.
A migration step towards IP/MPLS VPN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8BRKAGG-200014555_04_2008_c1
Benefits for L2VPNs
New service opportunities:Virtual leased line service
Offer “PVC-like” Layer 2-based service
Reduced cost—consolidate multiple core technologies into a single packet-based network infrastructure
Simplify services—Layer 2 transport provides options for service providers who need to provide L2 connectivity and maintain customer autonomy
Protect existing investments—Greenfield networks to extend customer access to existing Layer 2 networks without deploying a new separate infrastructure
Feature support—through the use of Cisco IOS features such as IPsSec, QoS, and Traffic Engineering, L2 transport can be tailored to meet customer requirements
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
5
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9BRKAGG-200014555_04_2008_c1
L2VPN Models
P2MP/MP2MP
VPWS VPLS
PPP/HDLC
ATM AAL5/Cell
FR
Ethernet
PPP/HDLC
ATM AAL5/Cell
FR
Ethernet
Like-to-Like ORAny-to-Any
Point-to-Point
AToM
Ethernet
MPLS CoreLocal Switching IP Core
Any-to-Any ServicePoint-to-Point
L2TPv3
L2VPN Models
CE-TDM
T1/E1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10BRKAGG-200014555_04_2008_c1
Motivation for L2VPNsI’ve Really Got to Consolidate These Networks
Access
IP/IPSec
FR/ATMBroadband
Ethernet
Access
IP/IPSec
FR/ATMBroadband
Ethernet
Multiple Access Services Require Multiple Core Technologies = $$$ High Costs/Complex Management
ATM
MPLS or IP
SONET
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
6
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11BRKAGG-200014555_04_2008_c1
Generic L2 VPN Architecture
Tunnels (MPLS, L2TPv3, GRE, IPSec, etc.)
Emulated VCs (pseudowires) inside tunnels (many-to-one)
Attachment VCs (e.g., FR DLCI, PPP) mapped to emulated VCs
L2
AttachmentCircuit
VC
Emulated VCTunnel
VC
Emulated VC/PW
L2
AttachmentCircuit
PSN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12BRKAGG-200014555_04_2008_c1
Motivation for L2VPNsHow Can I Leverage My Packet Infrastructure?
Reduce overlapping core expense; consolidate trunk linesOffer multiservice/common interface (i.e. Ethernet MUX = L2, L3 and Internet)Maintain existing revenues from legacy services
EthernetMPLS/IP
Edge Packet Switched Network
MSE
New Service Growth
Broadband Access
Frame Relay ATM
Existing Infrastructure
Trunk Replacement
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
7
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13BRKAGG-200014555_04_2008_c1
New Evolution for Circuit Emulation
SONET/SDH
IP/MPLSIP/MPLS
SONET/SDH/Ethernet/DSL
PW/Abis/Iub FR/ATM
Radio Access Network
BTS/NodeB
SGSN
RAN Edge
Backbone Network
IP POP at cellsite
Abis/Iub Optimization
GGSN
GMSC
MGW
MGW
MSC Server
MSC
IP/MPLS BackbonePre-Aggregation
Site
SS7oIP
PSTN
Internet
ITPITPITPITP
Pseudo Wires
Broadband Ethernet Backhaul
BSC/RNC
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14BRKAGG-200014555_04_2008_c1
L2VPN DeploymentLaying the Groundwork for Successful Deployment
The “Need to Knows” of Your Infrastructure:
What is the aggregate bandwidth requirements for converged services?
What are the minimum platform requirements to run the planned services?
What software features will be required to meet all of my planned needs?—such as:
L2VPN functionality (like-to-like, any-to-any, etc.)
VPLS functionality (point-to-multipoint)
Q-in-Q
OAM requirements
IGP, EGP, and TE requirements
Cisco Express Forwarding (CEF, dCEF)
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
8
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15BRKAGG-200014555_04_2008_c1
Ethernet over MPLS Overview
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16BRKAGG-200014555_04_2008_c1
MPLSEnabled
MPLSEnabled
Customer A
Site#2
1200010720 10720
Targeted LDP Session Between PE Routers
PEPE P
Logical Connectivity
BPDUs, VTP Messages
Physical Connectivity
EoMPLS Reference Model
SwitchSwitch
Customer A
Site#1
Switch Switch
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
9
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17BRKAGG-200014555_04_2008_c1
A Typical Configuration: EoMPLS VLANR201
10.0.0.201R202
10.0.0.202R203
10.0.0.203
R204R200 10.1.1.0/24 10.1.2.0/24
PE P PE
CE CE
e1/0 e1/0 e2/0 e2/0e0/0.10
e0/0.10
e0/0.10
e0/0.10
LDP LDP
Targeted LDPdot1Q 10
10.10.10.200/24dot1Q 10
10.10.10.204/24
hostname R201!ip cefmpls ipmpls label protocol ldpmpls ldp router-id Loopback0 force!interface Loopback0ip address 10.0.0.201 255.255.255.255
!interface Ethernet0/0.10description *** To R200 ***encapsulation dot1Q 10no ip directed-broadcastno cdp enablexconnect 10.0.0.203 10 encapsulation mpls
hostname R203!ip cefmpls ipmpls label protocol ldpmpls ldp router-id Loopback0 force!interface Loopback0ip address 10.0.0.203 255.255.255.255
!pseudowire-class eomplsencapsulation mpls
!interface Ethernet0/0.10description *** To R204encapsulation dot1Q 10no ip directed-broadcastno cdp enablexconnect 10.0.0.201 10 pw-class eompls
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18BRKAGG-200014555_04_2008_c1
Calculating MTU Requirements for the Core
Core MTU ≥ Edge MTU + Transport Header + AToMHeader + (MPLS Label Stack * MPLS Header Size)
Edge MTU is the MTU configured in the CE-facing PE’s interface
Examples (all in bytes):
1530[1526]
1530[1526]
1526[1522]
Total
431500EoMPLS Port w/ TE FRR
421500EoMPLS VLAN Mode
421500EoMPLS Port Mode
MPLSHeader
MPLSStackEdge
14
18
14
Transport
4 [0]
4 [0]
4 [0]
AToM
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
10
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19BRKAGG-200014555_04_2008_c1
L2 VPN Interworking
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20BRKAGG-200014555_04_2008_c1
Interworking Modes and Features
The AC are terminated locally!!!
There are two types of Interworking (a.k.a. any-2-any)Ethernet (AKA bridged)—Ethernet frames are extracted from the AC and sent over the PW; VLAN Tag is removed; CEs can run Ethernet, BVI, or RBE
IP (a.k.a. routed)—IP packets are extracted from the AC and sent over the PW
AToM L2TPv3 IP Mode EthernetFrame Relay to Ethernet/VLAN Yes Yes Yes Yes
Frame Relay to PPP Yes Yes Yes No
Frame Relay to ATM AAL5 Yes No Yes No
Ethernet/VLAN to ATM AAL5 Yes No Yes Yes
Ethernet to VLAN Yes Yes Yes Yes
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
11
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21BRKAGG-200014555_04_2008_c1
Configuration Example Frame-Relay to Ethernet
Frame Linkframe-relay switching!pseudowire-class atom_fr_vlanencapsulation mplsinterworking ip
!interface POS3/0encapsulation frame-relayclock source internalframe-relay lmi-type ansiframe-relay intf-type dce
!connect fr-vlan POS3/0 210 l2transportxconnect 192.168.200.2 210 pw-class atom_fr_vlan
Ethernet/VLAN Linkframe-relay switching!pseudowire-class atom_vlan_frencapsulation mplsinterworking ip
!interface GigabitEthernet4/0.310encapsulation dot1Q 310xconnect 192.168.200.1 210 pw-class atom_vlan_fr
VLAN 310
interface POS5/0.210 point-to-pointip address 172.16.1.1 255.255.255.0frame-relay interface-dlci 210
interface GigabitEthernet6/0.310encapsulation dot1Q 310ip address 172.16.1.2 255.255.255.0
MPLS/IP
DLCI 210
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22BRKAGG-200014555_04_2008_c1
Local Switching InterWorking
interface Serial1/0/1:0encapsulation frame-relay MFR100
!interface Serial1/0/2:0encapsulation frame-relay MFR100
!interface Serial1/0/3:0encapsulation frame-relay MFR100
!interface MFR100
frame-relay lmi-type ansiframe-relay intf-type dce
!interface GigabitEthernet0/1.10encapsulation dot1Q 10
T1/E1 Total6.144 Mbps
Ethernet0/1.10speed 100
connect FR_to_Ether MFR100 Ethernet0/1.10 interworking ip
CE3
PPP/HDLCEthernet0/1.20speed 100
MFR
CE2-HUBCE
PE1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
12
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23BRKAGG-200014555_04_2008_c1
VPLS Introduction
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24BRKAGG-200014555_04_2008_c1
VPLS Introduction
Pseudo Wire Refresher
VPLS Architecture
VPLS Configuration Example
VPLS Deployment
Summary
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
13
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25BRKAGG-200014555_04_2008_c1
Virtual Private LAN Service (VPLS)
VPLS defines an architecture allows MPLS networks offer Layer 2 multipoint Ethernet Services
SP emulates an IEEE Ethernet bridge network (virtual)
Virtual Bridges linked with MPLS Pseudo WiresData Plane used is same as EoMPLS (point-to-point)
PE PECE CE
VPLS is an Architecture
CE
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26BRKAGG-200014555_04_2008_c1
Virtual Private LAN Service
End-to-end architecture that allows MPLS networks to provide Multipoint Ethernet services
It is “Virtual” because multiple instances of this service share the same physical infrastructure
It is “Private” because each instance of the service is independent and isolated from one another
It is “LAN Service” because it emulates Layer 2 multipoint connectivity between subscribers
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
14
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27BRKAGG-200014555_04_2008_c1
Why Provide a Layer 2 Service?
Customer have full operational control over their routing neighbours
Privacy of addressing space - they do not have to be shared with the carrier network
Customer has a choice of using any routing protocolincluding non IP based (IPX, AppleTalk)
Customers could use an Ethernet switch instead of a router as the CPE
A single connection could reach all other edge points emulating an Ethernet LAN (VPLS)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28BRKAGG-200014555_04_2008_c1
VPLS Is Defined in IETF
Application
General
Ops and Mgmt
Routing
Security
IETF
MPLS
Transport
Formerly PPVPNworkgroup
VPWS, VPLS, IPLS
BGP/MPLS VPNs (RFC 4364 was 2547bis)
IP VPNs using Virtual Routers (RFC 2764)
CE based VPNs using IPsec
Pseudo Wire Emulation edge-to-edge Forms the backbone transport for VPLS
IAB
ISOC
As of 2-Nov-2006
Internet
L2VPN
L3VPN
PWE3
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
15
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29BRKAGG-200014555_04_2008_c1
VPLS Components
N-PE
MPLS Core
CE router
CE router
CE switch
CE router
CE router
CE switch
CE switch
CE router
Attachment circuitsPort or VLAN mode
Mesh of LSP between N-PEs
N-PE
N-PE
Pseudo Wires within LSPVirtual Switch Interface (VSI) terminates PW
and provides Ethernet bridge function
Targeted LDP between PEs to exchange VC
labels for Pseudo Wires Attachment CE
can be a switch or router
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30BRKAGG-200014555_04_2008_c1
Virtual Switch Interface
Flooding/ForwardingMAC table instances per customer (port/vlan) for each PE
VFI will participate in learning and forwarding process
Associate ports to MAC, flood unknowns to all other ports
Address Learning/AgingLDP enhanced with additional MAC List TLV (label withdrawal)
MAC timers refreshed with incoming frames
Loop PreventionCreate full-mesh of Pseudo Wire VCs (EoMPLS)
Unidirectional LSP carries VCs between pair of N-PE Per
A VPLS use “split horizon” concepts to prevent loops
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
16
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31BRKAGG-200014555_04_2008_c1
VPLS Architecture
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32BRKAGG-200014555_04_2008_c1
VPLS Topology—PE View
Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection
Full mesh topology obviates STP in the SP network
Customer STP is transparent to the SP/Customer BPDUs are forwarded transparently
PEs
CEs
PE view
Full Mesh LDP Ethernet PW to each peer
MPLS
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
17
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33BRKAGG-200014555_04_2008_c1
PEs
CEs
PE view
Full Mesh LDP Ethernet PW to each peer
MPLS
VPLS Topology—CE View
CE routers/switches see a logical Bridge/LAN
VPLS emulates a LAN – but not exactly…This raises a few issues which are discussed later
PEs
CEs
PE view
Full Mesh LDP Ethernet PW to each peer
MPLS
CEs
MPLS
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34BRKAGG-200014555_04_2008_c1
VPLS Functional Components
N-PE provides VPLS termination/L3 services
U-PE provides customer UNI
CE is the customer device
CE U-PE N-PE MPLS Core N-PE U-PE CE
Customer MxUs SP PoPs Customer
MxUs
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
18
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35BRKAGG-200014555_04_2008_c1
Why H-VPLS?
Potential signaling overhead
Full PW mesh from the Edge
Packet replication done at the Edge
Node Discovery and Provisioning extends end to end
Minimizes signaling overhead
Full PW mesh among Core devices
Packet replication done the Core
Partitions Node Discovery process
VPLS H-VPLS
CE
CE
CE CE
CE
CE
PE
PE
PE
PE
PE
PE
PE
PE CE
CE
MTU-s
CE
CE
PE-rs
PE-rs
PE-rs
PE-rs
PE-rs
PE-rs
PE-r
CE
CE
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36BRKAGG-200014555_04_2008_c1
MPLS VPLS
N-PE
N-PE
N-PE
P P
PP
GE Ring
Metro A U-PEPE-AGG
Metro C
U-PE
DWDM/CDWM
U-PE
User Facing Provider Edge (U-PE)
Network Facing Provider Edge (N-PE)
Ethernet Edge Topologies
U-PE
RPR
Metro D
Large ScaleAggregation
PE-AGGIntelligent Edge
N-PEMultiservice Core
PEfficient Access
U-PEIntelligent Edge
N-PEEfficient Access
U-PE
SiSi
SiSi
Metro B
10/100/1000 Mbps
10/100/1000 Mbps
10/100/1000 Mbps
10/100/1000 Mbps
Hub andSpoke
FullService CPE
FullService CPE
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
19
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37BRKAGG-200014555_04_2008_c1
VFI and Split Horizon (VPLS, EE-H-VPLS)
Virtual Forwarding Interface is the VSI representation in IOSSingle interface terminates all PWs for that VPLS instance
This model applicable in direct attach and H-VPLS with Ethernet Edge
VFI
Pseudo Wire #2
VirtualForwardingInterface
Pseudo Wires
Local Switching Split Horizon Active
11111
3 3 3 3 3
3 3 3 3 3
3 3 3 3 3Broadcast/Multicast
Bridging Function(.1Q or QinQ)
22222
111 22
Pseudo Wire #1
N-PE1
1 11 1
2 22 2
33 33
3 33 3N-PE2
N-PE3
CE
CE
This traffic will not be replicated out PW #2 and visa versa
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38BRKAGG-200014555_04_2008_c1
N-PE1
Pseudo Wire #3
VFI and No Split Horizon (ME-H-VPLS)
This model applicable H-VPLS with MPLS EdgePW #1, PW #2 will forward traffic to PW #3 (non split horizon port)
VFI
Pseudo Wire #2
VirtualForwardingInterface
Pseudo Wires
NO Split Horizon Split Horizon Active
11111
3 3 3 3 3
3 3 3 3 3
Unicast
Pseudo WireMPLS Based
22222
111 22
Pseudo Wire #1U-PE
N-PE3
Split Horizon disabled
N-PE2
CE
CE
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
20
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39BRKAGG-200014555_04_2008_c1
VPLS Configuration Example
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
21
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41BRKAGG-200014555_04_2008_c1
Direct Attachment Configuration (C7600)
CEs are all part of same VPLS instance (VCID = 56)CE router connects using VLAN 100 over sub-interface
PE1 PE2CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1VLAN100
VLAN100
VLAN100
MPLS Core
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42BRKAGG-200014555_04_2008_c1
Direct Attachment CE Router Configuration
CE routers sub-interface on same VLANCan also be just port based (NO VLAN)
interface GigabitEthernet 1/3.100encapsulation dot1q 100ip address 192.168.20.2
interface GigabitEthernet 2/0.100encapsulation dot1q 100ip address 192.168.20.3
CE1 CE2
CE2
VLAN100
VLAN100
VLAN100
Subnet 192.168.20.0/24
interface GigabitEthernet 2/1.100encapsulation dot1q 100ip address 192.168.20.1
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
22
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43BRKAGG-200014555_04_2008_c1
Direct Attachment VSI Configuration
Create the Pseudo Wires between N-PE routers
MPLS Core
l2 vfi VPLS-A manualvpn id 56
neighbor 2.2.2.2 encapsulation mplsneighbor 1.1.1.1 encapsulation mpls
l2 vfi VPLS-A manualvpn id 56
neighbor 1.1.1.1 encapsulation mplsneighbor 3.3.3.3 encapsulation mpls
l2 vfi VPLS-A manualvpn id 56
neighbor 2.2.2.2 encapsulation mplsneighbor 3.3.3.3 encapsulation mpls
PE1 PE2CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1VLAN100
VLAN100
VLAN100
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44BRKAGG-200014555_04_2008_c1
Direct Attachment CE Router (VLAN Based)
Same set of commands on each PE
Configured on the CE facing interface
MPLS CorePE1 PE2
CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1VLAN100
VLAN100
VLAN100Interface GigabitEthernet3/0switchportswitchport mode trunkswitchport trunk encapsulation dot1qswitchport trunk allowed vlan 100
!Interface vlan 100no ip addressxconnect vfi VPLS-A
!vlan 100state active
This command associates the VLAN with the VPLS instance
VLAN100 = VCID 56
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
23
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46BRKAGG-200014555_04_2008_c1
Direct Attachment CE Switch (Port Based)
If CE was a switch instead of a router then we can use QinQ
QinQ places all traffic (tagged/untagged) from switch into a VPLS
MPLS CorePE1 PE2
CE1 CE2
CE2
PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1All VLANs
All VLANs
All VLANsInterface GigabitEthernet3/0switchportswitchport mode dot1qtunnelswitchport access vlan 100l2protocol-tunnel stp
! Interface vlan 100no ip addressxconnect vfi VPLS-A
!vlan 100state active
This command associates the VLAN with the VPLS instance
VLAN100 = VCID 56
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
24
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48BRKAGG-200014555_04_2008_c1
H-VPLS Configuration (C7600/3750ME)
U-PEs provide services to customer edge deviceCE traffic then carried in QinQ or EoMPLS PW to N-PE
PW VSI mesh configuration is same as previous examples
MPLS Core
N-PE1 N-PE2
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
CE1
CE2
U-PE1Cisco
3750ME
gi4/4 gi1/1/1fa1/0/1
U-PE2Cisco
3750ME 4.4.4.4
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
25
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50BRKAGG-200014555_04_2008_c1
H-VPLS QinQ Tunnel (Ethernet Edge)
U-PE carries all traffic from CE using QinQOuter tag is VLAN100, inner tags are customer’s
MPLS Core
N-PE1 N-PE2
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0 gi4/4 gi1/1/1
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
Interface GigabitEthernet4/4switchportswitchport mode trunkswitchport trunk encapsulation dot1qswitchport trunk allowed vlan 100
!Interface vlan 100no ip addressxconnect vfi VPLS-A
!vlan 100state active
interface FastEthernet1/0/1switchportswitchport access vlan 100switchport mode dot1q-tunnelswitchport trunk allow vlan 1-1005
!interface GigabitEthernet 1/1/1switchportswitchport mode trunkswitchport allow vlan 1-1005
CE1
CE2
fa1/0/1
4.4.4.4
U-PE2Cisco
3750ME
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
26
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52BRKAGG-200014555_04_2008_c1
H-VPLS EoMPLS PW Edge (VLAN Based)
CE interface on U-PE can be access or trunk portxconnect per VLAN is required
MPLS Core
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
interface FastEthernet1/0/1switchportswitchport access vlan 500
!interface vlan500xconnect 2.2.2.2 56 encapsulation mpls
!interface GigabitEthernet1/1/1no switchportip address 156.50.20.2 255.255.255.252mpls ip
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1Interface GigabitEthernet4/4no switchportip address 156.50.20.1 255.255.255.252mpls ip!l2 vfi VPLS-A manualvpn id 56neighbor 1.1.1.1 encapsulation mplsneighbor 3.3.3.3 encapsulation mplsneighbor 4.4.4.4 encaps mpls no-split
4.4.4.4
Ensures CE traffic passed on PW to/from U-PE
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
27
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54BRKAGG-200014555_04_2008_c1
H-VPLS EoMPLS PW Edge (Port Based)
CE interface on U-PE can be access or trunk portxconnect for entire PORT is required
MPLS Core
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
interface FastEthernet1/0/1no switchportxconnect 2.2.2.2 56 encapsulation mpls
!interface GigabitEthernet1/1/1no switchportip address 156.50.20.2 255.255.255.252mpls ip
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1Interface GigabitEthernet4/4no switchportip address 156.50.20.1 255.255.255.252mpls ip!l2 vfi PE1-VPLS-A manualvpn id 56neighbor 1.1.1.1 encapsulation mplsneighbor 3.3.3.3 encapsulation mplsneighbor 4.4.4.4 encaps mpls no-split
4.4.4.4
Ensures CE traffic passed on PW to/from U-PE
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
28
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55BRKAGG-200014555_04_2008_c1
Configuration Examples
Direct AttachmentUsing a Router as a CE (VLAN Based)
Using a Switch as a CE (Port Based)
H-VPLSEthernet QinQ
EoMPLS Pseudo Wire (VLAN Based)
EoMPLS Pseudo Wire (Port Based)
Sample Output
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56BRKAGG-200014555_04_2008_c1
MPLS Core
show mpls l2 vc
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1
NPE-A#show mpls l2 vcLocal intf Local circuit Dest address VC ID Status------------- ------------- ------------- ------ ------VFI VPLS-A VFI 1.1.1.1 10 UP VFI VPLS-A VFI 3.3.3.3 10 UP
4.4.4.4
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
29
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57BRKAGG-200014555_04_2008_c1
MPLS Core
show mpls l2 vc detail
N-PE1 N-PE2
U-PE2Cisco
3750ME
N-PE3
1.1.1.1 2.2.2.2
3.3.3.3
gi3/0
gi4/2
pos4/1 pos4/3
pos3/0 pos3/1
U-PE3Cisco 3750ME
CE1 CE2
CE1
CE2
U-PE1Cisco
3750ME
gi4/4 gi1/1/1
CE1
CE2
fa1/0/1
NPE-2#show mpls l2 vc detailLocal interface: VFI VPLS-A upDestination address: 1.1.1.1, VC ID: 10, VC status: upTunnel label: imp-null, next hop 156.50.20.1Output interface: POS4/3, imposed label stack {19}
Create time: 1d01h, last status change time: 00:40:16Signaling protocol: LDP, peer 1.1.1.1:0 upMPLS VC labels: local 23, remote 19
4.4.4.4Use VCLabel 19
Use VCLabel 23
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58BRKAGG-200014555_04_2008_c1
PW Redundancy Concepts
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
30
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59BRKAGG-200014555_04_2008_c1
PW High Availability
Failure in the Provider core mitigated with link redundancy and FRR
PE router failure – PE Diversity
Attachment Circuit failure – Need Pair of Attachment Ckts end-to-end
CE Router failure – Redundant CEs
CE1
CE2
Site1
PE1
PE2
PE3
PE4
P1
P2
P3
P4Site2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60BRKAGG-200014555_04_2008_c1
PW High Availability
Failure in the Provider core mitigated with link redundancy and FRR
PE router failure – PE Diversity
Attachment Circuit failure – Need Pair of Attachment Ckts end-to-end
CE Router failure – Redundant CEs
CE1
CE2
Site1
PE1
PE2
PE3
PE4
P1
P2
P3
P4Site2
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
31
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61BRKAGG-200014555_04_2008_c1
L2VPN Networks—Dual Homed PW Sites Without Redundancy Feature
CE1 CE2
Site1
PE3
Site2P2
PE1
PE4
P1 P3
P4
CE3
PE2
x
interface e 1/0.1encapsulation dot1q 10xconnect <PE3 router ID> <VCID> encapsulation mpls
Interface e1/0.1encapsulation dot1q 10xconnect <PE4 router ID> <VCID> encapsulation mpls
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62BRKAGG-200014555_04_2008_c1
High Availability in L2VPN Networks
The TCP session between two LDP peers may go down due to HW/SW failure (RP switchover)
If PE3 fails, traffic will be dropped
Need PW-redundancy so that pw can be re-routed to the redundant router i.e. PE4
PE1
Site1
P1 P3
Site2P4
PE3
PE4
P2
Primary
Standby
Primary
Primary
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
32
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63BRKAGG-200014555_04_2008_c1
Dual Homed PW Sites—with Redundancy Feature
CE1
CE3
Site1
PE2
PE3
P2
P3
P4 Site2
P1PE1
x
PE4
CE2
pe1(config)#int e 0/0.1pe1(config-subif)#encapsulation dot1q 10pe1(config-subif)#xconnect <PE3 router ID> <VCID> encapsulation mplspe1(config-subif-xconn)#backup peer <PE4 router ID> <VCID>
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64BRKAGG-200014555_04_2008_c1
PW Redundancy—Manual Switchover
CE1CE2
Site1
PE1
PE2Site2P2 P4
PE3
P1 P3
PE4
CE3
interface Ethernet0/0.1encapsulation dot1Q 10xconnect 192.168.1.3 10 encapsulation mplsbackup peer 192.168.1.4 10backup delay 3 10
pe1#sh mpls l2transport vc 10Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ----------Et0/0.1 Eth VLAN 20 192.168.1.3 10 UPEt0/0.1 Eth VLAN 20 192.168.1.4 10 DOWN
pe1#sh mpls l2transport vc 10
Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ----------Et0/0.1 Eth VLAN 20 192.168.1.3 10 DOWNEt0/0.1 Eth VLAN 20 192.168.1.4 10 UP
pe1>xconnect backup force-switchover peer 192.168.1.3 10Maintenance Required
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
33
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65BRKAGG-200014555_04_2008_c1
PW Redundancy—Config Examples (1/2)
Example 1: MPLS xconnect with 1 redundant peer. The debounce timer is set to 3 seconds so that we don’t allow a switchover until the connection has been deemed down for 3 seconds.
interface serial0/0xconnect 10.0.0.1 100 encapsulation mplsbackup peer 10.0.0.2 200backup delay 3 10
pseudowire-class test
encapsulation mpls
!
connect frpw1 serial0/1 50 l2transport
xconnect 20.0.0.1 50 pw-class test
backup peer 20.0.0.2 50
backup delay 0 never
Example 2: xconnect with 1 redundant peer. In this example, once a switchover occurs, we will not fallback to the primary until the secondary xconnect fails.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66BRKAGG-200014555_04_2008_c1
PW Redundancy—Config Examples
Example 3: Local-switched connection between ATM and FR using Ethernet interworking. The FR circuit is backed up by a MPLS pseudowire
pseudowire-class test
encapsulation mpls
connect frpw1 serial0/1 50 l2transport
xconnect 20.0.0.1 50 pw-class test
backup peer 20.0.0.2 50
backup delay 3 10
pseudowire-class test
encapsulation mpls
interworking ethernet
connect atm-fr atm1/0 100/100 E0/0.10 100 interworking ethernet
backup peer 1.1.1.1 100 pw-class test..
r201
ce ce
f0/0.10atm4/0
atm4/0 f0/0.10pe
1.1.1.1
Example 4: xconnect with 1 redundant peer. In this example, the switchover will not begin unless the pseudowire has been down for 3 seconds. Once a switchover occurs, we will not fallback to the primary has been re-established and UP for 10 seconds.z`
PE2-Backup
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
34
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67BRKAGG-200014555_04_2008_c1
Tunnel Selection
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68BRKAGG-200014555_04_2008_c1
What If the Core Uses Traffic Engineering?Need to Use the Command ‘preferred-path {interface | peer}’ Under the ‘pseudowire-class’;
The selected path must be a label switched path (LSP) destined to the peer PE router
If you specify a tunnel (selecting interface):The tunnel must be an MPLS traffic engineering tunnel
The tunnel tailend must be on the remote PE router
If you specify an IP address (selecting peer):The address must be the IP address of a loopback interface on the remote PE router, not necessarily the LDP router-id address; peer means targeted LDP peer
The address must have a /32 mask
There must be an LSP destined to that selected address
The LSP does not have to be a TE tunnel
Have in Mind That:
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
35
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69BRKAGG-200014555_04_2008_c1
Forwarding Traffic into a TE Tunnel
Static routing
Policy routing Global table only—not from VRF at present
Autoroute
Forwarding Adjacency
AToM Tunnel Selection
Class Based Tunnel Selection
Static, Autoroute, and Forwarding Adjacency Get You Unequal-Cost Load-Balancing
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70BRKAGG-200014555_04_2008_c1
Coupling Layer-2 Services with MPLS TE—AToM Tunnel Selection
Static mapping between pseudo-wire and TE Tunnel on PE
Implies PE-to-PE TE deployment
TE tunnel defined as preferred path for pseudo-wire
Traffic will fall back to peer LSP if tunnel goes down
ATM
PE1
PE2
IP/MPLS
ATM
CE
CETE LSP
Layer 2 Circuit
Layer 2 Circuit
PE3
pseudowire-class my-path-prefencapsulation mplspreferred-path interface tunnel 1 disable-fallback
!interface fastEthernet <slot/port>.<subif-id>encapsulation dot1Q 150xconnect 172.18.255.3 1000 pw-class my-path-pref
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
36
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71BRKAGG-200014555_04_2008_c1
MPLS Forwarding (AToM Traffic)
PE2 sees multiple IGP paths to reach PE1
L2VPN Packets load balanced per customer site according to VC label over two label
Switched paths from PE to P
10.1.1.0/24CE1
Voice Site 2
P4
P2P1
P3
10.1.1.0/24
Video Site 2
CE2
CE1CE2PE1
10.1.1.0/24
Site 2CE1
CE2
E2/0.1Vlan 10
E2/0.2vlan20
E2/0.3Vlan 30
PE2
23 17
23 37
20 38
17
37
38
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72BRKAGG-200014555_04_2008_c1
pseudowire-class my-path-pref
encapsulation mpls
preferred-path interface tunnel 1 disable-fallback
!
interface fastEthernet <slot/port>.<subif-id>
encapsulation dot1Q 150
xconnect 172.18.255.3 1000 pw-class my-path-pref
preferred path [interface tunnel tunnel-number | peer /{ip address | host name}] [disable-fallback]
L2VPN Deployment Tunnel Selection for Bandwidth Protection
This configuration will allow one to direct which path pseudowires are to take throughout the network
The tunnel head end / tail end must be on the PEs
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
37
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73BRKAGG-200014555_04_2008_c1
ATOM: Preferred Path TE Tunnels
Three TE tunnels (Tunnel 0, Tunnel 1 and Tunnel2) between PE1 and PE2
“Preferred path” can be used to map each vc (or multiple vcs) traffic into different TE tunnels
192.168.0.5/32
10.1.1.0/24
PE2
CE1Site 1 Site 2
P4
P2 P1
P3
10.1.1.0/24
Site 1Site 2
CE2
CE1CE2
PE1
10.1.1.0/24
Site 1Site 2
CE1CE2
TE Tunnel 2
TE Tunnel 1
TE Tunnel 0
30
34
35
pseudowire-class testencapsulation mplspreferred-path interface Tunnel0 !pseudowire-class test1encapsulation mplspreferred-path interface Tunnel1!pseudowire-class test2encapsulation mplspreferred-path interface Tunnel2
interface Ethernet2/0.1description green vcxconnect 192.168.0.5 1 encapsulation mpls pw-class test! interface Ethernet2/0.2description red vcxconnect 192.168.0.5 20 encapsulation mpls pw-class test1
! interface Ethernet2/0.3description dark green vcxconnect 192.168.0.5 30 encapsulation mpls pw-class test2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74BRKAGG-200014555_04_2008_c1
ATOM: Preferred Path TE Tunnels
Each vc is mapped to a different tunnel
Site 2
Site 2
CE2
CE2
Site 2CE2
10.1.1.0/24
Site 1
10.1.1.0/24
Site 1
10.1.1.0/24
Site 1
192.168.0.5/32
PE2
CE1
P4
P2 P1
P3
CE1
PE1
CE1
TE Tunnel 2
30
34
35
pe2#sh mpls l2transport vc detail | in labelOutput interface: Tu0, imposed label stack {30 16}MPLS VC labels: local 16, remote 16Tunnel label: 3, next hop point2pointOutput interface: Tu1, imposed label stack {34 37}MPLS VC labels: local 17, remote 37Tunnel label: 3, next hop point2pointOutput interface: Tu2, imposed label stack {35 38}MPLS VC labels: local 37, remote 38
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
38
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75BRKAGG-200014555_04_2008_c1
Data Center Implementation with Layer 2 VPN PWE
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76BRKAGG-200014555_04_2008_c1
Data Center Option (A) Utilizing Layer 2 VPN to Provide High Availability Between Two Data Centers and Two Service Providers
6500-DCN-SWITCH!interface gigabitethernet 1/0/1 COREAchannel-group 1 mode onswitchportswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2 COREBchannel-group 1 mode onswitchportswitchport trunk encapsulation dot1qswitchport mode trunk
PE1-COREB!interface gigabitethernet 1/0/0no switchportxconnect X.X.X.PE2 70 encapsulation mpls PE2-COREA__________________________________________________PE2-COREB!interface gigabitethernet 1/0/0no switchportxconnect X.X.X.PE1 70 encapsulation mpls PE1-COREA
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
39
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77BRKAGG-200014555_04_2008_c1
Data Center Option (B) Utilizing Layer 2 VPN to Provide Physical High Availability Between Two Data Centers
6500-DCN-SWITCH!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk !interface gigabitethernet 1/0/4switchport mode accessSwitchport access vlan 10
interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 2 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 2/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 2/0/2channel-group 2 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk!interface Port-channel2switchport trunk
PE1-COREAinterface gigabitethernet 3/0no switchportxconnect X.X.X.PE2-CORE A 70 encapsulation mpls
PE1-COREBinterface gigabitethernet 3/0no switchportxconnect X.X.X.PE2-CORE B 70 encapsulation mpls
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 78BRKAGG-200014555_04_2008_c1
Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Two Data Centers STP Free Topology
6500-A!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk !interface gigabitethernet 1/0/4switchport mode accessSwitchport access vlan 10
6500-A
6500-B!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk !interface gigabitethernet 1/0/4switchport mode accessSwitchport access vlan 10
PE1-COREAinterface gigabitethernet 3/0 <-6500 Axconnect 10.1.1.2 20 encapsulation mpls!interface gigabitethernet 4/0 <-6500 Bxconnect 10.1.1.2 40 encapsulation mpls
PE1-COREBinterface gigabitethernet 3/0 <-6500 Axconnect 10.1.1.2 20 encapsulation mpls!interface gigabitethernet 4/0 <-6500 Bxconnect 10.1.1.2 40 encapsulation mpls
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
40
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 79BRKAGG-200014555_04_2008_c1
Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Two Data Centers STP Free Topology
6500-A!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk !interface gigabitethernet 1/0/4switchport mode accessSwitchport access vlan 10
6500-A
6500-B!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk !interface gigabitethernet 1/0/4switchport mode accessSwitchport access vlan 10
PE1-COREAinterface gigabitethernet 3/0 <-6500 Axconnect 10.1.1.2 20 encapsulation mpls!interface gigabitethernet 4/0 <-6500 Bxconnect 10.1.1.2 40 encapsulation mpls
PE1-COREBinterface gigabitethernet 3/0 <-6500 Axconnect 10.1.1.2 20 encapsulation mpls!interface gigabitethernet 4/0 <-6500 Bxconnect 10.1.1.2 40 encapsulation mpls
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 80BRKAGG-200014555_04_2008_c1
Data Center Option (D) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Three Data Centers and One Transit Data Center
PE1interface gigabitethernet 3/0xconnect 10.1.1.3 20 encapsulation mpls backup peer 10.1.1.2 200
PE2interface gigabitethernet 3/0xconnect 10.1.1.3 30 encapsulation mpls backup peer 10.1.1.1 200
PE3interface gigabitethernet 3/0xconnect 10.1.1.1 20 encapsulation mpls
PE3interface gigabitethernet 4/0xconnect 10.1.1.1 30 encapsulation mpls
Data Center 3 6500 Switch!interface gigabitethernet 3/0switchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 4/0switchport trunk encapsulation dot1qswitchport mode trunk
X
Q-in-Q
Q-in-Q
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
41
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 81BRKAGG-200014555_04_2008_c1
Virtual Switching and Layer 2 VPN in Data Center
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 82BRKAGG-200014555_04_2008_c1
Current Network ChallengesEnterprise Campus
Access
L2/L3 Distribution
L3 Core
FHRP, STP, Asymmetric routing,
Policy Management
Extensive routing topology, Routing
reconvergence
Single active uplink per VLAN (PVST), L2
reconvergence, increased route peering with L3
access
Traditional Enterprise Campus deployments have been designed in such a way that allows for scalability, differentiated services and high availability. However they also face many challenges, some of which are listed in the below diagram…
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
42
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 83BRKAGG-200014555_04_2008_c1
Current Network ChallengesData Center
L2/L3 Core
L2 Distribution
L2 Access
Dual-Homed Servers to single switch, Single active uplink per
VLAN (PVST), L2 reconvergence
Single active uplink per VLAN (PVST), L2 reconvergence,
excessive BPDUs
FHRP, HSRP, VRRPSpanning Tree
Policy Management
Traditional Data Center designs are requiring ever increasing Layer 2 adjacencies between Server nodes due to prevalence of Virtualization technology. However, they are pushing the limits of Layer 2 networks, placing more burden on loop-detection protocols such as Spanning Tree…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 84BRKAGG-200014555_04_2008_c1
Introduction to Virtual SwitchConceptsVirtual Switch System is a new technology break through for the Catalyst 6500 family…
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
43
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85BRKAGG-200014555_04_2008_c1
Virtual Switch SystemEnterprise Campus
Access
L2/L3 Distribution
L3 Core
No FHRPsNo Looped topologyPolicy Management
Reduced routing neighbors, Minimal L3
reconvergence
Multiple active uplinks per VLAN, No STP convergence
A Virtual Switch-enabled Enterprise Campus network takes on multiple benefits including simplified management & administration, facilitating greater high availability, while maintaining a flexible and scalable architecture…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 86BRKAGG-200014555_04_2008_c1
Virtual Switch SystemData Center
L2/L3 Core
L2 Distribution
L2 Access
Dual-Homed Servers, Single active uplink per VLAN (PVST),
Fast L2 convergence
Dual Active Uplinks, Fast L2 convergence, minimized L2
Control Plane, Scalable
Single router node, Fast L2 convergence, Scalable
architecture
A Virtual Switch-enabled Data Center allows for maximum scalability so bandwidth can be added when required, but still providing a larger Layer 2 hierarchical architecture free of reliance on Spanning Tree…
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
44
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 87BRKAGG-200014555_04_2008_c1
Virtual Switch ArchitectureVirtual Switch LinkThe Virtual Switch Link is a special link joining each physical switch together - it extends the out of band channel allowing the active control plane to manage the hardware in the second chassis…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 88BRKAGG-200014555_04_2008_c1
Virtual Switch ArchitectureVSL Initialization
Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determine which switch becomes Active and Hot Standby from a control plane perspective
Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determine which switch becomes Active and Hot Standby from a control plane perspective
LMPLMP LMPLMP
RRPRRPRRPRRP
Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange Chassis ID and other information between the 2 switches
Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange Chassis ID and other information between the 2 switches
Link Bringup to determine which ports form the VSLLink Bringup to determine which ports form the VSL
Before the Virtual Switch domain can become active, the Virtual Switch Link (VSL) must be brought online to determine Active and Standby roles. The initialization process essentially consists of 3 steps:
1.
2.
3.
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
45
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 89BRKAGG-200014555_04_2008_c1
Virtual Switch ArchitectureVSLP Ping
The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified…
VSL
Switch 1 Switch 2
VSLPVSLP VSLPVSLP
VSLPVSLP VSLPVSLP
vss#ping vslp output interface tenGigabitEthernet 1/5/4
Type escape sequence to abort.Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 msvss#
vss#ping vslp output interface tenGigabitEthernet 1/5/4
Type escape sequence to abort.Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 msvss#
A new Ping mechanism has been implemented in VSS mode to allow the user to objectively verify the health of the VSL itself. This is implemented as a VSLP Ping…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 90BRKAGG-200014555_04_2008_c1
VSS EtherChannelConceptsOverview, Protocols, Load Balancing, Enhancements with VSL
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
46
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 91BRKAGG-200014555_04_2008_c1
EtherChannel ConceptsMultichassis EtherChannel (MEC)
Regular EtherChannel on single chassis Multichassis EtherChannel across 2 VSL-enabled Chassis
Virtual Switch Virtual Switch
LACP, PAGP or ON EtherChannelmodes are supported…
LACP, PAGP or ON EtherChannelmodes are supported…
Prior to Virtual Switch, Etherchannels were restricted to reside within the same physical switch. In a Virtual Switch environment, the 2 physical switches form a single logical network entity - therefore Etherchannelscan now also be extended across the 2 physical chassis…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 92BRKAGG-200014555_04_2008_c1
EtherChannel ConceptsEtherChannel Hash for MEC
Link A1 Link B2
Blue Traffic destined for the Server will result in Link A1 in the MEC link bundle being chosen as
the destination path…
Orange Traffic destined for the Server will result in Link B2 in the MEC link bundle being chosen as
the destination path…
Server
MEC
Deciding on which link of a Multi-chassis EtherChannel to use in a Virtual Switch is skewed in favor towards local links in the bundle -this is done to avoid overloading the Virtual Switch Link (VSL) with unnecessary traffic loads…
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
47
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 93BRKAGG-200014555_04_2008_c1
Hardware RequirementsVSL Hardware RequirementsThe Virtual Switch Link requires special hardware as noted below…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 94BRKAGG-200014555_04_2008_c1
Hardware RequirementsOther Hardware Considerations
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
48
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 95BRKAGG-200014555_04_2008_c1
High AvailabilityLink Failure, Redundancy Schemes, Dual-Active Detection, GOLD
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 96BRKAGG-200014555_04_2008_c1
High AvailabilityRedundancy Schemes
Should a mismatch of information occur between the Active and Standby Chassis, the Standby Chassis will revert to RPR mode, where only configuration is synchronized, but PFC, Switch Fabric and modules will not be brought up
VSL
Switch 112.2(33)SXH1
Active
Switch 212.2(33)SXH1
NSF/SSO
VSL
Switch 112.2(33)SXH1
Active
Switch 212.2(33)SXH2
RPR
The default redundancy mechanism between the 2 VSS chassis and their associated supervisors is NSF/SSO, allowing state information and configuration to be synchronized. Additionally, only in NSF/SSO mode does the Standby supervisor PFC, Switch Fabric, modules and their associated DFCs become active…
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
49
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 97BRKAGG-200014555_04_2008_c1
High AvailabilitySSO-Aware Protocols
Virtual SwitchSwitch 1 Switch 2
DHCP SnoopingBinding Table
DHCP SnoopingBinding Table
IP AddIP Add MAC AddMAC Add
10.10.10.1010.10.10.10 00:50:56:01:e1:0200:50:56:01:e1:02
172.26.18.2172.26.18.2 00:02:b3:3f:3b:9900:02:b3:3f:3b:99
172.26.19.34172.26.19.34 00:16:a1:c2:ee:3200:16:a1:c2:ee:32
10.10.10.4310.10.10.43 00:16:cb:03:d3:4400:16:cb:03:d3:44
VLANVLAN
1010
1818
1919
1010
InterfaceInterface
Po10Po10
Po10Po10
Po20Po20
Po20Po20
As of Whitney 1, there are over 90 protocols that are SSO-aware. These include information such as ARP, DHCP Snooping, IP Source Guard, NAC Posture database, etc… In a VSS environment, failure of either VS will not require this information to be re-populated again…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 98BRKAGG-200014555_04_2008_c1
High AvailabilityDual-Active Detection
Virtual Switch Domain
VS State : ActiveControl Plane: ActiveData Plane: Active
VS State : StandbyControl Plane: Standby
Data Plane: Active
VSL
Switch 1 Supervisor Switch 2 Supervisor
It is always recommended to deploy the VSL with 2 or more links and distribute those interfaces across multiple modules to ensure the greatest redundancy
It is always recommended to deploy the VSL with 2 or more links and distribute those interfaces across multiple modules to ensure the greatest redundancy
In a Virtual Switch Domain, one switch is elected as Active and the other is elected as Standby during bootup by VSLP. Since the VSL is always configured as a Port Channel, the possibility of the entire VSL bundle going down is remote, however it is a possibility…
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
50
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 99BRKAGG-200014555_04_2008_c1
1. Enhanced Port Aggregation Protocol (PAgP)
2. Dual-Active Detection over IP-BFD
High AvailabilityDual-Active Detection
2 mechanisms have been implemented in the initial release to detect and recover from a Dual Active scenario:
Virtual Switch Domain
VS State : ActiveControl Plane: ActiveData Plane: Active
VS State : ActiveControl Plane: ActiveData Plane: Active
VSL
Switch 1 Supervisor Switch 2 Supervisor
If the entire VSL bundle should happen to go down, the Virtual Switch Domain will enter a Dual Active scenario where both switches transition to Active state and share the same network configuration (IP addresses, MAC address, Router IDs, etc…) potentially causing communication problems through the network…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 100BRKAGG-200014555_04_2008_c1
High AvailabilityDual-Active Detection—Mechanisms1. Enhanced Port Aggregation Protocol (PAgP)
2. Dual-Active Detection over IP-BFD
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
51
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 101BRKAGG-200014555_04_2008_c1
High AvailabilityDual-Active Detection—Exclude Interfaces
vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#switch virtual domain 100vs-vsl(config-vs-domain)#dual-active exclude interface Gig 1/5/1vs-vsl(config-vs-domain)#dual-active exclude interface Gig 2/5/1vs-vsl(config-vs-domain)# ^Zvs-vsl#
vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#switch virtual domain 100vs-vsl(config-vs-domain)#dual-active exclude interface Gig 1/5/1vs-vsl(config-vs-domain)#dual-active exclude interface Gig 2/5/1vs-vsl(config-vs-domain)# ^Zvs-vsl#
Upon detection of a Dual Active scenario, all interfaces on the previous-Active switch will be brought down so as not to disrupt the functioning of the remainder of the network. The exception interfaces include VSL members as well as pre-determined interfaces which may be used for management purposes…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 102BRKAGG-200014555_04_2008_c1
High AvailabilityDual-Active Recovery
After role has been resolved and SSO Hot Standby mode is possible, interfaces will be brought up and traffic will resume back to 100% capacity…
VSL Up! Reload…VSL Up! Reload…
Switch 1 Switch 2
Switch 1 Switch 2
VSLPVSLP VSLPVSLP
Upon the restoration of one or more VSL interfaces, VSLP will detect this and will proceed to reload Switch 1 so that it may be able to re-negotiate Active/Standby role after bootup…
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
52
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 103BRKAGG-200014555_04_2008_c1
High AvailabilityGeneric OnLine Diagnostics (GOLD)
There are 4 new tests that are available in VSS mode:
1. TestVSLLocalLoopback
2. TestVSLBridgeLink
3. TestVSLStatus
4. TestVSActiveToStandbyLoopback
VS State : ActiveLocal GOLD: Active
VS State : StandbyLocal GOLD: Active
VSLSwitch 1 Switch 2
Distributed GOLD Manager
Some enhancements to the GOLD framework have been implemented in a VSS environment, which leverages a Distributed GOLD environment. In this case, each supervisor runs an instance of GOLD, but is centrally managed by the Active Supervisor in the Active chassis…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 104BRKAGG-200014555_04_2008_c1
Virtual Switch SystemDeployment ConsiderationsVirtual Switch will incorporate some deployment considerations as best practice…
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
53
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 105BRKAGG-200014555_04_2008_c1
Virtual Switch SystemBenefits
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 106BRKAGG-200014555_04_2008_c1
Virtual Switch SystemSummary
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
54
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 107BRKAGG-200014555_04_2008_c1
Data Center Option (E) Utilizing Layer 2 VPN and Virtual Switching New Features
PE1-COREAinterface gigabitethernet 3/0 <-6500 Bxconnect 10.1.1.2 20 encapsulation mpls!interface gigabitethernet 4/0 <-6500 Bxconnect 10.1.1.2 40 encapsulation mpls
PE1-COREBinterface gigabitethernet 3/0 <-6500 Axconnect 10.1.1.1 20 encapsulation mpls!interface gigabitethernet 4/0 <-6500 Bxconnect 10.1.1.1 40 encapsulation mpls
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 108BRKAGG-200014555_04_2008_c1
Q and A
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
55
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 109BRKAGG-200014555_04_2008_c1
Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press
Check the Recommended Reading flyer for suggested books
“Layer 2 VPN Architectures”
ISBN: 1-58705-168-0
Available Onsite at the Cisco Company Store
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 110BRKAGG-200014555_04_2008_c1
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Receive 20 Passport points for each session evaluation you complete.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008.
Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.