this slide contains fundamental concept about VPLS protocol, according to the latest version of Cisco books and i taught it at IRAN TIC company.in the next slide, i upload attractive advanced feature about VPLS. (Some of the pictures in this slide are borrowed from the wonderful site of my good friend Gokhan Kosem) (www.ipcisco.com)

1. VPLS Fundamentals
By : Reza Farahani

2. What Is Tunneling and VPN ?
• Tunneling means Re-Encapsulation
• Hide Header over other Header
• VPN is based on the idea of tunneling

3. Classification of VPNs

4. Layer 2 VPNs

5. VPLS vs VPWS

6. Layer 2 Encapsulation
According to Layer 2 technology, there are some different encapsulations types:
 Null  Null Encapsulation means that this interface can be used for “Single Service” for “Single
Customer
 Dot1qDot1q Encapsulation means that this interface can be used for “Multiple Services”for “Multiple
Customers”
 Q-in-QQ-in-QEncapsulation means that this interface can be used to expand VLAN space by tagging tagged packets

7. Layer 2 Encapsulation
802.1Q summary :
 IEEE 802.1Q, often referred to as Dot1q, is the networking standard that
supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network

8. Layer 2 Encapsulation
Q-in-Q summary :
 802.1Q tunneling (aka Q-in-Q) is a technique often used by Metro Ethernet
providers as a layer 2 VPN for customers
 the provider will put a 802.1Q tag on all the frames that it receives from a
customer with a unique VLAN tag
 By using a different VLAN tag for each customer we can separate the traffic
from different customers and also transparently transfer it throughout the
service provider network.
 It can hide one tag in 802.1q encapsulation

9. VPLS Concept
 VPLS is a Multipoint-to-Multipoint Layer 2 VPN Service that connects multiple branches of a Customer, in a
single logical switched architecture over Service Provider IP/MPLS network

10. VPLS Concept
End-to-end architecture that allows MPLS networks to provide
Multipoint Ethernet services
It is “Virtual” because multiple instances of this service share the
same physical infrastructure
It is “Private” because each instance of the service is independent
and isolated from one another
It is “LAN Service” because it emulates Layer 2 multipoint
connectivity between subscribers

11. Customer Perspective from VPLS :
 Layer 2 VPN infrastructure seems to the customer as their branches are connected to a single company
switch.
VPLS Concept

12.  Different customer branches communicate with their own branches over Service Provider IP/MPLS network.
And there is no conflict. This is the key point of VPLS architecture.
VPLS Concept

13. VPLS Component
Attachment Circuit
Packet switch Network (PSN) Tunnels
Pseudo wire (PW)
Auto-discovery
Auto-Configuration
Virtual Forwarding Instance(VFI) or VSI

14. VPLS Component

15. Attachment Circuit
• Port mode
• 802.1Q VLAN or Trunk
• Dot1Q Tunnel Mode

16. Pseudo Wires in VPLS
A Pseudo Wire (PW) is a connection between two provider edge devices
connecting two attachment circuits (ACs)
 A PWES is either: - an Ethernet link or a VLAN link between two ports, or - an
ATM VC or VP, or - a Frame Relay VC, or - a TDM circuit, or - an MPLS LSP
 PSN tunnel may be MPLS, L2TP, GRE and so on
 A VPLS is based on a full mesh of Pseudo Wires

17. Pseudo Wires in VPLS

18. VPLS LABELLING
VPLS is also a MPLS Service, so we need to use labels in VPLS too.
There are two MPLS labels used in VPLS. These labels are:
 Outer Label (Transport Label) determine MPLS VPN Services
Inner Label (Service Label / VC Label)carries the original customer VPLS information

19. VPLS Label Signaling
 Outer Label (Transport Label) signaling is done via LDP, RSVP or GRE
 Inner Label (Service Label / VC Label) signaling is done via T-LDP (Targeted LDP)
What is T-LDP and difference by LDP ?

20. TLDP
LDP is used to build and maintain LSP databases that are used to forward traffic through
MPLS networks.
LDP can be used to distribute the inner label (VC/VPN/service label) and outer label (path
label) in MPLS
 For inner label distribution, targeted LDP (TLDP) is used
Same as LDP discovery by 646 UDP and Session by 646 TCP
 Unlike LDP, TLDP unicasts the hello packets to the targeted neighbor's address

21. VC ID (PW ID)
 For VPLS service between different nodes, there is an ID that must much for the same
service. This is VC ID (Virtual Circuit Identifier)
 it isn’t VC TAG

22. VSI or VFI
 In PE routers some switching facilities are needed
 o do this a Virtual Switch instance (VSI) is defined in PE routers. And all the switching
facilities needed like MAC learning is done with this VSI

23. VC ID (PW ID) The bridge module in a virtual switch has
the equivalent role of that in a physical
Ethernet switch
 Besides the bridge module maintaining
forwarding table that maps MAC addresses
to attachment circuits, it can run spanning-
tree protocols on them
 A VFI has similar functionality to a bridge
but performs bridging operations on
pseudo wires instead of attachment
circuits.
 The forwarding table is populated through
the MAC address learning process based
on packets it receives on pseudo wires. It
never learns the MAC addresses of the
packets it receives on attachment circuits.

24. VPLS Component
again

25. VPLS Flooding

26. VPLS MAC Learning
 It’s important because VPLS is Layer 2 technology:
 Same as Ethernet switch
1- first flood through all the LSPs
2- other learn senders mac and record in CAM table
2- if they send packet to sender node direct forward
 Forwarding
 Mac Table
 Forwarding Table
 Flooding

27. VPLS MAC Learning
1
2

28. VPLS Topology – PE View
 Each PE has a P2MP view of all other PEs it sees it self as a root bridge with split horizon loop protection

29. VPLS Topology – CE View
MPLS VPLS CoreMPLS
CEs
CE routers/switches see a logical Bridge/LAN

30. VPLS Deployment
Full mesh
Hub and spoke
Partial mesh
Hierarchical

31. Full Mesh VPLS
 In VPLS, architecture, all the nodes are connected via pseudo wires as fully mesh
 Each VPLS has a specific VC-ID or Pseudo wire ID and this differentiate the VPLS from the other VPLS
 For each VPLS n * (n-1) / 2 pseudo wire is required for full mesh connection.
 The loop-free forwarding is guaranteed by enabling Layer 2 split horizon on every pseudowire in this
topology
 Scalability issue a number of PE routers grows

32. Full Mesh VPLS

33. Hub and Spoke VPLS
• In a hub-and-spoke model, exactly one PE router that is acting as a hub connects all other PE
routers that act as spokes in a given VPLS domain
• A hub-and-spoke topology by definition is loop-free, so it does not need to enable spanning-tree
protocols or split horizon on pseudo wires
• The simplicity of a hub-and-spoke model makes it an attractive choice for small VPLS
deployment
• Delay !!

34. Hierarchical VPLS
Best for larger scale deployment
Reduction in packet replication and signaling overhead
Consists of two levels in a Hub and Spoke topology
• Hub consists of full mesh VPLS Pseudo Wires in MPLS core
• Spokes consist of L2/L3 tunnels connecting to VPLS (Hub) PEs
1. Hierarchical VPLS with MPLS access network
2. Hierarchical VPLS with QinQ access network

35. Hierarchical VPLS with QinQ access network

36. Hierarchical VPLS with MPLS access network

37. Why H-VPLS?
Potential signaling overhead
Full PW mesh from the Edge
Packet replication done at the Edge
Node Discovery and Provisioning extends
end to end
Minimizes signaling overhead
Full PW mesh among Core devices
Packet replication done the Core
Partitions Node Discovery process

38. Ethernet Edge H-VPLS (EE-H-VPLS)
PE dived to NPE and UPE

39. Ethernet Edge H-VPLS (EE-H-VPLS)
Local edge traffic does not have to traverse N-PE
MTU-s can switch traffic locally
saves bandwidth capacity on circuits to N-PE

40. Direct Attach H-VPLS – QinQ tunnel H-VPLS - MPLS PW
Pros Simple access via
Ethernet
Simple access via Ethernet
Hierarchical support via QinQ at
access
Scalable customer VLANs (4K x 4K)
4K customers supported per
Ethernet Access Domain
Fast L3 IGP convergence
MPLS TE FRR <50msec
Hierarchical support via MPLS
PW at access
Cons No hierarchical scalability
Customer VLAN cannot
over lap
4K customer VLAN limit
in Ethernet access
domain
High STP reconvergence
time
High STP re-convergence time
MAC is not scalable as customer
MAC still seen on SP network
Supported on SIP-600 only as of
12.2(33)SRA
More complicated provisioning
Requires MPLS to u-PE
OSM/SIP-400/600 as U-PE facing
card on N-PE (for 7600)
VPLS Logical Topology Comparison