Previous Section  < Day Day Up >  Next Section

Hierarchical VPLS—Distributed PE Architecture

A hierarchical VPLS (H-VPLS) model allows SPs to interconnect geographically dispersed Ethernet LAN networks. A hierarchical VPLS service is implemented by splitting the physical PE device into many separate physical devices (distributed PE). Therefore, in this architecture, there are two types of PE devices:

  • User facing PE (u-PE)— CE devices connect to u-PEs directly. A u-PE typically has a single connection to the network PE (n-PE) device placed in the MPLS backbone. The u-PE aggregates the VPLS traffic received from CEs prior to forwarding the same to the n-PE where VPLS forwarding takes place based on the VSI (MAC address learning and switching).

  • Network PE (n-PE)— u-PEs in an H-VPLS network connect to n-PEs where VPLS information is forwarded based on the VSI. The most common form of implementation uses IEEE 802.1Q encapsulation and tunneling. A double 802.1Q encapsulation, also called Q-in-Q encapsulation, can be implemented to aggregate traffic between u-PE and n-PE. The Q-in-Q trunk, therefore, becomes an access port to a VPLS instance on an n-PE. The network PE devices are connected in a basic VPLS full mesh. For each VPLS service, a single-spoke pseudo wire is set up between the u-PE and n-PE. These pseudo wires get terminated on a virtual bridge instance on the u-PE and the network PE devices. Spoke pseudo wires can be implemented using any L2 tunneling mechanism, such as MPLS (AToM) or Q-in-Q (double tagging with 802.1Q VLAN tags). The network PE devices can function as a hub, with the user PE forming the spokes. The architecture, therefore, evolves itself to form a two-tier H-VPLS network because the VPLS core pseudo wire, formed between the network PE devices, is augmented with access pseudo wires formed between the network PE and u-PE devices.

Figure 12-10 shows a H-VPLS network with Q-in-Q tunnels between n-PE and u-PE devices. In this architecture, a full mesh of directed LDP sessions is maintained between n-PE routers. The u-PEs, u-PE1, u-PE2, and u-PE3, connect to the CE devices as well as to the n-PEs.

Figure 12-10. H-VPLS Using Q-in-Q Tunnels

[View full size image]


The spoke pseudo wires are Q-in-Q encapsulated (an 802.1Q VLAN frame encapsulated in another 802.1Q VLAN frame), which allows for customer separation while maintaining customer-specific VLAN information intact. The customer VLAN-tagged traffic is encapsulated in the MPLS backbone with AToM stack and tunneled as Q-in-Q tunnels between u-PE and n-PE.

Figure 12-10 illustrates two customers, Customer A and Customer B, having CE devices located at different sites that are connected to the VPLS provider using Q-in-Q access tunnels. Each customer has its own internal VLANs for workgroup separation. Customer A belongs to VLAN 100 and Customer B to VLAN 200. The objective is to ensure VLAN-to-VLAN connectivity between the different sites belonging to Customer A and Customer B. In the data forwarding and encapsulation process, customers locally generate traffic on each of their workgroup VLANs. The traffic is tagged by customer LAN switches, with appropriate VLAN tags for workgroup isolation, and is sent toward the SP (VLAN tag 100 for Customer A and VLAN tag 200 for Customer B). The u-PE places an additional VLAN tag (VLAN Tag 10) for the traffic originating from the CE device. This traffic is then sent by the u-PE to the network PE, where it is processed according to the VSI for that customer. Outer VLAN tags 100 and 200 are replaced by AToM label stack (LSP label, VC label) and sent across the MPLS backbone.

H-VPLS deployment, therefore, eliminates the need for a full mesh of tunnels as well as a full mesh of pseudo wires per service between all devices participating in the VPLS implementation. It minimizes packet replication and signaling overhead because fewer pseudo wires are required for the VPLS service.

Figure 12-11 shows the data plane forwarding for VPLS architecture using Q-in-Q mode.

Figure 12-11. Data Plane Forwarding for Network Using Q-in-Q Mode

[View full size image]


Configuration Flowchart for H-VPLS Using Q-in-Q Mode

Refer to Example 12-1 for configuration related to the provider network.

Figure 12-12 shows the steps to configure H-VPLS using Q-in-Q mode.

Figure 12-12. Configuration Flowchart: H-VPLS Q-in-Q Mode

[View full size image]


H-VPLS Configuration Scenario 1—802.1Q Tunneling (Q-in-Q)

The steps to configure the network topology shown in Figure 12-10 are

Step 1.
Configure the Layer 2 interface connected to u-PE device for 802.1Q—In this step, the interface on the n-PE routers connected to the u-PE device for 802.1Q tunneling is configured. This is illustrated in Example 12-20.

Example 12-20. Configuring the Layer 2 Interface Connected to u-PE Device
PE1(config)#vlan 10

PE1(config-vlan)#state active

PE1(config-vlan)#interface FastEthernet4/12

PE1(config-if)# description link to u-PE1

PE1(config-if)# switchport

PE1(config-if)# switchport access vlan 10

PE1(config-if)# switchport mode dot1q-tunnel

______________________________________________________________________

PE2(config)#vlan 10

PE2(config-vlan)#state active

PE2(config-if)#interface FastEthernet4/12

PE2(config-if)# description link to u-PE2

PE2(config-if)# switchport

PE2(config-if)# switchport access vlan 10

PE2(config-if)# switchport mode dot1q-tunnel

______________________________________________________________________

PE3(config)#vlan 100

PE3(config-vlan)#state active

PE3(config-if)#interface FastEthernet4/12

PE3(config-if)# description link to u-PE3

PE3(config-if)# switchport

PE3(config-if)# switchport access vlan 10

PE3(config-if)# switchport mode dot1q-tunnel

Step 2.
Define the VFI and bind it to the interface connected to the CE—In this step, the VFI is configured. After defining the VFI, you must bind it to one or more attachment circuits (interfaces, subinterfaces, or virtual circuits). The VFI on the n-PE specifies the VPN ID of a VPLS domain, the addresses of other PE routers in this domain, and the type of tunnel signaling and encapsulation (currently, only MPLS encapsulation is supported) mechanism for each peer (shown in Example 12-21).

Example 12-21. Define the VFI and Associate It to the Attachment Circuit
n-PE1(config-vfi)#l2 vfi QinQ manual

n-PE1(config-vfi)# vpn id 10

n-PE1(config-vfi)# neighbor 10.10.10.101 encapsulation mpls

n-PE1(config-vfi)# neighbor 10.10.10.103 encapsulation mpls

n-PE1(config-vlan)#interface vlan 10

n-PE1(config-if)#xconnect vfi QinQ

______________________________________________________________________

n-PE2(config-vfi)#l2 vfi QinQ manual

n-PE2(config-vfi)# vpn id 10

n-PE2(config-vfi)# neighbor 10.10.10.101 encapsulation mpls

n-PE2(config-vfi)# neighbor 10.10.10.103 encapsulation mpls

n-PE2(config-vlan)#interface vlan 10

n-PE2(config-if)#xconnect vfi QinQ

______________________________________________________________________

n-PE3(config)#l2 vfi QinQ manual

n-PE3(config-vfi)# vpn id 10

n-PE3(config-vfi)# neighbor 10.10.10.101 encapsulation mpls

n-PE3(config-vfi)# neighbor 10.10.10.102 encapsulation mpls

n-PE3(config-vlan)#interface vlan 10

n-PE3(config-if)#xconnect vfi QinQ

Verification of VPLS Service

The steps to verify VPLS for the topology shown in Figure 12-10 are as follows:

Step 1.
Ensure that the directed LDP session is operationalExample 12-22 shows the output of show mpls l2transport vc. The output indicates that the AToM VC is functional to transport L2 packets across the MPLS backbone. Example 12-22 shows the output of show mpls l2transport vc on the n-PEs.

Example 12-22. show mpls l2transport vc Output on n-PE1, n-PE2, and n-PE3
n-PE1#show mpls l2transport vc

Local intf     Local circuit        Dest address    VC ID      Status

-------------  -------------------- --------------- ---------- ----------

VFI QinQ       VFI                  10.10.10.102    10         UP

VFI QinQ       VFI                  10.10.10.103    10         UP

_________________________________________________________________________

n-PE2#show mpls l2transport vc

Local intf     Local circuit        Dest address    VC ID      Status

-------------  -------------------- --------------- ---------- ----------

VFI QinQ       VFI                  10.10.10.101    10         UP

VFI QinQ       VFI                  10.10.10.103    10         UP

_________________________________________________________________________

n-PE3#show mpls l2transport vc

Local intf     Local circuit        Dest address    VC ID      Status

-------------  -------------------- --------------- ---------- ----------

VFI QinQ       VFI                  10.10.10.101    10         UP

VFI QinQ       VFI                  10.10.10.102    10         UP

Step 2.
Verify data plane forwarding information—Issue the show mpls forwarding-table command on the n-PEs, as shown in Example 12-23.

Example 12-23. show mpls forwarding-table Output on n-PE1, n-PE2, and n-PE3
n-PE1#show mpls forwarding-table

Local  Outgoing    Prefix             Bytes tag  Outgoing   Next Hop

tag    tag or VC   or Tunnel Id       switched   interface

16     Untagged    l2ckt(10)        44744      Et2        point2point

17     Untagged    l2ckt(10)        10612      Et2        point2point

18     Pop tag     10.10.10.8/30    0          GE3/2      10.10.10.6

       Pop tag     10.10.10.8/30    0          GE3/1      10.10.10.2

19     Pop tag     10.10.10.103/32  0          GE3/2      10.10.10.6

20     Pop tag     10.10.10.102/32  0          GE3/1      10.10.10.2

______________________________________________________________________

n-PE2#show mpls forwarding-table

Local  Outgoing    Prefix             Bytes tag  Outgoing   Next Hop

tag    tag or VC   or Tunnel Id       switched   interface

16     Pop tag     10.10.10.101/32  0          GE3/1       10.10.10.1

17     Untagged    l2ckt(10)        44404      Et2         point2point

18     Pop tag     10.10.10.4/30    0          GE3/2       10.10.10.10

       Pop tag     10.10.10.4/30    0          GE3/1       10.10.10.1

19     Untagged    l2ckt(10)        5734       Et2         point2point

20     Pop tag     10.10.10.103/32  0          GE3/2       10.10.10.10

______________________________________________________________________

n-PE3#show mpls forwarding-table

Local  Outgoing    Prefix             Bytes tag  Outgoing   Next Hop

tag    tag or VC   or Tunnel Id       switched   interface

16     Untagged    l2ckt(10)        45373      Et3         point2point

17     Untagged    l2ckt(10)        39407      Et3         point2point

19     Pop tag     10.10.10.101/32  0          GE3/2       10.10.10.5

20     Pop tag     10.10.10.102/32  0          GE3/1       10.10.10.9

Step 3.
Verify MPLS bindings, VC type, and pseudo-wire neighborsExample 12-24 shows the output of show mpls l2transport binding on n-PE1 where the VC type is Ethernet, which is default unless the remote PE supports only VC type 4 (Ethernet VLAN).

Example 12-24. show mpls l2transport binding on n-PE1
n-PE1#show mpls l2transport binding

  Destination Address: 10.10.10.102, VC ID: 10

    Local Label: 16

        Cbit: 0,   VC Type: Ethernet,     GroupID: 0

        MTU: 1500,  Interface Desc: n/a

    Remote Label: 16

        Cbit: 0,   VC Type: Ethernet,     GroupID: 0

        MTU: 1500,  Interface Desc: n/a

  Destination Address: 10.10.10.103, VC ID: 10

    Local Label: 17

        Cbit: 0,   VC Type: Ethernet,     GroupID: 0

        MTU: 1500,  Interface Desc: n/a

    Remote Label: 17

        Cbit: 0,   VC Type: Ethernet,     GroupID: 0

        MTU: 1500,  Interface Desc: n/a

Example 12-25 shows the output of show mpls l2transport summary outlining the total number of active VCs. Comparing this output with Example 12-6, it shows that a single VC is required to establish Layer 2 connectivity as compared to two VCs, shown in Example 12-6. In H-VPLS, a single pseudo wire is required irrespective of the number of customers.

Example 12-25. Output of show mpls l2transport summary on n-PE1
n-PE1#show mpls l2transport summary

Destination address: 10.10.10.102, total number of vc: 1

  0 unknown, 1 up, 0 down, 0 admin down

  1 active vc on MPLS interface GE3/1

Destination address: 10.10.10.103, total number of vc: 1

  0 unknown, 1 up, 0 down, 0 admin down

  1 active vc on MPLS interface GE3/2

PE Configurations

The configurations for n-PE devices, n-PE1, n-PE2, and n-PE3, are shown in Example 12-26.

Example 12-26. n-PE Configurations
!n-PE1

hostname n-PE1

!

mpls label protocol ldp

mpls ldp discovery targeted-hello accept

mpls ldp router-id Loopback0

!

l2 vfi QinQ

 vpn id 10

 neighbor 10.10.10.102 encapsulation mpls

 neighbor 10.10.10.103 encapsulation mpls

!

vlan internal allocation policy ascending

vlan dot1q tag native

!

interface Loopback0

 ip address 10.10.10.101 255.255.255.255

!

interface FastEthernet4/12

 no ip address

 switchport

 switchport access vlan 10

 switchport mode dot1q-tunnel

!

interface Vlan10

 no ip address

 xconnect vfi QinQ

______________________________________________________________________

!n-PE2

hostname n-PE2

!

mpls label protocol ldp

mpls ldp discovery targeted-hello accept

mpls ldp router-id Loopback0

!

l2 vfi QinQ

 vpn id 10

 neighbor 10.10.10.101 encapsulation mpls

 neighbor 10.10.10.103 encapsulation mpls

!

vlan internal allocation policy ascending

vlan dot1q tag native

!

interface Loopback0

 ip address 10.10.10.102 255.255.255.255

!

interface FastEthernet4/12

 no ip address

 switchport

 switchport access vlan 10

 switchport mode dot1q-tunnel

!

interface Vlan10

 no ip address

 xconnect vfi QinQ

______________________________________________________________________

!n-PE3

hostname n-PE3

!

mpls label protocol ldp

mpls ldp discovery targeted-hello accept

mpls ldp router-id Loopback0

!

l2 vfi QinQ

 vpn id 10

 neighbor 10.10.10.101 encapsulation mpls

 neighbor 10.10.10.102 encapsulation mpls

!

vlan internal allocation policy ascending

vlan dot1q tag native

!

interface Loopback0

 ip address 10.10.10.103 255.255.255.255

!

interface FastEthernet2/12

 no ip address

 switchport

 switchport access vlan 10

 switchport mode dot1q-tunnel

!

interface Vlan10

 no ip address

 xconnect vfi QinQ

u-PE Configurations

Example 12-27 shows configurations on the u-PE devices, u-PE1, u-PE2, and u-PE3.

Example 12-27. u-PE Configurations
!u-PE1

hostname u-PE1

!

vlan 100,200

!

interface FastEthernet0/1

description connected to CE1-A

 switchport access vlan 100

 switchport trunk encapsulation dot1q

 switchport mode dot1q-tunnel

 no cdp enable

 spanning-tree bpdufilter enable

!

interface FastEthernet0/2

description connected to CE1-B

 switchport access vlan 200

 No switchport trunk encapsulation dot1q

 switchport mode dot1q-tunnel

 no cdp enable

 spanning-tree bpdufilter enable

!

interface FastEthernet0/12

description connected to n-PE1

 no switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 100,200

 switchport mode trunk

______________________________________________________________________

!u-PE2

hostname u-PE2

!

vlan 100,200

!

interface FastEthernet0/1

description connected to CE2-A

 switchport access vlan 100

 No switchport trunk encapsulation dot1q

 switchport mode dot1q-tunnel

 no cdp enable

 spanning-tree bpdufilter enable

!

interface FastEthernet0/2

description connected to CE2-B

 switchport access vlan 200

 No switchport trunk encapsulation dot1q

 switchport mode dot1q-tunnel

 no cdp enable

 spanning-tree bpdufilter enable

!

interface FastEthernet0/12

description connected to n-PE2

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 100,200

 switchport mode trunk

______________________________________________________________________

!u-PE3

hostname u-PE3

!

vlan 100,200

!

interface FastEthernet0/1

description connected to CE3-A

 switchport access vlan 100

 No switchport trunk encapsulation dot1q

 switchport mode dot1q-tunnel

 no cdp enable

 spanning-tree bpdufilter enable

!

interface FastEthernet0/2

description connected to CE3-B

 switchport access vlan 200

 No switchport trunk encapsulation dot1q

 switchport mode dot1q-tunnel

 no cdp enable

 spanning-tree bpdufilter enable

!

interface FastEthernet0/12

description connected to n-PE3

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 100,200

 switchport mode trunk

CE Configurations for Customer A and Customer B

The configurations for Customer A and Customer B CE devices are shown in Example 12-28.

Example 12-28. CE Configurations for Customer A and B
!CE1-A

hostname CE1-A

!

interface FastEthernet0/0.100

 encapsulation dot1Q 100

 ip address 172.16.1.1 255.255.255.0

______________________________________________________________________

!CE1-B

hostname CE1-B

!

interface FastEthernet0/0.200

 encapsulation dot1Q 200

 ip address 192.168.1.1 255.255.255.0

______________________________________________________________________

!CE2-A

hostname CE2-A

!

interface FastEthernet0/0.100

 encapsulation dot1Q 100

 ip address 172.16.1.1 255.255.255.0

______________________________________________________________________

!CE2-B

hostname CE2-B

!

interface FastEthernet0/0.200

 encapsulation dot1Q 200

 ip address 192.168.1.2 255.255.255.0

______________________________________________________________________

!CE3-A

hostname CE3-A

!

interface FastEthernet0/0.100

encapsulation dot1Q 100

ip address 172.16.1.1 255.255.255.0

______________________________________________________________________

!CE3-B

hostname CE3-B

!

interface FastEthernet0/0.200

 encapsulation dot1Q 200

 ip address 192.168.1.3 255.255.255.0

    Previous Section  < Day Day Up >  Next Section