BNG Workshop

Aachen 03.2016

practical introduction
into IP/MPLS

Valery Soshnikov
Agenda – MPLS theory and practice
› IP/MPLS Overview
› Part 1: Transport IGP
– MPLS Lab overview
– Exercice 1: Links and transport IGP configuration
› Part 2: Label switching and distribution
– Exercice 2: MPLS and LDP configuration
› Part 3: L3 VPN
– Exercice 3: L3VPN and CE connectivity
› Part 4: L2 VPNs: T-LDP, VPLS and VPWS
– Exercice 4: L2VPN
IP/MPLS technology
overview
Why MPLS?
› MPLS is important for telecommunication networks

Voice TV & Video Data

PABX

IP-PABX IP TV

PSTN MPLS
Internet

AXE Internet

Mobile Networks
IP-PABX

Mobile Networks
What is MPLs?

Multi-Protocol Label switching

label
label IP PacketIP packet

label IP Packet
IP packet IP packet

label IP Packet

MPLS/IP Network
 MPLS challenges IP
VPN
QoS– Virtual
– Quality
Private
of Service
Network

40.1.1.1
VPN-A MPLS/IP 40.1.2.1
VPN-A

o l l e H
o l l e H

VPN-b
40.1.2.1
40.1.1.1
VPN-b
MPLS/IP Network
MPLS and the OSI Model

Layer 7 - Application

Layer 6 - Presentation

Layer 5 - Session

Layer 4 - Transport

Layer 3 - Network MPLS

Layer 2 - Data Link

Layer 1 - Physical
Part 1: network
components and
backbone IGP
 MPLS network topology and roles

LSR = Label Switch Router

Edge LSR or LER
• At Edge: PE – provider edge • In Core:
Classify packets Forward using labels (as
Label them opposed to IP addr)
Label indicates service
class and destination

Label Switch
Router (LSR)
Customer
P – provider (router)
CE – customer edge
(router or host)
MPLS Operation
1a. Existing routing protocols (e.g. OSPF, IS-IS) 4. Edge LSR at egress
establish reachability to destination networks. removes(POP) label
and delivers packet.
1b. Label Distribution Protocol (LDP)
establishes label to destination
network mappings.

2. Ingress Edge LSR receives packet,

performs Layer 3 value-added 3. LSR switches packets using
services, and labels(PUSH) packets. label swapping(SWAP) .
IP/MPLS: role of backbone IGP

› IGP stands for “Interior Gateway Protocol”

› Dynamic routing protocol running on IP/MPLS transport
plane
› Role: providing underlying hop-by-hop connectivity for LSPs
and reachability of loopback addresses for MP-BGP
– not for client IP preffixes reachability!!!
› Practical implementation
– Protocol options: OSPF or ISIS
– Enabled on all links configured for MPLS in the backbone
– Flat (OSPF Area 0, ISIS L2) for small to medium range networks
– Advertises loopback (/32) interfaces used for MP-BGP
 backbone IGP introduction
igp alternatives
OSPF (Open Shortest Path First) IS-IS (Intermediate
. System to
Intermediate System)
› OSPF is a link-state interior › IS-IS is a link-state interior gateway
gateway protocol (IGP). protocol (IGP).
› OSPF computes the best path for › IS-IS computes the best path for
each route using shortest path first each route using shortest path first
algorithm. algorithm.
› OSPFv2 is designed for IPv4 only; › ISIS supports both IPv4 and IPv6
OSPFv3 supports IPv6 and other address families.
address families (AFs).
› IS-IS is directly encapsulated in
› OSPF operates directly over IP. Layer 2 – the Data Link layer.
OSPF Introduction
neighbor states

› OSPF routers proceed Hello

Received
through various neighbor Down Init
states as they establish
Attempt
adjacencies, starting with Neighbor
knows this
the Down state NBMA
router
only
Negotiation
Done
› In the various states, the
Two-Way ExStart Exchange
neighbors:
– Send and receive Hello Exchange
Done
messages
Loading
– Establish two-way Done
communication Full Loading

– Exchange Database When troubleshooting

Description packets OSPF, make sure
– Load their link-state routers achieve the
database Full state with the DR
and BDR
OSPF Introduction
essential LSA OF OSPFv2

› Router LSA (Type 1): Advertise the originating router,

the router's attached links, the cost of those links, and its
adjacent neighbors. Flooded throughout the originating
area.

› Network LSA (Type 2): Generated by DR to represent a

pseudonode. Flooded throughout the originating area.

› Network Summary LSA (Type 3): Generated by ABR

and flooded into an area to advertise the prefixes of
another area.
OSPF Introduction
essential LSA OF OSPFv2

› ASBR Summary LSA (Type 4): Generated by ABR and

flooded into an area to advertise the ASBR in another area.
› AS-External LSA (Type 5): Generated by ASBR to
advertise an external prefix into OSPF domain. Flooded to all
non-stub area.
backbone IGP: OSPF settings
reference bandwidth setting

› The interface cost is computed automatically by dividing the reference

bandwidth by the interface bandwidth. Default value is: 10000 (10 Gbit/s)
› The reference bandwidth should be set to 100 Gbit/s (100000) to reflect
the high bandwidth interfaces in the backbone. Resulting metrics:
Interface Bandwidth [bit/s] OSPF Metric
10GE 10 000 000 000 10
1 GE 1 000 000 000 100
OC-3c/STM-1c 155 520 000 650
STM-4 622 080 000 160
STM-16 2 488 320 000 40
STM-64 9 953 280 000 10
FE 100 000 000 1 000
backbone IGP: OSPF settings
convergence optimization

› Fast Convergence is enabled to provide SPF timers in sub-

second granularity:
– SPF delay = 50 ms
– SPF holdtime = 5 s
– Maximum SPF count = 3
CLI:

› Fast LSA origination is enabled to allow up to four instances

of the same type of LSA be originated in five seconds.
› Graceful restart allows standby RP taking over OSPF
session on active RP failure
backbone IGP: OSPF settings
fast reroute LFA

› Fast reroute LFA is a recent mechanism supported in SSR for sub-

50ms reroute on IGP
› During convergence packets en route towards the failed path are
dropped
› Router pre-calculates a backup route to destination prefixes in its
next-hop database. This backup route is accessed via a backup
next-hop and is activated when the primary route to a destination
prefix goes down:

› As soon as the failure of the primary route is detected, in the

forwarding hardware, the router replaces the active next-hop to the
failed destination prefix with a pre-calculated backup next-hop
within tens of milliseconds.
 IP FRR LFA
Calculation
N
› Loop-Free
– Alternate path for destination D
from source S to verify that in
case of S, when E link fails the 10
router N does not send traffic
destined to D back to S, it must
match the following criteria.
– Cost(N,D) < Cost(N,S) + Cost
(S,D)
e.g 10 < 100 + (10+10)
S 10 E 10 D

› Node Protecting
– Cost(N,D) < Cost(N,E) + Cost
(E,D)
e.g 10 < 10+10
› Downstream
− Cost(N,D) < Cost(S,D)
e.g 10 < 20
backbone IGP decisions for lab

› OSPF or IS-IS as backbone IGP?

– OSPF is configured (for simplicity reasons)
› Flat vs Hierarchical IGP?
– Decision: Flat IGP / single backbone area (OSPF Area 0)
› IGP convergence and resilience optimizations
– Fast convergence, Graceful restart, Fast reroute LFA and Fast LSA
origination enabled
› Peer authentication
– Optional Peer Authentication with MD5 is not used
Q&A?
Lab Exercise 1
Links and transport IGP configuration

Tasks:
– Configure IP links in the backbone according to network diagram
– Configure loopback interfaces used later for MP-BGP and T-LDP
– Configure IGP in the backbone
– Tune IGP for fast convergence and Fast reroute LFA
– Test IP connectivity between all PEs/loopbacks

(working in the lab)

Part 2: Label Switching
and Distribution
Mpls functions and roles
› LSP – Label switch path

Hello Hello

o l l e H
Mpls functions and roles
› MPLS Header

20 Bits 3Bits 1Bit 8 Bits TE – paths

Destination
VPN
QoS
Label
Label EXP
Exp S TTL TE - paths

Layer 2 MPLS
IP packet
Header Header

32 Bits
Mpls functions and roles
› MPLS Header
label IP Packet

label IP Packet
IP packet IP packet

label IP Packet

MPLS/IP Network
Mpls functions and roles
› FEC – Forward Equivalence Class

label IP Packet

label IP Packet
IP packet IP packet

label IP Packet

MPLS/IP Network
MPLS functions and roles

CE MPLS CE
LER LSR LSR LER
(PE) (P) (P) (PE)

CE CE

push swap swap

php pop
 Label stacking

LSP VPN
CE MPLS CE

LER1300 LSR1
888 LSR2
IP packet LER2
1 2 3

10.1.1.1 Outer Inner 10.1.2.1

Label Label
300 888 IP packet
400 888 IP packet888 IP packet

IP packet IP packet

push swap php

Label Switch Path (LSP)
Mpls functions and roles
› Reserved MPLS Labels
› 0 – 15 are reserved
Label 0 Label 3 Label 1
Explicit NULL label Implicit NULL label Router Alert label
- add label 0 - do PHP - Take a closer look

Label 14
OAM label alert
-Operation & Maintenance
 Label switching
INTer In
Out Action InINTer
Action
Out Inter Out
FEC face Label
Label Label face Labelface Label

CE
1 1 400
300
MPLS
swap 400 2 php 400 3 none
CE

LER1 LSR1 LSR2 LER2

1 2 3

10.1.1.1 10.1.2.1
300 IP packet 400 IP packet IP packet

IP packet IP packet

push swap php

Label Switch Path (LSP)

Label Distribution

300 IP packet 400 IP packet

? ?
LSR1 LSR2

LDP RSVP
LDP Introduction
Label Distribution with LDP

› For every IGP IP prefix in its IP routing table, each LSR

creates a local binding (a local label bound to the IP prefix).
The LSR then distributes this binding to all its LDP peers.

› The receiving LDP peers keeps this label binding

information until the LDP session goes down or the
advertised label binding is withdrawn.

› A LDP LSR receives multiple label bindings for each IGP

prefix (one per LDP peer). The downstream LSR for a
prefix is determined by examining the next-hop for that
prefix in the routing table.
LDP
› Label Distribution Protocol
In Action Out
INTer Inter Out
Label
FEC face Labelface Label
1400 1 php 500 3 none
IP packet
FEC1/Label 400

500 IP Packet
IP packet IP packet

400 IP Packet

Label 3 has a In MPLS/IP

Action Network
INTer Out
special meaning. Label face Label
It asks LSR to 500 swap 2 400
perform PHP
LDP Introduction
Overview

› With LDP, a full mesh of LSPs between all routers can be

established automatically according to IGP metrics.

› LDP has no direct control over LSP path and does not
support sophisticated traffic engineering as RSVP.

› LDP operates over UDP and TCP.

› LDP supports MD5 authentication.

LDP Messages
LSR 1 LSR 2

LDP ID
LSP VPN
4 Bytes
Hello 2 Bytes
UDP port 646
Hello
UDP port 646
Label
LSR Label•Timer Values
TCP port 646 300 888 IP packet
Negotiation •Label Distrib.
Method
6 Bytes
•Other
TCP port 646
Advertisement
LDP tLDP TCP port 646

TCP port 646 Notification

TCP port 646
LDP Introduction
characteristic of LDP LSP
› LDP LSP automatically follows IGP best path.
Modifications to the network topology do not impose extra
configuration on LDP.

› LDP implicitly supports LSP load balancing over equal cost

paths on ingress LER; ecmp-transit could be configured
to enable load balancing on transit LSR as well.

› In the event of link/router failure, LDP does not have built-in

mechanism to support fast recovery. LDP relies on IGP
convergence to find an alternative LSP path.
LDP Introduction
LDP-IGP Synchronization
› LDP and IGP are independent by default. In case LDP is
broken on a link, IGP could still forward packets over this
link as unlabeled, which results in packet loss.
› Synchronization guarantees that the packet forwarding out
of an interface happens only if both the IGP and LDP agree
that this is the outgoing link to be used.
› When LDP-IGP synchronization is enabled for an interface,
the IGP announces that link with maximum metric until the
synchronization timeout is reached, or the LDP session is
established across that interface.
› To support LDP-IGP synchronization, the IGP network type
is set to Point-to-Point (P2P) for the LAN interfaces
between site routers.
configuring LDP
label Binding Filtering
› By default, LDP advertises label mappings for each IGP
prefix it knows; all label mappings received from neighbors
are maintained.

› To avoid the resource consumption caused by unnecessary

label mappings, filtering is applied to LDP so that only the
label mappings for loBB (/32) are advertised.
configuring LDP
IGP METRIC TRACKing

› When track-igp-metric is enabled under LDP configuration,

LDP inherits the IGP routing metrics for its LSP.

› This feature allows BGP to use the inherited metric as one of

its criteria to select the best LDP-created LSP.
Label distribution protocol
decisions for the lab
› MPLS must be enabled on all the inter-router links within
backbone to allow end-to-end labeled traffic forwarding.
› For each site router, the loopback interface IP (loBB) is
configured as LDP Router ID, which is used as transport IP
address for LDP session. The reachability of loBB is
provided by IGP
› LDP is preferred when traffic engineering and sub-50ms path
protection is not required, because LDP is less complex,
scales better and is easier to provision than RSVP
› IGP-LDP synchronization, IGP metric tracking, Label binding
filtering, ECMP on transit are enabled
› Optional LDP peer authentication is not configured
Q&A?
Lab Exercise 2
Label switching and distribution
configuration
Tasks:
– Enable MPLS on your PE interfaces towards other PE and P routers
– Enable LDP router for all MPLS interfaces
– Tune LDP with Label-binding filtering, IGP-LDP sync, IGP metric
tracking and ecmp-transit
– Test LDP neighborships, received bindings and active LSPs

(working in the lab)

Part 3: MPLS L3 VPNs
Forwarding and Control Plane

Control / Signaling plane

CE CE
200 300MP-BGP 400 500

PE1 P1 P2 PE2

CE CE
300 888 IP packet
400 888 IP packet888 IP packet

IP packet IP packet

BGP
ISIS IP
Forwarding plane LDP
RSVP
IP
OSPF
MPLS

MPLS
MP-BGP for MPLS VPNs
definition of VPN and VRF

› Virtual Private Network (VPN)

– Connectivity between separate sites - Route Target (RT)
– Isolation of addressing space, routing - Route Distinguisher (RD)
– Isolation of traffic forwarding
– Same infrastructure for multiple customers

› A virtual routing/forwarding (VRF) is a VPN routing and

forwarding instance. A PE router has a VRF instance for
each attached VPN.

› Each VRF is associated with the following parameters:

– Physical or logical interfaces connecting the client network nodes
– CE-PE routing protocol
 BGP/MPLS VPNs
routing tables
MP-BGP
Site A MPLS
VPN 1 CE 1
VRF 1
eBGP, OSPF, static… GRD IGP (IS-IS/OSPF)
VRF 2 PE

VPN 2 CE 2

VRF Routing Table VRF 2 VRF 1 Global Routing GRD

› PE interfaces to CEs are associated Table/Domain
with respective VRFs
› VRF runs own routing protocol instance › PE populates the GRD with
towards CE (eBGP, OSPF, static, etc.) backbone routes learned from IGP
› PE installs routes from CE devices in › IGP used for backbone is a
corresponding VRF different protocol instance than
› MP-BGP exports/imports routes from/to used in VRF for CE peering
VRFs
› VPN customers can use overlapping IP
address space
 BGP/MPLS VPNs
MP-BGP UPDATE
ASN:nn format
8 Bytes 4 Bytes 8 Bytes 4 Bytes

65000:1 10.0.1.0 65000:10 200

Route Distinguisher CE IPv4 Route Target MPLS VPN label

VPNv4 route BGP Extended

Community Attribute

MP-BGP update with VPNv4 address, RT & VPN label

› IPv4 routes from VPN clients (CEs) are converted into VPNv4
routes by pre-pending a unique Route Distinguisher (RD).

› Route Target (RT) is associated with VPNv4 route to control its

distribution.

› VPN label is only assigned by those PE routers that are the

BGP next-hop for the propagated VPNv4 route.
 BGP/MPLS VPNs
control plane MP-BGP Update:
VPNv4= 65000:1:10.0.1.0/24
MP-BGP RT=65000:10
3 Label=200
Site A NH=PE1 Site B
2 AS 65000
VPN 1 CE 1 VRF 1 VRF 1 VPN 1
10.0.1.0/24 4
10.0.1.0/24 PE1 P PE2 CE 2
1
NH=CE1
MPLS 10.0.1.0/24
NH=PE2
VPN Route Propagation
1. PE1 receives route from CE1 connected to VPN1 (eBGP, OSPF, static,…)
and imports this into VRF1
2. PE1 converts IPv4 into VPNv4 address
• attaches RT extended community attribute
• Adds MPLS VPN label based on CE1 interface or VRF (PE assigns label per VRF)
• Re-writes next-hop to point to itself (i.e. PE1 loopback)
3. PE1 sends MP-BGP update to peering PE routers
4. PE2 checks if it has VRF with matching RT configured. If yes, VPNv4
address is converted back into IPv4 address and imported into local VRF1
 BGP/MPLS VPNs
forwarding plane
MP-BGP
Site A Site B
MPLS
VPN 1 CE 1 VRF 1 VRF 1 CE 2 VPN 1
10.0.1.0/24
RSVP-TE / RSVP-TE /
1
4 10.0.1.1 LDP LDP
PE1 P PE2 10.0.1.1
3 2

0 200 10.0.1.1 20 200 10.0.1.1

VPN Packet Forwarding

1. CE2 forwards packet to destination 10.0.1.1 to PE2 based on IP
2. PE2 imposes 2 MPLS labels for each packet to destination 10.0.1.1
• VPN label learned from PE1 via MP-BGP for VPN1 destinations (inner label 200)
• MPLS transport label learned from P router via RSVP-TE or LDP (outer label 20) and
derived from an IGP route (i.e. the BGP next-hop for VPN route 10.0.1.1). It represents
the LSP pointing to the PE1 loopback address as VPN exit point for the destination route
10.0.1.1
3. P router swaps outer label 20  0. Label 0 was learned from PE1 for the
IPv4 route pointing to its loopback (i.e. the BGP next-hop for VPN route
10.0.1.1)
4. PE1 removes the MPLS label stack, identifies VRF1 from VPN label, and
does an IP lookup in VRF1 and forwards packet based in IPv4 out of
corresponding interface to CE1
End-to-End Packet walk
through: CE to ingress PE
10.1.1.1

SRC: 10.1.1.1
DST: 10.1.2.1

2.1.1.0/30

CE .2 .1
10.1.1.0/24
Ingress PE

Prefix Next-Hop

o.o.o.o/o 2.1.1.1
 End-to-End Packet walk
through: PE to P

Prefix Next Inner

/ VRF -Hop Label
10.1.2.1 Egress 111
Pink PE

SRC: 10.1.1.1 SRC: 10.1.1.1 SRC: 10.1.1.1

111
DST: 10.1.2.1 646 111
DST: 10.1.2.1 DST: 10.1.2.1

Interface 1

Ingress PE P1
Outer Inter Next-
LSP Destination Label Face Hop
1 egress PE 646 1 P1
 End-to-End Packet walk
through: P to P

: 10.1.1.1 SRC: 10.1.1.1 SRC: 10.1.1.1

111
T: 10.1.2.1 749 111 DST: 10.1.2.1 DST: 10.1.2.1

Interface 2 Interface 3

P1 P2
In Action INTer Out In Action Inter Out
Label face Label Label face Label
646 swap 2 749 749 php 3 none
 End-to-End Packet walk
through: P to Egress PE
VRF 100 (Pink)
Type Network Next-hop
>B 10.1.2.0/24 3.1.1.2

SRC: 10.1.1.1 SRC: 10.1.1.1

DST: 10.1.2.1 DST: 10.1.2.1 CE

P2 Egress PE
Inner
VRF Label
Pink 111
Yellow 222
Green 333
CE
 End-to-End Packet walk
through: Egress CE to Host

SRC: 10.1.1.1
DST: 10.1.2.1
CE 10.1.2.1

Prefix Next-Hop
Egress PE
10.1.2.0/o Interface a
PE-CE Connectivity
terminology
› PE – Provider Edge
› CE – Customer Edge
› UNI – User Network Interface
› SIP – Service IP address

› Clients are represented as generic IP hosts

– “Layer 3 based CE”
› CE-PE transport interface IP != Service IP (SIP)
› The CE has L3 capabilities to forward between service and
transport spaces
– “Layer 2 Based CE”
› CE-PE transport interface IP = SIP
› Can include built-in switching component

› “Direct” vs. “indirect” connectivity

› Direct/static vs. dynamic routing peering between CE-PE
Q&A?
Lab Exercise 3
L3 VPN configuration

Tasks:
– Create MP-BGP router instance in “local” context with AS 65000
– Configure all other PEs as neighbors
– Create VRF “VPN1” on PE in full-mesh mode
– Create VRF “VPN2” in hub-and-spoke mode (hub at PE1)
– Configure CE to PE interfaces (VPN1 with static, VPN2 with OSPF)
– Test route import and connectivity between sites in both VPNs
– Optional: use P1 and P2 as route reflectors for MP-BGP instead of
direct peerings to other PEs

(working in the lab)

Part 4: MPLS L2 VPNs
l2vpns
PW signaling

› Martini draft › Pseudowire Emulation Edge to

– LDP as signaling to setup Edge Working Group
L2VPN over MPLS backbone specifications described in
– tradeoff auto-discovery RFC 4447
– configuration overhead › “Virtual Private LAN Service
– simplicity (VPLS) Using Label
– standardized under RFC 4096 Distribution Protocol (LDP)
› Kompella draft Signaling” RFC 4762
– BGP for both signaling and
auto-discovery to establish
fully-meshed pseudo wires
(multipoint)
– scalable
– complexity
l2VPNs
concepts TDM / ATM / Ethernet
VPWS
TDM / ATM / Ethernet Customer
Site B
cct 1
Customer Emulate
Site A Circuits
cct 2 Customer
Site C

cct: circuit Point to Point TDM / ATM / Ethernet

Ethernet
VPLS
Customer
Site B
Ethernet

Customer Emulate
Site A LAN
Customer
Site C

Multipoint to Multipoint Ethernet

 l2VPNs
concepts TDM / ATM / Ethernet
VPWS
TDM / ATM / Ethernet Customer
Site B

Customer Emulate Circuits

Site A
Customer
Site C
Provider’s PSN Point to Point TDM / ATM / Ethernet
Transparent to
customers
VPLS Ethernet
cct: circuit
PSN: Packet Switched Network Emulated LAN Customer
Ethernet Site B

Customer
Site A
Switch Customer
Site C

Multipoint to Multipoint Ethernet

 l2VPNs
pwe3
AC AC

LSP
PW1
IP/MPLS
CE1 PW2 CE2
Switch PE1 PE2 Switch
Ethernet / Forwarder Forwarder Ethernet /
TDM / TDM /
ATM / FR Edge to Edge Emulated Service: PWE3 ATM / FR

› Attachment Circuit (AC): The physical or virtual circuit attaching a CE to a PE.

› LSP: A tunnel across a PSN inside which one or more pseudowire can be carried.
› Pseudo Wire (PW): A mechanism that carries the essential elements of an emulated circuit from one PE to
another PE over a PSN.
› Forwarder: A PE that selects the PW to use in order to transmit a payload received on an AC.
› Pseudo Wire Emulation Edge to Edge (PWE3): A mechanism that emulates the essential attributes of a
service (such as a TDM service or Frame Relay) over a PSN.
PW Protocol Stack
PE PE

Emulated Service Emulated Service

(ATM, TDM, Ethernet) Emulated Service (ATM, TDM, Ethernet)

Control Word LSP VPN

PW Control Word
(Optional) (Optional)

PW Label Pseudo Wire PW Label

300 505
300 Frame / Cell

MPLS MPLS Tunnel MPLS

MPLS PW
MPLS Label
Label Label

IP/MPLS
 Control Word

PE

Emulated Service
(ATM, TDM, Ethernet)
With Control
Control Word 4 1 2 5 3
5 Word Rx
Tx (Optional)
4 3 2 1 P
IP/MPLS
Rx Tx
PW Label
CE1 CE2
PE1 P PE2
MPLS
P
Ethernet over PWE3
PE PE

Emulated Ethernet
Ethernet
Emulated Ethernet ATM
Emulated Service
(Including VLAN)
(Including VLAN) SONET / SDH
Services
Services

PWE3

Demultiplexer Pseudo Wire Demultiplexer

PPP / HDLC
MPLS TDM – E1/T1 MPLS
LSP / MPLS Tunnel

Physical Physical
 Ethernet over PWE3 -Raw& Tagged

Emulated Service

VLANPseudo Wire
LSP/MPLS Tunnel
TAG

VLAN|FrameMPLS/PW VLAN|Frame
MPLS/PWFrame
Frame Tx MPLS/PW
VLAN|Frame VLAN|Frame VLAN|Frame
VLAN|Frame
Frame
VLAN|Frame Rx
MPLS/PW VLAN|Frame
Rx Tx
CE1 AC AC CE2
PE1 PE2
l2VPNs
control plane

› To dynamically signal PW information, LDP session is setup between

the loopback interfaces of PE routers:
– Using the extended discovery mechanism with targeted LDP Hellos (t-LDP) as
PW endpoints (PE routers) are in most cases not directly connected

› Per-PW information is exchanged between the t-LDP peers as MPLS

Forwarding Equivalence Class (FEC) attributes containing :
– PW/VC-type (e.g. ATM n-to-1, CESoPSN, SAToP, Ethernet/VLAN, etc.)
– PW/VC-ID as unique circuit identifier
– Control word usage (depending on PW type)
– PW/VPN label

› FEC information on both ends of a PW must match

Lab Exercise 4
L2 VPN configuration

Tasks:
Part I - VPWS
– Configure T-LDP peerings to other PEs
– Configure one VPWS pseudowire to a remote PEs
– Configure connection to your CE as attachment circuit
– Test connectivity to the remote CE
Part II - VPLS
– Create set of psedowires to all other PE routers
– Create VPLS bridge and attach pseudowires to it
– Configure connection to your CE as attachment circuit
– Test connectivity to all remote CEs

(working in the lab)

vPLS configuration
overview

SSR SSR

VPLS
Configure VPLS in four steps:

SSR SSR
1 Create the PW peer profile
2 Create VPLS PW Instance
3 Create a new VPLS service instance
4 Bind the VPLS PW with the bridge instance
(Qualified or Unqualified)

In addition to above configuration, MPLS & IP routing configurations are required.

VPLS Peer Profile
Configuration
1

Create a new peer profile

pseudo-wire peer-profile <name> peer <address>

{auto-revert-delay <secs> | control-word |
ignore-mtu | log-up-down | vc-type <ether|vlan>
redundancy-mode {master-slave|independent} |
remote-encap [ether|vlan] | tunnel lsp { ldp | rsvp <lsp
name> | static <lsp name> } | backup-peer <address> tunnel
lsp { ldp | rsvp <lsp name> | static <lsp name> }}

pseudo-wire peer-profile PE1

peer 1.0.0.2
vc-type vlan
VPLS Pseudowire Instance
Configuration
2

Create a new pseudowire instance (or range of instances)

pseudowire instance <id value> [- <end-id value>] pw-id <value >

peer-profile <pseudo-wire peer-profile name >
backup-peer <address> [pw-id <id >]
signaling-proto ldp
encap mpls
label in <value> out <value >
backup label in <value> out <value> [ peer <address>]

pseudowire instance 1
pw-id 100
peer-profile PE1
VPLS Service Instance
Configuration
3

Create a new service instance (or range of instances)

service-instance <instance number>

port ethernet 1/15

shutdown
encapsulation dot1q
service-instance 1
match
dot1q 10
VPLS Bridge Binding
Configuration
4

Create the bridge and associate the service instance and the pseudowire

bridge <name> profile <name>

vpls pseudowire [vlan <1,2, 10 – 4094> | untagged]
pseudowire instance <instance id> [spoke] and the pseudowire

bridge bridge1
port ethernet 1/15 service-instance 1
vpls
pseudowire vlan 10
pseudowire instance 1
VPLS Flat Mesh Configuration
PE1 1.1.1.1 PE2 2.2.2.2

P1 P1
PWID
100
SSR PE 1 SSR PE 2 pseudowire peer-profile
PE1
Peer 1.1.1.1
pseudowire peer-profile PE2 PE3 3.3.3.3 pseudowire peer-profile
peer 2.2.2.2 PWID PWID PE3
pseudowire peer-profile PE3 100 100 Peer 3.3.3.3
Peer 3.3.3.3
pseudowire instance 1
pseudowire instance 1
pw-id 100
pw-id 100 SSR PE 2 peer-profile PE1
peer-profile PE2 pseudowire peer-profile PE1
pseudowire instance 2
pseudowire instance 2 Peer 1.1.1.1
pw-id 100
pw-id 100 pseudowire
P1 peer-profile PE2
peer-profile PE3
peer-profile PE3 Peer 2.2.2.2
bridge profile profile1
bridge profile profile1 pseudowire instance 1
bridge b1
bridge b1 pw-id 100
profile profile1
profile profile1 peer-profile PE1
port 1/1 service instance
port 1/1 service instance 1 pseudowire instance 2
vpls
vpls pw-id 100
pseudowire instance 1
pseudowire instance 1 peer-profile PE2
pseudowire instance 2
pseudowire instance 2 bridge profile profile1
bridge b1
profile profile1
port 1/1 service instance
vpls
pseudowire instance 1
pseudowire instance 2
Q&A?