this slide contains fundamental concept about VPLS protocol, according to the latest version of Cisco books and i taught it at IRAN TIC company.in the next slide, i upload attractive advanced feature about VPLS.
(Some of the pictures in this slide are borrowed from the wonderful site of my good friend Gokhan Kosem)
(www.ipcisco.com)
6. Layer 2 Encapsulation
According to Layer 2 technology, there are some different encapsulations types:
Null Null Encapsulation means that this interface can be used for “Single Service” for “Single
Customer
Dot1qDot1q Encapsulation means that this interface can be used for “Multiple Services”for “Multiple
Customers”
Q-in-QQ-in-QEncapsulation means that this interface can be used to expand VLAN space by tagging tagged packets
7. Layer 2 Encapsulation
802.1Q summary :
IEEE 802.1Q, often referred to as Dot1q, is the networking standard that
supports virtual LANs (VLANs) on an IEEE 802.3 Ethernet network
8. Layer 2 Encapsulation
Q-in-Q summary :
802.1Q tunneling (aka Q-in-Q) is a technique often used by Metro Ethernet
providers as a layer 2 VPN for customers
the provider will put a 802.1Q tag on all the frames that it receives from a
customer with a unique VLAN tag
By using a different VLAN tag for each customer we can separate the traffic
from different customers and also transparently transfer it throughout the
service provider network.
It can hide one tag in 802.1q encapsulation
9. VPLS Concept
VPLS is a Multipoint-to-Multipoint Layer 2 VPN Service that connects multiple branches of a Customer, in a
single logical switched architecture over Service Provider IP/MPLS network
10. VPLS Concept
End-to-end architecture that allows MPLS networks to provide
Multipoint Ethernet services
It is “Virtual” because multiple instances of this service share the
same physical infrastructure
It is “Private” because each instance of the service is independent
and isolated from one another
It is “LAN Service” because it emulates Layer 2 multipoint
connectivity between subscribers
11. Customer Perspective from VPLS :
Layer 2 VPN infrastructure seems to the customer as their branches are connected to a single company
switch.
VPLS Concept
12. Different customer branches communicate with their own branches over Service Provider IP/MPLS network.
And there is no conflict. This is the key point of VPLS architecture.
VPLS Concept
16. Pseudo Wires in VPLS
A Pseudo Wire (PW) is a connection between two provider edge devices
connecting two attachment circuits (ACs)
A PWES is either: - an Ethernet link or a VLAN link between two ports, or - an
ATM VC or VP, or - a Frame Relay VC, or - a TDM circuit, or - an MPLS LSP
PSN tunnel may be MPLS, L2TP, GRE and so on
A VPLS is based on a full mesh of Pseudo Wires
18. VPLS LABELLING
VPLS is also a MPLS Service, so we need to use labels in VPLS too.
There are two MPLS labels used in VPLS. These labels are:
Outer Label (Transport Label) determine MPLS VPN Services
Inner Label (Service Label / VC Label)carries the original customer VPLS information
19. VPLS Label Signaling
Outer Label (Transport Label) signaling is done via LDP, RSVP or GRE
Inner Label (Service Label / VC Label) signaling is done via T-LDP (Targeted LDP)
What is T-LDP and difference by LDP ?
20. TLDP
LDP is used to build and maintain LSP databases that are used to forward traffic through
MPLS networks.
LDP can be used to distribute the inner label (VC/VPN/service label) and outer label (path
label) in MPLS
For inner label distribution, targeted LDP (TLDP) is used
Same as LDP discovery by 646 UDP and Session by 646 TCP
Unlike LDP, TLDP unicasts the hello packets to the targeted neighbor's address
21. VC ID (PW ID)
For VPLS service between different nodes, there is an ID that must much for the same
service. This is VC ID (Virtual Circuit Identifier)
it isn’t VC TAG
22. VSI or VFI
In PE routers some switching facilities are needed
o do this a Virtual Switch instance (VSI) is defined in PE routers. And all the switching
facilities needed like MAC learning is done with this VSI
23. VC ID (PW ID) The bridge module in a virtual switch has
the equivalent role of that in a physical
Ethernet switch
Besides the bridge module maintaining
forwarding table that maps MAC addresses
to attachment circuits, it can run spanning-
tree protocols on them
A VFI has similar functionality to a bridge
but performs bridging operations on
pseudo wires instead of attachment
circuits.
The forwarding table is populated through
the MAC address learning process based
on packets it receives on pseudo wires. It
never learns the MAC addresses of the
packets it receives on attachment circuits.
26. VPLS MAC Learning
It’s important because VPLS is Layer 2 technology:
Same as Ethernet switch
1- first flood through all the LSPs
2- other learn senders mac and record in CAM table
2- if they send packet to sender node direct forward
Forwarding
Mac Table
Forwarding Table
Flooding
31. Full Mesh VPLS
In VPLS, architecture, all the nodes are connected via pseudo wires as fully mesh
Each VPLS has a specific VC-ID or Pseudo wire ID and this differentiate the VPLS from the other VPLS
For each VPLS n * (n-1) / 2 pseudo wire is required for full mesh connection.
The loop-free forwarding is guaranteed by enabling Layer 2 split horizon on every pseudowire in this
topology
Scalability issue a number of PE routers grows
33. Hub and Spoke VPLS
• In a hub-and-spoke model, exactly one PE router that is acting as a hub connects all other PE
routers that act as spokes in a given VPLS domain
• A hub-and-spoke topology by definition is loop-free, so it does not need to enable spanning-tree
protocols or split horizon on pseudo wires
• The simplicity of a hub-and-spoke model makes it an attractive choice for small VPLS
deployment
• Delay !!
34. Hierarchical VPLS
Best for larger scale deployment
Reduction in packet replication and signaling overhead
Consists of two levels in a Hub and Spoke topology
• Hub consists of full mesh VPLS Pseudo Wires in MPLS core
• Spokes consist of L2/L3 tunnels connecting to VPLS (Hub) PEs
1. Hierarchical VPLS with MPLS access network
2. Hierarchical VPLS with QinQ access network
37. Why H-VPLS?
Potential signaling overhead
Full PW mesh from the Edge
Packet replication done at the Edge
Node Discovery and Provisioning extends
end to end
Minimizes signaling overhead
Full PW mesh among Core devices
Packet replication done the Core
Partitions Node Discovery process
39. Ethernet Edge H-VPLS (EE-H-VPLS)
Local edge traffic does not have to traverse N-PE
MTU-s can switch traffic locally
saves bandwidth capacity on circuits to N-PE
40. Direct Attach H-VPLS – QinQ tunnel H-VPLS - MPLS PW
Pros Simple access via
Ethernet
Simple access via Ethernet
Hierarchical support via QinQ at
access
Scalable customer VLANs (4K x 4K)
4K customers supported per
Ethernet Access Domain
Fast L3 IGP convergence
MPLS TE FRR <50msec
Hierarchical support via MPLS
PW at access
Cons No hierarchical scalability
Customer VLAN cannot
over lap
4K customer VLAN limit
in Ethernet access
domain
High STP reconvergence
time
High STP re-convergence time
MAC is not scalable as customer
MAC still seen on SP network
Supported on SIP-600 only as of
12.2(33)SRA
More complicated provisioning
Requires MPLS to u-PE
OSM/SIP-400/600 as U-PE facing
card on N-PE (for 7600)
VPLS Logical Topology Comparison
Hinweis der Redaktion
An IPLS is very similar to a VPLS except
The CE devices must be hosts or routers not switches
The service will only carry IPv4 or IPv6 packets
IP Control packets are also supported – ARP, ICMP
Layer 2 packets that do not contain IP are not supported
IPLS is a functional subset of the VPLS service
MAC address learning and aging not required
Simpler mechanism to match MAC to CE can be used
Bridging operations removed from the PE
Simplifies hardware capabilities and operation
Defined in draft-ietf-l2vpn-ipls