Beruflich Dokumente
Kultur Dokumente
vysok dostupnost
v L2 stch
Techtorial
Ji Tesa
Systems Engineer
CCIE #14558
jitesar@cisco.com
Sponsor
Logo
CIscoEXPO
Sponsor
Sponsor
Sponsor
Logo
Logo
Logo
Cisco Public
Agenda
IEEE 802.1ah Technology and Benefits
7600 Platform 802.1ah Architecture
Implementing 802.1ah + VPWS/VPLS Services on 7600
Implementing 802.1ah QoS on 7600
L2 Convergence
Overview and Evolution
MST Access Gateway Concept
mLACP
Conclusions
2
CiscoEXPO
Cisco Public
802.1ah Terminologies
BEB: Backbone Edge Bridge encapsulates customer frames for
transmission across backbone.
B-BEB: B type BEB contains a B-component, supports bridging in the
provider backbone based on B-MAC and B-TAG info.
I-BEB: I type BEB contains an I-component for bridging in the customer
space, including customer MAC, service VLAN IDs.
B-TAG: Backbone VLAN Tag an S-TAG used in conjunction with
backbone MAC addresses.
I-TAG: Service Instance Tag - encapsulates customer addresses and
contains the Service Instance identifier (I-SID).
I-SID: Service Instance identifier - A field of the Service Instance tag
which identifies the service instance of the frame.
S-TAG: A field defined in the 802.1ad Q-in-Q encapsulation which
identifies the Service VLAN (S-VLAN).
3
CiscoEXPO
Cisco Public
MPLS
Core
PE
I
Peer
802.1ah
PBBN
B
BEB
IB
BEB
I BEB
B
PE/
BEB
MPLS
Core
I
BEB
I type
Backbone
Edge Bridge
CiscoEXPO
C-Tagged
Interface
S-Tagged
Interface
I-Tagged
Interface
B
BEB
B type
Backbone
Edge Bridge
CE
CE
CE
Q
C
PEB
B-Tagged
Interface
MPLS
Interface
PE/
BEB
PB
PEB
CE
IB type
Backbone
Edge Bridge
MPLS PE and
Backbone
Edge Bridge
Provider
Bridge
(S Bridge)
Provider
Edge Bridge
(C + S) Bridge
802.1Q
C Bridge
Customer
Equipment
Cisco Public
CE
IB
BEB
CE
PB
802.1Q
I
BEB
Legend:
I
BEB
B
B
B
BEB
CE
PEB
PB
BCB
(PB)
802.1ad / Q-in-Q
PBN
B
BEB
Hierarchical B
802.1ah
BEB
PBBN
802.1ah
PBBN
B-SA
Second MAC-Header
B-TAG TPDNRI
C-DA
C-SA
C-TAG
L2 PDU
FCS
Service Scalability
Define a new Service Instance Identifier24 Bits wide
(taking the place of the former VLAN): I-SID
5
CiscoEXPO
Cisco Public
802.1ah I-TAG
B-DA
I-PCP
C-SA
C-TAG
46
Res2
Ether-Type
(0x88-e7)
Bits
C-DA
3
Res1
12
B-TAG TPDNRI
I-DEI
NCA
Octets
B-SA
L2 PDU
712
I-SID
FCS
1318
C-SA
C-DA
8 7 6 5 4 3 2 1
Cisco Public
Service
Instances
(I-SID)
224=16,777,216
B-DA
Service
Instances
(VID)
12
2 =4,096
B-TAG
C-DA
C-DA
C-DA
C-SA
C-SA
C-DA
C-SA
S-TAG
S-TAG
C-SA
C-TAG
C-TAG
C-TAG
Payload
Payload
Payload
Payload
FCS
FCS
FCS
FCS
CiscoEXPO
Cisco Public
B-SA
I-SID
Service
Instances
(VID)
212=4,096
802.1Q/ad
service
Instances (212)
802.1ah
service
Instances (224)
7
Agenda
IEEE 802.1ah Technology and Benefits
7600 Platform 802.1ah Architecture
Implementing 802.1ah + VPWS/VPLS Services on 7600
Implementing 802.1ah QoS on 7600
L2 Convergence
Overview and Evolution
MST Access Gateway Concept
mLACP
Conclusions
8
CiscoEXPO
Cisco Public
ES+
UNI
NNI
Ingress
IB-BEB
ES+
or
Any
DFC
UNI
NNI
ES+
or
Any
DFC
BCB
Egress
IB-BEB
CiscoEXPO
Egress LC
Native 802.1ah
ES+
802.1ah + MPLS
ES+
Cisco Public
ES+
ES20
SIP400
67xx
EVC Dot1q
Yes
Yes
Yes
N/A
EVC QinQ
Yes
Yes
Yes
N/A
Sub-interface Dot1q
Yes
No
Yes
No
Sub-interface QinQ
Yes
Yes
Yes
N/A
VLAN is terminated in the NPU => VLAN lookup, rewrites, etc are performed in
NPU
VLAN tag leaving the port is different to VLAN allocated in internal Database
VLAN Local Significance does NOT mean
CiscoEXPO
Cisco Public
C-BRIDGE
C
P2P X
C
ONNE
MPLS
L3
T
CON
VFI X
NECT
B-BRIDGE
EFPs
L2 B
R
L2 BRIDGED
L2
L2
IDG
E
EFPs
Local Connect
TRUNK
Presentation_ID
11
Local
connect
Service instance or
Ethernet Flow Point
CiscoEXPO
AS
core interface, L2
trunk or L3 MPLS
CS
802.1ah (PBB
or .1ah over
VPLS
E-LINE
(VPWS)
E-LAN (VPLS
or Local
bridging)
L3 termination
Cisco Public
12
B-Component
EFP
I-EFP
B-EFP
(Physical)
(Virtual)
(Virtual)
Switch
Port
(Physical)
CIP
PIP
CBP
B-MAC Tagging/
I-SID Insertion
B-VLAN Re-write/
I-SID Validation
PBP
MAC Tunnel
int gig1/1
int gig1/2
Presentation_ID
switchport
switchport mode trunk
switchport allowed vlan 100
13
Cisco Public
Agenda
IEEE 802.1ah Technology and Benefits
7600 Platform 802.1ah Architecture
Implementing 802.1ah + VPWS/VPLS Services on 7600
Implementing 802.1ah QoS on 7600
L2 Convergence
Overview and Evolution
MST Access Gateway Concept
mLACP
Conclusions
15
CiscoEXPO
Cisco Public
C-MAC1
Egress
ISID-1
B-MAC1
Port,
802.1q or
802.1ad
(QinQ)
EFP
Service
instances
C-MAC2
ISID-2
VLAN local
EFP or switchports
with the B-VLANs
Significance per
Port
C-MAC3
ISID-3
VLAN tag
translation and
manipulation
C-MAC4
B-MAC2
ISID-4
802.1q/qinq/ 802.1ad
PBN
PBBN
AS
Presentation_ID
16
interface TenGigabitEthernet3/2
dot1q tunneling ethertype 0x88A8
service instance 100 ethernet
description ** UNI EFP - ELAN Service
encapsulation dot1q 100 second-dot1q 1-4094
rewrite ingress tag pop 1 symmetric
service-policy input vz-ingress-policer
service-policy output vz-H-QoS-parent
l2protocol forward
bridge-domain 100 c-mac
Step 2
Mac-in-Mac tunnel configuration
ethernet mac-tunnel virtual 1
description ** IB-BEB - Mac Tunnel 1
bridge-domain 1000
service instance 1 ethernet
description ** ELAN Service - ISID
encapsulation dot1ah isid 10000
bridge-domain 100 c-mac
Step 3
Egress EFP configuration (NNI)
interface TenGigabitEthernet3/3
dot1q tunneling ethertype 0x88A8
service instance 1 ethernet
description ** B-VLAN - MAC Tunnel 1
encapsulation dot1q 1000
rewrite ingress tag pop 1 symmetric
service-policy output vz-core-queuing
bridge-domain 1000
or
Egress switchport configuration (NNI)
interface TenGigabitEthernet3/3
switchport
switchport mode trunk
switchport allowed vlan 1000
Presentation_ID
17
Ingress
C-MAC1
Egress (ES
+40)
ISID-1
C-MAC2
Port,
802.1q or
802.1ad
(QinQ)
EFP
Service
instances
ISID-2
MPLS Interface/
Sub-interfaces
C-MAC3
ISID-3
VLAN tag
translation and
manipulation
C-MAC4
MPLS Transport
Network
(H)-VPLS Pseudowire(s)
B-MAC2
ISID-4
VFI
802.1q/qinq/ 802.1ad
PBN
Presentation_ID
AS
18
Step 2
Mac-in-Mac tunnel configuration
ethernet mac-tunnel virtual 1
description ** IB-BEB - Mac Tunnel 1
bridge-domain 1000
service instance 1 ethernet
description ** VPWS Service - ISID
encapsulation dot1ah isid 10000
bridge-domain 100 c-mac
Step 3
VPWS configuration
interface Vlan1000
description ** IB-BEB VPWS Service
xconnect 2.2.2.2 3000 encapsulation mpls
Presentation_ID
19
interface TenGigabitEthernet3/2
dot1q tunneling ethertype 0x88A8
service instance 100 ethernet
description ** UNI EFP - VPLS Service
encapsulation dot1q 100 second-dot1q 1-4094
rewrite ingress tag pop 1 symmetric
service-policy input vz-ingress-policer
service-policy output vz-H-QoS-parent
l2protocol forward
bridge-domain 100 c-mac
Presentation_ID
Step 2
Mac-in-Mac tunnel configuration
ethernet mac-tunnel virtual 1
description ** IB-BEB - Mac Tunnel 1
bridge-domain 1000
service instance 1 ethernet
description ** VPWS Service - ISID
encapsulation dot1ah isid 10000
bridge-domain 100 c-mac
Step 3
VPLS configuration
l2 vfi Vz-MAC-Tunnel-1 manual
vpn id 3000
neighbor 2.2.2.2 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls
interface Vlan1000
description ** IB-BEB VPLS Service
xconnect vfi Vz-MAC-Tunnel-1 manual
20
The Cisco implementation will provide for the services mandated by 802.1ah, and will
extend them to support all the following offerings:
S-Tagged Service
Multiplexed: Each S-VID maps to an I-SID. It is possible to retain or pop the STAG. (Retention of S-TAG is an extension of 802.1ah)
Bundled (same as 802.lah): Multiple S-VIDs map to an I-SID. The S-TAG must
be retained
Port Based Service (same as 802.1ah): All frames are mapped to the same I-SID.
All tags, if any, are retained.
21
CiscoEXPO
Cisco Public
PBBN Side
Data
or
B-DA
B-DA
B-DA
C-DA
Data
Data
Data
Data
Data
or
B-DA
C-DA
B-DA
C-DA
C-SA
B-DA
C-DA
0x800
Data
Data
Data
Data
Data
or
or
B-DA
B-DA
C-DA
B-DA
C-DA
C-SA
B-DA
B-DA
0x800
Data
Data
Data
Data
Data
Presentation_ID
C-SA
C-DA
C-SA
22
IP/MPLS
IP/MPLS
IP/MPLS
c-mac
c-mac
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
c-mac
Presentation_ID
IP/MPLS
c-mac
c-mac
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
c-mac
c-mac
c-mac
:
:
:
:
:
c-mac
b-mac
b-mac
:
b-mac
b-mac
b-mac
:
b-mac
c-mac
c-mac
:
:
:
:
:
c-mac
Deployment Scenario:
H-VPLS extension + 802.1ah
802.1Q
CE
VPWS/
H- VPLS w/
802.1ah
C-VLAN
uPE/
IB-BEB
CE
VPWS
VPWS/
H- VPLS w/
802.1ah 802.1ad/Q-in-Q
VPWS/VPLS
uPE/
IB-BEB
nPE
nPE
VPWS
VPWS
VSI
VPWS/VPLS
IP/MPLS Core
CE
BEB
I-SID
nPE
VSI
nPE
uPE/
IB-BEB
I-SID
E-Line Service
uPE/
IB-BEB
E-LAN Service
S-VLAN
CE
802.1ad/Q-in-Q
VSI
CE
S-VLAN
uPE/
IB-BEB
I-SID
CE
CE
VPWS
CE
802.1ad/ Q-in-Q
S-VLAN
CE
CE
S-VLAN
MPLS
Access
Presentation_ID
Aggregation
Core Transport
Aggregation
Access
24
Scalability
Scalability Factor
Scalability Number
32000
16000
16M
128000 (32000 per NPU)
110
220
440
4094
16000
32000
25
CiscoEXPO
Cisco Public
Agenda
IEEE 802.1ah Technology and Benefits
7600 Platform 802.1ah Architecture
Implementing 802.1ah + VPWS/VPLS Services on 7600
Implementing 802.1ah QoS on 7600
L2 Convergence
Overview and Evolution
MST Access Gateway Concept
mLACP
Conclusions
26
CiscoEXPO
Cisco Public
Ten3/1
PE1Ten3/2
IB BEB
ES2
IXIA
C-DA
C-SA
S-Tag, CoS=1
C-Tag, CoS =2
C payload
FCS
1.
2.
Ten3/4
MPLS Link
On PE1-IB_BEB
Ten1/0/1
IXIA
Ten1/0/0
ES1
ES3
IXIA
Ten3/3
L2 Link
Ten3/1
P-
PE2-
BCB
IB-BEB
Ten3/2
Ten3/4
MPLS Link
B-DA
ES4
B-SA
IXIA
B-Tag,
CoS=3,4,5
I-Tag, CoS=3,4,5
C-DA
C-SA
C-Tag, CoS =2
C-DA
C-SA
S-Tag,
CoS=3,4,5
C-Tag, CoS =2
C payload
FCS
C payload
FCS
Egress card frames are sent to separate queues based on Policer marking for Queuing, etc .
Show end-2-end remarked CoS mapping in PBB frame and Egress PE2-IB_BEB
Presentation_ID
Sniffer capture to show COS is mapped from S-TagI-TagB-Tag and back to egress S-Tag
2006 Cisco Systems, Inc. All rights reserved.
27
References
IEEE 802.1ah - Provider Backbone Bridges, Draft 4.2, April 2008.
VPLS Interoperability with Provider Backbone Bridges, draftsajassi-l2vpn-vpls-pbb-interop-04-txt, March 2009.
Extensions to VPLS PE model for Provider Backbone, Bridging
draft-balus-sajassi-l2vpn-pbb-vpls-00.txt, March 2009.
Provider Backbone Bridging and MPLS: Complementary
Technologies for Next-Generation Carrier Ethernet Transport, S.
Salam and A. Sajassi, IEEE Communications Magazine, Vol. 46,
No. 3, March 2008.
The Evolution of Carrier Ethernet Services Requirements and
Deployment Case Studies, L. Fang, N. Bitar, R. Zhang, and M.
Taylor, IEEE Communications Magazine, Vol. 46, No. 3, March
2008.
Presentation_ID
28
Agenda
IEEE 802.1ah Technology and Benefits
7600 Platform 802.1ah Architecture
Implementing 802.1ah + VPWS/VPLS Services on 7600
Implementing 802.1ah QoS on 7600
L2 Convergence
Overview and Evolution
MST Access Gateway Concept
mLACP
Conclusions
29
CiscoEXPO
Cisco Public
L2 Convergence
30
CiscoEXPO
Cisco Public
30
Agenda
IEEE 802.1ah Technology and Benefits
7600 Platform 802.1ah Architecture
Implementing 802.1ah + VPWS/VPLS Services on 7600
Implementing 802.1ah QoS on 7600
L2 Convergence
Overview and Evolution
MST Access Gateway Concept
mLACP
Conclusions
31
CiscoEXPO
Cisco Public
Improve scalability
No full STP processes on NPE routers
Platform Support
ASR9K since FCS
7600 12.2SRE
Presentation_ID
32
MST AG operation
SRE
MST AG ports send preconfigured BPDUs with root or zero cost to root information towards
access network. Access network sees a loop because of root reachability from both NPEs.
Both NPEs can send the same information or arbitrarily can be set as best and second best
bridge via priority or cost setting for load balancing purposes
Root bridge can be one of the NPEs or arbitrarily set non-existent bridge address
MST AG ports are always in Designated state and are forwarding
L2 domain runs regular MST protocol. All convergence operations and port state transitioning
happen in the access network.
Presentation_ID
33
NPEs snoop and relay TCN from BPDU received from access network
NPEs trigger MAC withdrawal to neighbors
TCN is forwarded only to the port within the same MST AG group thus providing L2
domains isolation
Presentation_ID
34
Presentation_ID
35
When root bridge recovers it starts sending best BPDU towards the access network and
convergence to the original path occurs
Sending of the best BPDU has to be delayed to allow core convergence; e.g. if the router was
reloaded
7600 router runs STP state machine on MST AG when the port is coming from down to up state.
The ports is going through LST-LRN-FWD states. To disable this behavior spanning tree port
fast has to be configured on MST AG ports. BPDUs are sent immediately upon port recovery
which can cause traffic black-hole if core has not converged. EEM can be used to delay port-up
event under certain scenarios.
ASR 9K does not run spanning tree state machine and defines a dedicated timer to delay the
best BPDU generation.
Presentation_ID
36
N-PE isolation occurs if all core facing interfaces are not available resulting in VPLS,
Psedowires or L3 connectivity failure
N-PE isolation failure is not propagated into access interfaces therefore STP topology
remains unchanged, this results in traffic blackhole as access network continues
forwarding towards isolated PE
An uplink tracking feature is under consideration for future releases
Current solution is based on EEM when router isolation is discovered the access
interfaces from redundant networks can be shut down which triggers MST convergence.
Upon recovery, timer can be set to delay access links recovery and avoid immediate
BPDU sending to the access network.
Presentation_ID
37
Presentation_ID
38
39
RPVST/
PVST
NO
BPDU relay only
VLAN-STP
mapping
Per VLAN
Dynamic
Port State
N/A
Dynamic
BPDU
always FWD
N/A
MST
MST AG
SRD
SRE
YES
YES
NO
Designated ports, always forwarding
NO
preconfigured BPDUs
YES
TCN
isolation
YES
NO
MAC
Withdrawal
NO
YES
YES
Complexity
Medium
High
Low
Presentation_ID
Prone to miss-configuration
40
Presentation_ID
41
Presentation_ID
42
interface Vlan1
no ip address
xconnect vfi BPDU
end
NPE-1#sh run | sec BPDU
l2 vfi BPDU manual
vpn id 1
forward permit l2protocol all
neighbor 10.1.1.6 encapsulation mpls
Presentation_ID
43
vlans mapped:
3500-3599
address 001e.f7f6.6040 priority
this switch for MST1
Interface
---------------Gi1/1
Gi1/32
PW 10.1.1.6:1
Role
---Desg
Desg
Desg
Sts
--FWD
FWD
FWD
Cost
--------20000
20000
200
Type
-------------Edge P2p
P2p R-L2GP
P2p R-L2GP
Presentation_ID
44
on SP
deb spanning-tree pseudo-information!
debug spanning-tree bpdu!
deb spanning-tree mstp tc!
deb spanning-tree mstp flush !!
Presentation_ID
45
MST AG Restrictions
Supported on ES+ and ES20
Applicable to EVC with Bridge Domain only
No xconnect, connect or subinterface support
Presentation_ID
46
Scale
Comment
STP Regions
MST
instances
64
As above
R-L2GP
groups
256
Ports in
No limit
R-L2GP group
Presentation_ID
47
Presentation_ID
VFI
48
Conclusions
MST AG provides an appealing option to operate STP
networks to service providers:
Maintaining access networks without modification
Lower maintenance complexity on N-PEs no full
spanning tree support
Lower troubleshooting complexity on the network
STP isolation for L2 aggregation domains separated by
VPLS core
Deterministic root location
49
Agenda
IEEE 802.1ah Technology and Benefits
7600 Platform 802.1ah Architecture
Implementing 802.1ah + VPWS/VPLS Services on 7600
Implementing 802.1ah QoS on 7600
L2 Convergence
Overview and Evolution
MST Access Gateway Concept
mLACP
Conclusions
50
CiscoEXPO
Cisco Public
mLACP
SRE
Standby POA
DHD
Inter-chassis Communication
51
ICCP Overview
ICCP is implemented according to the standard draft-martini-pwe3iccp-00.txt
ICCP is an extensible Protocol to synchronize event/states between
multiple chassis which are part of the redundant group.
ICCP is a reliable protocol which runs over TCP
ICCP PDUs are exchanged between Peers to keep the application state
consistent across Routers.
Control Messages to setup, notify and exchange heartbeats.
Data Messages to exchange the application state consistent across the
chassis. Ex: LACP Parameters
ICCP failure detection
ICC Heartbeat Slow (~ 30 sec)
/32 Next-hop Tracking Depends on IGP timers
BFD ~50 150 msec
Presentation_ID
52
Presentation_ID
53
Standby
PE1
Standby
PW 2
Active
PW 1
Standby
L1
Active
Active
PE3 E Active
L3
PE2
Active
Active
PW 3
DHD1
SRE
Standby
PW 4
L4
PE4
Standby DHD2
Standby
VPWS
Two PEs form one virtual group on each site, one PE is primary the other is backup
PEs send primary/backup information during PW signaling
PW with both sides status <active> are established, others are hot standby
MPLS uplinks, attachment circuits and PW status tracking
Message exchange within virtual group (for mLACP it is ICC) with redundancy
status
VPLS
PW will be active between PEs with active access circuits only
Single active path through VPLS domain between PE virtual group
Presentation_ID
54
Pseudowire Redundancy
Two-way
PE1
IP/MPLS
Prim.
Primary
Pseudowire
PE2a
Prim.
CE1
CE2
ICCP
ICCP
LACP
Back.
IP or MPLS
PE2b
Redundant
Pseudowires
ICCP = Inter-Chassis Control Protocol
LACP
Back.
55
Pseudowire Redundancy
Two-way
PE1
IP/MPLS
Prim.
Primary
Pseudowire
PE2a
Prim.
CE1
CE2
ICCP
ICCP
LACP
Back.
IP or MPLS
PE2b
Redundant
Pseudowires
ICCP = Inter-Chassis Control Protocol
LACP
Back.
56
Pseudowire Redundancy
Two-way
PE1
IP/MPLS
Prim.
Primary
Pseudowire
PE2a
Prim.
CE1
CE2
ICCP
ICCP
LACP
Back.
IP or MPLS
PE2b
Redundant
Pseudowires
ICCP = Inter-Chassis Control Protocol
LACP
Back.
57
mLACP CLI
Interchassis Redundancy Group
redundancy
interchassis group 1
member ip 10.12.1.33
! this is IP-address of opposite end of direct link between NPE-1/2
backbone interface GigabitEthernet1/40
mlacp system-priority 100
mlacp node-id 0
! monitor peer [bfd | route-watch]
Presentation_ID
58
Presentation_ID
59
Presentation_ID
60
Presentation_ID
61
Reference
1.
2.
3.
4.
5.
6.
7.
62
CiscoEXPO
Cisco Public
63
CiscoEXPO
Cisco Public
64
CiscoEXPO
Cisco Public
Backup Slides
CIscoEXPO
Cisco Public
65
PW Status TLV
Mapping for primary and and backup, but using TLV Status for detection
66
CiscoEXPO
Cisco Public
PW Status
1. Until the SRC: when the AC associated with a PW is down (or
being held down for PW redundancy) labels advertised to peers
are withdrawn.
2. RFC4447 specifies extensions for LDP which allow PW status to
be carried in notification messages to peers. This diverges LDP
label mappings from the AC status notification and allows labels
to be retained through AC status changes:
- as soon as the xconnect is provisioned,
- and until the xconnect is unprovisioned or AC interface shutdown.
3.
The router can send pseudowire status to a peer router, even when the
attachment circuit is down
interface Loopback0 !
ip address 10.1.1.1 255.255.255.255 !
! !
pseudowire-class atomstatus !
encapsulation mpls !
status !
! !
interface GigabitEthernet10/5 !
xconnect 10.1.1.2 123 pw-class atomstatus !
CiscoEXPO
Cisco Public
67
Cisco Public
Cisco Public