evc atahar khan ccie sp 44012 1. agenda l2vpn overview ethernet virtual circuits (evc) 2
TRANSCRIPT
1
EVCAtahar Khan
CCIE SP 44012
AGENDA
L2VPN overview
Ethernet Virtual Circuits (EVC)
2
3
L2VPN Overview
4
What is L2VPN ?
• We call L2VPN any method which allow to have a LAN shared across multiple remote location across a non L2 network
• The network in the middle can be :•IPv4 Routed network L2TPv3 can be use•MPLS network EoMPLS or VPLS •Another switched Network QinQ
• The PE to CE interface might not be Ethernet •Atom : tunnel of anything over MPLS network•L2TPv3 : encapsulate anything over ipv4 network•Interworking : allow to interconnect one L2 tech to another (FR to ATM or Eth to ATM or…)
• Those technique can be combined to achieve LAN transparency !
5
L2TPv3AToM L2-VPN ModelsL2-VPN Models
IP coreIP core
Point-to-PointPoint-to-Point
MPLS CoreMPLS Core
P2MP/MP2MPP2MP/MP2MP
PPP/HDLCPPP/HDLC
FRFR ATM AAL5/CellATM AAL5/Cell
EthernetEthernet
Point-to-PointPoint-to-Point
VPWSVPWS VPLSVPLS
EthernetEthernet
PPP/HDLCPPP/HDLC
FRFR ATM AAL5/CellATM AAL5/Cell
EthernetEthernet
L2VPN Models
6
Pseudo Wires
Virtual Private Wire Service (VPWS) Reference Model
A Pseudowire (PW) is a connection between two Provider Edge (PE) devices which connects two pseudowire End-Services (PWESs) of the same type
Emulated Service
PWES
PWES
PWES
PWES
Customer Site
Customer Site
Customer Site
Customer Site
• Ethernet
• 802.1Q (VLAN)
• ATM VC or VP
• HDLC
• PPP
• Frame Relay VC
Service Types:
PWES
PSN Tunnel
PEPE
PSN = Packet Switched Network
L2transport over IP = L2TPv3
L2transport over MPLS = AToMSE = Service Endpoint
7
Ethernet Virtual Circuits (EVC)
8
The Challenges On traditional switches, we require the switch to do two
things:
1.) Have the VLAN configured globally2.) Perform MAC learning in this VLAN
switches have a finite amount of CAM space for MAC Learning limiting the number of hosts we can support.
Since the 802.1q VLAN tag is only 12-bits wide we can only configure a maximum of 4096 VLANs.
In modern provider and cloud environments there is a need to scale beyond these limitations.
VLAN translation can not be done.
On traditional switches, we require the switch to do two things:
1.) Have the VLAN configured globally2.) Perform MAC learning in this VLAN
switches have a finite amount of CAM space for MAC Learning limiting the number of hosts we can support.
Since the 802.1q VLAN tag is only 12-bits wide we can only configure a maximum of 4096 VLANs.
In modern provider and cloud environments there is a need to scale beyond these limitations.
VLAN translation can not be done.
9
EVC AdvantagesThe VLAN tag is used for classification and the Service
Instance defines the forwarding action.
we could allocate one VLAN to different customers on every switchport and forward each customer's traffic across different MPLS Pseudowires, but never actually configure the VLAN globally.
Customer VLAN ID preservation/ translation.
CE-VLAN ID Preservation Application (1)
Customer
CE-HQ
Customer
CE-1
Customer
CE-2
Customer
CE-3
MEN
100
200
300
100200300
CE-VLAN ID
VLAN MappingPoints
ERS services with same End to End CE-VLAN ID
11
CE-VLAN ID Preservation Application (2)
Customer
CE-HQ
Customer
CE-1
Customer
CE-2
Customer
CE-3
MEN
100
100
100
600601602
CE-VLAN ID
VLAN MappingPoints
Corporate Customers with all remote offices using the same CE-VLAN IDAlso useful for SP deploying Managed CPEs
NEED OF VLAN TRANSLATION !!!
12
EVC – Flexible Frame Matching
• Service instance ...
– Provide classification of L2 flows on Ethernet interfaces
– Are also referred to as EVC service-instances
– Support dot1q and Q-in-Q– Support VLAN lists– Support VLAN ranges– Support VLAN Lists and
Ranges combined– Coexist with routed
subinterfaces
100
101
102
Match VLAN range:100-102
200
203
210
MatchVLAN list: 200, 203, 210
300,100
MatchVLAN: 300,100
400,1
400,2
400,3
Matchouter VLAN 400, inner VLAN range: 1-3
400,11
400,17
400,34
Matchouter 400, inner VLAN list:11,17,34
14 MatchVLAN: 14
Service instance
13
Exact vs. Non-Exact• EVC only supports Non-Exact matching• ‘encap dot1q 10’ matches any packets with outmost tag equals to 10:
• ‘encap dot1q 10 sec 100’ matches any packets with outmost tag as 10 and second most tag as 100
10
10 200
10 100
10 100 1000
14
Longest tag match
EVC supports longest tag matching within the same GigE port. Matching double tag at first, then single tag, then default tag (similar concept as routing table lookup)
10
10 100
10 130
10 200dot1q 10
dot1q 10
sec 100
dot1q 10
sec 128-133
Int
G3/
0/0
15
EVC – Flexible VLAN Tag Manipulation
Configuration Effect
encapsulation dot1q 10 Match the single VLAN tag 10
encapsulation dot1q 25 second-dot1q 13 Match first VLAN tag 25 and second tag 13
encapsulation dot1q any second-dot1q 22 Match any double tagged frame with a second tag of 22
encapsulation dot1q 16 cos 4 Match a single tag 16 when it has CoS value 4
encapsulation dot1q untagged Match the native (untagged) VLAN
encapsulation dot1q default The catch all class for all traffic not previously classified
EVCs allow us to classify inbound frames in a highly flexible manner based on 1 or more VLAN tags or CoS values. Here are some examples
16
Encap match order• From most specific to most general• No exact match based on outmost tag #• Encap untag matches untagged packet• Encap default catches all remaining traffic w/o specific
match. If there is no encap untag configured, it also catches untag packet.
17
Encapsulation Rewrite CLI
.
interface gig 1/1/1service instance 1 ethernetencapsulation dot1q 10rewrite ingress tag ? pop Pop the tag push Rewrite Operation of push translate Translate Tag
Configuration Effect
rewrite ingress tag pop 1 symmetric remove the top 802.1q tag
rewrite ingress tag pop 2 symmetric remove the top two 802.1q tags
rewrite ingress tag translate 1-to-1 dot1q 28 symmetric
remove the top tag and replace it with 28
rewrite ingress tag translate 2-to-2 dot1 22 second-dot1q 23
remove the top two tags and replace them with 22 and 23 (23 will be the inner tag)
rewrite ingress tag push dot1q 56 second-dot1q 55
push two new tags on top of the existing frame. The top tag will be 56; inner tag of 55
18
Encapsulation Rewrite CLI - Symmetric
.
19
Here's a sample topology, with two access switches processing different VLANs. The service instance configurations are on PE Blue and PE Purple
20
ATM / FR
PVC / DLCI
BD
L2 inter-working
L2 Bridging
Physical Ports
BDEoMPLS/VPLS
BD SVIP-to-P EoMPLS
L3/VRF or EoMPLS/VPLS
MP
LS
MPLSUPLINK
EVC – Flexible Forwarding Model
SVI
P-to-P Local Connect
Service instance
21
Flexible Service Mapping Configuration Example
Service instance or Ethernet Flow Point
Access portcore interface, L2 trunk or L3 MPLS
service instance 1 ethernet encapsulation dot1q 20 second-dot1q 10 rewrite ingress tag pop 1 sym bridge-domain 10 c-mac
service instance 2 ethernet encapsulation dot1q 11-100 rewrite ingress tag push dot1q 101 xconnect 1.1.1.1 101 en mpls
service instance 3 ethernet encapsulation dot1q 101 second-dot1q 10 rewrite ingre tag translate 2-to-1 100 bridge-domain 200Interface vlan 200 xconnect vfi myvpls
service instance 4 ethernet encapsulation dot1q 102 rewrite ingress tag pop 1 bridge-domain 201Interface vlan 201 ip address 2.2.2.2 255.255.255.0 ip vrf myvrf
802.1ah (PBB or .1ah over VPLS
E-LINE (VPWS)
E-LAN (VPLS or Local bridging)
L3 termination
Local connect
22
EVC (Service Instance) Example
Here is an example of an interface configured with a bridge-domain:
interface g0/2 service instance 1 ethernet encapsulation dot1q 11
rewrite ingres tag pop 1 symmetric bridge-domain 22!
interface Vlan22 ip address 192.168.1.1 255.255.255.0
23
EVC – Local & remote bridging example
LOCAL Switching interface g0/2
service instance 1 ethernet
encapsulation dot1q 10
rewrite ingres tag pop 1 symmetric
bridge-domain 22
service instance 2 ethernet
encapsulation dot1q 11
rewrite ingress tag pop 1 symmetric
bridge-domain 22
!
interface Vlan44
ip address 192.168.1.1 255.255.255.0
Remote Connectioninterface g0/2 service instance 1 ethernet encapsulation dot1q 10 rewrite ingres tag pop 1 symmetric bridge-domain 22 split-horizon
service instance 2 ethernet encapsulation dot1q 11 rewrite ingress tag pop 1 symmetric bridge-domain 22 split-horizon
!interface Vlan44 xconnect 192.168.1.1 12 encapsulation mpls
Thank You