MPLS L2VPN

1. L2VPN
2. AToM
   1. Control word
   2. GACH
   3. L2 protocols
      1. HDLC
      2. PPP
      3. Frame-relay
         1. DLCI-to-DLCI
         2. Port-to-port
      4. Ethernet
      5. QinQ
   4. CLI
3. VPLS
   1. VPLS Martini mode
      1. CLI
   2. VPLS Kompella mode
      1. CLI
   3. VPLS BGP + LDP
   4. A-VPLS
      1. LDP sub-TLV (PW interface parameter)
      2. CLI

L2VPN

• alternatives:
  • QinQ
  • L2TPv2/PPTP – deprecated
  • L2TPv3/GRE – difficult to scale
  • VXLAN + EVPN – DCI
  • VPWS, VPLS – Ethernet only
• AC – attachment circuit, PE-CE link
• VC – virtual circuit
• PW – pseudowire
• TTL
  • tunnel label = 255
  • VC label = 255

AToM

• any transport over MPLS (VPWS, VPLS)
• label distribution for VC – tLDP (established automatically), EXP = 6
• LDP messages:
  1. Label mapping: PW ID FEC TLV + label TLV + PW status TLV
  2. Label Withdraw: when AC → down (if physical, contains group ID)
  3. Label Mapping Release: reset sequence counter
• PW ID:
  1. C-bit: 1 = control word is used for PW (negotiated by peers)
  2. PW-type: 15 bit
  3. Group ID: VCs on one physical interface, used to recall several labels at once (wildcard label withdraw)
  4. PW ID: 32 bit, connection ID
  5. interface parameters: MTU, VLAN ID, …
• if MTU on tunnel ends does not match, tunnel remains down
• Control word:
  1. 32 bit, between VC label and L2 payload, for customer frames
  2. carries additional info, depends on L2 protocol
  3. functions:
     • padding
     • L2 header control bits (FECN, BECN, DE, C/R, …) as flags
     • frame ordering (out-of-order frmae → drop in IOS)
     • load-balancing (1st nibble ≠ 4 or 6)
     • fragmentation and reassembly
  • location:
    1. tunnel label
    2. VC label
    3. Control word
    4. L2 payload
• VCID is unique within peer connection
• L2 frames are not transmitted as a whole (no FCS, flags)
• EXP is set based on priority (802.1p)

Control word

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  0x0  | Flags |B|E|  Pad len  |        Sequence number        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

BE:

• 00 = unfragmented
• 01 = first fragment
• 10 = last fragment
• 11 = intermediate fragment

GACH

• generic associated channel header
• like CW for control frames
• first byte = 1 (first byte for CW = 0)

L2 protocols

HDLC

• PW type = 0x0006
• payload: without FCS, flags

PPP

• PW type = 0x0007
• payload: without flags, address, FCS, control field

Frame-relay

DLCI-to-DLCI

• PW type = 0x0001, 0x0019
• payload: FR payload without header
• between payload and CW – Ethertype
• does not transport LMI (terminated on PE)
• VC status depends on LMI

Port-to-port

• PW type = 0x000F
• PE encapsulation = HDLC
• can transport LMI (PE considers them as HDLC frames)
• FR flags are not passed within CW, are transported as part of HDLC
• Ethertype as part of FR header

Ethernet

• PW type = 0x0005 (port mode), 0x0004 (VLAN mode)
• P2P only
• payload: without preamble, SFD, FCS
• VLAN ID rewrite: subint ←→ subint, different VLAN IDs

QinQ

CLI

(config)# pseudowire-class <NAME>
(config-pw-class)# encapsulation mpls

; disabled by default
(config-pw-class)# sequencing receive | transmit | both

; allows to transfer IP packets across L2 P2P circuit (e.g. Ethernet → FR), ip mode replies to ARP requests with MAC AC
(config-pw-class)# interworking ip | ethernet

(config)# connect <CNAME> <intf> <DLCI> l2transport

; LID ≡ LDP ID
(config-conn)# xconnect <LID> <VCID> encapsulation mpls

; for PW stitching (e.g. inter-AS L2VPN)
(config)# l2 vfi <NAME> <VCID> point-to-point
(config-vfi)# neighbor <LID> <VCID> encapsulation mpls

; second way to config, LID ≡ LDP ID, on CE-facing intf
(config-if)# xconnect <LID> <VCID> encapsulation mpls

; alternative
(config-if)# xconnect <LID> <VCID> pw-class <NAME>

; CE
(config-if)# encapsulation frame-relay

; PE
(config-if)# encapsulation hdlc

; 0s default
(config-if-xconn)# backup delay <enable> <disable> | never

; signalling only on failover, not in advance
(config-if-xconn)# backup peer <LID> <VCID> encapsulation mpls

# show mpls l2transport vc <VCID> [detail]
# show mpls l2transport binding <VCID>
# show mpls l2transport hw-capability interface <intf>

VPLS

• VSI – virtual switching instance (≡ VFI – virtual forwarding instance)
• VE – VPLS edge
• data plane MAC learning
  • unqualified: per customer
  • qualified: per VLAN per customers
• each PE gets own MPLS label to distinguish where MAC is located
• split horizon: frame received from VFI PW is not forwarded to other PWs of the VFI
• vulnerable to broadcast storm, MAC flush because BUM saturates links (threat to control plane traffic)
• no native dual-home active/active
• head-end BUM replication
• does not forward CDP, VTP, STP by default

VPLS Martini mode

• RFC 4762
• manual configuration of peers, full-mesh PW
• LDP distributes labels (one label per peer), tLDP, DU method
• if PW goes down, MAC addresses that are known via PW are flushed
• if AC goes down, LDP Withdraw MAC is sent for these addresses
• if LDP Withdraw MAC is received without MAC addresses – flush all MAC within VFI except for those that are learned via the same PW for which Withdraw is received (~ RSTP TCN)

CLI

(config)# l2vpn vfi context <NAME>

; is equal on all PEs (OUI (3 bytes): VPN index (4 bytes))
(config-vfi)# vpn id <n>

(config-vfi)# member <IP> encapsulation mpls

(config-bdomain)# member vrf <NAME>

; AC
(config-bdomain)# member <intf> service-instance <n>

# show xconnect all
# show mpls l2transport vc detail
# show bridge-domain <n>
# show l2vpn vfi name <NAME>

; lists neighbours, including with PW down
# show vfi

VPLS Kompella mode

• RFC 4761
• neighbour discovery and label distribution via BGP
• can stitch VSI (based on RT)
• AFI = 25, SAFI = 65
• peering with all PE with no regard to VSI (~ L3VPN)
• RD = ASN:VPNID = RT by default
• VE ID – router ID, manual assignment
• LB – label base, start of label block
• VBS – VE block size (10 Cisco, 8 Juniper by default)
• VBO – VE block offset: beginning of label block, ~ block number for VE, = (VE ID / VBS) * VBS
• sequential label allocation, according to VE ID
• inefficient label allocation: some labels in a block may remain unused
• if RR is used, Update is received by every router is update-group, distinction of relevant NLRI by RT

	LBlock1: LB = 5000, VBS = 10, VBO = 100										LBlock1: LB = 5030, VBS = 10, VBO = 110
labels	5000	5001	5002	5003	5004	5005	5006	5007	5008	5009	5030	5031	5032	5033	5034	5035	…
peer	100	101					106			109	110			113			…

CLI

(config-vfi)# autodiscovery bgp signalling [bgp|ldp]
(config-vfi-autodiscovery)# ve-id <ID>

; VBS, 10 by default
(config-vfi-autodiscovery)# ve range <n>

(config-router)# address-family l2vpn vpls

; for pure BGP signalling, LDP otherwise
(config-router-af)# neighbor <IP> supress-signalling-protocol ldp

# show bgp l2vpn vpls all [ve-id <ID> block-offset <VBO>]

VPLS BGP + LDP

• RFC 4762
• BGP autodiscovery + LDP signalling
• efficient label distribution

A-VPLS

• advanced VPLS: Cat6k, XR
• load-balance L2 traffic on ECMP based on extra label between VC label and CW/payload
• TTL = 1 for flow label

LDP sub-TLV (PW interface parameter)

```shell
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|      0x17     |  Length = 4   |T|R|         Reserved          |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

T: 1 = able to transmit with flow label
R: 1 = able to receive with flow label

CLI

(config)# pseudowire-class <NAME>

; LB on ECMP
(config-pw-class)# load-balance flow

; flow labels transmit and receive
(config-pw-class)# flow-label enable

(config)# interface virtial-ethernet <n>
(config-if)# transport vpls mesh
(config-if)# neighbor <LID>
(config-if)# switchport
(config-if)# switchport mode trunk
(config-if)# switchport trunk allowed vlan <list>