vpls - actfornet | huawei usa canada partner reseller s970… · 3 vpls components n-pe mpls core...
TRANSCRIPT
VPLS
1
Agenda
VPLS Overview
VPLS packet walk-through
VPLS features
Summary
2
Classification of VPNs
CPE Based
Layer 3
MPLS VPN
Virtual Router
GRE IPSec
Layer 3
P2P VLL/PWE3 Ethernet
Frame
Relay
PP
P/HD
LC
ATM/C
ell Relay
Ethern
et (P2
P)
Frame
Relay
ATM
Ethern
et (P2
MP
) Eth
ernet (M
P2
MP
)
Network Based
Layer 2
VPLS
VPN
3
VPLS Components
N-PE
MPLS Core
CE router
CE router
CE switch
CE router
CE router
CE switch
CE switch
CE router
Attachment circuits Port or VLAN mode
Mesh of LSP between N-PEs N-PE
N-PE
Pseudo Wires within LSP Virtual Switch Interface (VSI) terminates PW and provides Ethernet bridge function
Targeted LDP or BGP between PEs to exchange VC labels for Pseudo Wires Attachment CE
can be a switch or router
4
Virtual Switch Interface
Flooding / Forwarding
MAC table instances per customer for each PE
VFI will participate in learning and forwarding process
Associate ports to MAC, flood unknowns to all other ports
Address Learning / Aging
LDP (or BGP) enhanced with additional MAC List TLV (label withdrawal)
MAC timers refreshed with incoming frames
Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS)
Unidirectional LSP carries VCs between pair of N-PE Per
A VPLS use “split horizon” concepts to prevent loops
Each VSI is a bridge domain, VLAN to VSI mapping is flexible.
VSI
VLAN VLAN
VSI
VLAN
5
VPLS Flooding & Forwarding
Flooding (Broadcast, Multicast, Unknown Unicast)
Dynamic learning of MAC addresses on interfaces and VCs
Forwarding
Physical Port
Virtual Circuit
Data SA DA?
Unknown DA? Pseudo Wire in LSP
6
MAC Address Learning and Forwarding
Broadcast, Multicast, and Unknown Unicast are learned via the received label associations
Two LSPs associated with a VC (Tx & Rx) If inbound or outbound LSP is down
Then the entire Pseudo Wire is considered down
PE1 PE2
Send me frames
using Label 170
Send me frames
using Label 102
CE CE
E0/0 E0/1
MAC 2 E0/1
MAC Address Adj
MAC 1 102
MAC 2 170
MAC Address Adj
MAC 1 E0/0
Use VC Label 102
MAC1
Use VC Label 170
MAC2
PE2 170 MAC2 MAC1 Data
PE2 102 MAC1 MAC2 Data
Directed LDP or BGP
7
MPLS
MAC Address Withdrawal Message
Message speeds up convergence process
Otherwise PE relies on MAC Address Aging Timer
Upon failure PE removes locally learned MAC addresses
Send LDP Address Withdraw (RFC3036) to remote PEs in
VPLS (using the Directed LDP session)
New MAC List TLV is used to withdraw addresses
X
Directed LDP
8
Agenda
VPLS Overview
VPLS packet walk-through
VPLS features
Summary
9
VPLS work flow brief
Src Virtual Port + VSI/VFI
Eth frame
Ingress lookup find the src virtual port. Then know which VSI/VFI.
MAC learning MAC dst-lookup
Output module/port Encap MPLS Encap MAC layer
MPLS frame
Rewrite & send it out.
Src Virtual Port + VSI/VFI
Eth frame
Ingress lookup find the src virtual port by the VC label. Then know which VSI/VFI.
MAC learning MAC dst-lookup
Output module/port MPLS frame
Rewrite & send it out.
10
Agenda
VPLS Overview
VPLS packet walk-through
VPLS features
Summary
11
VPLS - kompella (BGP as signaling)
VPLS - martini (LDP as signaling)
H-VPLS (LDP as signaling)
mVPLS & mVRRP
VPLS BGP Auto-Discovery (V2R1)
S97’s VPLS Feature
12
VPLS kompella example (1)
#
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi bgp1 auto
pwsignal bgp
route-distinguisher 168.1.1.1:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
site 1 range 5 default-offset 0
#
mpls ldp
#
interface Vlanif10
l2 binding vsi bgp1
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
vpls-family
policy vpn-target
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
13
VPLS kompella example (2)
#
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi bgp1 auto
pwsignal bgp
route-distinguisher 169.1.1.2:1
vpn-target 100:1 import-extcommunity
vpn-target 100:1 export-extcommunity
site 2 range 5 default-offset 0
#
mpls ldp
#
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
l2 binding vsi bgp1
#
#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
vpls-family
policy vpn-target
peer 1.1.1.9 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
14
VPLS kompella example (3) #
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
<PE1> display vsi name bgp1 verbose
***VSI Name : bgp1
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 1
PW Signaling : bgp
Member Discovery Style : auto
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Create Time : 0 days, 0 hours, 8 minutes, 38 seconds
VSI State : up
。。。
15
VPLS - kompella (BGP as signaling)
VPLS - martini (LDP as signaling)
H-VPLS (LDP as signaling)
mVPLS & mVRRP
VPLS BGP Auto-Discovery (V2R1)
S97’s VPLS Feature
16
VPLS martini example (1) #
sysname PE1
#
vlan batch 10 20
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 3.3.3.9
#
mpls ldp
#
mpls ldp remote-peer 3.3.3.9
remote-ip 3.3.3.9
#
interface Vlanif10
l2 binding vsi a2
#
interface Vlanif20
ip address 168.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 168.1.1.0 0.0.0.255
#
17
VPLS martini (2) #
sysname PE2
#
vlan batch 30 40
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi a2 static
pwsignal ldp
vsi-id 2
peer 1.1.1.9
#
mpls ldp
#
mpls ldp remote-peer 1.1.1.9
remote-ip 1.1.1.9
#
interface Vlanif30
ip address 169.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
l2 binding vsi a2
#
sysname CE2
#
vlan batch 40
#
interface Vlanif40
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 40
#
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 169.1.1.0 0.0.0.255
#
18
VPLS martini example (3) #
sysname P
#
vlan batch 20 30
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif20
ip address 168.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif30
ip address 169.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 168.1.1.0 0.0.0.255
network 169.1.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
<PE1> display vsi name a2 verbose
***VSI Name : a2
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Create Time : 0 days, 0 hours, 1 minutes, 45 seconds
VSI State : up
。。。
19
VPLS - kompella (BGP as signaling)
VPLS - martini (LDP as signaling)
H-VPLS (LDP as signaling)
mVPLS & mVRRP
VPLS BGP Auto-Discovery (V2R1)
S97’s VPLS Feature
20
interface GigabitEthernet1/0/0
port hybrid pvid vlan 10
port hybrid tagged vlan 10
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 20
port hybrid tagged vlan 20
#
interface GigabitEthernet3/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 100.1.1.0 0.0.0.255
#
H-VPLS example (1) #
sysname UPE
#
vlan batch 10 20 30
#
mpls lsr-id 1.1.1.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 2.2.2.9
#
mpls ldp
#
interface Vlanif10
l2 binding vsi v123
#
interface Vlanif20
l2 binding vsi v123
#
interface Vlanif30
ip address 100.1.1.1 255.255.255.0
mpls
mpls ldp
#
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 10
#
21
H-VPLS example (2) #
sysname SPE
#
vlan batch 30 40
#
mpls lsr-id 2.2.2.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 3.3.3.9
peer 1.1.1.9 upe
#
mpls ldp
#
interface Vlanif 30
ip address 100.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif40
ip address 100.2.1.1 255.255.255.0
mpls
mpls ldp
#
#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 30
port hybrid tagged vlan 30
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 100.2.1.0 0.0.0.255
network 100.1.1.0 0.0.0.255
#
22
H-VPLS example (3) #
sysname PE
#
vlan batch 40 50
#
mpls lsr-id 3.3.3.9
mpls
#
mpls l2vpn
#
vsi v123 static
pwsignal ldp
vsi-id 123
peer 2.2.2.9
#
mpls ldp
#
interface Vlanif40
ip address 100.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlanif50
l2 binding vsi v123
#
#
sysname CE3
#
vlan batch 50
#
interface Vlanif50
ip address 10.1.1.3 255.255.255.0
#
interface GigabitEthernet1/0/0
port link-type trunk
port trunk allow-pass vlan 50
#
#
interface GigabitEthernet1/0/0
port hybrid pvid vlan 40
port hybrid tagged vlan 40
#
interface GigabitEthernet2/0/0
port hybrid pvid vlan 50
port hybrid tagged vlan 50
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 100.2.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
23
H-VPLS example (4)
<SPE> display vsi name v123 verbose
***VSI Name : v123
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 0
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : vlan
MTU : 1500
Diffserv Mode : uniform
Mpls Exp : --
DomainId : 255
Domain Name :
Ignore AcState : disable
Create Time : 1 days, 15 hours, 11 minutes, 4 seconds
VSI State : up
……
。。。。。。
**PW Information:
*Peer Ip Address : 1.1.1.9
PW State : up
Local VC Label : 27649
Remote VC Label : 27648
PW Type : MEHVPLS
Tunnel ID : 0x10020
Broadcast Tunnel ID : 0x10020
Ckey : 0x6
Nkey : 0x5
Main PW Token : 0x10020
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif30
Stp Enable : 0
Mac Flapping : 0
PW Last Up Time : 2009/02/03 00:32:43
PW Total Up Time : 0 days, 0 hours, 1 minutes, 14 seconds
*Peer Ip Address : 3.3.3.9
PW State : up
Local VC Label : 27648
Remote VC Label : 27648
PW Type : label
Tunnel ID : 0x20022
Broadcast Tunnel ID : 0x20022
Ckey : 0x6
Nkey : 0x5
Main PW Token : 0x20022
Slave PW Token : 0x0
Tnl Type : LSP
OutInterface : Vlanif40
Stp Enable : 0
Mac Flapping : 0
PW Last Up Time : 2009/02/03 00:31:43
PW Total Up Time : 0 days, 0 hours, 2 minutes, 14 seconds
24
VPLS - kompella (BGP as signaling)
VPLS - martini (LDP as signaling)
H-VPLS (LDP as signaling)
mVPLS & mVRRP
VPLS BGP Auto-Discovery (V2R1)
S97’s VPLS Feature
25
mVRRP over mVPLS brief (1)
mVRRP runs between NPEs
mVPLS
Active
Backup
26
mVRRP over mVPLS brief (2)
Active OK, It’s a VRRP switch over, Then flush the VSI’s MAC TBL.
And send a LDP MAC-withdraaw message to remote.
LDP withdraw
Remote Peer
VSI MAC Table flush
VSI MAC Table flush
27
mVPLS & mVRRP example (1)
#
sysname UPE
#
vlan batch 100 200
#
bfd
#
mpls lsr-id 1.1.1.1
mpls
mpls te
mpls rsvp-te
#
mpls l2vpn
#
vsi admin-vsi1 static
pwsignal ldp
vsi-id 10
admin-vsi
#
vsi biz-vsi1 static
pwsignal ldp
vsi-id 101
peer 2.2.2.2
peer 3.3.3.3
tnl-policy policy1
track admin-vsi admin-vsi1
#
mpls ldp
#
mpls ldp remote-peer 2.2.2.2
remote-ip 2.2.2.2
#
#
mpls ldp remote-peer 3.3.3.3
remote-ip 3.3.3.3
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0010.0010.0100.1001.00
traffic-eng level-2
#
interface Vlanif 100
ip address 10.1.1.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface Vlanif 200
ip address 10.1.2.1 255.255.255.0
isis enable 1
mpls
mpls te
mpls rsvp-te
#
interface GigabitEthernet1/0/0.1
control-vid 11 dot1q-termination
dot1q termination vid 101
l2 binding vsi biz-vsi1
#
… to be continued再
28
mVPLS & mVRRP example (2) … continued.
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk allow-pass vlan 10 100
#
interface GigabitEthernet1/0/1.1
control-vid 1 dot1q-termination
dot1q termination vid 10
l2 binding vsi admin-vsi1
#
interface GigabitEthernet1/0/2
port link-type trunk
port trunk allow-pass vlan 10 200
#
interface GigabitEthernet1/0/2.1
control-vid 2 dot1q-termination
dot1q termination vid 10
l2 binding vsi admin-vsi1
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
interface Tunnel1/0/1
description TO NPE1
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 2.2.2.2
mpls te tunnel-id 1
mpls te commit
#
interface Tunnel1/0/2
description TO NPE2
ip address unnumbered interface LoopBack1
tunnel-protocol mpls te
destination 3.3.3.3
mpls te tunnel-id 2
mpls te commit
#
tunnel-policy policy1
tunnel select-seq cr-lsp load-balance-number 1
#
29
VPLS - kompella (BGP as signaling)
VPLS - martini (LDP as signaling)
H-VPLS (LDP as signaling)
mVPLS & mVRRP
VPLS BGP Auto-Discovery (V2R1)
S97’s VPLS Feature
30
VPLS BGP Auto-Discovery: discovery phase …
VPLS-ID = 65535:100
RD = 65535:100
VSI-ID = 1.1.1.1
RT = 5:5
Next Hop = 1.1.1.1
Use BGP for auto-discovery & LDP other VPLS label management.
Lo: 2.2.2.2/32 Lo: 3.3.3.3/32
Lo: 1.1.1.1/32
VPLS-ID = 65535:100
RD = 65535:100
VSI-ID = 2.2.2.2
RT = 5:5
Next Hop = 2.2.2.2
VPLS-ID = 65535:100
RD = 65535:100
VSI-ID = 3.3.3.3
RT = 5:5
Next Hop = 2.2.2.2
BGP AD
31
VPLS BGP Auto-Discovery: LDP mapping …
Page 31
LDP Mapping
Next Hop = 1.1.1.1
AGI = 65535:100 (RD)
SAII = 1.1.1.1
TAII = 3.3.3.3 (from BGP AD)
Label = XXX
After BGP AD, software trigger LDP sessions, then VPLS is up …
Lo: 2.2.2.2/32 Lo: 3.3.3.3/32
Lo: 1.1.1.1/32
LDP exchange
LDP Mapping
Next Hop = 3.3.3.3
AGI = 65535:100 (RD)
SAII = 3.3.3.3
TAII = 2.2.2.2 (from BGP AD)
Label = ZZZ
LDP exchange
LDP exchange
LDP Mapping
Next Hop = 1.1.1.1
AGI = 65535:100 (RD)
SAII = 1.1.1.1
TAII = 2.2.2.2 (from BGP AD)
Label = XXX
LDP Mapping
Next Hop = 3.3.3.3
AGI = 65535:100 (RD)
SAII = 3.3.3.3
TAII = 1.1.1.1 (from BGP AD)
Label = ZZZ
LDP Mapping
Next Hop = 3.3.3.3
AGI = 65535:100 (RD)
SAII = 3.3.3.3
TAII = 3.3.3.3 (from BGP AD)
Label = YYY
LDP Mapping
Next Hop = 3.3.3.3
AGI = 65535:100 (RD)
SAII = 3.3.3.3
TAII = 1.1.1.1 (from BGP AD)
Label = YYY
32
VPLS Ping & Tracert
VPLS graceful restart
Traffic statistic per PW
Broadcast-suppression per VSI
Unknown-unicast-suppression per VSI
Multicast-suppression per VSI
S97’s other VPLS Features
33
Agenda
VPLS Overview
VPLS packet walk-through
VPLS features
Summary
34
Summary : Top 5 thing to remember
1. Support both kompella and martini VPLS
2. Support H-VPLS (LDP)
3. BFD for fast detection in H-VPLS
4. Fast MAC withdraw in H-VPLS
5. Easy management:
• Support VPLS ping & tracert …
• Broadcast/multicast/unknown unicast suppression
Copyright©2012 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and
operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to
differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and
constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.
HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY