Layer 2 Transport and Tunneling (L2VPN) Application and Deployment

ACC-2001
8309_06_2003_X © 2003, Cisco Systems, Inc. All rights reserved. 1
Layer 2 Transport and

Tunneling (L2VPN) Application
and Deployment
ACC-2001
ACC-2001
1
Objectives
• Review the basics of L2VPN technology

• Introduce the L2VPN (XConnect CLI)
• Outline common service requirements for L2VPN
and how they are being addressed
• Cover how advanced networks can offer
guaranteed bandwidth and PW circuit protection
• Expanded Case Studies will cover why and how
SPs have chosen to implement L2VPNs
ACC-2001
What You Should Know?
• Why L2VPN technology is becoming ever

important to Service Providers?
• Good understanding of L2VPN
technologies operation (AToM, L2TPv3)
• Quality of Service characteristics of
traditional L2 and L3 encapsulations
ACC-2001
2
Agenda
• L2VPN Technology Review

• Pseudo-wire Configuration Basics
• Implementation Considerations
• Case Studies
ACC-2001
VPN Deployments Today:

Technology and VPN Diversity
Access
Different Access Technologies Access
Different Core Solutions
Only Partial Integration
IP/ IPsec MPLS or IP IP/ IPsec
FR/ATM FR/ATM
Broadband ATM Broadband
Ethernet SONET Ethernet
ACC-2001
3
Consolidated Core –
Supports…
Access
Different Access Technologies Access
Complete Integration
IP/ IPsec IP/ IPsec

MPLS or IP
FR/ATM FR/ATM
Broadband Broadband
Ethernet Ethernet
ACC-2001
A Brief Word about L2 / L3 VPNs
Layer 3 VPNs Layer 2 VPNs
• Provider devices forward • Provider devices forward

customer packets based on customer packets based on
Layer 3 information (e.g., IP) Layer 2 information
• SP involvement in routing • Tunnels, circuits, LSPs, MAC

address
• MPLS/BGP VPNs (RFC

2547), GRE, virtual router • “pseudo-wire” concept
approaches
ACC-2001
4
What Is an L2VPN?
IETF’s L2VPN Logical Context
• An L2VPN is comprised of
switched connections
between subscriber endpoints
over a shared network. Non- SP Interconnection
Provider
subscribers do not have Edge
access to those same
endpoints. Remote Subscriber Location
SP Network
Provider
Edge
Pseudowire
FR Many subscriber
ATM
encapsulations
supportable
PPP HDLC
Ethernet
ACC-2001 Some L1 frame encapsulations are transportable under the framework of L2VPN. This
8309_06_2003_X © 2003, Cisco Systems, Inc. All rights reserved. is acceptable since (unlike native L1) Frames can be dropped due to congestion. 9
L2VPN –
Data Messages
Layer 2 PDU Control L2TPv3 IPv4 Header

(variable) (20 Bytes) Native IP
Word Header
Layer 2 PDU Control MPLS MPLS Tunnel

(variable) Label (4 Bytes) MPLS Core
Word VC-Label
Opt.
Control MUX
Info
ID
Transported / Tunneled Outer Delivery Protocol
Protocol
• Both transport technologies have similar

purposes, functionality and features.
ACC-2001
5
Layer-2 Transport across MPLS
Directed LDP
Control
Connection Used for VC-Label Negotiation, Withdrawal, Error Notification
‘Emulated Circuits’ have 3 layers of encapsulation
Transport Tunnel Header (Tunnel Label)

Component
to get PDU from ingress to egress PE;
could be an MPLS label, GRE tunnel, L2TP tunnel
Demultiplexer field (VC Label)
Tunneling
Component to identify individual circuits within a tunnel;
could be an MPLS label, L2TPv3 header, GRE Key, etc.
Emulated VC encapsulation (Control Word)
L2 PDU
information on enclosed Layer-2 PDU;
(Emulated)
implemented as a 32-bit control word
ACC-2001
Layer-2 Transport over IP
L2TP Control Connection

Control
Connection Used for Session ID Negotiation, Withdrawal, Error Notification
‘Emulated Circuits’ have 3 layers of encapsulation
Transport Delivery Header (IPv4 Header)

Component to get PDU from ingress to egress PE;
could be an MPLS label, GRE tunnel, L2TP tunnel
Demultiplexer field (L2TPv3 Header)
Tunneling
Component to identify individual circuits within a tunnel;
(4 byte Session ID + Optional 8 byte Cookie)
L2 Specific Sublayer + Payload (Layer 2 PDU)
L2 PDU Basic Priority & Sequence Support
ACC-2001
L2 Payload:ATM, HDLC, PPP, Ethernet, Frame Relay, etc.
6
Agenda

• Case Studies
ACC-2001
L2VPN –
XConnect CLI Overview
• Modular design allows application specific

pseudo-wire characteristics to be applied easily
to many individual VCs
• XConnect can be applied at Port, Sub-if, VP and
VC level depending on access circuit (AC) type
• Control Channel can be tailored to fit the
application
ACC-2001
7
L2TPv3 –
XConnect CLI Components
Example: ß L2TP-Class is optional
l2tp-class (optional) l2tp-class default
hostname PE3
- Defines Control Plane attributes
password 0 cisco
- Used to tweak defaults
cookie size 8
pseudowire-class vlan-hi-priority
pseudowire-class encapsulation l2tpv3
- Characteristics template for PWs ip local interface Loopback0
- Tunneling mechanism ip pmtu
- Data plane encapsulation type ip tos value 5
interface FastEthernet5/1.500
xconnect <target pe> encapsulation dot1Q 500

service-policy input vlan -hi-priority
- Xconnect is defined
no cdp enable
- DLCI, VLAN, PVC information.
xconnect 172.18.255.3 500 pw-class vlan-hi-/
ACC-2001 priority
AToM –
XConnect CLI Components
Example:
ldp enabled
mpls label protocol ldp
- Defines LDP as label protocol mpls ldp router-id loopback 0 force
- Globally defined
pseudowire-class (optional) pseudowire-class atom_default

- Characteristics template for PWs encapsulation mpls
- Tunneling mechanism sequencing both
- Data plane encapsulation type
interface FastEthernet5/1.500
2 Ways to configure:
encapsulation dot1Q 500
- xconnect <target PE> service-policy input vlan -hi-priority
- mpls l2transport route <target PE> xconnect 172.18.255.3 1002 pw-class foo
ACC-2001
8
L2TPv3 –
Example of FR with different priorities
frame-relay switching
Turn Frame Relay Switching On
!
pseudowire-class FR -CIR
encapsulation l2tpv3
sequencing both
Establish PW characteristics that
ip local interface Loopback0
reflect the service you wish to
ip tos value 5 provide.
!
Note: PW class is data plane only
pseudowire-class FR -NO-CIR
and the ToS values are in the outer
encapsulation l2tpv3 delivery header.
ip local interface Loopback0
ip tos value 0
!
connect fr-cir -1 ser2/0 500 l2transport Apply to correct DLCIs
xconnect 172.18.255.3 500 pw-class FR -CIR
connect fr-no-cir-1 ser2/0 501 l2transport
xconnect
ACC-2001 172.18.255.3 501 pw-class FR -NO-CIR
When and Where Can I Do This?
Platform Support
• 7200, 7500, 10720, 12000 – in S
• 1700, 2600, 3700, 7400 – in T
Cisco IOS Image
• 12.0(23)S ßService Provider Train
• 12.3(1)T ß Technology Train
ACC-2001
9
Agenda

• Case Studies
ACC-2001
Things to Consider..
• How to provide different Classes of

Service?
• When and where to enforce them?
• What options exist to provide network
resiliency?
• How different media can introduce MTU
issues?
ACC-2001
10
Service Level Agreements –
Why Important?
• Service Providers require tools to measure and

predict service delivery; vital to customer
retention (Network Perspective)
• Enterprise ITs often provide Service Guarantees
based on application criticality. (Budget dictates
service) (Network and / or User Perspective)
• Common Components:
– Availability
– Predictability
– Reparation
– Service
ACC-2001
– Credit, etc.
Layer-2 SLA
• FR / ATM customers
receive traditional SLA Service
Provider
• FR / ATM / Ethernet PE PE
access network may
enforce SLA
ATM
Frame Relay
• Pay-as-you-grow Ethernet CE
services can be CE
implemented for PPP / Site 2
HDLC
Site 1
• Service is typically
unmanaged
ACC-2001
11
Service –
What Priority Options Do the SP Have?
GFC VPI VCI PT CLP HEC
BE
FE
DLCI C/R EA DLCI CN DE
CN
DA SA Type TAG L3 Data CRC
• Provide Service on Port, Layer 2 or Layer 3 Info

• Enforcing sub-rate leased line access
• L2 PDUs provide options for setting frame priority
(ex: CLP, DE, 802.1p)
• L2 PVC or Inner L3 Precedence
ACC-2001
Service –
Precedence Equivalence: MPLS / IP
IP Packet MPLS Label
Outer
Delivery Data Label EXP S TTL
Header
Inner IP
Header
X X X y y 0
Class
DSCP
• IP Precedence is the most often used in determining different
traffic priorities (0 – 7)
• Most SPs implement 3 – 4 traffic classes (Best Effort à
Mission Critical)
• Enforce policies through shaping, marking, policing
ACC-2001
12
Example –
What Are Common Service Requirements?
Frame Relay Service:

• Talking to service providers we could
define 4 service classes for a FR network:
- FR-1: Bandwidth guarantee
- FR-2: CIR+EIR (a la VBR-3)
- FR-3: CIR+EIR (a la VBR-1)
- FR-4: CIR 0
ACC-2001
QoS –
What Tools Are Available?
Modular QoS CLI (MQC):

• Shaping – When transmit rates are higher than expected buffering or
queuing is used delay excess traffic, opposite of policing
• Marking – The ability to differentiated packets by setting properties
within the Layer 2 or Layer 3 header like the IP precedence, or L2 Class
of Service or drop priority.
• Policing – Used to drop or remark with a lower priority IP Precedence or
MPLS EXP bits in traffic that is in excess of contract.
• Queuing – Congestion management by giving correct priority to traffic
classes one can manage time-sensitive applications without penalizing
lower priority traffic. (CBWFQ)
• Policers or MQC definition will be set at incoming DLCI
(class-map, match command) or pw-vc definition (future)
• Dual-Rate Policer required to enforce CIR + PIR profiles
ACC-2001
13
Traffic Leaving Enterprise Network
Service with Service without

Access Network Access Network
Access
Network
CE PE CE PE
• SP enforces SLA on access network • SP enforces SLA using input QoS

preferably policy on PE
• Drop precedence may be marked for FR • Input policy uses policing and marking
/ ATM / Ethernet
• Drop precedence may be marked for FR
• Ethernet may support multiple classes / ATM / Ethernet
• PE may mark traffic after encapsulation • Ethernet may support multiple classes
• No elaborate traffic classification or • PE may mark traffic after encapsulation

mapping of existing IP markings • No Elaborate traffic classification or
mapping of existing markings on PE
ACC-2001
Traffic Leaving Enterprise Network

Access
Network
CE PE CE PE
Access CE PE
CE Network PE Output Policy Input Policy
Output Policy Input Policy Input Policy
<irrelevant> Policing
<irrelevant> Policing [Marking]
[Marking]
[Marking]
ACC-2001
14
Traffic Leaving Service Provider Network

Access
Network
CE PE CE PE
• SP enforces SLA on access

• SP enforces SLA using the output
network preferably
QoS policy on PE
• Access network should serve
packets according to their • Output policy uses queuing,
marking (class / drop dropping and optionally, shaping
precedence) where applicable
ACC-2001
Traffic Leaving Service Provider Network

Access
Network
CE PE CE PE
Access CE PE
CE Network PE Input Policy Output Policy
Input Policy Output Policy Output Policy
<irrelevant>
<irrelevant> Queuing (LLQ)
Queuing (LLQ) <optional>
Dropping (WRED) WRED
[Shaping] [shaping]
ACC-2001
15
The Complete Picture
- WRED IP/MPLS based
- Per Interface level
- LLQ IP/MPLS based shaping
- QoS-Group LLQ
- Discard-Class WRED
- De-bit marking
- BECN/FECN marking
- Per VC and DE-bit

Classification Policing - IP/MPLS classification
and MPLS-EXP or IP-
- QoS-Group/Discard-class marking
DSCP marking
-Including VBR3 policer
PW-VC
Traffic flow
ACC-2001
L2VPN –
MQC Policing Example
Example:
class-map fr-dlci-100
• Match Traffic on L2 Information
match fr-dlci 100 • Set a Policy Map for the entire interface
class-map fr-dlci-101
match fr-dlci 101 • Define actions for access circuit
policy-map serial-3-1-in
class fr -dlci -100
police 256000 16000 16000 conform set -mpls-exp-transmit 3 /
exceed set-mpls-exp-transmit 2
class fr -dlci -333
police 128000 conform transmit exceed drop
interface Serial3/1
encapsulation frame-relay
• Apply to the Interface
service-policy input serial -3-1-in
ACC-2001
16
AToM –
MPLS-TE w / FRR Highlights
MPLS-TE:
• Allows MPLS enabled cores to utilize optimized paths for
differing traffic requirements.
• Optimizes SPF-only routing behavior
• Can make sure underutilized links get used. (Equal/Unequal load
balancing)
Fast Re-Route (FRR)

• Provides alternate path protection for Link & Node failure
• Provides the mechanism to protect AToM PWs through the
MPLS core.
• Reduces fail over times experienced with normal routing
convergence.
For more detail, see: RST-2062 – Deploying MPLS Traffic Engineering
ACC-2001
The Fish Problem

• Some links are DS3, some
are OC-3
Node
Node Next-Hop
Next-Hop Cost
Cost
BB B
B 10
10
• Router A has 40Mb of traffic for
C
C C
C 10
10 Route F, 40Mb of traffic for
D
D C
C 20
20
E
E B
B 20
20
Router G
FF B
B 30
30
G
G B 30
30
• Massive (44%) packet loss at
B
Router B->Router E!
• Changing to A->C->D->E
Router B won’t help
Router F
35M
OC-3 bD OC-3
Router A rop Router E
s!
ffic DS3 Router G
b Tra
80M
OC-3
OC-3 DS3
DS3
Router C Router D
ACC-2001
17
What MPLS-TE Addresses
• Router A sees all links
Node
Node Next-Hop
Next-Hop Cost
Cost • Router A computes paths
BB B
B 10
10
C
C C
C 10
10 on properties other than
D
D
E
E
C
C
B
B
20
20
20
20
just shortest cost
F Tunnel 0 30
G Tunnel 1 30 • Like a L2 PVC, but no IGP
adjacency over the ‘PVC’!!
Router B
Router F
OC-3 OC-3
Router A Router E
DS3 Router G
b
40M
OC-3
OC-3 40Mb DS3
DS3
Router C Router D
ACC-2001
MPLS FRR –
What Does this Mean to AToM?
You Can Minimize packet loss, thus increasing guarantees!
FR AToM PW FR
P1
P2 P3
CE1 PE1 PE2 CE1
Primary
Secondary
• Currently for MPLS enabled cores only!

• FRR builds an alternate path to be used in case of a
network failure (Link or Node)
• Alternate path is pre-calculated; ~50-100ms restore
ACC-2001
18
MPLS FRR –
What Is Required to Enabled it?
P1
Primary
Secondary
P2 P3
CE1 PE1 PE2 CE1
• MPLS-TE Tunnels configured on ingress PEs

• Fast Reroute Protection configured on TE Tunnel
• Preferred-path is directed to local TE Tunnel
• XConnect configured with destination peer address
plus the pseudo-wire class of the appropriate tunnel
ACC-2001
AToM –
FRR Protection: PW Configuration Ex
Primary 1.0.0.27 1.0.0.4
Backup
L1
CE1 PE1 P PE2 CE1

L2
pseudowire-class T41 • Tunnel Selection - Set

encapsulation mpls
preferred-path interface Tunnel41 / the pref path to Tunnel
disable -fallback I/F for dst PE
!
interface gigabitethernet3/0.2
encapsulation dot1Q 204
• Force path to Tunnel
xconnect 1.0.0.4 4 pw-class T41 dst thru
!
ip route 1.4.0.1 255.255.255.255 Tunnel41 • Set exp-path, next-
!
ip explicit -path name PE_1 enable address to bypass link
next-address 1.4.1.2 being protected
ACC-2001 Note: Pseudowire Specific Configuration Shown Only!
19
MTU Calculation / ICMP PMTU
MTU Size:
POS POS
FR ~ 4470
FR X FR
POS ~ 4470
CE1 PE1 PE2 CE1
FE ~ 1500 POS FE
P
Inter -PoP
• It is important to calculate the max MTU for all

links in the network.
• Supported via “ip pmtu” (L2TPv3) command provides ICMP
notification to the offending sender.
• In AToM “mtu <x>” or “mpls mtu <x>”, Example:
Core MTU >= (Edge MTU + Transport header + AToM header + (MPLS label stack)
ACC-2001
SLA –
How Do I Monitor Service?
1.0.0.27 1.0.0.4
CE1 PE1 P PE2 CE1

Inter -PoP
20ms 15ms 20ms
Unmanaged
Managed
• External Probes between POPs, and

• Embedded agents in customer CPE
• SAA is an embedded “Active” software agent in
Cisco IOS
• UDP Echo & UDP Jitter Probes use intelligent
ACC-2001time-stamps (Interupt level receive, etc.)
20
SLA –
SAA Configuration Example
1.0.0.27 1.0.0.4
Probe Packet 1
Packet 1 Response
Probe Packet 2
PE1 PE2
PE1(config)#rtr 200
PE1(config-rtr)#type jitter dest-ip 1.0.0.4 dest-port 99 num-packets 20 interval 20
PE1(config)#rtr schedule 1 life forever start-time now
PE2# conf t
PE2(config)#rtr responder
• Probes NOT required on all PEs to get bi-

directional delay statistics; rtr responder only
• Run RTR ATM / Frame-Relay or L3 on CEs for
customer verification ß Keep the SP honest
ACC-2001
8309_06_2003_X Please see NMS-4041 for SAA deployment details! 41
© 2003, Cisco Systems, Inc. All rights reserved.
Add it Up..
• Setup Services with QoS / TE, etc.

• Setup MQC Actions to reflect Policies
• Build appropriate Pseudo-wire classes
• Enabled advanced features (MPLS-TE, DS-TE,
etc.)
• Allocate BW for customers and don’t over
subscribe CIR, CBR commitments
• Implement FRR for resiliency
• Implement SAA for monitoring response times
• Start provisioning PWs..
ACC-2001
21
Agenda

• Case Studies
ACC-2001
L2VPN Application –
Objectives
• Illustrate How L2VPNs are being utilized:

– Operational Simplification through Network Consolidation
– Creative Cost Reduction for managed Services
– Leveraging the PSN for New Services
ACC-2001
22
L2VPNs –
Network Consolidation
Provider Profile:
• Wireless services, updating internal infrastructure, no new
service creation
Problem:
• Next generation technology required build-out of new network
infrastructure
• Legacy services left too many overlapping networks to support,
maintain and operate.
• New high-speed network is underutilized
Q: How can the Service Provider consolidate legacy

systems by utilizing L2VPN technology?
ACC-2001
L2VPNs –
Pre - Network Consolidation
T1s T1s
HDLC HDLC
DS3 2G DS3
MSC MSC
DS3 2.5G DS3
MSC MSC
3G
OC-3 OC-3
MSC Regional National Regional MSC

ACC-2001 Switching Center Data Center Switching Center
23
Consolidation –
Migration Steps
• Establish base MPLS infrastructure

– Enable on P, PE routers
• Incorporate enhanced MPLS services
- Add MPLS TE Tunnels
- Add relevant QoS configurations
• Upgrade links & design
– Redundancy Considerations
– Capacity
• Migrate the MSCs to main uplinks
- Configure overlay network with AToM PWs
ACC-2001
Consolidation –
Migration Steps
CE1 FRR Link & Node
Protection
PE2
PE1
P
PE1(Configuration): PE2(Configuration):
pseudowire-class HDLC_CEs pseudowire-class HDLC_CEs
encapsulation mpls encapsulation mpls
preferred-path interface Tunnel10 disable -.. preferred-path interface Tunnel10 disable -..
Serial1/0 Serial1/0.
encapsulation hdlc encapsulation hdlc
xconnect 1.0.0.1 100 pw-class HDLC_CEs xconnect 1.0.0.1 100 pw-class HDLC_CEs
ACC-2001
24
L2VPNs –
Post - Network Consolidation
Serial Connections DS3
terminated locally on
MPLS enabled Edge
Router
MSC MSC
DS3s OC-3s OC-3s DS3s

3G
MSC RSC RSC MSC

RSC
NDC
AToM PWs running

HDLC encap form
overlay for legacy
systems
MSC MPLS MSC

ACC-2001
8309_06_2003_X © 2003, Cisco Systems, Inc. All rights reserved.
Domain 49
Consolidation –
Benefit Summary
• Leveraged new high speed network

• Reduced OPEX for multi-network
infrastructure
• Migration path for future L2 & L3 services
to external client base
• Enabled hardware migration for next
generation wireless gear
ACC-2001
25
L2VPNs –
Recurring Cost Reduction
Provider Profile:
• Tier 2 Service Provider, regulatory limitation prevents owning
copper last mile; ILEC leased. Providing Frame Relay, Leased
Line services
Problem:
• Recurring costs from ILEC make aggressive competition
impossible.
• Wireless bypass alone doesn’t allow existing customer’s
service protection
• Limited ability to expand.
Q: How can the Service Provider save local loop costs

without service disruption to existing customers?
ACC-2001
L2VPNs –
PRE - Recurring Cost Reduction
Customer Tier 1 SP Tier 2 SP Tier 1 SP Customer
CPE
ATM/FR CPE
NTU NTU
DTE DTE
CPE NTU NTU CPE

Cust. Prem. Copper Access MGX Edge - FRSM Copper Access Cust. Prem.
• Nx64 TDM access provided from the ILEC

• Frame Relay encapsulation from the CPE to the MGX
• Frame Relay VCs mapped through Tier 2 SPs ATM Core
ACC-2001
26
Cost Reduction –
Migration Steps
• IP enabled wireless access network deployed (out

of L2TPv3 scope)
• Swap SP1 NTUs for Cisco 1751 CPEs

– Clock Serial Interface for desired access speed
– Configure L2TPv3 FR trunking overlay on CPE
– Configure SAA responder to monitor access network
• Configure 7200 head end for PWs

– Configure channel-groups relevant to access speeds
– Configure L2TPv3 for FR trunking
• Configure SAA head end probe to Access

network response time monitoring
ACC-2001
Cost Reduction –
Migration Steps
RTR
1751 1.0.0.1
RTR#
1.0.0.27
rtr 1
7200 type jitter dest-ipaddr 1.0.0.27 /
1.0.0.1
dest-port 2020 request-data-size 1000
1751(Configuration): rtr schedule 1 life forever start-time now
pseudowire-class l2tpv3_1
7200(Configuration):
pseudowire-class l2tpv3_1
ip pmtu
sequencing
ip pmtu
Serial1/0
sequencing
encapsulation hdlc
Serial1/0
xconnect 1.0.0.1 100 pw-class l2tpv3_1
encapsulation hdlc
rtrACC-2001
responder
xconnect 1.0.0.27 100 pw-class l2tpv3_1 54
27
L2VPNs –
Recurring Cost Reduction
Customer Tier 2 SP
CPE Wireless Access ATM/FR
U-PE
DTE
DCE
CPE
U-PE
Cust. Prem. MGX Edge - FRSM
L2TPv3 Tunnel
Frame Relay Encap
• L2TPv3 enables transparent Frame Relay service

• Simplifies management and reduces overhead
• Seamless ‘no-touch’ migration for the customer
ACC-2001
Cost Reduction –
Benefit Summary
• Bypass the ILEC and reduce monthly recurring tail circuit

lease costs
– Leads to competitive pricing for Enterprise
• Enables transparent layer 2 service that supports frame
relay plus other WAN protocols, ie HDLC,PPP,802.1q etc
– No change to customer’s network required
– Frame relay flow control features still work ie FECN, BECN
– Supports both managed and unmanaged service
– Option to convert customer to ethernet without need for
additional router
ACC-2001
28
L2VPNs –
New Service Offering
Provider Profile:
• Tier 1 Service Provider with traditional voice & data
services.
Problem:
• Existing L3 data network is massively underutilized
• Upgrading legacy L2 ATM/FR network with switches
is undesirable.
• Would like to offer more competitive L2 options.
• Possibly migrate FR switches to IP backbone.
Q: How can the Service Provider take advantage of the
unused bandwidth on their existing L3 packet infrastructure?
ACC-2001
L2VPNs –
PRE - New Service Offering
Separate IP Core
ATM/FR
10%
3%
9%
8% 7% Europe
6%
11% 3%
12%
Asia
OC-192
OC-48
• Internet & IP-VPN traffic only OC-12
• Bandwidth glut on IP core

ACC-2001
South America 58
29
New Service –
Preparation
• Global IP Infrastructure was Already Operational

• Update PE software to support L2TPv3 based
services (Frame Relay, Ethernet, HDLC/PPP)
• Configure QoS policies to reflect service strategy
– Configured for FR service models w / egress policing
– Subrate services for virtual leased line, TLS
• Start configuring L2TPv3 based L2VPN Services
– Configured PW classes with relevant ToS,
Sequencing and Path MTU discovery
ACC-2001
New Service –
QoS Configuration
7507
class-map match-all dlci200

match fr-dlci 200
policy-map vlan-hi-priority
class class-default
set ip precedence 5
policy-map Serial2-1-in
class dlci200
police cir 256000 bc 128000 be 256000 conform-action set-prec-transmit 5 exceed- /
action set-prec-transmit 0 violate-action drop
interface Serial2/0
frame-relay intf-type dce
service-policy input Serial2-1-in
ACC-2001
30
L2VPNs –
POST - New Service Offering
IP Core
FR
FR FRoL2TPv3
Europe
FR
Asia
FRoL2TPv3
OC-192
OC-48
• Resist purchasing legacy switches OC-12
• New L2 services offered cost effectively
• Drive up utilization on L3 network
ACC-2001
South America 61
Consolidation –
Benefit Summary
• Leverage existing packet infrastructure to offer

new source of revenue
– $8M to Date
– 50+ Customers Online
• Utilize well-known native IP infrastructure
– Minimal OPEX expenditure for support
• Enterprise benefits:
– Reduces monthly WAN recurring costs
– Maintain well known Layer 2 service
– Future Layer 3 service opportunity
ACC-2001
31
L2VPN –
Summary
• Established why L2VPN technologies are

emerging as the new VPN options for PSNs?
• Introduced IETF backed solutions for
addressing L2VPN market requirements
• Introduced some innovative ways Service
Providers are taking advantage of L2VPN
technologies.
ACC-2001
Any Questions ?
ACC-2001
32
What’s Next?
Follow-on Sessions:
• RST-2062 – Deploying MPLS Traffic Engineering
• RST-2081 – Deploying Quality of Service for Converged Networks
ACC-2001
Thank You!
ematkovi@cisco.com
ACC-2001
33
Please Complete Your
Evaluation Form
Session ACC-2001
ACC-2001
ACC-2001
34

Layer 2 Transport and Tunneling (L2VPN) Application and Deployment

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Layer 2 Transport and Tunneling (L2VPN) Application and Deployment

Hochgeladen von

Copyright:

Verfügbare Formate

ACC-2001

8309_06_2003_X © 2003, Cisco Systems, Inc. All rights reserved. 1

Layer 2 Transport and

• Review the basics of L2VPN technology

What You Should Know?

• Why L2VPN technology is becoming ever

• L2VPN Technology Review

VPN Deployments Today:

IP/ IPsec MPLS or IP IP/ IPsec

Ethernet SONET Ethernet

IP/ IPsec IP/ IPsec

A Brief Word about L2 / L3 VPNs

Layer 3 VPNs Layer 2 VPNs

• Provider devices forward • Provider devices forward

• SP involvement in routing • Tunnels, circuits, LSPs, MAC

• MPLS/BGP VPNs (RFC

Layer 2 PDU Control L2TPv3 IPv4 Header

Layer 2 PDU Control MPLS MPLS Tunnel

• Both transport technologies have similar

‘Emulated Circuits’ have 3 layers of encapsulation

Transport Tunnel Header (Tunnel Label)

Layer-2 Transport over IP

L2TP Control Connection

‘Emulated Circuits’ have 3 layers of encapsulation

Transport Delivery Header (IPv4 Header)

• L2VPN Technology Review

• Modular design allows application specific

- Data plane encapsulation type ip tos value 5

xconnect <target pe> encapsulation dot1Q 500

pseudowire-class (optional) pseudowire-class atom_default

- Tunneling mechanism sequencing both

- Data plane encapsulation type

When and Where Can I Do This?

• L2VPN Technology Review

• How to provide different Classes of

• Service Providers require tools to measure and

GFC VPI VCI PT CLP HEC

• Provide Service on Port, Layer 2 or Layer 3 Info

Frame Relay Service:

Modular QoS CLI (MQC):

Service with Service without

• SP enforces SLA on access network • SP enforces SLA using input QoS

• No elaborate traffic classification or • PE may mark traffic after encapsulation

Traffic Leaving Enterprise Network

Service with Service without

Service with Service without

• SP enforces SLA on access

Traffic Leaving Service Provider Network

Service with Service without

- Per VC and DE-bit

Fast Re-Route (FRR)

The Fish Problem

• Currently for MPLS enabled cores only!

• MPLS-TE Tunnels configured on ingress PEs

CE1 PE1 P PE2 CE1

pseudowire-class T41 • Tunnel Selection - Set

• It is important to calculate the max MTU for all

CE1 PE1 P PE2 CE1

• External Probes between POPs, and

• Probes NOT required on all PEs to get bi-

• Setup Services with QoS / TE, etc.

• L2VPN Technology Review

• Illustrate How L2VPNs are being utilized: