To build upon what I learned about MPLS and L3 VPN’s, I
wanted to take it a bit further and study L2VPNs. The notion of extending L2 services over a
WAN was a fascinating subject, so I extended my lab capability to support
Virual Private LAN Services (VPLS).
Similar to the L3VPN lab, I’ll go over the VPLS specific configurations
as well as its operation. However I
didn’t see many configuration tutorials on VPLS BGP based auto-discovery, so I’ll try to spend a little more time explaining the technology.
Lab
Environment
Note: These resources were appended to the existing MPLS L3VPN lab.
- (6) CSR1000v: Version 03.16.05.S
- Used default vCPU setting of 1
- Used default RAM at 4Gb
Diagram
& Topology
- Infrastructure Information
- (3) Provider Edge (PE Routers) IP Address Space: 10.1.1.0/24
- All link addressed in /30’s
- All loopback addressed in /32’s
- OSPF as Core IGP routing protocol, all in Area0
- MP-BGP as Provider Edge routing protocol peering to Route Reflector
- VPLS BGP Based Autodiscovery
- VPLS LDP Signaling
- (3) Customer Edge (CE Routers)
- CUSTOMER D
- IP Address: 172.16.0.0/24
- VFI Name: VPLS
- VPN ID: 10
- VLAN: 3010
Technology
Overview
Here were some good informational slides I found on the
technology. It covers common terms
and acronyms that are used throughout the post. Please see the references section for links to these documents.
This lab will be configured using LDP as signalling protocol.
Terms such as VFI and AC are used heavily in VPLS configuration and operation so it's important to get a good understanding of these elements.
VPLS works under the principle of flooding and learning, similar to how Ethernet works.
Similar to L3VPN, MPLS is the underlying transport mechanism using LDP as the signalling protocol.
Pseudowires (PW) are the key component in creating a L2VPN. PWs are point to point virtual circuits between PEs.
Configurations
PE_R13
version 15.5
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname PE_R13
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 1300 1399
mpls label protocol ldp
multilink bundle-name authenticated
l2vpn
router-id 13.13.13.13
!
l2vpn vfi context VPLS
vpn id 10
autodiscovery bgp signaling ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9T86RBMQW36
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
bridge-domain 10
member GigabitEthernet2 service-instance 10
member vfi VPLS
!
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 13.13.13.13 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.24
description TO P_R01
encapsulation dot1Q 24
ip address 10.1.1.18 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 10
mpls ip
!
interface GigabitEthernet1.25
description TO P_R02
encapsulation dot1Q 25
ip address 10.1.1.22 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet2
description TO CE_R16 - VPLS
mtu 9216
no ip address
negotiation auto
cdp enable
service instance 10 ethernet
encapsulation dot1q 3000-3100
!
!
interface GigabitEthernet3
mtu 9216
no ip address
shutdown
negotiation auto
no keepalive
!
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.233 255.255.255.0
negotiation auto
!
router ospf 100
router-id 13.13.13.13
passive-interface default
no passive-interface GigabitEthernet1.24
no passive-interface GigabitEthernet1.25
!
router bgp 2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 2345
neighbor RR description ROUTE REFLECTOR - R11
neighbor RR update-source Loopback0
neighbor RR timers 7 21
neighbor 11.11.11.11 peer-group RR
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor RR send-community both
neighbor 11.11.11.11 activate
exit-address-family
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
ip bgp-community new-format
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname PE_R13
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 1300 1399
mpls label protocol ldp
multilink bundle-name authenticated
l2vpn
router-id 13.13.13.13
!
l2vpn vfi context VPLS
vpn id 10
autodiscovery bgp signaling ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9T86RBMQW36
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
bridge-domain 10
member GigabitEthernet2 service-instance 10
member vfi VPLS
!
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 13.13.13.13 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.24
description TO P_R01
encapsulation dot1Q 24
ip address 10.1.1.18 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 10
mpls ip
!
interface GigabitEthernet1.25
description TO P_R02
encapsulation dot1Q 25
ip address 10.1.1.22 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet2
description TO CE_R16 - VPLS
mtu 9216
no ip address
negotiation auto
cdp enable
service instance 10 ethernet
encapsulation dot1q 3000-3100
!
!
interface GigabitEthernet3
mtu 9216
no ip address
shutdown
negotiation auto
no keepalive
!
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.233 255.255.255.0
negotiation auto
!
router ospf 100
router-id 13.13.13.13
passive-interface default
no passive-interface GigabitEthernet1.24
no passive-interface GigabitEthernet1.25
!
router bgp 2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 2345
neighbor RR description ROUTE REFLECTOR - R11
neighbor RR update-source Loopback0
neighbor RR timers 7 21
neighbor 11.11.11.11 peer-group RR
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor RR send-community both
neighbor 11.11.11.11 activate
exit-address-family
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
ip bgp-community new-format
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
PE_R14
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname PE_R14
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 1400 1499
mpls label protocol ldp
multilink bundle-name authenticated
l2vpn
router-id 14.14.14.14
!
l2vpn vfi context VPLS
vpn id 10
autodiscovery bgp signaling ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9RI9QKLEXTS
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
bridge-domain 10
member GigabitEthernet2 service-instance 10
member vfi VPLS
!
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 14.14.14.14 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.26
description TO P_R02
encapsulation dot1Q 26
ip address 10.1.1.26 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.27
description TO P_R01
encapsulation dot1Q 27
ip address 10.1.1.30 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 10
mpls ip
!
interface GigabitEthernet2
description TO CE_R18 - VPLS
mtu 9216
no ip address
negotiation auto
cdp enable
service instance 10 ethernet
encapsulation dot1q 3000-3100
!
!
interface GigabitEthernet3
mtu 9216
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.234 255.255.255.0
negotiation auto
!
router ospf 100
router-id 14.14.14.14
passive-interface default
no passive-interface GigabitEthernet1.26
no passive-interface GigabitEthernet1.27
!
router bgp 2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 2345
neighbor RR description ROUTE REFLECTOR - R11
neighbor RR update-source Loopback0
neighbor RR timers 7 21
neighbor 11.11.11.11 peer-group RR
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor RR send-community both
neighbor 11.11.11.11 activate
exit-address-family
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
ip bgp-community new-format
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname PE_R14
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 1400 1499
mpls label protocol ldp
multilink bundle-name authenticated
l2vpn
router-id 14.14.14.14
!
l2vpn vfi context VPLS
vpn id 10
autodiscovery bgp signaling ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9RI9QKLEXTS
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
bridge-domain 10
member GigabitEthernet2 service-instance 10
member vfi VPLS
!
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 14.14.14.14 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.26
description TO P_R02
encapsulation dot1Q 26
ip address 10.1.1.26 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.27
description TO P_R01
encapsulation dot1Q 27
ip address 10.1.1.30 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 10
mpls ip
!
interface GigabitEthernet2
description TO CE_R18 - VPLS
mtu 9216
no ip address
negotiation auto
cdp enable
service instance 10 ethernet
encapsulation dot1q 3000-3100
!
!
interface GigabitEthernet3
mtu 9216
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.234 255.255.255.0
negotiation auto
!
router ospf 100
router-id 14.14.14.14
passive-interface default
no passive-interface GigabitEthernet1.26
no passive-interface GigabitEthernet1.27
!
router bgp 2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 2345
neighbor RR description ROUTE REFLECTOR - R11
neighbor RR update-source Loopback0
neighbor RR timers 7 21
neighbor 11.11.11.11 peer-group RR
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor RR send-community both
neighbor 11.11.11.11 activate
exit-address-family
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
ip bgp-community new-format
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
PE_R15
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname PE_R15
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 1500 1599
mpls label protocol ldp
multilink bundle-name authenticated
l2vpn
router-id 15.15.15.15
!
l2vpn vfi context VPLS
vpn id 10
autodiscovery bgp signaling ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9NP1VCY8F2T
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
bridge-domain 10
member GigabitEthernet2 service-instance 10
member vfi VPLS
!
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 15.15.15.15 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.28
description TO P_R03
encapsulation dot1Q 28
ip address 10.1.1.34 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.29
description TO P_R04
encapsulation dot1Q 29
ip address 10.1.1.38 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet2
description TO CE_R22 - VPLS
mtu 9216
no ip address
negotiation auto
cdp enable
service instance 10 ethernet
encapsulation dot1q 3000-3100
!
!
interface GigabitEthernet3
mtu 9216
no ip address
shutdown
negotiation auto
no keepalive
cdp enable
!
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.235 255.255.255.0
negotiation auto
!
router ospf 100
router-id 15.15.15.15
passive-interface default
no passive-interface GigabitEthernet1.28
no passive-interface GigabitEthernet1.29
!
router bgp 2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 2345
neighbor RR description ROUTE REFLECTOR - R11
neighbor RR update-source Loopback0
neighbor RR timers 7 21
neighbor 11.11.11.11 peer-group RR
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor RR send-community both
neighbor 11.11.11.11 activate
exit-address-family
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
ip bgp-community new-format
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet1
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname PE_R15
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 1500 1599
mpls label protocol ldp
multilink bundle-name authenticated
l2vpn
router-id 15.15.15.15
!
l2vpn vfi context VPLS
vpn id 10
autodiscovery bgp signaling ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9NP1VCY8F2T
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
bridge-domain 10
member GigabitEthernet2 service-instance 10
member vfi VPLS
!
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 15.15.15.15 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.28
description TO P_R03
encapsulation dot1Q 28
ip address 10.1.1.34 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.29
description TO P_R04
encapsulation dot1Q 29
ip address 10.1.1.38 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet2
description TO CE_R22 - VPLS
mtu 9216
no ip address
negotiation auto
cdp enable
service instance 10 ethernet
encapsulation dot1q 3000-3100
!
!
interface GigabitEthernet3
mtu 9216
no ip address
shutdown
negotiation auto
no keepalive
cdp enable
!
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.235 255.255.255.0
negotiation auto
!
router ospf 100
router-id 15.15.15.15
passive-interface default
no passive-interface GigabitEthernet1.28
no passive-interface GigabitEthernet1.29
!
router bgp 2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 2345
neighbor RR description ROUTE REFLECTOR - R11
neighbor RR update-source Loopback0
neighbor RR timers 7 21
neighbor 11.11.11.11 peer-group RR
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor RR send-community both
neighbor 11.11.11.11 activate
exit-address-family
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
ip bgp-community new-format
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet1
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
CE_R16
version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname CE_R16
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name domain.local
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9EUPRFXSDMW
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
no ip address
negotiation auto
!
interface GigabitEthernet1.3010
description TO PE_R13 - VPLS
encapsulation dot1Q 3010
ip address 172.16.0.1 255.255.255.0
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
cdp enable
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.236 255.255.255.0
negotiation auto
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet1
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname CE_R16
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name domain.local
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9EUPRFXSDMW
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
no ip address
negotiation auto
!
interface GigabitEthernet1.3010
description TO PE_R13 - VPLS
encapsulation dot1Q 3010
ip address 172.16.0.1 255.255.255.0
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
cdp enable
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.236 255.255.255.0
negotiation auto
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet1
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
CE_R18
version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname CE_R18
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name domain.local
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 99Q0ZYT75LP
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
no ip address
negotiation auto
cdp enable
!
interface GigabitEthernet1.3010
description TO PE_R14 - VPLS
encapsulation dot1Q 3010
ip address 172.16.0.2 255.255.255.0
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
cdp enable
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.238 255.255.255.0
negotiation auto
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet1
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname CE_R18
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name domain.local
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 99Q0ZYT75LP
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
no ip address
negotiation auto
cdp enable
!
interface GigabitEthernet1.3010
description TO PE_R14 - VPLS
encapsulation dot1Q 3010
ip address 172.16.0.2 255.255.255.0
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
cdp enable
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.238 255.255.255.0
negotiation auto
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet1
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
CE_R22
version 15.5
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname CE_R22
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name domain.local
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9477VPZZXJA
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
no ip address
negotiation auto
cdp enable
!
interface GigabitEthernet1.3010
description TO PE_R15 - VPLS
encapsulation dot1Q 3010
ip address 172.16.0.3 255.255.255.0
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.242 255.255.255.0
negotiation auto
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
ip ssh time-out 60
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname CE_R22
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
ip domain name domain.local
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9477VPZZXJA
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
no ip address
negotiation auto
cdp enable
!
interface GigabitEthernet1.3010
description TO PE_R15 - VPLS
encapsulation dot1Q 3010
ip address 172.16.0.3 255.255.255.0
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.242 255.255.255.0
negotiation auto
!
!
virtual-service csr_mgmt
!
no ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
ip ssh time-out 60
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 60 0
logging synchronous
login local
transport input telnet ssh
!
ntp server pool.ntp.org
!
end
VPLS Lab Specific Configurations
Note: We will look at the configuration for only PE13 since the
other PE’s will have similar configurations.
L2VPN VFI
The following configuration defines the Virtual
Forwarding Instance (VFI) and VPN ID. The
VFI and VPN ID together establishes the VPLS domain (i.e., L2 broadcast domain for a customer). When customer traffic enters the domain, the forwarding decision is made by looking up the VFI.
In this setup, LDP was used as the signalling protocol for forwarding purposes, however BGP was used as the auto-discovery protocol. BGP based auto-discovery simply enabled the PEs to use MP-BGP to discover other PEs in the domain. By auto-discovering the other remote PEs, a full mesh of pseudowires was automatically created. Without the use of a protocol to manage this, creating a full mesh of pseudowires would be a manual process.
In this setup, LDP was used as the signalling protocol for forwarding purposes, however BGP was used as the auto-discovery protocol. BGP based auto-discovery simply enabled the PEs to use MP-BGP to discover other PEs in the domain. By auto-discovering the other remote PEs, a full mesh of pseudowires was automatically created. Without the use of a protocol to manage this, creating a full mesh of pseudowires would be a manual process.
l2vpn
router-id 13.13.13.13
!
l2vpn vfi
context VPLS
vpn id 10
autodiscovery bgp signaling ldp
|
PE MP-BGP Configuration
Since the PEs are using BGP for auto-discovery, each PE must have
a MP-BGP session to the RR using the L2VPN VPLS address-family.
router bgp
2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 2345
neighbor RR description ROUTE REFLECTOR -
R11
neighbor RR update-source Loopback0
neighbor RR timers 7 21
neighbor 11.11.11.11 peer-group RR
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor RR send-community both
neighbor 11.11.11.11 activate
exit-address-family
|
RR MP-BGP Configuration
router bgp
2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor PE_R05 peer-group
neighbor PE_R05 remote-as 2345
neighbor PE_R05 description TO PE R05
neighbor PE_R05 update-source Loopback0
neighbor PE_R05 timers 7 21
neighbor PE_R06 peer-group
neighbor PE_R06 remote-as 2345
neighbor PE_R06 description TO PE R06
neighbor PE_R06 update-source Loopback0
neighbor PE_R06 timers 7 21
neighbor PE_R13 peer-group
neighbor
PE_R13 remote-as 2345
neighbor
PE_R13 description TO PE R13
neighbor
PE_R13 update-source Loopback0
neighbor
PE_R13 timers 7 21
neighbor
PE_R14 peer-group
neighbor
PE_R14 remote-as 2345
neighbor
PE_R14 description TO PE R14
neighbor
PE_R14 update-source Loopback0
neighbor
PE_R14 timers 7 21
neighbor
PE_R15 peer-group
neighbor
PE_R15 remote-as 2345
neighbor
PE_R15 description TO PE R15
neighbor
PE_R15 update-source Loopback0
neighbor
PE_R15 timers 7 21
neighbor
5.5.5.5 peer-group PE_R05
neighbor
6.6.6.6 peer-group PE_R05
neighbor
13.13.13.13 peer-group PE_R13
neighbor
14.14.14.14 peer-group PE_R14
neighbor
15.15.15.15 peer-group PE_R15
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor PE_R05 send-community both
neighbor PE_R05 route-reflector-client
neighbor PE_R06 send-community both
neighbor PE_R06 route-reflector-client
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 activate
exit-address-family
!
address-family l2vpn vpls
neighbor PE_R13 send-community both
neighbor PE_R13 route-reflector-client
neighbor PE_R14 send-community both
neighbor PE_R14 route-reflector-client
neighbor PE_R15 send-community both
neighbor PE_R15 route-reflector-client
neighbor 13.13.13.13 activate
neighbor 14.14.14.14 activate
neighbor 15.15.15.15 activate
exit-address-family
|
Attachment Circuit
The lab uses an Ethernet Flow Point (EFP)/Bridge-Domain type
attachment circuit that connects to the CE. The Ethernet service instance ID and VLANs tags customer traffic on the AC interface.
In the configuration below, the service provider PE matches VLANs 3000 – 3100 to service instance 10.
In the configuration below, the service provider PE matches VLANs 3000 – 3100 to service instance 10.
interface
GigabitEthernet2
description TO CE_R16 - VPLS
mtu 9216
no ip address
negotiation auto
cdp enable
service instance 10 ethernet
encapsulation dot1q 3000-3100
|
Within the customer bridge domain configuration, the VFI, AC interface and EFP service instance (10) are then associated.
bridge-domain
10
member GigabitEthernet2 service-instance 10
member vfi VPLS
|
The CE interface must use VLANs in the range of 3000 - 3100 as transport to be classified correctly on the PE. Here VLAN 3010 was configured.
interface
GigabitEthernet1
no ip address
negotiation auto
!
interface
GigabitEthernet1.3010
description TO PE_R13 - VPLS
encapsulation dot1Q 3010
ip address 172.16.0.1 255.255.255.0
|
Testing
Results
Test results were simple pings from site A to sites B and C
to verify full L3 reachability. ARP tables lookup verified L2 reachability.
SiteA to SiteB
CE_R16#ping
172.16.2.254 source lo100
Type escape
sequence to abort.
Sending 5,
100-byte ICMP Echos to 172.16.2.254, timeout is 2 seconds:
Packet sent
with a source address of 172.16.1.254
!!!!!
Success rate
is 100 percent (5/5), round-trip min/avg/max = 7/10/22 ms
|
SiteA to SiteC
CE_R16#ping
172.16.3.254 source lo100
Type escape
sequence to abort.
Sending 5,
100-byte ICMP Echos to 172.16.3.254, timeout is 2 seconds:
Packet sent
with a source address of 172.16.1.254
!!!!!
Success rate
is 100 percent (5/5), round-trip min/avg/max = 8/9/14 ms
|
SiteA’s ARP Table
CE_R16#sh arp
Protocol Address Age (min) Hardware Addr Type
Interface
Internet 172.16.0.1 - 000c.2974.0854 ARPA
GigabitEthernet1.3010
Internet 172.16.0.2 1 000c.2972.c977 ARPA
GigabitEthernet1.3010
Internet 172.16.0.3 14 000c.2962.6b17 ARPA
GigabitEthernet1.3010
|
SiteB’s ARP Table
CE_R18#sh arp
Protocol Address Age (min) Hardware Addr Type
Interface
Internet 172.16.0.1 31 000c.2974.0854 ARPA
GigabitEthernet1.3010
Internet 172.16.0.2 - 000c.2972.c977 ARPA
GigabitEthernet1.3010
Internet 172.16.0.3 18 000c.2962.6b17 ARPA
GigabitEthernet1.3010
|
SiteC’s ARP Table
CE_R22#sh arp
Protocol Address Age (min) Hardware Addr Type
Interface
Internet 172.16.0.1 31 000c.2974.0854 ARPA
GigabitEthernet1.3010
Internet 172.16.0.2 18 000c.2972.c977 ARPA
GigabitEthernet1.3010
Internet 172.16.0.3 - 000c.2962.6b17 ARPA
GigabitEthernet1.3010
|
Verification
Tasks
From the customer perspective the topology looks like a simple bridged network. However, there are many underlying infrastructure components at play. In this section, we will look into the VPLS specific operation.
The list below outlines the VPLS verification tasks.
- MP-BGP sessions and table
- MP-BGP L2VPN VPLS NLRI
- VFI details
- L2VPN Service details
- Virtual Circuit details
- Bridge Domain & EFP Attachment circuit
MP-BGP Session
Output only from PE_R13 for brevity.
PE_R13#sh ip
bgp l2vpn vpls all summary
BGP router
identifier 13.13.13.13, local AS number 2345
BGP table
version is 15, main routing table version 15
3 network
entries using 792 bytes of memory
3 path
entries using 408 bytes of memory
2/2 BGP
path/bestpath attribute entries using 496 bytes of memory
2 BGP rrinfo
entries using 80 bytes of memory
1 BGP
extended community entries using 40 bytes of memory
0 BGP
route-map cache entries using 0 bytes of memory
0 BGP
filter-list cache entries using 0 bytes of memory
BGP using
1816 total bytes of memory
BGP activity
5/2 prefixes, 5/2 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer
InQ OutQ Up/Down State/PfxRcd
11.11.11.11
4 2345 10172
10164 15 0
0 19:05:53 2
|
Output from RR.
RR_R11#sh ip
bgp l2vpn vpls all summary
BGP router
identifier 11.11.11.11, local AS number 2345
BGP table
version is 20, main routing table version 20
3 network
entries using 792 bytes of memory
3 path
entries using 408 bytes of memory
1/1 BGP
path/bestpath attribute entries using 248 bytes of memory
2 BGP AS-PATH
entries using 48 bytes of memory
2 BGP
community entries using 48 bytes of memory
6 BGP
extended community entries using 1064 bytes of memory
0 BGP
route-map cache entries using 0 bytes of memory
0 BGP
filter-list cache entries using 0 bytes of memory
BGP using
2608 total bytes of memory
BGP activity
20/11 prefixes, 22/13 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer
InQ OutQ Up/Down State/PfxRcd
13.13.13.13
4 2345 21379
21388 20 0
0 1d16h 1
14.14.14.14
4 2345 21369
21374 20 0 0 1d16h 1
15.15.15.15
4 2345 21345
21365 20 0
0 1d16h 1
|
MP-BGP Table
MP-BGP table for address-family L2VPN VPLS. RD was automatically generated in the format of [ASN:VPN-ID].
Output only from PE_R13 for brevity.
PE_R13#sh ip
bgp l2vpn vpls all
BGP table
version is 15, local router ID is 13.13.13.13
Status codes:
s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m
multipath, b backup-path, f RT-Filter,
x best-external, a additional-path,
c RIB-compressed,
Origin codes:
i - IGP, e - EGP, ? - incomplete
RPKI
validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 2345:10
*>
2345:10:13.13.13.13/96
0.0.0.0 32768 ?
*>i 2345:10:14.14.14.14/96
14.14.14.14 0 100
0 ?
*>i 2345:10:15.15.15.15/96
15.15.15.15 0
100 0 ?
|
Output from RR
RR_R11#sh ip
bgp l2vpn vpls all
BGP table
version is 20, local router ID is 11.11.11.11
Status codes:
s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m
multipath, b backup-path, f RT-Filter,
x best-external, a
additional-path, c RIB-compressed,
Origin codes:
i - IGP, e - EGP, ? - incomplete
RPKI
validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 2345:10
*>i 2345:10:13.13.13.13/96
13.13.13.13 0 100
0 ?
*>i 2345:10:14.14.14.14/96
14.14.14.14 0 100
0 ?
*>i 2345:10:15.15.15.15/96
15.15.15.15 0 100
0 ?
|
MP-BGP L2VPN NLRI
The MP-BGP NLRI from the RR contains an additional extended
community called the L2VPN AGI or attachment group identifier. It's a specific
value used in BGP autodiscovery and it identifies the VPLS domain. The
AGI is also labeled as the VPLS-ID and is in the format of [ASN:VPN ID]. The
PEs advertise the AGI to identify their membership for a particular VPLS
domain.
RR_R11#sh ip
bgp l2vpn vpls all 13.13.13.13
BGP routing
table entry for 2345:10:13.13.13.13/96, version 17
Paths: (1
available, best #1, table L2VPN-VPLS-BGP-Table)
Advertised to update-groups:
2
Refresh Epoch 1
Local, (Received from a RR-client)
13.13.13.13 (metric 8) from 13.13.13.13
(13.13.13.13)
Origin incomplete, metric 0, localpref
100, valid, internal, best, AGI version(0)
Extended Community: RT:2345:10 L2VPN AGI:2345:10
mpls labels in/out 16777215/16777215
rx pathid: 0, tx pathid: 0x0
|
VFI Details
Showing the details of the VFI will display information such
as VPN/VPLS-ID, RD, RT, signaling protocol and its established peers.
PE_R13#sh vfi
Legend:
RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name:
VPLS, state: up, type: multipoint, signaling: LDP
VPN ID: 10, VPLS-ID:
2345:10
RD: 2345:10, RT: 2345:10,
Bridge-Domain 10 attachment circuits:
Neighbors connected via pseudowires:
Peer Address VC ID Discovered Router ID S
15.15.15.15 10 15.15.15.15 Y
14.14.14.14 10 14.14.14.14 Y
|
L2VPN Service Details
The following command displays the L2VPN state when using LDP as signaling protocol.
It shows the state of the attachment
circuit, core
pseudowires, the virtual
circuit labels and its peers (using MPLS as encapsulation).
PE_R13#sh
l2vpn service all detail
Legend:
St=State XC St=State in the L2VPN
Service Prio=Priority
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected
Interface Group Encapsulation Prio St
XC St
--------- ----- ------------- ---- --
-----
VPLS name:
VPLS, State: UP
pw100001
VPLS(VFI) 0 UP
UP
pw100006 core_pw 15.15.15.15:10(MPLS) 0 UP
UP
Local VC label 1321
Remote VC label 1510
pw100005 core_pw 14.14.14.14:10(MPLS) 0 UP
UP
Local VC label 1306
Remote VC label 1415
BD name: 10,
State: --
- 10(BD) 0 UP
--
- VPLS(VFI) 0 UP
UP
|
Virtual Circuit Details
Here’s a more detailed look at the virtual circuits (only from PE13 for brevity). It shows the following:
- Imposed LSP outer label to MPLS Provider router
- Signaling protocol, its targeted peer and status
- Virtual Circuit inner labels
- AGI or VPLS-ID in HEX (2345:10)
- Attachment individual identifier (AII) is the IP address used for signaling
PE_R13#sh
mpls l2transport vc detail
Local
interface: VFI VPLS vfi up
Interworking type is Ethernet
Destination address: 14.14.14.14, VC ID:
10, VC status: up
Output interface: Gi1.25, imposed label stack {213
1415}
Preferred path: not configured
Default path: active
Next hop: 10.1.1.21
Create time: 19:10:25, last status change
time: 19:09:24
Last label FSM state change time:
19:09:24
Signaling protocol: LDP, peer 14.14.14.14:0 up
Targeted Hello: 13.13.13.13(LDP Id) -> 14.14.14.14,
LDP is UP
Graceful restart: not configured and not
enabled
Non stop routing: not configured and not
enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No
fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 1306, remote 1415
AGI: type 1, len 8, 000A 0929 0000 000A
Local AII: type 1, len 4, 0D0D 0D0D (13.13.13.13)
Remote AII: type 1, len 4, 0E0E 0E0E (14.14.14.14)
Group ID: local n/a, remote n/a
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: On (configured: autosense)
SSO Descriptor: 14.14.14.14/10, local
label: 1306
Dataplane:
SSM segment/switch IDs: 12301/8202
(used), PWID: 4
VC statistics:
transit packet totals: receive 54807,
send 72124
transit byte totals: receive 3659498, send 29063599
transit packet drops: receive 13995, seq error 0, send 0
Local
interface: VFI VPLS vfi up
Interworking type is Ethernet
Destination address: 15.15.15.15, VC ID:
10, VC status: up
Output interface: Gi1.25, imposed label stack {221 1510}
Preferred path: not configured
Default path: active
Next hop: 10.1.1.21
Create time: 19:07:37, last status change
time: 19:06:36
Last label FSM state change time:
19:06:36
Signaling protocol: LDP, peer 15.15.15.15:0 up
Targeted Hello: 13.13.13.13(LDP Id) -> 15.15.15.15,
LDP is UP
Graceful restart: not configured and not
enabled
Non stop routing: not configured and not
enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No
fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 1321, remote 1510
AGI: type 1, len 8, 000A 0929 0000 000A
Local AII: type 1, len 4, 0D0D 0D0D (13.13.13.13)
Remote AII: type 1, len 4, 0F0F 0F0F (15.15.15.15)
Group ID: local n/a, remote n/a
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: On (configured: autosense)
SSO Descriptor: 15.15.15.15/10, local
label: 1321
Dataplane:
SSM segment/switch IDs: 20498/12302
(used), PWID: 5
VC statistics:
transit packet totals: receive 229, send
32017
transit byte totals: receive 23170, send 24974220
transit packet drops: receive 209, seq error 0, send 0
|
Bridge Domain & EFP Attachment Circuit
The Bridge Domain output from PE13 shows how the MACs were forwarded.
- To reach CE22 [MAC: 000C.2962.6B17], use pseudoport with peer 15.15.15.15 [PE15]
- To reach CE16 [MAC: 000C.2974.0854], use EFP/Attachment Circuit
- To reach CE18 [MAC: 000C.2972.C977], use pseudoport with peer 14.14.14.14 [PE14]
PE_R13#sh
bridge-domain 10
Bridge-domain
10 (3 ports in all)
State:
UP Mac learning:
Enabled
Aging-Timer:
300 second(s)
GigabitEthernet2 service instance 10
vfi VPLS neighbor 14.14.14.14 10
vfi VPLS neighbor 15.15.15.15 10
AED MAC address Policy
Tag Age Pseudoport
0
000C.2962.6B17 forward dynamic
297 VPLS.1004015
0
000C.2974.0854 forward dynamic
297 GigabitEthernet2.EFP10
0
000C.2972.C977 forward dynamic
297 VPLS.1004014
|
Shows Pseudoport to Peer mapping.
PE_R13#show
platform software ethernet fp active vfi
Total number
of VFI neighbors: 2
VFI-name BD Peer-IP-Address VC-ID
ShGrp
-----------------------------------------------------------------
VPLS.1004014 10 14.14.14.14 10 1
VPLS.1004015 10 15.15.15.15 10 1
|
EFP details shows interface, VLAN and bridge domain
membership.
PE_R13#show
platform software ethernet fp active efp detail
Forwarding
Manager Ethernet Flow Points
EFP: ID: 10,
DPIDB: 0x1004010, Data Type: static
Interface: 8 (GigabitEthernet2)
QFPIDX: 13
QFPifname: GigabitEthernet2.EFP10
State: Up, Priority: 10
First tag encap: dot1q, vlan-type: 0x8100
vlan list: 3000-3100
DOT1AD Port Type: UNI
Bridge-domain: 10, Split-Horizon: None
MAC-limit: 65536
|
Packet
Walk
This is an example packet walk for traffic sent from CE16
(SiteA) to CE22 (SiteC). Based on what I learned so far, I
believe this is what is occurring on the service provider side and will try to
explain each step of the process.
Diagram
- CE16 sends traffic to CE22 and PE13 checks the VFI. Packet arrives on the G2 interface, attachment
circuit EFP/Bridge-domain 10.
- A lookup in the bridge domain show CE22’s destination MAC: 000C.2962.6B17 is mapped
to Pseudoport “VPLS.1004015”.
- A look at the Pseudoport to Peer mapping shows to use peer
IP 15.15.15.15 (PE15).
- PE13’s virtual circuits/pseudowire to PE15 shows us that we
need to impose a LSP label of 221 and VC label 1510.
- PE13 will do a MPLS forwarding lookup for 15.15.15.15. It
will need to push outer label 221 and send to next hop (P2).
- P2 receives packet, does a forwarding lookup for label 221, swaps label to
416 and send to next hop (P4).
- P4 receives the packet, does a forwarding lookup for label 416, pops label
(uses PHP) and send to next hop (PE15).
- PE15 looks at the VFI and shows bridge-domain 10 as
attachment circuit.
- Bridge domain forwards frame with destination MAC:
000C.2962.6B17 out EFP/interface G2.
PE_R13#sh
l2vpn vfi
Legend:
RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name:
VPLS, state: up, type: multipoint, signaling: LDP
VPN ID: 10, VPLS-ID: 2345:10
RD: 2345:10, RT: 2345:10,
Bridge-Domain 10 attachment circuits:
Pseudo-port interface: pseudowire100001
Interface Peer Address VC ID Discovered Router ID S
pseudowire100006 15.15.15.15 10 15.15.15.15 Y
pseudowire100005 14.14.14.14 10 14.14.14.14 Y
|
PE_R13#sh
l2vpn service vfi all detail
Legend:
St=State XC St=State in the L2VPN
Service Prio=Priority
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected
Interface Group Encapsulation Prio St
XC St
--------- ----- ------------- ----
-- -----
VPLS name:
VPLS, State: UP
pw100001
VPLS(VFI)
0 UP UP
pw100006 core_pw 15.15.15.15:10(MPLS) 0 UP
UP
Local VC label
1321
Remote VC
label 1510
pw100005 core_pw 14.14.14.14:10(MPLS) 0 UP
UP
Local VC label 1306
Remote VC
label 1415
|
PE_R13#sh
bridge-domain
Bridge-domain
10 (3 ports in all)
State:
UP Mac learning:
Enabled
Aging-Timer:
300 second(s)
GigabitEthernet2 service instance 10
vfi VPLS neighbor 14.14.14.14 10
vfi VPLS neighbor 15.15.15.15 10
AED MAC address Policy
Tag Age Pseudoport
0 000C.2962.6B17 forward
dynamic 235 VPLS.1004015
0
000C.2974.0854 forward dynamic
296 GigabitEthernet2.EFP10
0
000C.2972.C977 forward dynamic
296 VPLS.1004014
|
PE_R13#show
platform software ethernet fp active vfi
Total number
of VFI neighbors: 2
VFI-name BD Peer-IP-Address VC-ID
ShGrp
-----------------------------------------------------------------
VPLS.1004014 10 14.14.14.14 10 1
VPLS.1004015 10 15.15.15.15 10 1
|
PE_R13#sh
mpls l2transport vc destination 15.15.15.15 detail
Local
interface: VFI VPLS vfi up
Interworking type is Ethernet
Destination address: 15.15.15.15, VC ID:
10, VC status: up
Output interface: Gi1.25, imposed label stack {221 1510}
Preferred path: not configured
Default path: active
Next hop: 10.1.1.21
Create time: 1d20h, last status change
time: 1d20h
Last label FSM state change time: 1d20h
Signaling protocol: LDP, peer 15.15.15.15:0
up
Targeted Hello: 13.13.13.13(LDP Id) ->
15.15.15.15, LDP is UP
Graceful restart: not configured and not
enabled
Non stop routing: not configured and not
enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No
fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 1321, remote 1510
AGI: type 1, len 8, 000A 0929 0000 000A
Local AII: type 1, len 4, 0D0D 0D0D
(13.13.13.13)
Remote AII: type 1, len 4, 0F0F 0F0F
(15.15.15.15)
Group ID: local n/a, remote n/a
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: On (configured: autosense)
SSO Descriptor: 15.15.15.15/10, local
label: 1321
Dataplane:
SSM segment/switch IDs: 20498/12302
(used), PWID: 5
VC statistics:
transit packet totals: receive 248, send
73502
transit byte totals: receive 24926, send 57562312
transit packet drops: receive 213, seq error 0, send 0
|
PE_R13#sh
mpls forwarding-table 15.15.15.15
Local Outgoing
Prefix Bytes
Label Outgoing Next Hop
Label Label
or Tunnel Id Switched interface
1323 221
15.15.15.15/32 0 Gi1.25 10.1.1.21
|
P_R02#sh mpls
forwarding-table labels 221
Local Outgoing
Prefix Bytes Label Outgoing
Next Hop
Label Label
or Tunnel Id Switched interface
221 416
15.15.15.15/32 63960970 Gi1.13 10.0.0.14
|
P_R04#sh mpls
forwarding-table labels 416
Local Outgoing
Prefix Bytes
Label Outgoing Next Hop
Label Label
or Tunnel Id Switched interface
416 Pop Label
15.15.15.15/32 63360098 Gi1.29 10.1.1.38
|
PE_R15#sh
l2vpn vfi
Legend:
RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name:
VPLS, state: up, type: multipoint, signaling: LDP
VPN ID: 10, VPLS-ID: 2345:10
RD: 2345:10, RT: 2345:10,
Bridge-Domain 10 attachment circuits:
Pseudo-port interface: pseudowire100001
Interface Peer Address VC ID Discovered Router ID S
pseudowire100006 14.14.14.14 10 14.14.14.14 Y
pseudowire100005 13.13.13.13 10 13.13.13.13 Y
|
PE_R15#sh
l2vpn service vfi all detail
Legend:
St=State XC St=State in the L2VPN
Service Prio=Priority
UP=Up
DN=Down AD=Admin
Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected
Interface Group Encapsulation Prio St
XC St
--------- ----- ------------- ---- --
-----
VPLS name:
VPLS, State: UP
pw100001
VPLS(VFI)
0 UP UP
pw100006 core_pw 14.14.14.14:10(MPLS) 0 UP
UP
Local VC
label 1523
Remote VC
label 1421
pw100005 core_pw 13.13.13.13:10(MPLS) 0 UP
UP
Local VC
label 1510
Remote VC
label 1321
|
PE_R15#sh
bridge-domain
Bridge-domain
10 (3 ports in all)
State:
UP Mac learning:
Enabled
Aging-Timer:
300 second(s)
GigabitEthernet2 service instance 10
vfi VPLS neighbor 13.13.13.13 10
vfi VPLS neighbor 14.14.14.14 10
AED MAC address Policy
Tag Age Pseudoport
0 000C.2962.6B17 forward
dynamic 295 GigabitEthernet2.EFP10
0
000C.2974.0854 forward dynamic
294 VPLS.1004014
0
000C.2972.C977 forward dynamic
295 VPLS.1004015
|
References
