Configure VPLS on NE Series Routers Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. HUAWEIForeword e Ethernet technologies are widely used in enterprise networks, and operator networks, especially MANs. Due to the advantages of having high bandwidth and low cost, Ethernet is getting popular along the days. Ethernet MAN provides multipoint-to-multipoint services. MPLS development popularizes MPLS-based L2VPN applications. To ensure that Ethernet-like multi-point services are provided on MAN/WAN, Virtual Private LAN Service (VPLS) emerges. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page2 We nuawerObjectives e Upon completion of this course, you will be able to: o Master the VPLS implementation principle. a Configure VPLS on a network that consists of NE routers. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page3 ye HUAWEI© Contents 1. VPLS Overview 2. VPLS Implementation 3. VPLS Feature Configuration on NE Routers 4. Hands-on VPLS Configuration Practice Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Pages ye HUAWEIContents 1. VPLS Overview 2. VPLS Implementation 3. VPLS Feature Configuration on NE Routers 4. Hands-on VPLS Configuration Practice Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. PageS ye HUAWEIWhat is VPLS?(1/2) e VPLS is an L2 VPN technology based on MPLS and Ethernet technologies. VPLS can implement multipoint-to-multipoint VPN networking. Emulated Service Abranch 1 Abranch 2 B branch 1 BEY) 8 branch 2What is VPLS?(2/2) « VSI (Virtual Switch Instance) : By using VSIs, the actual attachment circuits (ACs) of VPLS can be mapped to pseudo-wires (PWs). ¢ PW (Pseudo-wires) : indicates a bidirectional virtual connection between two VSls. A VSI consists of a pair of unidirectional MPLS virtual circuits (VCs). e VC (Virtual Circuit) : indicates a unidirectional logical connection between two nodes. One PW consists of a pair of reverse VCs. In certain applications, one VC can serve as a unidirectional PW. e AC (Attachment Circuit) : indicates the connection between CE and PE, which can be an actual physical interface or a logical interface. All user packets, including L2 and L3 protocol packets, on the AC must be forwarded to the peer site without change. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page? ye HUAWEIVPLS Signaling Transfer e Establishment of the outer tunnel: a The outer tunnel can be an LDP LSP Tunnel, GRE Tunnel, or MPLS TE Tunnel. Therefore, the outer tunnel can be established through LDP, RSVP-TE, or static configuration. e Establishment of the inner PW: o LDP Mode: Similar to Martini mode where extended LDP is used to transfer L2 VPN, including inner label information. a MP-BGP Mode: Similar to Kompella mode where MP-BGP is used to transfer L2 VPN information. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Pages We nuawerVPLS User Packet Forwarding 5 ces cea Veg L2pou) T[v PE2 PEt LapDU NN LePoI Me », cE2 é a Ky ae Ac Pw <4 — — © pwsignal C8 tunnelSelf-Test Question About VPLS Overview 1. Which of the following statements about the VPLS are true? (_) A. The VPLS can implement the multipoint-to-multipoint MPLS L2 VPN. B. The VPLS can be implemented in either of the following modes: Martini and Kompella C. In Martini mode, data needs to be encapsulated only by one layer of label. D. In Martini mode, the inner label is distributed by MP-BGP. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page10 ye HUAWEIContents 1. VPLS Overview VPLS Implementation VPLS Feature Configuration on NE Routers WN Hands-on VPLS Configuration Practice Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Paget1 ye HUAWEIVPLS Implementation e According to the signaling transfer mode of VPLS, two methods can be used to implement VPLS: a Martini Mode: LDP is used as signaling, and the peers of the PE need to be manually specified. a Kompella Mode: BGP is used as the signaling. The VPN Target property can be configured to implement automatic discovery of VPLS members. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page12 ye HUAWEIWhat is Martini VPLS? « VPLS of Martini mode indicates establishing a multipoint-to-multipoint MPLS L2 VPN of a PW by using an inner label distributed by the extended LDP. LDP PW Signaling VPNA VPNBMartini VPLS Signaling Transfer (1/3) {[PEA]mpls idp remote-peer PEB | [PEA-mp1s-ldp-remote-PEB] remote-ip 3.3.3.3 //Establish a remote LDP session with the remote PE. | [PEA] vsi huawei static | [PEA-vsi-huawei]pwsignal ldp | [PEA-vsi-huawei-ldp]vsi-id 200 | [PEA-vsi-huawei-ldp]peer 3.3.3.3 | //Create a user VSI huawei. Use the LDP signaling, specify the PE neighbor as | 3.3.3.3, and set VSI-ID to 200. | [PEA-Ethernet0/0/0.200] vlan-type dotlq 200 | [PEA-Ethernet0/0/0.200] 12 binding vsi huawei |//Bind the VSI with an interface Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page14 ye HUAWEIMartini VPLS Signaling Transfer(2/3) {[PEB]mpls idp remote-peer PEA | [PEB-mp1s-ldp-remote-PEA] remote-ip 2.2.2.2 ‘ //Establish a remote LDP session with the remote PE. | [PEB] vsi huawei static | [PEB-vsi-huawei]pwsignal ldp | [PEB-vsi-huawei-ldp]vsi-id 200 | [PEB-vsi-huawei-ldp]peer 2.2.2.2 | //Create a user VSI huawei. Use the LDP signaling, specify the PE neighbor as 2.2.2.2, and set VSI-ID to 200. | [PEB-Ethernet0/0/0.200] vlan-type dotlq 200 | [PEB-Ethernet0/0/0.200] 12 binding vsi huawei |//Bind the VSI with an interface Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page15 ye HUAWEIMartini VPLS Signa MPLS LDP Remote session - ~~. ling Transfer(3/3) MPLS Domai BI 1 3 5 s|l[e lisplay vsi name huawei verbose! Label Mapping Message [PEB]display vsi name huawei }L4] | PEA tocal vc label verbose *eeVSIName — : huawei ' PW Signaling ldp t “VSI Name huawei Member Discovery Style: static i pape Mapping Message PW Signaling dp Encapsulation Type: vian ‘Member Discovery Style : static Tu 1500 Encapsulation Type _: vian Voi state up mtu 1500 St ID 200 VSI State up vstiD 200 Interface Name : Ethemet0/0/0.200 State up Interface Name : Ethernet0/0/0.200 State up ‘Peer ip Address 3.3.3.3 PW State up ‘Peer Ip Address: 2.2.22 Local VC Label: 19456 PW State up Remote VC Label: 19457 Local VC Label: 19457 Remote VC Label: 19456Martini VPLS Data Forwarding e VPLS implements simulation of Ethernet L2 interconnection. The public network provided the function similar to that of an L2 switch. To forward packets like an L2 switch, the PE needs to establish an MAC forwarding table. e VPLS data forwarding is described from the following aspects: a MAC address learning and flooding a Packet encapsulation o Data forwarding a Loop prevention Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page17 ye HUAWEIMAC Address Learning and Flooding (1/4) e The MAC forwarding table is established through MAC address learning, including learning of the packets from the user side and from the PW. e Inthe VPLS, the service provider network simulates the bridge equipment, and the PE performs MAC address learning. To forward packets, the PE must be able to associate the destination MAC address with the PW. The PE learns the remote MAC address through the PW, and learns the MAC address of direct access through the AC. o MAC address from the remote PE: recorded as MAC—LSR-ID of the remote PE a MAC from the local CE: recorded as MAC—VSI corresponding interface Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page18 ye HUAWEIMAC Address Learning and Flooding (2/4) « Two modes of MAC address learning: a Qualified mode + The PE performs learning based on the MAC addresses and VLAN tags of the user Ethernet packets, that is, based on each VLAN of each VSI. In this mode, each user VLAN forms its own broadcast domain with an independent MAC address space. This is Independent VLAN Learning (IVL) in the same switch a Unqualified mode + The PE performs learning based on only the MAC addresses of the user Ethernet packets, that is, based on each VSI. In this mode, all user VLANs share a broadcast domain and an MAC address space. The MAC address of the user VLAN must be unique. This is shared VLAN learning (SVL) in the same switch. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page19 ye HUAWEIMAC Address Learning and Flooding (3/4) VSI MAC. Port VSI MAC. Port |VPN1 | 0001-1111-abed [vian10,porty LVPNA (0001-1111 ‘abed [_pw2 VPN1] 0001-2222-abed __pwt v y Pet MAC: 0001-1111-abed IP 44.4.4 24 VLAN:10 y~ ‘MAC: 0001-3333-abed| IPS 44.41.31 24 Port (0001-1111-2 ‘abod| _pwt (0001-2222. -abed] vian10.port > ARP Broadcast > ARP ReplyMAC Address Learning and Flooding (4/4) e The process of MAC address learning includes two parts: 1, Remote MAC address learning associated with the PWs 2. Local MAC address learning with the port directly connected to the user e Foran L2 packet sent by the CE, the source MAC address of the packet needs to be learnt to the relevant port of the VSI. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page21 We nuawerData Forwarding (1/2) e VLAN access in Tagged mode (Does not carry U-TAG) cet aC L2 Header| P-TAG |IP Header] Dala PEI Pw {-2Header| Tunnel Label] VC Label |.2 Header| P-TAG |IP Header] Data PE2| ac |L2 Header| P-TAG |IP Header| Data CEQ Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page22 ye HUAWEIData Forwarding (2/2) e VLAN access in Tagged mode (Carry U-TAG) cet AC L2 Header] P-TAG | U-TAG |IP Header] Data PET Pw [b2Header| Tunnel Lebel] ve Lebel [L2 Header] P-TAG | U-TAG |IP Header] Dete PE2| AC L2 Header] P-TAG | U-TAG |IP Header] Data Ce2 Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page23 ye HUAWEILoop Prevention (1/3) e In VPLS, full mesh and split horizon are used to avoid loops. o Full Mesh Site A VPNA VPNA Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page24 ye HUAWEILoop Prevention (2/3) o Split Horizon Each PE router must support the horizontal splitting policy to avoid loops. In this principle, PE cannot forward packets between PWs that have the same VPLS instance. Packets received from a PW at the public network side are forwarded to the private network side, but not to other PWs. Packets received from a PE are not forwarded to other PEs. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page25 ye HUAWEILoop Prevention (3/3) e Forwarding of broadcast traffic o If the PE receives broadcast traffic sent by a local user, the PE forwards the broadcast traffic to all other ports of the same VPLS and all other PEs of the same VPLS. o If the PE receives broadcast traffic from a remote PE, the PE forwards the traffic to only local users of the same VPLS, but not to other PEs. a Fora packet whose destination MAC address is a non-broadcast address, if the PE does not learn the MAC address, the PE broadcasts this packet to all PWs. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page26 ye HUAWEISelf-Test Questions About VPLS Implementation 1. In Martini mode, the inner label for data encapsulation is distributed by (_ ). A. LDP B. Remote LDP C. BGP D. MP-BGP Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page27 ye HUAWEISelf-Test Questions About VPLS Implementation 2. Which of the following methods can be used to implement no loop within the VPLS? (_ ) A. Configure the same VSI ID B. Establish a full connection C. Conduct horizontal split D. Set the default AC encapsulation mode to VLAN Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page28 ye HUAWEI© Contents 1. VPLS Overview 2. VPLS Implementation 3. VPLS Feature Configuration on NE Routers 4. Hands-on VPLS Configuration Practice Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page29 ye HUAWEITypical VPLS application Scenarios (1/2) e Layer 2 interconnection in Ethernet access of Enterprise VPNs Enterprise A mierpriseA Enterprise Ethernet Leased Line Traffic,Typical VPLS application Scenarios (2/2) —senvice flowConfiguration Example -Topology Description VPNA CE3Martini VPLS Configuration — Configuration Steps (1/2) Step | Operation View Commands 1 Enable MPLS LDP capability | [Quidway] mpls of PE and P devices on the | [Quidway- mpls Idp backbone network. interface} 2 | (Optional) If the PEs are not | [Quidway] mpls Idp remote-peer peer name directly connected, establish | [Quidway-mpls- | remote-ip peer ip address remote LDP sessions. Idp-remote-peer] 3. | Enable the MPLS L2 VPN [Quidway} mpls l2vpn capability of the PE devices Copyright © 2011 Huawei Technologies Co., td. All rights reserved. Page33 We nuawerMartini VPLS Configuration — Configuration Steps (2/2) Step _| Operation View Commands 4 | Create a VSI [Quidway] vsi vsi-name static pwsignal Idp vsi-id vsi-id peer peer-address 5 Bind the VSI with the AC | [Quidway-ethernet] | 12 binding vsi vsi-name interface on the PE device Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page34 6 HuaweiConfigure Martini VPLS —PE Configuration (1/2) VPNA CE3 ~ [PEl]mpls lsr-id 1.1.1.1 [PE1]mpls /Enable basic MPLS function. PE1]mpls ldp //€nable basic MPLS LDP function. [PEl]interface Ethernet0/0/2 [PE1-Ethernet0/0/2]mpls [PE1-Ethernet0/0/2]mpls ldp (PEl]interface Ethernet0/0/3 [PE1-Ethernet0/0/3]mpls [PE1-Ethernet0/0/3]mpls ldp VPNA CE1 //Enable basic MPLS function on the interface “/Enable basic MPLS LDP function on the interface VPNA CE2Configure Martini VPLS —PE Configuration (2/2) PNA CE3 tt Configure the same configuration of PE1 on PE2 and PE3 [PE1]mpls 12vpn Enable the MPLS L2 VPN capability on PE device [PE1]vsi huawei static /[Create VSI [PE1-vsi-huawei]pwsignal ldp [PE1-vsi-huawei-ldp]vsi-id 100 [PE1-vsi-huawei-ldp]peer 2.2.2.2 [PE1-vsi-huawei-ldp]peer 3.3.3.3 [PEl]interface Ethernet0/0/0.1 Configure the AC interface on PE device (PE1-Ethernet0/0/0.1]vlan-type dotlq 100 [PE1-Ethernet0/0/0.1]12 binding vsi huawei //Bind the AC interface on PE device with VSIConfigure Martini VPLS- CE Configuration VPNA CE3 ‘* (CE3]interface Ethernet0/0/0.1 (CE3-Ethernet0/0/0.1]vlan-type dotlq 100 [CE3-Ethernet0/0/0.1]ip address 192.168.1.3 24 =z PTI —— (CE2]interface Ethernet0/0/0.1 [CE2-Ethernet0/0/0.1]vlan-type dotiq 100 [CE2-Ethernet0/0/0.1]ip address 192.168.1.2 24 = BE (CE1]interface Ethernet0/0/0.1 [CE1-Ethernet0/0/0.1]vlan-type dotiq 100 [CE1-Ethernet0/0/0.1]ip address 192.168.1.1 24 7 Coe yg E0/019 VPNA CE1 VPNA CE2Configure Martini VPLS — Checking VSI Instance Information (1/4) e View the VSI instance information: [PE1]display vsi name huawei verbose **eVSI Name : huawei, Administrator VST : no Isolate Spoken : disable VSI Index 20 PW Signaling : Idp Member Discovery Style : static PW MAC Learn Style : unqualify Encapsulation Type : vlan MTU : 1500 Diffserv Mode uniform Service Class Color DomainTa Domain Name 255 : disable Ignore AcState Create Time : 0 days, 3 hours, 8 minutes, 40 seconds vsI State : up Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page38 ye HUAWEIConfigure Martini VPLS — Checking VSI Instance Information (2/4) VSI ID : 100 *Peer Router ID 2 2.2.2.2 vc Label : 19456 Peer Type : dynamic Session : up Tunnel 1D : 0x1004 Broadcast Tunnel ID; 0x1004 cKey :4 key 23 StpEnable 20 PwIndex 20 *Peer Router ID : 3.3.3.3 VC Label 19457 Peer Type dynamic Session up Tunnel ID ox1005 Broadcast Tunnel ID: 0x1005 cKey 26 Nkey 25 StpEnable 20 PwIndex 0 Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page39 We nuawerConfigure Martini VPLS — Checking VSI Instance Information (3/4) Interface Name State Last Up Time Total Up Time : Ethernet0/0/0.1 : up 2011/06/21 11:57:58 : 0 days, 3 hours, 4 minutes, 24 seconds ‘**PW Information: *Peer Ip Address 2 2.2.2.2 PW State : up Local VC Label : 19456 Remote VC Label : 19457 PW Type : label Tunnel 1D : 0x1004 Broadcast Tunnel ID: 0x1004 Ckey 2 0x4 Nkey 2 0x3 Main PW Token 2 0x1004 Slave PW Token 2 0x0 ‘Trl Type : LSP Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Pagedo ye HUAWEIConfigure Martini VPLS — Checking VSI Instance Information (4/4) Tnl Type Out Interface Stp Enable Mac Flapping PW Last Up Time PW Total Up Time *Peer Ip Address PW State Local VC Label Remote VC Label PW Type Tunnel ID Broadcast Tunnel ID Ckey Nkey Main PW Token Slave PW Token Tnl Type Out Interface stp Enable Mac Flapping PW Last Up Time PW Total Up Time : LSP : Ethernet0/0/2 20 20 2 2011/06/21 12:07:57 : 0 days, 2 hours, 54 minutes, 25 seconds : 3.3.3.3 : up : 19457 : 19457 : label 2 0x1005 2 0x1005 2 0x6 : 0x5 : 0x1005 2 0x0 : LSP : Ethernet0/0/3 20 10 : 2011/06/21 12:08:20 : 0 days, 2 hours, 54 minutes, 2 secondsConfigure Martini VPLS — Check the Connectivity between CEs (1/2) e Check the connectivity between CEs: [CE1]ping 192.168.1.2 PING 192.168.1.2: 56 data bytes, press CYRL_C to break Reply from 192.168. bytes=56 Sequenc 1. Reply from 192.168.1.2: bytes=56 Sequenc 55 time=80 Reply from 192.168.1.2: bytes=56 Sequenc: 55 time=80 Reply from 192.168.1.2: bytes=56 Sequenc 55 time=80 Reply from 192.168.1.2: bytes=56 Sequence=: time=90 --- 192.168.1.2 ping statistics --- 5 packet(s) transmitted 5 packet (s) received 0.00% packet loss round-trip min/avg/max = 80/86/100 ms tt1=255 time=100 ms ms ms ms ms Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Pagea2 We nuawerConfigure Martini VPLS — Check the Connectivity between CEs (2/2) [CE1]ping 192.168.1.3 PING 192.168.1.3: 56 data bytes, press CTRL_C to break Reply from 192.168. Reply from 192.168. time=60 ms time=80 ms bytes=56 Sequence bytes=56 Sequenc Reply from 192,168.1.3: bytes=56 Sequenc! time=30 ms Reply from 192,168.1. Sequenc' time=60 ms Reply from 192.168.1. Sequenc! time=70 ms 1. 1. --- 192.168.1.3 ping statistics --- 5 packet(s) transmitted 5 packet (s) received 0.00% packet loss round-trip min/avg/max = 60/72/90 ms «The preceding configuration example shows that, by configuring VSis with the same VSI ID on the PE, CE1, CE2, and CE3 that belong to the same VPLS can be interconnected. Different from the point-to-point VLL mode, in VPLS mode, the PE implements point-to- multi-point connections through VSI, but does not need to create a VC for each connection between CEs. For example, on PE1, communication between CE3 and CE 1 and between CE3 and CE2 is implemented by using VS! huawei.© Contents 1. VPLS Overview 2. VPLS Implementation 3. VPLS Feature Configuration on NE Routers 4. Hands-on VPLS Configuration Practice Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Pageaa ye HUAWEIHands-On Practice—Topology Description pocceeeeeene ~ \ Lo: ah 1.1132. MPLS Lo: 2.b.2.2/32 REA Domain Aread Eoi0/2 VPNA cE2 Loopback1: 11.11.11.11/32 Loopback4:-24.21.21.21/32 In the preceding topology, the CEs on the two sites of VPN A are interconnected by using VPLS. The Loopback1 address of each CE simulates the user network connected by the CE. The interface, IP address, IGP, and MPLS planning is as shown in the figure. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Pageas ye HUAWEIHands-on Tasks Task Description 1 | Run the OSPF routing protocol according to the area planning in the topology to complete interconnection of network segments between devices in the MPLS domain. 2 According to the sub interface planning in the topology, plan the sub interfaces, VLAN IDs, and IP address network segments on the private network. Configure VPLS connections. The IP addresses on the simulated user network of CE 1 and CE 2 must be reachable. Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Pageas We nuawer@ Summary e VPLS overview e VPLS implementation e VPLS feature configuration on NE routers Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Pagea7 We nuawerThank you www.huawei.com