INTRODUCTION TO L2VPNS - TWAREN

INTRODUCTION TO L2VPNS

444

11© 2005 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialAGG-1000

Introduction to Layer 2 and Layer 3 VPN Services

• Layer 2 and Layer 3 VPN Services are offered from the edge of a network

CE

PE

PE

CE

CE

Layer 3 VPN Link Comprised of IP Traffic

Passed Over IP Backbone

CE

Layer 2 VPN Which Passes—Ethernet, ATM, Frame Relay, PPP,

HDLC Traffic Over IP Backbone

Layer 3 VPN Layer 2 VPN

LEGEND

IPBackbone


VPN Technology Variants:VPN Forwarding Decisions, SP Relationship

LAYER 3 VPNS

• Provider devices forward customer packets based on Layer 3 information (e.g., IP)

• SP involvement in routing

• MPLS/BGP VPNs(RFC 2547), MPLS VPN over IP, GRE, virtual router approaches

LAYER 2 VPNS

• Provider devices forward customer packets based on Layer 2 information

• Tunnels, circuits, LSPs, MAC address

• “pseudowire” concept

What Information Is Relevant in Forwarding Customer Traffic?


Multipoint Replication

AToM

L2TPv3

FR

ATM (AAL5 and Cell)

Ethernet

PPP / HDLC

QoS

High Availability

Security

QoS

High Availability

Security

Network ManagementPeer Discovery

Attachment and Extension VCs

Directory

Pseudowires

Any-to-Any Switched Frame Transport Service Over a Pseudowire Using Customer MACs for Forwarding

L2VPN

Interworking

What Is an L2VPN?L2VPN Network Service Functions

VPLSVirtual Private LAN Service

VPWSVirtual Private Wire ServicePoint-to-Point Switched FrameTransport Over a Pseudowire


Pseudo Wires

VPWS Reference Model

A Pseudowire (PW) Is a Connection Between Two Provider Edge (PE) Devices Which Connects Two Pseudowire End-Services (PWESs) of the Same Type

Emulated Service

PEPE

PWES PWES

PSN Tunnel

PWES PWES

Customer Site

Customer Site

Customer Site

Customer Site

• Ethernet

• 802.1Q (VLAN)

• ATM VC or VP

• HDLC

• PPP

• Frame Relay VC

Service Types:

PWES


Virtual Private Wire Service (VPWS):Customer Perspective

• Point-to-point connections between Provider Edge (PE) nodes• Same look and feel as existing L2 PVCs (i.e., Frame Relay point-to-point)• Service provider simply forwarding incoming frames based on Layer 2

information (i.e. DLCI, VLAN Tag, VPI/VCI, etc.)

CE1

CE4

CE3

CE2

CE5

161616


VPLS Reference Model

PE PE

MPLS

Attachment VCs are Ethernet

Full Mesh of Pseudowires

Customer Site

A Full Mesh of Pseudowires (PW) Is Used to Connect All Provider Edge (PE) Devices Which Support a Given VPLS VPN

Customer Site

Customer Site


Virtual Private LAN Service (VPLS):Customer Perspective

• Multipoint-to-multipoint configuration

• Forwarding of frames based on learned MAC addresses

• Uses a Virtual Switching Instances (VSI) for customer separation

CE1 CE3

All PEs Appear Connected on a Common Switch

CE4CE2

181818


Ethernet

Unmuxed UNI

Ethernet Wire Service(EWS)

Ethernet Relay Service (ERS)

Ethernet Multipoint Service (EMS)

Ethernet Relay Multipoint Service (ERMS)

Service Offerings:L2VPN Transport Services

Unmuxed UNI

Muxed UNI

PPP/HDLC over Pseudowire

FR over Pseudowire

PPP/HDLC

Frame RelayATM

Muxed UNI

AAL5 over Pseudowire

Cell Relay w/ packing over Pseudowire

OTHER VARIANTS…

Muxed UNIMuxed UNI

VPWS VPLS

Muxed UNI

Unmuxed UNI


L2 VPN Service Comparison

MPLSIP and MPLSService Provider Core Protocol

AnyAnyCustomer Protocol Support

NoNoRouting Involvement by SP

Ethernet OnlyAny (FR, ATM/Cell,

Ethernet/VLAN, HDLC, PPP)

L2 Encap Types

Multipoint-to-Multipoint (at L2)Point-to-Point (at L2)Connection Type

VPLSVPWS


Summary of Benefits for L2VPNs

• New Service OpportunitiesVirtual leased line ServiceOffer “PVC like” Layer 2 based service

• Reduced Cost—Consolidate multiple core technologies into a single packet-based infrastructure

• Simplify Services—Layer 2 transport provide options for Service Providers who need to provide L2 connectivity and maintain customer autonomy

• Protect Existing Investments—Greenfield networks to extend customer access to existing Layer 2 networks without deploying an old-world infrastructure

• Feature Support—Through the use of Cisco IOS® features such as IPsec, QoS, and Traffic Engineering, L2 transport can be tailored to meet customer requirements

222222

ANY TRANSPORT OVER MPLS (AToM) OVERVIEW


VPWS: Any Transport over MPLS (AToM)

MPLS Core

Frame RelayATM

Leased LineEthernet

Leased LineEthernet

Frame RelayATM

AToM

• AToM is Cisco’s implementation of VPWS for MPLS networks• Provides ability to transport layer 2 traffic such as ATM, FR, Ethernet,

PPP, and HDLC across MPLS packet-based core networks• A standards track open architecture allows extensibility to many

transport types• AToM, combined with Cisco IOS® QoS and MPLS traffic engineering

allows service provides to offer “virtual leased line” types of services

• Service provider does not participate in customer routing232323


VC Label Negotiation with Directed LDP

PE2PE1

Attachment Circuit

CE CE

LSP

Pseudo Wire

6. PE2 repeats steps 1-5 so that bidirectional label/VCID mappings are established

1. Attachment circuit configured with peer address and VC ID

3. PE1 allocates VC label for new circuit and binds to configured VC ID

4. PE1 sends LDP label mapping message containing VC FEC TLV and VC label TLV

5. PE2 receives VC FEC TLV and VC label TLV that matches local VCID

2. PE1 starts directed LDP session with PE2 if one does not already exist

Directed LDP

IP/MPLS


Length Sequence number0 0 0 0 Flags

EXP TTL (set to 2)1VC Label (VC)

EXP TTL0Tunnel Label (LDP / RSVP)

Layer 2 PDU

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

FRG

VC Label

Tunnel Label

Control Word

Encap. RequiredCR

Eth

FR

HDLCPPP

AAL5NoYes

Control Word

No

NoNo

Yes

AToM Traffic Encapsulation

• Three-level encapsulation

• Packets switched between PEs using top (tunnel) label

• VC label identifies PW

• VC label negotiated between PE with directed LDP

• Optional control word carries Layer 2 control bits and enables sequencing

252525


AToM:XConnect CLI Components

Two Ways to Configure:- xconnect <target PE>

- mpls l2transport route <target PE>

ldp-enabled

- Defines LDP as label protocol

- Globally defined

pseudowire-class (optional)- Characteristics template for PWs

- Tunneling mechanism

- Data plane encapsulation type

Example:

mpls label protocol ldp

mpls ldp router-id loopback 0 force

pseudowire-class atom_default

encapsulation mpls

sequencing both

interface FastEthernet5/1.500

encapsulation dot1Q 500

service-policy input vlan-hi-priority

xconnect 172.18.255.3 1002 pw-class foo

383838© 2005 Cisco Systems, Inc. All rights reserved.AGG-100010998_04_2005_c1

ATTACHMENT CIRCUITS


Frame Relay and ATM Support in AToM

Frame Relay ATM• Two encapsulations: AAL5

and Cell Relay

• Single or multiple Cell Relay supported

• AAL5 supported in VC mode

• Cell Relay in VC/VP and Port modes

• OAM traffic carried transparently

• AAL5 mode may perform OAM emulation

• Two main transport modes: Port-to-Port or DLCI-to-DLCI

• LMIs carried transparently for Port-to-Port

• LMIs terminated for DLCI-to-DLCI with remote notifications via LDP

• Multiple FR encapsulation support

• Multiple LMI support


Ethernet/HDLC/PPP Support in AToM

Ethernet PPP/HDLC

• Two main transport modes: VLAN and Port

• VLAN mode requires 802.1q

• VLAN mode supports VLAN Id rewrite

• Support Ethernet Speed of 10/100/1000MBps

• No special restrictions on HDLC Traffic

• PEs do not participate in PPP negotiation

• PPP negotiation requires attachment circuit compatibility

PSEUDOWIRE REDUNDANCY

484848


Pseudowire Service Failure Points

PE1

PE2

Packet Switch Network (IP or MPLS)

CE1

1 CE22 3 4

Pseudowire

1 PSN failure due to end-to-end routing failure

2 PE failure due to HW or SW fault

3 Attachment circuit failure due to line break

4 CE failure due to HW or SW fault

494949


Redundancy Problem Statement

• Service Provider desires to build in pseudowire redundancy so that if the service becomes unavailable, it can quickly be migrated over to another point in the service provider’s network or the customer’s network

• Let us assume that only one end of the network (e.g. hub site) justifies the allocation of redundancy

• This type of redundancy is end-to-end redundancy

• Can be used with other availability techniques such as SSO/NSF and FRR


Pseudowire Redundancy: Single Side Full Redundancy

Pro:• Addressed fault in four key areas of a PW Implementation• Reduces the number of PW that must be active at a give time, thus scale

impact is reduced when compare to the full redundancy solution

Con:• Redundant CE/PE required; this increases the cost of the solution

PE1

PE2b

Packet Switch Network

CE2a

CE1

Primary Pseudowire

CE2bIP or MPLS

PE2a

Attachment Circuits

Attachment Circuit

Redundant Pseudowire

515151


Redundancy Features

• Configure one redundant PE endpoint• Switch to redundant PE based on failure detection

mechanism. The failure mechanism must be able to detect a failure in PSN, remote PE, or remote PE-CE connection

• Ability to manually start the switchover to the redundant device

• After a failure, the implementation will be able to detect when a primary PE becomes available and switch back to that device

• Must support some type of dampening technique so as to not switch back and forth between PEs during periods of instability. The dampening algorithm allows for timers for “switchover” and “fallback”


Failure Identification

• Attachment circuit can be caused by interface condition (up/down/LOS) or integrated LMI notification

• Pseudowire failure for AToM is discovered by LDP timeout

• L2TPv3 pseudowire failure is identified by control plane keepalive failure

• In the near future we are looking at expediting the failure detection by using an automated BFD over pseudowire VCCV


L2VPN VPWS Redundancy CLI

• One-sided CLI, the redundancy information is only configured on the PE who sees multiple peers

• Multiple redundant peers may be specified, each peer may have a different priorities. • ‘enable-delay’ sets the amount of time a failure must persist before performing

switchover • ‘disable-delay’ sets the amount of time the primary VC must be available before

falling back to the primary VC • ‘never’ disables fallback to the primary after a switchover. Fallback will only occur if the

secondary goes down • Currently, all peers must be of the same type, i.e. MPLS pseudowires, or L2TP

pseudowires—No mix and match allowed. This is enforced by not allowing the pw-class encapsulation types to be different. Note, if the pw-class is not specified in the backup statements, it will be inherited from the parent xconnect

Configuration CLI:xconnect <ip-addr> <vcid> pw-class <name>

backup peer <ip-addr> <vcid> <pw-class <x>> priority <value>backup delay <enable-delay> <disable-delay | never>


L2VPN VPWS Redundancy CLI (Cont.)

• This new xconnect command is available from the exec prompt. The IP address and VCID should match the values of the xconnect the customer wishes to switch over to. When entered by the user, this command will locate the xconnect configuration associated with the IP address/VCID and will generate a switchover event to the redundancy manager for this VC

“manual switchover” CLI:Router> xconnect backup force-switchover peer <ip-addr> <vcid>

Router> xconnect backup force-switchover interface <ifcname>

INTRODUCTION TO L2VPNS - TWAREN

Documents

Transcript of INTRODUCTION TO L2VPNS - TWAREN