C7609-VPLS on OSM Config-example
Virtual Private LAN Services on the Optical Services Modules
This section describes how to configure Virtual Private LAN Services (VPLS) on the Optical Services Modules (OSMs) and covers the topics below.
•
Full-Mesh Configuration Example
• H-VPLS with MPLS Edge Configuration Example
• Configuring Dot1q Transparency for EoMPLS
VPLS Overview
Virtual Private LAN Services (VPLS) uses the provider core to join multiple attachment circuits together to simulate a virtual bridge that connects the multiple attachment circuits together. From a customer point of view, there is no topology for VPLS. All of the CE devices appear to connect to a logical bridge emulated by the provider core. See Figure 10-1.
Figure 10-1 VPLS
Full-mesh, hub and spoke, and Hierarchical VPLS (H-VPLS) with MPLS edge configurations are available.
Full-Mesh Configuration
The full-mesh configuration requires a full mesh of tunnel label switched paths (LSPs) between all the PEs that participate in the VPLS. With full-mesh, signaling overhead and packet replication requirements for each provisioned VC on a PE can be high.
You set up a VPLS by first creating a virtual forwarding instance (VFI) on each participating PE router. The VFI specifies the VPN ID of a VPLS domain, the addresses of other PE routers in the domain, and the type of tunnel signaling and encapsulation mechanism for each peer PE router.
The set of VFIs formed by the interconnection of the emulated VCs is called a VPLS instance; it is the VPLS instance that forms the logic bridge over a packet switched network. The VPLS instance is assigned a unique VPN ID.
The PE routers use the VFI to establish a full-mesh LSP of emulated VCs to all the other PE routers in the VPLS instance. PE routers obtain the membership of a VPLS instance through static configuration using the Cisco IOS CLI.
The full-mesh configuration allows the PE router to maintain a single broadcast domain. Thus, when the PE router receives a broadcast, multicast, or unknown unicast packet on an attachment circuit, it sends the packet out on all other attachment circuits and emulated circuits to all other CE devices participating in that VPLS instance. The CE devices see the VPLS instance as an emulated LAN.
To avoid the problem of a packet looping in the provider core, the PE devices enforce a "split-horizon" principle for the emulated VCs. That means if a packet is received on an emulated VC, it is not forwarded on any other emulated VC.
After the VFI has been defined, it needs to be bound to an attachment circuit to the CE device.
The packet forwarding decision is made by looking up the Layer 2 virtual forwarding instance (VFI) of a particular VPLS domain.
A VPLS instance on a particular PE router receives Ethernet frames that enter on specific physical or logical ports and populates a MAC table similarly to how an Ethernet switch works. The PE router can use the MAC address to switch those frames into the appropriate LSP for delivery to the another PE router at a remote site.
If the MAC address is not in the MAC address table, the PE router replicates the Ethernet frame and floods it to all logical ports associated with that VPLS instance, except the ingress port where it just entered. The PE router updates the MAC table as it receives packets on specific ports and removes addresses not used for specific periods.
Hub and Spoke
In a hub-and-spoke model, the PE router that acts as the hub establishes a point-to-multipoint forwarding relationship with all PE routers at the spoke sites. An Ethernet or VLAN packet received from the customer network on the hub PE can be forwarded to one or more emulated VCs.
The PE routers that act as the spoke establish a point-to-point connection to the PE at the hub site. Ethernet or VLAN packets received from the customer network on the spoke PE are forwarded to the VFI or VPLS instance at the hub. If there are a number of customer sites connecting to the spoke, you can terminate mutiple VCs per spoke into the same VFI or VPLS instance at the hub.
H-VPLS
Hierarchical VPLS (H-VPLS) reduces both signaling and replication overhead by using both full-mesh as well as hub and spoke configurations. Hub and spoke configurations operate with split horizon to allow packets to be switched between pseudo-wires (PWs), effectively reducing the number of PWs between PEs.
Note Split horizon is the default configuration to avoid broadcast packet looping. To avoid looping when using the no-split-horizon keyword, be very mindful of your network configuration.
Restrictions for VPLS
The following general restrictions pertain to all transport types under VPLS:
•Split horizon is the default configuration to avoid broadcast packet looping and to isolate Layer 2 traffic. With split horizon, a packet coming from a WAN interface never goes back to another WAN interface (it always get switched to a Layer 2 interface). Split horizon prevents packets received from an emulated VC from being forwarded into another emulated VC. This technique is important for creating loop-free paths in a full-meshed network.
•The Cisco 7600 series routers support a maximum of 60 peer PEs and a maximum of 15,000 VCs. For example, you can configure 15,000 VCs as 1,000 VFIs with 15 VPLS peers per VFI.
Note The 60 peer PEs are distributed between the MPLS edge and the core; do not assume there are 60 peer PEs on each side.
•No software-based data plane is supported.
•No auto-discovery mechanism is supported.
•Load sharing and failover on redundant CE-PE links are not supported.
•The addition or removal of MAC addresses with Label Distribution Protocol (LDP) is not supported.
•On the Cisco 7600 series router, the virtual forwarding instance (VFI) is supported only with the interface vlan command.
Supported Features
Multipoint-to-Multipoint Support
Two or more devices are associated over the core network. No one device is designated as the Root node, but all devices are treated as Root nodes. All frames can be exchanged directly between nodes.
Non-Transparent Operation
A virtual Ethernet connection (VEC) can be transparent or non-transparent with respect to Ethernet PDUs (that is, BPDUs). The purpose of VEC non-transparency is to allow the end user to have a Frame Relay-type service between Layer 3 devices.
Circuit Multiplexing
Circuit Multiplexing allows a node to participate in multiple services over a single Ethernet connection. By participating in multiple services, the Ethernet connection is attached to multiple logical networks. Some examples of possible service offerings are VPN services between sites, Internet services, and third-party connectivity for intercompany communications.
MAC-Address Learning Forwarding and Aging
PEs must learn remote MAC addresses and directly attached MAC addresses on customer facing ports. MAC address learning accomplishes this by deriving topology and forwarding information from packets originating at customer sites. A timer is associated with stored MAC addresses. After the timer expires, the entry is removed from the table.
Jumbo Frame Support
Jumbo frame support provides support for frame sizes between 1548 through 9216 bytes. You use the CLI to establish the jumbo frame size for any value specified in the above range. The default value is 1500 bytes in any Layer 2/VLAN interface. You can configure jumbo frame support on a per-interface basis.
Q-in-Q Support and Q-in-Q to EoMPLS Support
With 802.1Q tunneling (Q-in-Q), the CE issues VLAN-tagged packets and the VPLS forwards the packets to a far-end CE. Q-in-Q refers to the fact that one or more 802.1Q tags may be located in a packet within the interior of the network. As packets are received from a CE device, an additional VLAN tag is added to incoming Ethernet packets to segregate traffic from different CE devices. Untagged packets originating from the CE use a single tag within the interior of the VLAN switched network, while previously tagged packets originating from the CE use two or more tags.
VPLS Services
Transparent LAN Service (TLS) and Ethernet Virtual Connection Service (EVCS) are available for service provider and enterprise use.
•Transparent LAN Service (TLS)—Use when you need transparency of bridging protocols (for example, bridge protocol data units [BPDUs]) and VLAN values. Bridges see this service as an Ethernet segment.
Note You must enable Layer 2 protocol tunneling to run the Cisco Discovery Protocol (CDP), the VLAN Trunking Protocol (VTP), and the Spanning-Tree Protocol (STP). See Chapter 18, "Configuring IEEE 802.1Q Tunneling" in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR.
•Ethernet Virtual Connection Service (EVCS)—Use when you need routers to reach multiple intranet and extranet locations from a single physical port. Routers see subinterfaces through which they access other routers.
Transparent LAN Service
TLS is an extension to the point-to-point port-based EoMPLS. With TLS, the PE router forwards all Ethernet packets received from the customer-facing interface (including tagged, untagged, and BPDUs) as follows:
•To a local Ethernet interface or an emulated VC if the destination MAC address is found in the Layer 2 forwarding table.
•To all other local Ethernet interfaces and emulated VCs belonging to the same VPLS domain if the destination MAC address is a multicast or broadcast address or if the destination MAC address is not found in the Layer 2 forwarding table.
Ethernet Virtual Connection Service
EVCS is an extension to the point-to-point VLAN-based EoMPLS. With EVCS, the PE router forwards all Ethernet packets with a particular VLAN tag received from the customer-facing interface (excluding BPDUs) as follows:
•To a local Ethernet interface or to an emulated VC if the destination MAC address is found in the Layer 2 forwarding table.
•To all other local Ethernet interfaces and emulated VCs belonging to the same VPLS domain if the destination MAC address is a multicast or broadcast address or if the destination MAC address is not found in the Layer 2 forwarding table.
Note Because it has only local significance, the demultiplexing VLAN tag that identifies a VPLS domain is removed before forwarding the packet to the outgoing Ethernet interfaces or emulated VCs.
Benefits of VPLS
VPLS (Virtual Private LAN Service) enables enterprises to link together their Ethernet-based LANs from multiple sites via the infrastructure provided by their service provider. From the enterprise perspective, the service provider's public network looks like one giant Ethernet LAN. For the service provider, VPLS provides an opportunity to deploy another revenue-generating service on top of their existing network without major capital expenditures. Operators can extend the operational life of equipment in their network.
Configuring VPLS
This section explains how to perform a basic VPLS configuration.
Note Provisioning a VPLS link involves provisioning the associated attachment circuit and the VFI on the PE.
Note VPLS is supported on Supervisor Engine 720-based systems.
Prerequisites
Before you configure VPLS, ensure that the network is configured as follows:
•Configure IP routing in the core so that the PE routers can reach each other via IP.
•Configure MPLS in the core so that a label switched path (LSP) exists between the PE routers.
•Configure a loopback interface for originating and terminating Layer 2 traffic. Make sure the PE routers can access the other router's loopback interface. Note that the loopback interface is not needed in all cases. For example, tunnel selection does not need a loopback interface when VPLS is directly mapped to a TE tunnel.
Supported Modules
The OSM-2+4GE-WAN-GBIC+ is the only core facing module supported.
Customer facing interfaces are all Ethernet/ Fast Ethernet/ Gigabit Ethernet interfaces based on Layer 2 Catalyst LAN ports. See the Catalyst 6500 Switch Module Guide at: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/6000hw/mod_gd/index.htm.
Basic VPLS Configuration
VPLS configuration requires you to identify peer PE routers and to attach Layer 2 circuits to the VPLS at each PE router.
VPLS configuration requires the following:
• Configuring the PE Layer 2 Interface to the CE
• Configuring Layer 2 VLAN Instance on the PE
• Configuring MPLS WAN Interface on the PE
• Configuring the VFI in the PE
• Associating the Attachment Circuit with the VSI at the PE
Configuring the PE Layer 2 Interface to the CE
You must configure the Layer 2 interface as a switchport for local bridging. You have the option of selecting tagged or untagged traffic from the CE device.
Note It is important to define the trunk VLANs; use the switchport trunk allow vlan command as shown in the first example below.
SUMMARY STEPS
Option 1—802.1Q Trunk for Tagged Traffic from the CE
1. interface type number
2. no ip address ip-address mask [secondary]
3. switchport
4. switchport trunk encapsulation dot1q
5. switchport trunk allow vlan
6. switchport mode trunk
Note When EVCS is configured, the PE router forwards all Ethernet packets with a particular VLAN tag to a local Ethernet interface or emulated VC if the destination MAC address is found in Layer 2 forwarding table.
DETAILED STEPS
This example shows how to configure the tagged traffic.
Router(config)# interface GigabitEthernet4/4
Router(config)# no ip address
Router(config-if)# switchport
Router(config-if)# switchport trunk encapsulation dot1q
Router(config-if)# switchport trunk allow vlan 501
Router(config-if)# switchport mode trunk
This example shows how to use the show run interface command to verify the configuration.
Router# show run interface GigabitEthernet4/4
Building configuration...
Current configuration : 212 bytes
!
interface GigabitEthernet4/4
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 501
switchport mode trunk
end
SUMMARY STEPS
Option 2—802.1Q Access Port for Untagged Traffic from CE
1. interface type number
2. no ip address ip-address mask [secondary]
3. speed [1000 | nonegotiate]
4. switchport
5. switchport mode access
6. switchport access vlan vlan-id
DETAILED STEPS
This example shows how to configure the untagged traffic.
Router(config)# interface GigabitEthernet4/4
Router(config)# no ip address
Router(config-if)# speed nonegotiate
Router(config-if)# switchport
Router(config-if)# switchport mode access
Router(config-if)# switchport access vlan 501
This example shows how to use the show run interface command to verify the configuration.
Router# show run interface GigabitEthernet4/4
Building configuration...
Current configuration : 212 bytes
!
interface GigabitEthernet4/4
speed nonegotiate
switchport
switchport mode access
switchport access vlan 501
end
SUMMARY STEPS
Option 3—Using Q-in-Q to Place All VLANs into a Single VPLS
1. interface type number
2. no ip address ip-address mask [secondary]
3. speed [1000 | nonegotiate]
4. switchport
5. switchport access vlan vlan-id
6. switchport mode dot1q-tunnel
7. l2protocol-tunnel [cdp | stp | vtp]
Note When TLS is configured, the PE router forwards all Ethernet packets received from the CE device to all local Ethernet interfaces and emulated VCs belonging to the same VPLS domain if the MAC address is not found in the Layer 2 forwarding table.
DETAILED STEPS
This example shows how to configure the tagged traffic.
Router(config)# interface GigabitEthernet4/4
Router(config)# no ip address
Router(config-if)# speed nonegotiate
Router(config-if)# switchport
Router(config-if)# switchport access vlan 501
Router(config-if)# switchport mode dot1q-tunnel
Router(config-if)# l2protocol-tunnel cdp
This example shows how to use the show run interface command to verify the configuration.
Router# show run interface GigabitEthernet4/4
Building configuration...
Current configuration : 212 bytes
!
interface GigabitEthernet4/4
no ip address
speed nonegotiate
switchport
switchport access vlan 501
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
end
Use the show spanning-tree vlan command to verify the port is not in a blocked state.
Router# show spanning-tree vlan 501
VLAN0501
Spanning tree enabled protocol ieee
Root ID Priority 33269
Address 0001.6446.2300
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33269 (priority 32768 sys-id-ext 501)
Address 0001.6446.2300
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 0
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- --------
--------------------------------
Gi4/4 Desg FWD 4 128.388 P2p
Use the show vlan id command to verify that a specific port is configured to send and receive a specific VLANs traffic.
Router# show vlan id 501
VLAN Name Status Ports
---- -------------------------------- ---------
501 VLAN0501 active Gi4/4
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1
Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------
501 enet 100501 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Disabled
Primary Secondary Type Ports
------- --------- -----------------
Configuring Layer 2 VLAN Instance on the PE
Configuring the Layer 2 VLAN interface on the PE enables the Layer 2 VLAN instance on the PE router to the VLAN database to set up the mapping between the VPLS and VLANs.
For more information, see See "Configuring VLANs" in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR.
SUMMARY STEPS
1. vlan vlan-id
2. interface vlan vlan-id
DETAILED STEPS
This is an example of configuring a Layer 2 VLAN instance.
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# vlan 501
Router(config)# interface vlan 501
Router(config-if)#
Use the show interfaces vlan command to verify the VLAN is in the up state (example not shown).
Configuring MPLS WAN Interface on the PE
The following commands configure the MPLS WAN interface.
Note The MPLS uplink must be on one of the supported OSMs.
SUMMARY STEPS
1. interface type number
2. ip address ip-address mask
3. tag-switching ip
4. mls qos trust [cos | dscp | ip-precedence]
DETAILED STEPS
This is an example of configuring the WAN interface.
Router(config)# interface pos4/1
Router(config)# ip address 181.10.10.1 255.255.255.0
Router(config-if)# ip directed-broadcast
Router(config-if)# ip ospf network broadcast
Router(config-if)# no keepalive
Router(config-if)# mpls label protocol ldp
Router(config-if)# tag-switching ip
Router(config-if)# mls qos trust dscp
Use the show tag-switching interfaces command to verify operation.
Router# show tag-switching interfaces pos4/1
Interface IP Tunnel Operational
POS4/1 Yes (ldp) Yes Yes
Router#
Configuring MPLS in the PE
To configure MPLS in the PE, you must provide the required MPLS parameters.
Note Before configuring MPLS, ensure that you have IP connectivity between all PEs by configuring Interior Gateway Protocol (IGP) (Open Shortes Path First [OSPF] or Intermediate System to Intermediate System [IS-IS]) between the PEs.
SUMMARY STEPS
1. enable
2. configure terminal
3. mpls label protocol {ldp | tdp}
4. (Optional) mpls ldp logging neighbor-changes
5. tag-switching tdp discovery {hello | directed hello} {holdtime | interval} seconds
6. tag-switching tdp router-id Loopback0 force
DETAILED STEPS
This example shows global MPLS configuration.
Router(config)# mpls label protocol ldp
Router(config)# tag-switching tdp discovery directed hello
Router(config)# tag-switching tdp router-id Loopback0 force
This example shows how to use the show ip cef command to verify that LDP label is assigned.
Router# show ip cef 192.168.17.7
192.168.17.7/32, version 272, epoch 0, cached adjacency to POS4/1
0 packets, 0 bytes
tag information set
local tag: 8149
fast tag rewrite with PO4/1, point2point, tags imposed: {4017}
via 11.3.1.4, POS4/1, 283 dependencies
next hop 11.3.1.4, POS4/1
valid cached adjacency
tag rewrite with PO4/1, point2point, tags imposed: {4017}
Configuring the VFI in the PE
The virtual switch instance (VFI) specifies the VPN ID of a VPLS domain, the addresses of other PE routers in this domain, and the type of tunnel signaling and encapsulation mechanism for each peer. (This is where you create the VSI and associated VCs.) Configure a VFI as follows:
Note Only MPLS encapsulation is supported.
SUMMARY STEPS
1. l2 vfi name manual
2. vpn id vpn-id
3. neighbor remote router id [vc-id-value] {encapsulation mpls} [no-split-horizon]
4. shutdown
DETAILED STEPS
The following example shows a VFI configuration.
Router(config)# l2 vfi VPLSA manual
Router(config-vfi)# vpn id 100
Router(config-vfi)# neighbor 11.11.11.11 encapsulation mpls
Router(config-vfi)# neighbor 33.33.33.33 encapsulation mpls
Router(config-vfi)# neighbor 44.44.44.44 encapsulation mpls
The following example shows a VFI configuration for hub and spoke.
Router(config)# l2 vfi VPLSA manual
Router(config-vfi)# vpn id 100
Router(config-vfi)# neighbor 9.9.9.9 2001 encapsulation mpls
Router(config-vfi)# neighbor 12.12.12.12 2002 encapsulation mpls
Router(config-vfi)# neighbor 33.33.33.33 2003 encapsulation mpls no-split-horizon
The show mpls 12transport vc command displays various information related to PE1.
Note The show mpls l2transport vc detail command is also available to show detailed information about the VCs on a PE router as in the following example. (This example is not based on the previous VFI configurations.)
VPLS-PE2# show mpls l2transport vc 201
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
VFI test1 VFI 153.1.0.1 201 UP
VFI test1 VFI 153.3.0.1 201 UP
VFI test1 VFI 153.4.0.1 201 UP
Note The VC ID in the output represents the VPN ID; the VC is identified by the combination of the Dest address and the VC ID as in the example below. (This example is not based on the previous VFI configurations.)
The show vfi vfi name command shows VFI status.
nPE-3# show vfi VPLS-2
VFI name: VPLS-2, state: up
VPN ID: 100
Local attachment circuits:
Vlan2
Neighbors connected via pseudowires:
Peer Address VC ID Split-horizon
1.1.1.1 2 Y
1.1.1.2 2 Y
2.2.2.3 2 N
Associating the Attachment Circuit with the VSI at the PE
After defining the VFI, you must bind it to one or more attachment circuits (interfaces, subinterfaces, or virtual circuits).
SUMMARY STEPS
1. interface vlan vlan-id
2. no ip address (Configuring an IP address causes Layer 3 interface to be created for the VLAN.)
3. xconnect vfi vfi name
DETAILED STEPS
This example shows an interface VLAN configuration.
Router(config-if)# interface vlan 100
Router(config-if)# no ip address
Router(config-if)# xconnect vfi VPLS_501
This is an example of how to use the show vfi command for VFI status.
Router# show vfi VPLS_501
VFI name: VPLS_501, state: up
VPN ID: 100
Local attachment circuits:
vlan 100
Neighbors connected via pseudowires:
192.168.11.1 192.168.12.2 192.168.13.3 192.168.16.6
192.168.17.7
Full-Mesh Configuration Example
In a full-mesh configuration, each PE router creates a multipoint-to-multipoint forwarding relationship with all other PE routers in the VPLS domain using a VFI. An Ethernet or VLAN packet received from the customer network can be forwarded to one or more local interfaces and or emulated VCs in the VPLS domain. To avoid broadcasted packets looping around in the network, no packet received from an emulated VC can be forwarded to any emulated VC of the VPLS domain on a PE router. That is, the Layer 2 split horizon should always be enabled as the default in a full-mesh network. Figure 10-2 shows the configuration example.
Figure 10-2
VPLS Configuration Example
Configuration on PE 1
This shows the creation of the virtual switch instances (VSIs) and associated VCs.
l2 vfi PE1-VPLS-A manual
vpn id 100
neighbor 2.2.2.2 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls
!
interface Loopback 0
ip address 1.1.1.1 255.255.255.255
This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).
interface FastEthernet0/0
switchport
switchport mode dot1qtunnel
switchport access vlan 100
!
Here the attachment circuit (VLAN) is associated with the VSI.
interface vlan 100
no ip address
xconnect vfi PE1-VPLS-A
!
This is the enablement of the Layer 2 VLAN instance.
vlan 100
state active
Configuration on PE 2
This shows the creation of the virtual switch instances (VSIs) and associated VCs.
l2 vfi PE2-VPLS-A manual
vpn id 100
neighbor 1.1.1.1 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls
!
interface Loopback 0
ip address 2.2.2.2 255.255.255.255
This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).
interface FastEthernet0/0
switchport
switchport mode dot1qtunnel
switchport access vlan 100
!
Here the attachment circuit (VLAN) is associated with the VSI.
interface vlan 100
no ip address
xconnect vfi PE2-VPLS-A
!
This is the enablement of the Layer 2 VLAN instance.
vlan 100
state active
Configuration on PE 3
This shows the creation of the virtual switch instances (VSIs) and associated VCs.
l2 vfi PE3-VPLS-A manual
vpn id 100
neighbor 1.1.1.1 encapsulation mpls
neighbor 2.2.2.2 encapsulation mpls
!
interface Loopback 0
ip address 3.3.3.3 255.255.255.255
This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).
interface FastEthernet0/1
switchport
switchport mode dot1qtunnel
switchport access vlan 100
!
Here the attachment circuit (VLAN) is associated with the VSI.
interface vlan 100
no ip address
xconnect vfi PE3-VPLS-A .
!
This is the enablement of the Layer 2 VLAN instance.
vlan 100
state active
The show mpls l2 vc command provides information on the status of the VC.
VPLS1# show mpls l2 vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
Vi1 VFI 22.22.22.22 100 DOWN
Vi1 VFI 22.22.22.22 200 UP
Vi1 VFI 33.33.33.33 100 UP
Vi1 VFI 44.44.44.44 100 UP
Vi1 VFI 44.44.44.44 200 UP
The show vfi command provides information on the VFI.
PE-1# show vfi PE1-VPLS-A
VFI name: VPLSA, state: up
VPN ID: 100
Local attachment circuits:
Vlan100
Neighbors connected via pseudowires:
2.2.2.2 3.3.3.3
The show mpls 12transport vc command provides information about the virtual circuits.
osr12# show mpls l2 vc detail
Local interface: VFI vfi17 up
Destination address: 1.3.1.1, VC ID: 17, VC status: up
Output interface: PO3/4, imposed label stack {18}
Create time: 3d15h, last status change time: 1d03h
Signaling protocol: LDP, peer 1.3.1.1:0 up
MPLS VC labels: local 18, remote 18
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 0, send 0
byte totals: receive 0, send 0
packet drops: receive 0, send 0
H-VPLS with MPLS Edge Configuration Example
The Hierarchical VPLS model comprises hub and spoke and full-mesh networks. In a full-mesh configuration, each PE router creates a multipoint-to-multipoint forwarding relationship with all other PE routers in the VPLS domain using VFIs.
In the hub and spoke configuration, a PE router can operate in a non-split-horizon mode that allows inter-VC connectivity without the requirement to add a Layer 2 port in the VLAN.
In the example below, the VLANs on CE1, CE2, CE3, and CE4 (in red color) connect through a full-mesh network. The VLANs on CE2, CE5, and CE6 connect through a hub and spoke network. CE2 is directly attached to the PE2 hub and CE6 is directly attached to the PE1 hub. CE4 and CE5 both are connected to the PE3 hub through the spoke uPE. Figure 10-3 shows the configuration example.
Figure 10-3 H-
VPLS Configuration
Configuration on PE1
This shows the creation of the virtual switch instances (VSIs) and associated VCs. Note that the VCs in green require the no-split-horizon keyword. The no-split-horizon command disables the default Layer 2 split horizon in the data path.
l2 vfi Internet manual
vpn id 100
neighbor 120.0.0.3 encapsulation mpls no-split-horizon
neighbor 162.0.0.2 encapsulation mpls no-split-horizon
l2 vfi PE1-VPLS-A manual
vpn id 200
neighbor 120.0.0.3 encapsulation mpls
neighbor 162.0.0.2 encapsulation mpls
interface Loopback 0
ip address 20.0.0.1 255.255.255.255
This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).
interface GigEthernet1/1
switchport
switchport mode trunk
switchport trunk encap dot1q
switchport trunk allow vlan 1001,1002-1005
Here the attachment circuit (VLAN) is associated with the VFI.
interface vlan 1001
xconnect vfi Internet
interface FastEthernet2/1
switchport
switchport mode trunk
switchport trunk encap dot1q
switchport trunk allow vlan 211,1002-1005
interface vlan 211
xconnect vfi PE1-VPLS-A
Configuration on PE2
This shows the creation of the VFIs and associated VCs.
l2 vfi Internet manual
vpn id 100
neighbor 20.0.0.1 encapsulation mpls
l2 vfi PE2-VPLS-A manual
vpn id 200
neighbor 120.0.0.3 encapsulation mpls
neighbor 20.0.0.1 encapsulation mpls
interface Loopback 0
ip address 162.0.0.2 255.255.255.255
This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).
interface GigEthernet2/1
switchport
switchport mode trunk
switchport trunk encap dot1q
switchport trunk allow vlan 211,1001,1002-1005
Here the attachment circuit (VLAN) is associated with the VFI.
interface vlan 1001
xconnect vfi Internet
interface vlan 211
xconnect vfi PE2-VPLS-A
Configuration on PE3
This shows the creation of the VFIs and associated VCs.
l2 vfi Internet manual
vpn id 100
neighbor 20.0.0.1 encapsulation mpls
neighbor 162.0.0.2 encapsulation mpls
neighbor 30.0.0.1 encapsulation mpls no-split horizon
l2 vfi PE3-VPLS-A manual
vpn id 200
neighbor 162.0.0.2 encapsulation mpls
neighbor 20.0.0.1 encapsulation mpls
neighbor 30.0.0.1 200 encapsulation mpls no-split horizon
interface Loopback 0
ip address 120.0.0.3 255.255.255.255
This configures the CE device interface.
interface GigEthernet6/1
switchport
switchport mode trunk
switchport trunk encap dot1q
switchport trunk allow vlan 211
This configures the attachment circuits.
interface vlan 1001
xconnect vfi Internet
interface vlan 211
xconnect vfi PE3-VPLS-A
Usually EoMPLS is configured on the uPE device. You can use port-based or VLAN-based EoMPLS. This configures port-based EoMPLS on the uPE (the uPE connects to CE4).
interface GigEthernet 1/1
xconnect 120.0.0.3 100 encapsulation mpls
This configures VLAN-based EoMPLS on the uPE. (the uPE connects to CE4).
interface GigEthernet 1/1
encapsulation dot1Q 100
xconnect 120.0.0.3 100 encapsulation mpls
MAC Limit Per VLAN
VPLS provides the ability to limit the maximum number of MAC entries per VLAN to avoid exhausting resources. To enable the MAC limit feature, use the mac-address-table limit command; see the Cisco 7600 Series Cisco IOS Software Command Reference Guide, 12.2SR.
Traffic Engineering for Transport Tunnel
MPLS traffic engineering software enables an MPLS backbone to replicate and expand upon the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks. See
Load Balancing
Load balancing describes a functionality in a router that distributes packets across multiple links. For information on load balancing, see
QoS
VPLS uses PFC-based QoS on the input side; on the core-facing interface, VPLS uses OSM-based features similar to EoMPLS, except for shaping.
Per-VLAN Shaping
Per-VLAN traffic shaping in an VPLS environment has different characteristics from EoMPLS. The queues are based on the shaping parameter on a per-MPLS port basis. A VLAN configured for a 100 Mbps shaper creates a 100 M queue on each physical MPLS uplink port in the VPLS domain. In a PE with four MPLS uplinks, this allows up to 400 Mbps of traffic to be forwarded into the core network. If two VCs share an egress interface, they would also share the same 100M shaper.
The following configuration matches all traffic input, and shapes the traffic on each egress interface to 100 Mbps.
class-map match-all all
match any
policy-map shape100
class all
shape average 100000000
interface Vlan100
no ip address
xconnect vfi 100
service-policy output shape100
For information on PFC-based QoS, see "Configuring PFC QoS" at http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/software/122sx/swcg/qos.htm.
For information on QoS for the core-facing interface, see the "How to Configure QoS with AToM" section.
Note If you are shaping policy to both the VLAN interface and the core-facing interface, then the policy on the VLAN interface overrides the policy on the core-facing interface.
Note VPLS supports a maximum of up to 30,000 VCs; for this number, we recommend that you configure a maximum of five different EXP classifications.
Note If a service policy is applied on the core-facing interface, then the number of VPLS VCs going out of the interfaces on a single PXF processor cannot exceed 21,000.
Configuring Dot1q Transparency for EoMPLS
The Dot1q Transparency for EoMPLS feature allows a service provider to modify the MPLS EXP bits for core-based QoS policies while leaving any VPLS customer 802.1p bits unchanged.
When applying a service policy to an EoMPLS configured VLAN interface that sets the MPLS EXP bits, the set effects both the Interior Gateway Protocol (IGP) label and the VC label. If the customer traffic includes an 802.1q label with associated 802.1p bits, the 802.1p bits are rewritten on the egress PE based on the received VC EXP bits. If the policy sets the MPLS EXP bits to a different value from the received 802.1p bits, the rewriting on the egress PE results in a modification of the customer's 802.1p bits.
The Dot1q Transparency for EoMPLS feature provides the option for the VLAN-applied policy to affect only the IGP label (for core QoS) and leaves the VC label EXP bits equal to the 802.1p bits. On the egress PE, the 802.1p bits are still rewritten based on the received VC EXP bits, however, because the EXP bits now match the ingress 802.1p bits, a VPLS customer's 802.1p bits do not change.
Restrictions
The following restrictions apply to the Dot1q Transparency for EoMPLS feature:
•Global configuration applies to all virtual forwarding instance (VFI) and switched virtual interface (SVI) EoMPLS VCs configured on the Cisco 7600 series routers.
•Only supported on OSMs.
•Interoperability requires applying the Dot1q Transparency for EoMPLS feature to all participating PE routers.
SUMMARY STEPS
1. enable
2. configure terminal
3. platform vfi dot1q-transparency
4. interface vlan
5. no ip address
6. xconnect peer-router-id vcid encapsulation mpls
7. service-policy output
DETAILED STEPS
This is an example of configuring the Dot1q Transparency feature.
platform vfi dot1q-transparency
!
l2 vfi customer-A manual
vpn id 200
neighbor 1.0.10.1 encapsulation mpls
neighbor 1.0.11.1 encapsulation mpls
neighbor 1.0.111.1 encapsulation mpls
!
class-map match-all any
match any
!
policy-map mpls-set-exp-1
class any
set mpls experimental imposition 1
!
interface Vlan200
no ip address
xconnect vfi customer-A
service-policy input mpls-set-exp-1
Use the show cwan vfi dot1q-transparent command to verify the VLAN is in the up state.
Router# show cwan vfi dot1q-transparency
VFI dot1q transparency is enabled
Router#
浙公网安备 33010602011771号