implementation and utilization of layer 2 vpn technologies

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

1

© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAGG-200014555_04_2008_c1 2

Implementation and Utilization of Layer 2 VPN Technologies

BRKAGG-2000


2

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3BRKAGG-200014555_04_2008_c1

General Prerequisites

Spanning Tree problems and Data Center knowledge

Why L2VPN technology is becoming ever important to service providers and enterprise

Good understanding of L2VPN technology pseudowires (PWs) operation (AToM, L2TPv3)

Basic understanding of network design principles

Familiarity with quality of service principles; application will be discussed, with examples

Basic understanding of MPLS traffic engineering (MPLS-TE) concepts


L2VPN Deployment Objectives

Quick review of the motivating factors for L2VPN adoption

Outline common service requirements for L2VPN and how they are being addressed by Service Providers and Enterprise

Quick overview EoMPLS and VPLS

Using Traffic Engineering with Layer 2 VPN

Position Layer 2 VPN for Data Center


3


Summary Technology

AToM/L2TPv3

EoMPLS

VPLS

Traffic—Engineering


Deployment Objectives


4


Why Is L2VPN Needed?

It allows SP and Enterprise to have a single infrastructure for both IP and legacy services

For SP Move legacy ATM/FR traffic to MPLS/IP core without interrupting current services

Enterprise allow them to build better DataCenter and spam across L2 AC across WAN/MPLS and provide better HA

Help SP provide new P2P Layer 2 tunnelling servicesCustomer can have its own routing, QoS policy, etc.

A migration step towards IP/MPLS VPN


Benefits for L2VPNs

New service opportunities:Virtual leased line service

Offer “PVC-like” Layer 2-based service

Reduced cost—consolidate multiple core technologies into a single packet-based network infrastructure

Simplify services—Layer 2 transport provides options for service providers who need to provide L2 connectivity and maintain customer autonomy

Protect existing investments—Greenfield networks to extend customer access to existing Layer 2 networks without deploying a new separate infrastructure

Feature support—through the use of Cisco IOS features such as IPsSec, QoS, and Traffic Engineering, L2 transport can be tailored to meet customer requirements


5


L2VPN Models

P2MP/MP2MP

VPWS VPLS

PPP/HDLC

ATM AAL5/Cell

FR

Ethernet

PPP/HDLC

ATM AAL5/Cell

FR

Ethernet

Like-to-Like ORAny-to-Any

Point-to-Point

AToM

Ethernet

MPLS CoreLocal Switching IP Core

Any-to-Any ServicePoint-to-Point

L2TPv3

L2VPN Models

CE-TDM

T1/E1


Motivation for L2VPNsI’ve Really Got to Consolidate These Networks

Access

IP/IPSec

FR/ATMBroadband

Ethernet

Access

IP/IPSec

FR/ATMBroadband

Ethernet

Multiple Access Services Require Multiple Core Technologies = $$$ High Costs/Complex Management

ATM

MPLS or IP

SONET


6


Generic L2 VPN Architecture

Tunnels (MPLS, L2TPv3, GRE, IPSec, etc.)

Emulated VCs (pseudowires) inside tunnels (many-to-one)

Attachment VCs (e.g., FR DLCI, PPP) mapped to emulated VCs

L2

AttachmentCircuit

VC

Emulated VCTunnel

VC

Emulated VC/PW

L2

AttachmentCircuit

PSN


Motivation for L2VPNsHow Can I Leverage My Packet Infrastructure?

Reduce overlapping core expense; consolidate trunk linesOffer multiservice/common interface (i.e. Ethernet MUX = L2, L3 and Internet)Maintain existing revenues from legacy services

EthernetMPLS/IP

Edge Packet Switched Network

MSE

New Service Growth

Broadband Access

Frame Relay ATM

Existing Infrastructure

Trunk Replacement


7


New Evolution for Circuit Emulation

SONET/SDH

IP/MPLSIP/MPLS

SONET/SDH/Ethernet/DSL

PW/Abis/Iub FR/ATM

Radio Access Network

BTS/NodeB

SGSN

RAN Edge

Backbone Network

IP POP at cellsite

Abis/Iub Optimization

GGSN

GMSC

MGW

MGW

MSC Server

MSC

IP/MPLS BackbonePre-Aggregation

Site

SS7oIP

PSTN

Internet

ITPITPITPITP

Pseudo Wires

Broadband Ethernet Backhaul

BSC/RNC


L2VPN DeploymentLaying the Groundwork for Successful Deployment

The “Need to Knows” of Your Infrastructure:

What is the aggregate bandwidth requirements for converged services?

What are the minimum platform requirements to run the planned services?

What software features will be required to meet all of my planned needs?—such as:

L2VPN functionality (like-to-like, any-to-any, etc.)

VPLS functionality (point-to-multipoint)

Q-in-Q

OAM requirements

IGP, EGP, and TE requirements

Cisco Express Forwarding (CEF, dCEF)


8


Ethernet over MPLS Overview


MPLSEnabled

MPLSEnabled

Customer A

Site#2

1200010720 10720

Targeted LDP Session Between PE Routers

PEPE P

Logical Connectivity

BPDUs, VTP Messages

Physical Connectivity

EoMPLS Reference Model

SwitchSwitch

Customer A

Site#1

Switch Switch


9


A Typical Configuration: EoMPLS VLANR201

10.0.0.201R202

10.0.0.202R203

10.0.0.203

R204R200 10.1.1.0/24 10.1.2.0/24

PE P PE

CE CE

e1/0 e1/0 e2/0 e2/0e0/0.10

e0/0.10

e0/0.10

e0/0.10

LDP LDP

Targeted LDPdot1Q 10

10.10.10.200/24dot1Q 10

10.10.10.204/24

hostname R201!ip cefmpls ipmpls label protocol ldpmpls ldp router-id Loopback0 force!interface Loopback0ip address 10.0.0.201 255.255.255.255

!interface Ethernet0/0.10description *** To R200 ***encapsulation dot1Q 10no ip directed-broadcastno cdp enablexconnect 10.0.0.203 10 encapsulation mpls

hostname R203!ip cefmpls ipmpls label protocol ldpmpls ldp router-id Loopback0 force!interface Loopback0ip address 10.0.0.203 255.255.255.255

!pseudowire-class eomplsencapsulation mpls

!interface Ethernet0/0.10description *** To R204encapsulation dot1Q 10no ip directed-broadcastno cdp enablexconnect 10.0.0.201 10 pw-class eompls


Calculating MTU Requirements for the Core

Core MTU ≥ Edge MTU + Transport Header + AToMHeader + (MPLS Label Stack * MPLS Header Size)

Edge MTU is the MTU configured in the CE-facing PE’s interface

Examples (all in bytes):

1530[1526]

1530[1526]

1526[1522]

Total

431500EoMPLS Port w/ TE FRR

421500EoMPLS VLAN Mode

421500EoMPLS Port Mode

MPLSHeader

MPLSStackEdge

14

18

14

Transport

4 [0]

4 [0]

4 [0]

AToM


10


L2 VPN Interworking


Interworking Modes and Features

The AC are terminated locally!!!

There are two types of Interworking (a.k.a. any-2-any)Ethernet (AKA bridged)—Ethernet frames are extracted from the AC and sent over the PW; VLAN Tag is removed; CEs can run Ethernet, BVI, or RBE

IP (a.k.a. routed)—IP packets are extracted from the AC and sent over the PW

AToM L2TPv3 IP Mode EthernetFrame Relay to Ethernet/VLAN Yes Yes Yes Yes

Frame Relay to PPP Yes Yes Yes No

Frame Relay to ATM AAL5 Yes No Yes No

Ethernet/VLAN to ATM AAL5 Yes No Yes Yes

Ethernet to VLAN Yes Yes Yes Yes


11


Configuration Example Frame-Relay to Ethernet

Frame Linkframe-relay switching!pseudowire-class atom_fr_vlanencapsulation mplsinterworking ip

!interface POS3/0encapsulation frame-relayclock source internalframe-relay lmi-type ansiframe-relay intf-type dce

!connect fr-vlan POS3/0 210 l2transportxconnect 192.168.200.2 210 pw-class atom_fr_vlan

Ethernet/VLAN Linkframe-relay switching!pseudowire-class atom_vlan_frencapsulation mplsinterworking ip

!interface GigabitEthernet4/0.310encapsulation dot1Q 310xconnect 192.168.200.1 210 pw-class atom_vlan_fr

VLAN 310

interface POS5/0.210 point-to-pointip address 172.16.1.1 255.255.255.0frame-relay interface-dlci 210

interface GigabitEthernet6/0.310encapsulation dot1Q 310ip address 172.16.1.2 255.255.255.0

MPLS/IP

DLCI 210


Local Switching InterWorking

interface Serial1/0/1:0encapsulation frame-relay MFR100

!interface Serial1/0/2:0encapsulation frame-relay MFR100

!interface Serial1/0/3:0encapsulation frame-relay MFR100

!interface MFR100

frame-relay lmi-type ansiframe-relay intf-type dce

!interface GigabitEthernet0/1.10encapsulation dot1Q 10

T1/E1 Total6.144 Mbps

Ethernet0/1.10speed 100

connect FR_to_Ether MFR100 Ethernet0/1.10 interworking ip

CE3

PPP/HDLCEthernet0/1.20speed 100

MFR

CE2-HUBCE

PE1


12


VPLS Introduction


VPLS Introduction

Pseudo Wire Refresher

VPLS Architecture

VPLS Configuration Example

VPLS Deployment

Summary


13


Virtual Private LAN Service (VPLS)

VPLS defines an architecture allows MPLS networks offer Layer 2 multipoint Ethernet Services

SP emulates an IEEE Ethernet bridge network (virtual)

Virtual Bridges linked with MPLS Pseudo WiresData Plane used is same as EoMPLS (point-to-point)

PE PECE CE

VPLS is an Architecture

CE


Virtual Private LAN Service

End-to-end architecture that allows MPLS networks to provide Multipoint Ethernet services

It is “Virtual” because multiple instances of this service share the same physical infrastructure

It is “Private” because each instance of the service is independent and isolated from one another

It is “LAN Service” because it emulates Layer 2 multipoint connectivity between subscribers


14


Why Provide a Layer 2 Service?

Customer have full operational control over their routing neighbours

Privacy of addressing space - they do not have to be shared with the carrier network

Customer has a choice of using any routing protocolincluding non IP based (IPX, AppleTalk)

Customers could use an Ethernet switch instead of a router as the CPE

A single connection could reach all other edge points emulating an Ethernet LAN (VPLS)


VPLS Is Defined in IETF

Application

General

Ops and Mgmt

Routing

Security

IETF

MPLS

Transport

Formerly PPVPNworkgroup

VPWS, VPLS, IPLS

BGP/MPLS VPNs (RFC 4364 was 2547bis)

IP VPNs using Virtual Routers (RFC 2764)

CE based VPNs using IPsec

Pseudo Wire Emulation edge-to-edge Forms the backbone transport for VPLS

IAB

ISOC

As of 2-Nov-2006

Internet

L2VPN

L3VPN

PWE3


15


VPLS Components

N-PE

MPLS Core

CE router

CE router

CE switch

CE router

CE router

CE switch

CE switch

CE router

Attachment circuitsPort or VLAN mode

Mesh of LSP between N-PEs

N-PE

N-PE

Pseudo Wires within LSPVirtual Switch Interface (VSI) terminates PW

and provides Ethernet bridge function

Targeted LDP between PEs to exchange VC

labels for Pseudo Wires Attachment CE

can be a switch or router


Virtual Switch Interface

Flooding/ForwardingMAC table instances per customer (port/vlan) for each PE

VFI will participate in learning and forwarding process

Associate ports to MAC, flood unknowns to all other ports

Address Learning/AgingLDP enhanced with additional MAC List TLV (label withdrawal)

MAC timers refreshed with incoming frames

Loop PreventionCreate full-mesh of Pseudo Wire VCs (EoMPLS)

Unidirectional LSP carries VCs between pair of N-PE Per

A VPLS use “split horizon” concepts to prevent loops


16


VPLS Architecture


VPLS Topology—PE View

Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection

Full mesh topology obviates STP in the SP network

Customer STP is transparent to the SP/Customer BPDUs are forwarded transparently

PEs

CEs

PE view

Full Mesh LDP Ethernet PW to each peer

MPLS


17


PEs

CEs

PE view


MPLS

VPLS Topology—CE View

CE routers/switches see a logical Bridge/LAN

VPLS emulates a LAN – but not exactly…This raises a few issues which are discussed later

PEs

CEs

PE view


MPLS

CEs

MPLS


VPLS Functional Components

N-PE provides VPLS termination/L3 services

U-PE provides customer UNI

CE is the customer device

CE U-PE N-PE MPLS Core N-PE U-PE CE

Customer MxUs SP PoPs Customer

MxUs


18


Why H-VPLS?

Potential signaling overhead

Full PW mesh from the Edge

Packet replication done at the Edge

Node Discovery and Provisioning extends end to end

Minimizes signaling overhead

Full PW mesh among Core devices

Packet replication done the Core

Partitions Node Discovery process

VPLS H-VPLS

CE

CE

CE CE

CE

CE

PE

PE

PE

PE

PE

PE

PE

PE CE

CE

MTU-s

CE

CE

PE-rs

PE-rs

PE-rs

PE-rs

PE-rs

PE-rs

PE-r

CE

CE


MPLS VPLS

N-PE

N-PE

N-PE

P P

PP

GE Ring

Metro A U-PEPE-AGG

Metro C

U-PE

DWDM/CDWM

U-PE

User Facing Provider Edge (U-PE)

Network Facing Provider Edge (N-PE)

Ethernet Edge Topologies

U-PE

RPR

Metro D

Large ScaleAggregation

PE-AGGIntelligent Edge

N-PEMultiservice Core

PEfficient Access

U-PEIntelligent Edge

N-PEEfficient Access

U-PE

SiSi

SiSi

Metro B

10/100/1000 Mbps

10/100/1000 Mbps

10/100/1000 Mbps

10/100/1000 Mbps

Hub andSpoke

FullService CPE

FullService CPE


19


VFI and Split Horizon (VPLS, EE-H-VPLS)

Virtual Forwarding Interface is the VSI representation in IOSSingle interface terminates all PWs for that VPLS instance

This model applicable in direct attach and H-VPLS with Ethernet Edge

VFI

Pseudo Wire #2

VirtualForwardingInterface

Pseudo Wires

Local Switching Split Horizon Active

11111

3 3 3 3 3

3 3 3 3 3

3 3 3 3 3Broadcast/Multicast

Bridging Function(.1Q or QinQ)

22222

111 22

Pseudo Wire #1

N-PE1

1 11 1

2 22 2

33 33

3 33 3N-PE2

N-PE3

CE

CE

This traffic will not be replicated out PW #2 and visa versa


N-PE1

Pseudo Wire #3

VFI and No Split Horizon (ME-H-VPLS)

This model applicable H-VPLS with MPLS EdgePW #1, PW #2 will forward traffic to PW #3 (non split horizon port)

VFI

Pseudo Wire #2

VirtualForwardingInterface

Pseudo Wires

NO Split Horizon Split Horizon Active

11111

3 3 3 3 3

3 3 3 3 3

Unicast

Pseudo WireMPLS Based

22222

111 22

Pseudo Wire #1U-PE

N-PE3

Split Horizon disabled

N-PE2

CE

CE


20


VPLS Configuration Example


Configuration Examples

Direct AttachmentUsing a Router as a CE (VLAN Based)

Using a Switch as a CE (Port Based)

H-VPLSEthernet QinQ

EoMPLS Pseudo Wire (VLAN Based)

EoMPLS Pseudo Wire (Port Based)

Sample Output


21


Direct Attachment Configuration (C7600)

CEs are all part of same VPLS instance (VCID = 56)CE router connects using VLAN 100 over sub-interface

PE1 PE2CE1 CE2

CE2

PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0 gi4/4

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1VLAN100

VLAN100

VLAN100

MPLS Core


Direct Attachment CE Router Configuration

CE routers sub-interface on same VLANCan also be just port based (NO VLAN)

interface GigabitEthernet 1/3.100encapsulation dot1q 100ip address 192.168.20.2


CE1 CE2

CE2

VLAN100

VLAN100

VLAN100

Subnet 192.168.20.0/24



22


Direct Attachment VSI Configuration

Create the Pseudo Wires between N-PE routers

MPLS Core

l2 vfi VPLS-A manualvpn id 56

neighbor 2.2.2.2 encapsulation mplsneighbor 1.1.1.1 encapsulation mpls





PE1 PE2CE1 CE2

CE2

PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0 gi4/4

gi4/2

pos4/1 pos4/3


VLAN100

VLAN100


Direct Attachment CE Router (VLAN Based)

Same set of commands on each PE

Configured on the CE facing interface

MPLS CorePE1 PE2

CE1 CE2

CE2

PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0 gi4/4

gi4/2

pos4/1 pos4/3


VLAN100

VLAN100Interface GigabitEthernet3/0switchportswitchport mode trunkswitchport trunk encapsulation dot1qswitchport trunk allowed vlan 100

!Interface vlan 100no ip addressxconnect vfi VPLS-A

!vlan 100state active

This command associates the VLAN with the VPLS instance

VLAN100 = VCID 56


23





H-VPLSEthernet QinQ



Sample Output


Direct Attachment CE Switch (Port Based)

If CE was a switch instead of a router then we can use QinQ

QinQ places all traffic (tagged/untagged) from switch into a VPLS

MPLS CorePE1 PE2

CE1 CE2

CE2

PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0 gi4/4

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1All VLANs

All VLANs

All VLANsInterface GigabitEthernet3/0switchportswitchport mode dot1qtunnelswitchport access vlan 100l2protocol-tunnel stp

! Interface vlan 100no ip addressxconnect vfi VPLS-A


This command associates the VLAN with the VPLS instance

VLAN100 = VCID 56


24





H-VPLSEthernet QinQ



Sample Output


H-VPLS Configuration (C7600/3750ME)

U-PEs provide services to customer edge deviceCE traffic then carried in QinQ or EoMPLS PW to N-PE

PW VSI mesh configuration is same as previous examples

MPLS Core

N-PE1 N-PE2

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

CE1

CE2

U-PE1Cisco

3750ME

gi4/4 gi1/1/1fa1/0/1

U-PE2Cisco

3750ME 4.4.4.4


25





H-VPLSEthernet QinQ



Sample Output


H-VPLS QinQ Tunnel (Ethernet Edge)

U-PE carries all traffic from CE using QinQOuter tag is VLAN100, inner tags are customer’s

MPLS Core

N-PE1 N-PE2

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0 gi4/4 gi1/1/1

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

U-PE1Cisco

3750ME

Interface GigabitEthernet4/4switchportswitchport mode trunkswitchport trunk encapsulation dot1qswitchport trunk allowed vlan 100

!Interface vlan 100no ip addressxconnect vfi VPLS-A


interface FastEthernet1/0/1switchportswitchport access vlan 100switchport mode dot1q-tunnelswitchport trunk allow vlan 1-1005

!interface GigabitEthernet 1/1/1switchportswitchport mode trunkswitchport allow vlan 1-1005

CE1

CE2

fa1/0/1

4.4.4.4

U-PE2Cisco

3750ME


26





H-VPLSEthernet QinQ



Sample Output


H-VPLS EoMPLS PW Edge (VLAN Based)

CE interface on U-PE can be access or trunk portxconnect per VLAN is required

MPLS Core

N-PE1 N-PE2

U-PE2Cisco

3750ME

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

U-PE1Cisco

3750ME

interface FastEthernet1/0/1switchportswitchport access vlan 500

!interface vlan500xconnect 2.2.2.2 56 encapsulation mpls

!interface GigabitEthernet1/1/1no switchportip address 156.50.20.2 255.255.255.252mpls ip

gi4/4 gi1/1/1

CE1

CE2

fa1/0/1Interface GigabitEthernet4/4no switchportip address 156.50.20.1 255.255.255.252mpls ip!l2 vfi VPLS-A manualvpn id 56neighbor 1.1.1.1 encapsulation mplsneighbor 3.3.3.3 encapsulation mplsneighbor 4.4.4.4 encaps mpls no-split

4.4.4.4

Ensures CE traffic passed on PW to/from U-PE


27





H-VPLSEthernet QinQ



Sample Output


H-VPLS EoMPLS PW Edge (Port Based)

CE interface on U-PE can be access or trunk portxconnect for entire PORT is required

MPLS Core

N-PE1 N-PE2

U-PE2Cisco

3750ME

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

U-PE1Cisco

3750ME

interface FastEthernet1/0/1no switchportxconnect 2.2.2.2 56 encapsulation mpls

!interface GigabitEthernet1/1/1no switchportip address 156.50.20.2 255.255.255.252mpls ip

gi4/4 gi1/1/1

CE1

CE2

fa1/0/1Interface GigabitEthernet4/4no switchportip address 156.50.20.1 255.255.255.252mpls ip!l2 vfi PE1-VPLS-A manualvpn id 56neighbor 1.1.1.1 encapsulation mplsneighbor 3.3.3.3 encapsulation mplsneighbor 4.4.4.4 encaps mpls no-split

4.4.4.4

Ensures CE traffic passed on PW to/from U-PE


28





H-VPLSEthernet QinQ



Sample Output


MPLS Core

show mpls l2 vc

N-PE1 N-PE2

U-PE2Cisco

3750ME

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

U-PE1Cisco

3750ME

gi4/4 gi1/1/1

CE1

CE2

fa1/0/1

NPE-A#show mpls l2 vcLocal intf Local circuit Dest address VC ID Status------------- ------------- ------------- ------ ------VFI VPLS-A VFI 1.1.1.1 10 UP VFI VPLS-A VFI 3.3.3.3 10 UP

4.4.4.4


29


MPLS Core

show mpls l2 vc detail

N-PE1 N-PE2

U-PE2Cisco

3750ME

N-PE3

1.1.1.1 2.2.2.2

3.3.3.3

gi3/0

gi4/2

pos4/1 pos4/3

pos3/0 pos3/1

U-PE3Cisco 3750ME

CE1 CE2

CE1

CE2

U-PE1Cisco

3750ME

gi4/4 gi1/1/1

CE1

CE2

fa1/0/1

NPE-2#show mpls l2 vc detailLocal interface: VFI VPLS-A upDestination address: 1.1.1.1, VC ID: 10, VC status: upTunnel label: imp-null, next hop 156.50.20.1Output interface: POS4/3, imposed label stack {19}

Create time: 1d01h, last status change time: 00:40:16Signaling protocol: LDP, peer 1.1.1.1:0 upMPLS VC labels: local 23, remote 19

4.4.4.4Use VCLabel 19

Use VCLabel 23


PW Redundancy Concepts


30


PW High Availability

Failure in the Provider core mitigated with link redundancy and FRR

PE router failure – PE Diversity

Attachment Circuit failure – Need Pair of Attachment Ckts end-to-end

CE Router failure – Redundant CEs

CE1

CE2

Site1

PE1

PE2

PE3

PE4

P1

P2

P3

P4Site2


PW High Availability

Failure in the Provider core mitigated with link redundancy and FRR

PE router failure – PE Diversity

Attachment Circuit failure – Need Pair of Attachment Ckts end-to-end

CE Router failure – Redundant CEs

CE1

CE2

Site1

PE1

PE2

PE3

PE4

P1

P2

P3

P4Site2


31


L2VPN Networks—Dual Homed PW Sites Without Redundancy Feature

CE1 CE2

Site1

PE3

Site2P2

PE1

PE4

P1 P3

P4

CE3

PE2

x

interface e 1/0.1encapsulation dot1q 10xconnect <PE3 router ID> <VCID> encapsulation mpls

Interface e1/0.1encapsulation dot1q 10xconnect <PE4 router ID> <VCID> encapsulation mpls


High Availability in L2VPN Networks

The TCP session between two LDP peers may go down due to HW/SW failure (RP switchover)

If PE3 fails, traffic will be dropped

Need PW-redundancy so that pw can be re-routed to the redundant router i.e. PE4

PE1

Site1

P1 P3

Site2P4

PE3

PE4

P2

Primary

Standby

Primary

Primary


32


Dual Homed PW Sites—with Redundancy Feature

CE1

CE3

Site1

PE2

PE3

P2

P3

P4 Site2

P1PE1

x

PE4

CE2

pe1(config)#int e 0/0.1pe1(config-subif)#encapsulation dot1q 10pe1(config-subif)#xconnect <PE3 router ID> <VCID> encapsulation mplspe1(config-subif-xconn)#backup peer <PE4 router ID> <VCID>


PW Redundancy—Manual Switchover

CE1CE2

Site1

PE1

PE2Site2P2 P4

PE3

P1 P3

PE4

CE3

interface Ethernet0/0.1encapsulation dot1Q 10xconnect 192.168.1.3 10 encapsulation mplsbackup peer 192.168.1.4 10backup delay 3 10

pe1#sh mpls l2transport vc 10Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ----------Et0/0.1 Eth VLAN 20 192.168.1.3 10 UPEt0/0.1 Eth VLAN 20 192.168.1.4 10 DOWN

pe1#sh mpls l2transport vc 10

Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ----------Et0/0.1 Eth VLAN 20 192.168.1.3 10 DOWNEt0/0.1 Eth VLAN 20 192.168.1.4 10 UP

pe1>xconnect backup force-switchover peer 192.168.1.3 10Maintenance Required


33


PW Redundancy—Config Examples (1/2)

Example 1: MPLS xconnect with 1 redundant peer. The debounce timer is set to 3 seconds so that we don’t allow a switchover until the connection has been deemed down for 3 seconds.

interface serial0/0xconnect 10.0.0.1 100 encapsulation mplsbackup peer 10.0.0.2 200backup delay 3 10

pseudowire-class test

encapsulation mpls

!

connect frpw1 serial0/1 50 l2transport

xconnect 20.0.0.1 50 pw-class test

backup peer 20.0.0.2 50

backup delay 0 never

Example 2: xconnect with 1 redundant peer. In this example, once a switchover occurs, we will not fallback to the primary until the secondary xconnect fails.


PW Redundancy—Config Examples

Example 3: Local-switched connection between ATM and FR using Ethernet interworking. The FR circuit is backed up by a MPLS pseudowire


encapsulation mpls

connect frpw1 serial0/1 50 l2transport

xconnect 20.0.0.1 50 pw-class test

backup peer 20.0.0.2 50

backup delay 3 10


encapsulation mpls

interworking ethernet

connect atm-fr atm1/0 100/100 E0/0.10 100 interworking ethernet

backup peer 1.1.1.1 100 pw-class test..

r201

ce ce

f0/0.10atm4/0

atm4/0 f0/0.10pe

1.1.1.1

Example 4: xconnect with 1 redundant peer. In this example, the switchover will not begin unless the pseudowire has been down for 3 seconds. Once a switchover occurs, we will not fallback to the primary has been re-established and UP for 10 seconds.z`

PE2-Backup


34


Tunnel Selection


What If the Core Uses Traffic Engineering?Need to Use the Command ‘preferred-path {interface | peer}’ Under the ‘pseudowire-class’;

The selected path must be a label switched path (LSP) destined to the peer PE router

If you specify a tunnel (selecting interface):The tunnel must be an MPLS traffic engineering tunnel

The tunnel tailend must be on the remote PE router

If you specify an IP address (selecting peer):The address must be the IP address of a loopback interface on the remote PE router, not necessarily the LDP router-id address; peer means targeted LDP peer

The address must have a /32 mask

There must be an LSP destined to that selected address

The LSP does not have to be a TE tunnel

Have in Mind That:


35


Forwarding Traffic into a TE Tunnel

Static routing

Policy routing Global table only—not from VRF at present

Autoroute

Forwarding Adjacency

AToM Tunnel Selection

Class Based Tunnel Selection

Static, Autoroute, and Forwarding Adjacency Get You Unequal-Cost Load-Balancing


Coupling Layer-2 Services with MPLS TE—AToM Tunnel Selection

Static mapping between pseudo-wire and TE Tunnel on PE

Implies PE-to-PE TE deployment

TE tunnel defined as preferred path for pseudo-wire

Traffic will fall back to peer LSP if tunnel goes down

ATM

PE1

PE2

IP/MPLS

ATM

CE

CETE LSP

Layer 2 Circuit

Layer 2 Circuit

PE3

pseudowire-class my-path-prefencapsulation mplspreferred-path interface tunnel 1 disable-fallback

!interface fastEthernet <slot/port>.<subif-id>encapsulation dot1Q 150xconnect 172.18.255.3 1000 pw-class my-path-pref


36


MPLS Forwarding (AToM Traffic)

PE2 sees multiple IGP paths to reach PE1

L2VPN Packets load balanced per customer site according to VC label over two label

Switched paths from PE to P

10.1.1.0/24CE1

Voice Site 2

P4

P2P1

P3

10.1.1.0/24

Video Site 2

CE2

CE1CE2PE1

10.1.1.0/24

Site 2CE1

CE2

E2/0.1Vlan 10

E2/0.2vlan20

E2/0.3Vlan 30

PE2

23 17

23 37

20 38

17

37

38


pseudowire-class my-path-pref

encapsulation mpls

preferred-path interface tunnel 1 disable-fallback

!

interface fastEthernet <slot/port>.<subif-id>

encapsulation dot1Q 150

xconnect 172.18.255.3 1000 pw-class my-path-pref

preferred path [interface tunnel tunnel-number | peer /{ip address | host name}] [disable-fallback]

L2VPN Deployment Tunnel Selection for Bandwidth Protection

This configuration will allow one to direct which path pseudowires are to take throughout the network

The tunnel head end / tail end must be on the PEs


37


ATOM: Preferred Path TE Tunnels

Three TE tunnels (Tunnel 0, Tunnel 1 and Tunnel2) between PE1 and PE2

“Preferred path” can be used to map each vc (or multiple vcs) traffic into different TE tunnels

192.168.0.5/32

10.1.1.0/24

PE2

CE1Site 1 Site 2

P4

P2 P1

P3

10.1.1.0/24

Site 1Site 2

CE2

CE1CE2

PE1

10.1.1.0/24

Site 1Site 2

CE1CE2

TE Tunnel 2

TE Tunnel 1

TE Tunnel 0

30

34

35

pseudowire-class testencapsulation mplspreferred-path interface Tunnel0 !pseudowire-class test1encapsulation mplspreferred-path interface Tunnel1!pseudowire-class test2encapsulation mplspreferred-path interface Tunnel2

interface Ethernet2/0.1description green vcxconnect 192.168.0.5 1 encapsulation mpls pw-class test! interface Ethernet2/0.2description red vcxconnect 192.168.0.5 20 encapsulation mpls pw-class test1

! interface Ethernet2/0.3description dark green vcxconnect 192.168.0.5 30 encapsulation mpls pw-class test2


ATOM: Preferred Path TE Tunnels

Each vc is mapped to a different tunnel

Site 2

Site 2

CE2

CE2

Site 2CE2

10.1.1.0/24

Site 1

10.1.1.0/24

Site 1

10.1.1.0/24

Site 1

192.168.0.5/32

PE2

CE1

P4

P2 P1

P3

CE1

PE1

CE1

TE Tunnel 2

30

34

35

pe2#sh mpls l2transport vc detail | in labelOutput interface: Tu0, imposed label stack {30 16}MPLS VC labels: local 16, remote 16Tunnel label: 3, next hop point2pointOutput interface: Tu1, imposed label stack {34 37}MPLS VC labels: local 17, remote 37Tunnel label: 3, next hop point2pointOutput interface: Tu2, imposed label stack {35 38}MPLS VC labels: local 37, remote 38


38


Data Center Implementation with Layer 2 VPN PWE


Data Center Option (A) Utilizing Layer 2 VPN to Provide High Availability Between Two Data Centers and Two Service Providers

6500-DCN-SWITCH!interface gigabitethernet 1/0/1 COREAchannel-group 1 mode onswitchportswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2 COREBchannel-group 1 mode onswitchportswitchport trunk encapsulation dot1qswitchport mode trunk

PE1-COREB!interface gigabitethernet 1/0/0no switchportxconnect X.X.X.PE2 70 encapsulation mpls PE2-COREA__________________________________________________PE2-COREB!interface gigabitethernet 1/0/0no switchportxconnect X.X.X.PE1 70 encapsulation mpls PE1-COREA


39


Data Center Option (B) Utilizing Layer 2 VPN to Provide Physical High Availability Between Two Data Centers

6500-DCN-SWITCH!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk !interface gigabitethernet 1/0/4switchport mode accessSwitchport access vlan 10

interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 2 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 2/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 2/0/2channel-group 2 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk!interface Port-channel2switchport trunk

PE1-COREAinterface gigabitethernet 3/0no switchportxconnect X.X.X.PE2-CORE A 70 encapsulation mpls

PE1-COREBinterface gigabitethernet 3/0no switchportxconnect X.X.X.PE2-CORE B 70 encapsulation mpls


Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Two Data Centers STP Free Topology

6500-A!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk !interface gigabitethernet 1/0/4switchport mode accessSwitchport access vlan 10

6500-A

6500-B!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk !interface gigabitethernet 1/0/4switchport mode accessSwitchport access vlan 10

PE1-COREAinterface gigabitethernet 3/0 <-6500 Axconnect 10.1.1.2 20 encapsulation mpls!interface gigabitethernet 4/0 <-6500 Bxconnect 10.1.1.2 40 encapsulation mpls

PE1-COREBinterface gigabitethernet 3/0 <-6500 Axconnect 10.1.1.2 20 encapsulation mpls!interface gigabitethernet 4/0 <-6500 Bxconnect 10.1.1.2 40 encapsulation mpls


40


Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Two Data Centers STP Free Topology

6500-A!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk !interface gigabitethernet 1/0/4switchport mode accessSwitchport access vlan 10

6500-A

6500-B!interface gigabitethernet 1/0/1channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 1/0/2channel-group 1 mode onswitchport trunk encapsulation dot1qswitchport mode trunk!interface Port-channel1switchport trunk !interface gigabitethernet 1/0/4switchport mode accessSwitchport access vlan 10

PE1-COREAinterface gigabitethernet 3/0 <-6500 Axconnect 10.1.1.2 20 encapsulation mpls!interface gigabitethernet 4/0 <-6500 Bxconnect 10.1.1.2 40 encapsulation mpls



Data Center Option (D) Utilizing Layer 2 VPN to Provide Physical High Availability Dual Switches Between Three Data Centers and One Transit Data Center

PE1interface gigabitethernet 3/0xconnect 10.1.1.3 20 encapsulation mpls backup peer 10.1.1.2 200

PE2interface gigabitethernet 3/0xconnect 10.1.1.3 30 encapsulation mpls backup peer 10.1.1.1 200

PE3interface gigabitethernet 3/0xconnect 10.1.1.1 20 encapsulation mpls

PE3interface gigabitethernet 4/0xconnect 10.1.1.1 30 encapsulation mpls

Data Center 3 6500 Switch!interface gigabitethernet 3/0switchport trunk encapsulation dot1qswitchport mode trunk!interface gigabitethernet 4/0switchport trunk encapsulation dot1qswitchport mode trunk

X

Q-in-Q

Q-in-Q


41


Virtual Switching and Layer 2 VPN in Data Center


Current Network ChallengesEnterprise Campus

Access

L2/L3 Distribution

L3 Core

FHRP, STP, Asymmetric routing,

Policy Management

Extensive routing topology, Routing

reconvergence

Single active uplink per VLAN (PVST), L2

reconvergence, increased route peering with L3

access

Traditional Enterprise Campus deployments have been designed in such a way that allows for scalability, differentiated services and high availability. However they also face many challenges, some of which are listed in the below diagram…


42


Current Network ChallengesData Center

L2/L3 Core

L2 Distribution

L2 Access

Dual-Homed Servers to single switch, Single active uplink per

VLAN (PVST), L2 reconvergence

Single active uplink per VLAN (PVST), L2 reconvergence,

excessive BPDUs

FHRP, HSRP, VRRPSpanning Tree

Policy Management

Traditional Data Center designs are requiring ever increasing Layer 2 adjacencies between Server nodes due to prevalence of Virtualization technology. However, they are pushing the limits of Layer 2 networks, placing more burden on loop-detection protocols such as Spanning Tree…


Introduction to Virtual SwitchConceptsVirtual Switch System is a new technology break through for the Catalyst 6500 family…


43


Virtual Switch SystemEnterprise Campus

Access

L2/L3 Distribution

L3 Core

No FHRPsNo Looped topologyPolicy Management

Reduced routing neighbors, Minimal L3

reconvergence

Multiple active uplinks per VLAN, No STP convergence

A Virtual Switch-enabled Enterprise Campus network takes on multiple benefits including simplified management & administration, facilitating greater high availability, while maintaining a flexible and scalable architecture…


Virtual Switch SystemData Center

L2/L3 Core

L2 Distribution

L2 Access

Dual-Homed Servers, Single active uplink per VLAN (PVST),

Fast L2 convergence

Dual Active Uplinks, Fast L2 convergence, minimized L2

Control Plane, Scalable

Single router node, Fast L2 convergence, Scalable

architecture

A Virtual Switch-enabled Data Center allows for maximum scalability so bandwidth can be added when required, but still providing a larger Layer 2 hierarchical architecture free of reliance on Spanning Tree…


44


Virtual Switch ArchitectureVirtual Switch LinkThe Virtual Switch Link is a special link joining each physical switch together - it extends the out of band channel allowing the active control plane to manage the hardware in the second chassis…


Virtual Switch ArchitectureVSL Initialization

Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determine which switch becomes Active and Hot Standby from a control plane perspective

Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determine which switch becomes Active and Hot Standby from a control plane perspective

LMPLMP LMPLMP

RRPRRPRRPRRP

Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange Chassis ID and other information between the 2 switches

Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange Chassis ID and other information between the 2 switches

Link Bringup to determine which ports form the VSLLink Bringup to determine which ports form the VSL

Before the Virtual Switch domain can become active, the Virtual Switch Link (VSL) must be brought online to determine Active and Standby roles. The initialization process essentially consists of 3 steps:

1.

2.

3.


45


Virtual Switch ArchitectureVSLP Ping

The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified…

VSL

Switch 1 Switch 2

VSLPVSLP VSLPVSLP

VSLPVSLP VSLPVSLP

vss#ping vslp output interface tenGigabitEthernet 1/5/4

Type escape sequence to abort.Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 msvss#

vss#ping vslp output interface tenGigabitEthernet 1/5/4

Type escape sequence to abort.Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 msvss#

A new Ping mechanism has been implemented in VSS mode to allow the user to objectively verify the health of the VSL itself. This is implemented as a VSLP Ping…


VSS EtherChannelConceptsOverview, Protocols, Load Balancing, Enhancements with VSL


46


EtherChannel ConceptsMultichassis EtherChannel (MEC)

Regular EtherChannel on single chassis Multichassis EtherChannel across 2 VSL-enabled Chassis

Virtual Switch Virtual Switch

LACP, PAGP or ON EtherChannelmodes are supported…

LACP, PAGP or ON EtherChannelmodes are supported…

Prior to Virtual Switch, Etherchannels were restricted to reside within the same physical switch. In a Virtual Switch environment, the 2 physical switches form a single logical network entity - therefore Etherchannelscan now also be extended across the 2 physical chassis…


EtherChannel ConceptsEtherChannel Hash for MEC

Link A1 Link B2

Blue Traffic destined for the Server will result in Link A1 in the MEC link bundle being chosen as

the destination path…

Orange Traffic destined for the Server will result in Link B2 in the MEC link bundle being chosen as

the destination path…

Server

MEC

Deciding on which link of a Multi-chassis EtherChannel to use in a Virtual Switch is skewed in favor towards local links in the bundle -this is done to avoid overloading the Virtual Switch Link (VSL) with unnecessary traffic loads…


47


Hardware RequirementsVSL Hardware RequirementsThe Virtual Switch Link requires special hardware as noted below…


Hardware RequirementsOther Hardware Considerations


48


High AvailabilityLink Failure, Redundancy Schemes, Dual-Active Detection, GOLD


High AvailabilityRedundancy Schemes

Should a mismatch of information occur between the Active and Standby Chassis, the Standby Chassis will revert to RPR mode, where only configuration is synchronized, but PFC, Switch Fabric and modules will not be brought up

VSL

Switch 112.2(33)SXH1

Active


NSF/SSO

VSL


Active


RPR

The default redundancy mechanism between the 2 VSS chassis and their associated supervisors is NSF/SSO, allowing state information and configuration to be synchronized. Additionally, only in NSF/SSO mode does the Standby supervisor PFC, Switch Fabric, modules and their associated DFCs become active…


49


High AvailabilitySSO-Aware Protocols

Virtual SwitchSwitch 1 Switch 2

DHCP SnoopingBinding Table

DHCP SnoopingBinding Table

IP AddIP Add MAC AddMAC Add

10.10.10.1010.10.10.10 00:50:56:01:e1:0200:50:56:01:e1:02

172.26.18.2172.26.18.2 00:02:b3:3f:3b:9900:02:b3:3f:3b:99

172.26.19.34172.26.19.34 00:16:a1:c2:ee:3200:16:a1:c2:ee:32

10.10.10.4310.10.10.43 00:16:cb:03:d3:4400:16:cb:03:d3:44

VLANVLAN

1010

1818

1919

1010

InterfaceInterface

Po10Po10

Po10Po10

Po20Po20

Po20Po20

As of Whitney 1, there are over 90 protocols that are SSO-aware. These include information such as ARP, DHCP Snooping, IP Source Guard, NAC Posture database, etc… In a VSS environment, failure of either VS will not require this information to be re-populated again…


High AvailabilityDual-Active Detection

Virtual Switch Domain

VS State : ActiveControl Plane: ActiveData Plane: Active

VS State : StandbyControl Plane: Standby

Data Plane: Active

VSL

Switch 1 Supervisor Switch 2 Supervisor

It is always recommended to deploy the VSL with 2 or more links and distribute those interfaces across multiple modules to ensure the greatest redundancy

It is always recommended to deploy the VSL with 2 or more links and distribute those interfaces across multiple modules to ensure the greatest redundancy

In a Virtual Switch Domain, one switch is elected as Active and the other is elected as Standby during bootup by VSLP. Since the VSL is always configured as a Port Channel, the possibility of the entire VSL bundle going down is remote, however it is a possibility…


50


1. Enhanced Port Aggregation Protocol (PAgP)

2. Dual-Active Detection over IP-BFD

High AvailabilityDual-Active Detection

2 mechanisms have been implemented in the initial release to detect and recover from a Dual Active scenario:

Virtual Switch Domain



VSL

Switch 1 Supervisor Switch 2 Supervisor

If the entire VSL bundle should happen to go down, the Virtual Switch Domain will enter a Dual Active scenario where both switches transition to Active state and share the same network configuration (IP addresses, MAC address, Router IDs, etc…) potentially causing communication problems through the network…


High AvailabilityDual-Active Detection—Mechanisms1. Enhanced Port Aggregation Protocol (PAgP)

2. Dual-Active Detection over IP-BFD


51


High AvailabilityDual-Active Detection—Exclude Interfaces

vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#switch virtual domain 100vs-vsl(config-vs-domain)#dual-active exclude interface Gig 1/5/1vs-vsl(config-vs-domain)#dual-active exclude interface Gig 2/5/1vs-vsl(config-vs-domain)# ^Zvs-vsl#

vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#switch virtual domain 100vs-vsl(config-vs-domain)#dual-active exclude interface Gig 1/5/1vs-vsl(config-vs-domain)#dual-active exclude interface Gig 2/5/1vs-vsl(config-vs-domain)# ^Zvs-vsl#

Upon detection of a Dual Active scenario, all interfaces on the previous-Active switch will be brought down so as not to disrupt the functioning of the remainder of the network. The exception interfaces include VSL members as well as pre-determined interfaces which may be used for management purposes…


High AvailabilityDual-Active Recovery

After role has been resolved and SSO Hot Standby mode is possible, interfaces will be brought up and traffic will resume back to 100% capacity…

VSL Up! Reload…VSL Up! Reload…

Switch 1 Switch 2

Switch 1 Switch 2

VSLPVSLP VSLPVSLP

Upon the restoration of one or more VSL interfaces, VSLP will detect this and will proceed to reload Switch 1 so that it may be able to re-negotiate Active/Standby role after bootup…


52


High AvailabilityGeneric OnLine Diagnostics (GOLD)

There are 4 new tests that are available in VSS mode:

1. TestVSLLocalLoopback

2. TestVSLBridgeLink

3. TestVSLStatus

4. TestVSActiveToStandbyLoopback

VS State : ActiveLocal GOLD: Active

VS State : StandbyLocal GOLD: Active

VSLSwitch 1 Switch 2

Distributed GOLD Manager

Some enhancements to the GOLD framework have been implemented in a VSS environment, which leverages a Distributed GOLD environment. In this case, each supervisor runs an instance of GOLD, but is centrally managed by the Active Supervisor in the Active chassis…


Virtual Switch SystemDeployment ConsiderationsVirtual Switch will incorporate some deployment considerations as best practice…


53


Virtual Switch SystemBenefits


Virtual Switch SystemSummary


54


Data Center Option (E) Utilizing Layer 2 VPN and Virtual Switching New Features

PE1-COREAinterface gigabitethernet 3/0 <-6500 Bxconnect 10.1.1.2 20 encapsulation mpls!interface gigabitethernet 4/0 <-6500 Bxconnect 10.1.1.2 40 encapsulation mpls



Q and A


55


Recommended Reading

Continue your Cisco Live learning experience with further reading from Cisco Press

Check the Recommended Reading flyer for suggested books

“Layer 2 VPN Architectures”

ISBN: 1-58705-168-0

Available Onsite at the Cisco Company Store


Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes. Winners announced daily.

Receive 20 Passport points for each session evaluation you complete.

Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.

Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008.

Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.


56


implementation and utilization of layer 2 vpn technologies

Documents