How VPLS works

Virtual Private LAN Services (VPLS) enhances the point-to-point connectivity defined in the Draft-Martini IETF
documents by specifying a method for Virtual Circuits (VCs) to provide point-to-multipoint connectivity across the
MPLS domain, allowing traffic to flow between remotely connected sites as if the sites were connected by a Layer
2 switch.

VPLS can be used to transport Ethernet frames to and from multiple, geographically dispersed sites belonging to
a customer Virtual Private Network (VPN). The Provider Edge (PE) devices connecting the customer sites
provide functions similar to a Layer 2 switch. The PE devices learn the MAC addresses of locally connected
customer devices, flood broadcast and unknown unicast frames to other PE devices in the VPN, and create
associations between remote MAC addresses and the VC Label Switch Patches (LSPs) used to reach them.

Figure 55 shows an illustration of a VPLS configuration with two customer VPNs. Two separate VPLS instances
have been created, one for Customer A’s VPN and one for Customer B’s VPN. A VPLS instance consists of a full
mesh of VC LSPs between the customers’ PE devices. In the example, Customer A's VPLS instance consists of
VC LSPs between routers R1, R2, and R3. Customer B’s VPLS instance consists of VC LSPs between routers
R3 and R4. Because VC LSPs are unidirectional, separate VC LSPs exist in each direction between each of the
PE devices. When Label Distribution Protocol (LDP) is enabled on the MPLS interfaces on the PE devices, the
VC LSPs are established automatically through LDP when the user specifies the VPLS peers on the PE devices.

Alternatively, LSPs can be established using Resource ReSerVation Protocol- Traffic Engineering (RSVP-TE) by
manually configuring LSPs to all PE devices. The same LSP from one PE to another PE can be shared by
multiple VPLS instances for traffic belonging to different customers. In this case, traffic belonging to different
customers has the same tunnel label, but different VC labels. When more than one LSP exists from one PE to
another PE for multiple VPLS instances, traffic belonging to the different VPLS instances are load-balanced
across the LSPs. In this case, traffic belonging to the different VPLS instances has different tunnel and VC labels.

In Figure 55, the VPLS instance for Customer A links its CE devices so that they appear to be a single Layer 2
broadcast domain. The VPLS instance for Customer B has two VLANs configured within the VPLS instance,
VLAN 100 and VLAN 200. The VPLS instance for Customer B has two endpoints on PE device R4. Unlike
a Virtual Leased Line (VLL), a VPLS instance can have multiple endpoints. The PE device performs local and
remote VLAN tag translation, so that multiple VLANs are specified under a single VPLS instance.
Figure 55. Sample VPLS configuration

A PE device in the VPLS configuration operates like a standard Layer 2 switch, in that it performs MAC address
learning, flooding, and forwarding for the CE devices in each VPLS instance. For example, when PE device R1
receives a Layer 2 frame with a given MAC destination address from Customer A’s CE device, it looks up the
MAC address in a Layer 2 forwarding table that records associations between MAC addresses and VC LSPs.
This forwarding table is known as the VPLS MAC database.

When the MAC address is found in the VPLS MAC database, the PE device finds the associated VC LSP,
encapsulates the frame as an MPLS packet, and pushes an inner VC label and outer tunnel label onto the
packet. The packet is then sent over a tunnel LSP to the VC peer. When the MAC address is not found in the
VPLS MAC database, the frame is flooded to all of the PE devices and locally connected CE devices (except for
the CE device that originated the frame) in the customer’s VPLS instance. When a response is received, an entry
for the MAC address and the VC from which it arrived is added to the VPLS MAC database. Subsequent frames
targeting the MAC address are not flooded to the other devices in the VPLS instance. In this way, the PE device
learns the MAC addresses of the remotely connected customer devices. MAC addresses received at the local
VPLS endpoints are also learned in the VPLS MAC database for the VPLS instance.

The PE devices do not run Spanning Tree Protocol (STP) over the MPLS domain. The full mesh of PE devices in
a VPLS configuration allows one PE device to reach any other PE device in the VPN in exactly one hop, with no
transit PE devices in between. The PE devices apply a split horizon rule when forwarding frames within the VPN.
When a PE receives a customer frame from a VC LSP, it can forward the frame only to a directly attached
customer device, not to another VC LSP. This allows the VPLS instance to have a loop-free topology without
having to run STP.

NOTE