present and future of mpls-based layer 2 virtual private networks (ios advantage webinar)

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]

The Present and Future of MPLS-based Layer 2 Virtual Private Networks An Overview and Evolution June 2012

1


Today’s Presenters

  Tina Lam ([email protected]) Product Manager Cisco

  Jose Liste ([email protected]) Technical Marketing Engineer Cisco

2


Agenda

Market Overview

Fundamentals

Use Cases

Latest Trends and Future

PW Signaling and PE Auto-‐Discovery

Market Overview


Motivation for L2VPNs

Current Drivers   IP Next Generation Network

‒  Network convergence of legacy (ATM, TDM, FR) and Ethernet, fixed and mobile on to the same network

  Business Ethernet Services ‒  Flexible offering. P2P, MP. Can be L2VPN, L3VPN or a hybrid

‒  High speed services driven by cloud connectivity

  Mobile Backhaul Evolution ‒  TDM / PDH to Dual/Hybrid to All-packet (IP/Ethernet)

‒  Single (voice + data) IP/Ethernet mobile backhaul universally accepted solution

New Drivers   Data Center Interconnection (DCI)

‒  L2 connectivity across data centers in disjoint geographical locations across MPLS or IP networks

  L2 Services over MPLS Transport Profile (MPLS-TP) ‒  Provides TDM/ATM/Ethernet services over SDH/SONET like transport using MPLS networks


Ethernet Services by the Numbers   Worldwide market for Ethernet services projected to reach

$40B+ by 2014 ‒  Double-digit annual growth across all geographic regional markets

‒  Asia Pac will be the largest market at 31%

‒  Fastest growing strategic wireline data product for SPs

  U.S. Business Ethernet market will grow from $6B in 2011 to $11B in 2014 ‒  1Gbps fastest growing and will be 50% of the revenue by 2014

‒  100M will have the highest number of ports, followed closely by 10M, 1G and sub-10M

  Bandwidth tipping point in 2011 ‒  Aggregated Ethernet BW purchased in US surpassed BW for

legacy circuits

Source: Ver*cal System Group 2012


Poll Question #1

What are the key business applications / drivers for deploying L2VPNs in your network? [multiple choice] A.  Legacy Services (F/R, ATM, TDM) B.  Business Ethernet Services (E-Line / E-LAN) C.  Mobile Backhaul D.  Data Center Interconnect (DCI) E.  Layer 2 services over MPLS TP F.  No L2VPN deployed

Fundamentals Virtual Private Wire Service (VPWS) Overview


Layer 2 VPN Enabler

  L2VPNs are built with Pseudowire (PW) technology

  PWs provide a common intermediate format to transport multiple types of network services over a Packet Switched Network (PSN)

  PW technology provides Like-to-Like transport and also Interworking (IW)

The Pseudowire

Ethernet

ATM

TDM PPP/HDLC

FR

Pseudowire

Provider Edge

Packet Switched Network

Provider Edge


Ethernet

Unmuxed UNI

Ethernet Private Line (EPL)

Ethernet Virtual Private Line (EVPL)

Ethernet Private LAN (EPLAN)

Ethernet Virtual Private LAN (EVPLAN)

Muxed UNI

Muxed UNI

Unmuxed UNI

Service Offerings L2VPN Transport Services

Muxed UNI

FR over Pseudowire

Frame Relay

Unmuxed UNI

PPP/HDLC over Pseudowire

PPP/HDLC

Virtual Private LAN Service (VPLS)

ATM

Muxed UNI

AAL5 over Pseudowire

Cell Relay with Packing over Pseudowire

Muxed UNI

Virtual Private Wire Service (VPWS) TDM

Muxed UNI

Circuit Emulation Service over PSN (CESoPSN)

Structure Agnostic TDM over Packet (SAToP)

Muxed UNI


Layer 2 Transport over MPLS

  Targeted LDP session / BGP session / Static ‒  Used for VC-label negotiation, withdrawal, error notification

The “emulated circuit” has three (3) layers of encapsulation   Tunnel header (Tunnel Label) ‒  To get PDU from ingress to egress PE

‒  MPLS LSP derived through static configuration (MPLS-TP) or dynamic (LDP or RSVP-TE)

  Demultiplexer field (VC Label) ‒  To identify individual circuits within a tunnel

‒  Could be an MPLS label, L2TPv3 header, GRE key, etc.

  Emulated VC encapsulation (Control Word) ‒  Information on enclosed Layer 2 PDU

‒  Implemented as a 32-bit control word

Demultiplexing Component

Tunneling Component

Layer 2 Encapsulation

Control Connection


MPLS CE-2 CE-1

Pseudowire

P1 P2 PE1 PE2

Traffic direction

VPWS Forwarding Plane Processing

Payload

Push Push

Label = 34 Label = 28

Payload

VC and Tunnel label imposition

VC Label Tunnel Label

Label = 28

Payload

Pop

Penultimate Hop Popping (PHP)

Payload

Pop

VC label disposition

Label = 45 Label = 28

Payload

Swap

Tunnel label swapping through MPLS cloud

Fundamentals Ethernet over MPLS (EoMPLS) Virtual Private LAN Service (VPLS) Overview


How Are Ethernet Frames Transported?

  Ethernet frames transported without Preamble, Start Frame Delimiter (SFD) and FCS

  Two (2) modes of operation supported: ‒  Ethernet VLAN mode (VC type 0x0004) – created for VLAN over MPLS application

‒  Ethernet Port / Raw mode (VC type 0x0005) – created for Ethernet port tunneling application

LSP Label

VC Label

Ethernet Header Ethernet Payload

Ethernet Payload DA SA Length/Type FCS Preamble 802.1q

tag

0x8847 DA’ SA’ FCS’

Original Ethernet Frame

MPLS E-Type

Control Word

4B 4B 4B (optional)

MPLS-encapsulated Ethernet Frame

MPLS Stack AToM Header

6B 6B 4B (optional) 2B


Introducing Cisco EVC Framework Functional Highlights

Service Abstraction

Multiplexed Forwarding services

Flexible Service Mapping

EVC Framework

Advanced Frame

Manipulation

Flexible service delimiters •  Single-tagged, Double-tagged

•  VLAN Lists, VLAN Ranges

•  Header fields (COS, Ethertype)

Ethernet Service Layer •  Ethernet Flow Point (EFP) •  Ethernet Virtual Circuit (EVC) •  Bridge Domain (BD) •  Local VLAN significance

VLAN Header operations -VLAN Rewrites •  POP

•  PUSH

•  SWAP ANY service – ANY port •  Layer 2 Point-to-Point

•  Layer 2 Multipoint

•  Layer 3


Encapsulation Adjustment Considerations

  VLAN tags can be added, removed or translated prior to VC label imposition or after disposition ‒ Any VLAN tag(s), if retained, will

appear as payload to the VC

  VC label imposition and service delimiting tag are independent from EVC VLAN tag operations ‒ Dummy VLAN tag – RFC 4448 (sec

4.4.1)

  At disposition, VC service-delimiting VLAN-ID is removed before passing packet to AC processing

EoMPLS PW VC Type and EVC VLAN Rewrites

16

MPLS Imposition

MPLS Disposition

PW

POP 1 VLAN tag

AC

EVC VLAN Rewrite (Egress)

MPLS Label Disposition

VC Type

5 4

AC PW

MPLS Label Imposition

PUSH 1 VLAN tag

VC Type

EVC VLAN Rewrite

(Ingress) 5

4

Dummy VLAN tag


Virtual Private LAN Service

  Flooding / Forwarding ‒  Forwarding based on destination MAC

addresses

‒  Flooding (Broadcast, Multicast, Unknown Unicast)

  MAC Learning/Aging/Withdrawal ‒  Dynamic learning based on Source MAC

and VLAN

‒  Refresh aging timers with incoming packet

‒  MAC withdrawal upon topology changes

  Split-Horizon and Full-Mesh of PWs for loop-avoidance in core ‒  SP does not run STP in the core

Operation

U-PE B

Customer Equipment

CE

CE

CE

Ethernet UNI Ethernet UNI

N-PE 3

N-PE 4 N-PE 2

N-PE 1

PW

Applies Split-

Horizon Applies Split-

Horizon

Applies Split-

Horizon

U-PE B

Customer Equipment

CE

CE

CE

Ethernet UNI Ethernet UNI

N-PE 3

N-PE 4 N-PE 2

N-PE 1

PW

Pseudowire (PW) Signaling and PE Auto-Discovery


VPWS / VPLS

  Provisioning Model ‒  What information needs to be configured

and in what entities

‒  Semantic structure of the endpoint identifiers (e.g. VC ID, VPN ID)

  Discovery ‒  Provisioning information is distributed by a

"discovery process“

‒  Distribution of endpoint identifiers

  Signaling ‒  When the discovery process is complete, a

signaling protocol is automatically invoked to set up pseudowires (PWs)

An abstraction

19

Discovery

Signaling

Provisioning Model


VPWS

  VPWS Signaling ‒ LDP-based (RFC 4447) ‒ BGP-based (informational RFC)

  VPWS with LDP-signaling and No auto-discovery ‒ Most widely deployed solution

  Auto-discovery for point-to-point services not as relevant as for multipoint

Discovery and Signaling Alternatives

20

Manual No Auto-Discovery

Border Gateway Protocol (BGP)

Static No Signaling BGP

Label Distribution

Protocol (LDP)

VPN Discovery

Signaling

Most widely deployed


VPLS

  VPLS Signaling ‒ LDP-based (RFC 4762) ‒ BGP-based (RFC 4761)

  VPLS with LDP-signaling and No auto-discovery ‒ Most widely deployed solution ‒ Operational complexity for larger

deployments

  BGP-based Auto-Discovery (BGP-AD) (RFC 6074) ‒ Enables discovery of PE devices in a

VPLS instance

Discovery and Signaling Alternatives

21

Manual No Auto-Discovery

Border Gateway Protocol (BGP)

Static No Signaling BGP

Label Distribution

Protocol (LDP)

VPN Discovery

Signaling

Most widely deployed

RFC 6074

RFC 4761


PW Control Plane Operation LDP Signaling

MPLS CE-1 CE-2

PE-1 PE-2

PW manually provisioned – Remote PE info included

1 Local_int = A Remote PE = PE2_ip VC-id <123>

Interface A

Local_int = B Remote PE = PE1_ip VC-id <123>

PW manually provisioned – Remote PE info included 1

New targeted LDP session between PE routers established, in case one does not already exist

2

4 PEs advertize local VC label using LDP label-mapping message: Label TLV + PW FEC TLV

PEs assigns local VC label to PW

Local Label X 3 Local Label Y 3 Remote Label Y

5 Remote Label X 5

PEs bind remote label for PW with matching VC-id

Interface B


BGP Auto-Discovery (BGP-AD)   Eliminates need to manually provision

VPLS neighbors   Automatically detects when new PEs are

added / removed from the VPLS domain   Uses BGP Update messages to advertize

PE/VFI mapping (VPLS NLRI)   Typically used in conjunction with BGP

Route Reflectors to minimize iBGP full-mesh peering requirements

  Two (2) RFCs define use of BGP for VPLS AD1

‒  RFC 6074 – when LDP used for PW signaling

‒  RFC 4761 – when BGP used for PW signaling

23

MPLS

PE1

VFI PE2

VFI

PE3

CE-A1 CE-A3

CE-A2

I am a new PE with ACs on BLACK VFI Pseudowire

BGP RR

VFI BGP session

BGP Update message with VPLS NLRI

(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values

Covered in this section


BGP Signaling and Auto-Discovery

  RFC 47611 defines use of BGP for VPLS PE Auto-Discovery and Signaling

  All PEs within a given VPLS are assigned a unique VPLS Edge device ID (VE ID)

  A PE X wishing to send a VPLS update sends the same label block information to all other PEs using BGP VPLS NLRI

  Each receiving PE infers the label intended for PE X by adding its (unique) VE ID to the label base ‒  Each receiving PE gets a unique label for

PE X for that VPLS

Overview

24

MPLS

PE1 VE_ID 1

VFI PE2

VE_ID 2

VFI

PE X VE_ID X

CE-A1 CE-A3

CE-A2

I am PE X with ACs on BLACK VFI Here is my label block for this VFI

Pseudowire

BGP RR

VFI BGP session

BGP Update message with VPLS NLRI

(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values

Use Cases Data Center Interconnect


Poll Question #2

What is the most important factor when selecting a DCI solution? (single choice) A.  Ease of Provisioning B.  Flow-Based Load-Balancing / Multi-Homing C.  Sub-second Convergence for Link / Port / Node failures D.  Massive MAC address scalability (order of millions) E.  Optimal Multicast Forwarding

Use Cases Data Center Interconnect – Catalyst 6500


Data Center Interconnect with VPLS

  DC WAN Edge device (Catalyst 6500) implements VPLS with Advanced –VPLS (A-VPLS) for DCI applications

  A-VPLS provides: ‒  Single-Chassis (Virtual) Redundancy solution – Virtual Switching System (VSS)

‒  Multichassis EtherChannel (MEC)

‒  Flow-based load balancing over WAN using Flow Aware Transport (FAT) PW

‒  Simplified configuration

DC 1 DC 2

Access Agg WAN Edge

WAN

Catalyst 6500

SiSi

SiSi

SiSi

SiSi

Catalyst 6500

VSS VSS

VFI PW vlan X

VFI PW vlan Y

VFI VFI VFI

VFI


Data Center Interconnect with VPLS Sample Configuration – Catalyst 6500

29

Single VFI PW per Vlan per VSS pair

PE1 10.0.0.1

VSS

Note: Complete Virtual Switching System (VSS) / Multichassis EtherChannel (MEC) configuration not shown

SiSi

SiSi

SiSi

SiSi

VFI VFI

PE2 10.0.0.2

VFI VFI PW VC id

80 Multichassis EtherChannel (MEC)

hostname PE1 ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! pseudowire-class sample-class encapsulation mpls load-balance flow flow-label enable

interface virtual-ethernet 1 transport vpls mesh neighbor 10.0.0.2 pw-class sample-class switchport switchport mode trunk switchport trunk allowed vlan 80,81

interface port-channel50 switchport switchport mode trunk switchport trunk allowed vlan 80,81

PE 1 hostname PE2 ! interface Loopback0 ip address 10.0.0.2 255.255.255.255 ! pseudowire-class sample-class encapsulation mpls load-balance flow flow-label enable

interface virtual-ethernet 1 transport vpls mesh neighbor 10.0.0.1 pw-class sample-class switchport switchport mode trunk switchport trunk allowed vlan 80,81

interface port-channel50 switchport switchport mode trunk switchport trunk allowed vlan 80,81

PE 2

81

Virtual Ethernet interface modeled as Switchport trunk towards VFIs One VFI per vlan on virtual interface

Deployment Use Cases Data Center Interconnect – ASR 9000


Edge

Residential Business

Third-‐Party Services/ Content

AggregaOon

Access

Core

Converged

Cisco Prime IP NGN

SP Services/ Content

nV

Before: nV Technology AUer: nV Technology

nV Edge

nV Satellite

ASR 9000 Network Virtualization (nV) Technology Overview

Individual device to manage

Complex network protocols

Feature inconsistent, inter-operability

Physical port limit

One virtual system to manage

No network protocols within virtual system,

Remote satellite is plug-n-play, zero touch

Single feature set, one release cycle

Scale to 10 of 1000s physical ports


Data Center Interconnect with VPLS Example 1 – nV Edge

  DC WAN Edge device (ASR 9000) implements VPLS with Network Virtualization (nV) for DCI applications

  nV and VPLS provides: ‒  Single-Chassis (Virtual) Redundancy solution – Network Virtualization Cluster

Single control and management plane, distributed data plane

‒  Multichassis EtherChannel

‒  Flow-based load balancing over Pseudowire using Flow Aware Transport (FAT) PW

‒  Scalability

DC 1 DC 2

Access Agg WAN Edge

WAN

Cisco ASR 9000

nV Edge nV Edge

WAN Edge Cisco ASR 9000

VFI PW vlan X

VFI PW vlan Y

VFI VFI VFI

VFI


Data Center Interconnect with VPLS Sample Configuration – ASR 9000

33

PE1 10.0.0.1

nV

Note: nV cluster configuration not shown Etherchannel configuration incomplete

VFI VFI

PE2 10.0.0.2

VFI VFI PW VC id

1111 Multichassis EtherChannel

hostname PE1 ! interface Loopback0 ipv4 address 10.0.0.1 255.255.255.255

l2vpn pw-class sample-flow-lb encapsulation mpls load-balancing load-balancing flow-label ! bridge group DCI bridge-domain bd-80 interface bundle-ethernet1.1 vfi vfi1111 neighbor 10.0.0.2 pw-id 1111 pw-class sample-flow-lb ! bridge-domain bd-81 interface bundle-ethernet1.2 vfi vfi2222 neighbor 10.0.0.2 pw-id 2222 pw-class sample-flow-lb

PE 1

interface bundle-ethernet1.1 l2transport encapsulation dot1q 80 interface bundle-ethernet1.2 l2transport encapsulation dot1q 81

2222

hostname PE2 ! interface Loopback0 ipv4 address 10.0.0.2 255.255.255.255

l2vpn pw-class sample-flow-lb encapsulation mpls load-balancing load-balancing flow-label ! bridge group DCI bridge-domain bd-80 interface bundle-ethernet1.1 vfi vfi1111 neighbor 10.0.0.1 pw-id 1111 pw-class sample-flow-lb ! bridge-domain bd-81 interface bundle-ethernet1.2 vfi vfi2222 neighbor 10.0.0.1 pw-id 2222 pw-class sample-flow-lb

PE 2

interface bundle-ethernet1.1 l2transport encapsulation dot1q 80 interface bundle-ethernet1.2 l2transport encapsulation dot1q 81

Single PW per VFI/ Vlan

nV


Data Center Interconnect with VPLS Example 2 – mLACP

  DC WAN Edge device (ASR 9000) implements VPLS with multi-chassis LACP (mLACP) for DCI applications

  mLACP and VPLS provides: ‒  Geo-Redundant dual-home DCI layer solution

‒  Distributed Control / Management / Data Plane

‒  Multichassis EtherChannel (mLACP) (Active / Standby links – 1:1 protection) using Inter-Chassis Communication Protocol (ICCP)

‒  Flow-based load balancing over Pseudowire using Flow Aware Transport (FAT) PW

DC 1 DC 2

Access Agg WAN Edge

WAN

Cisco ASR 9000 WAN Edge

Cisco ASR 9000

ICCP ICCP

VFI

VFI

VFI

VFI

Use Cases Mobile Backhaul – Legacy TDM / ATM Transport


Legacy ATM and TDM Transport

  Mobile Backhaul migration strategies vary among Challengers and Incumbents   Circuit Emulation required to support legacy interfaces across a packet-based

network ‒  Structure Agnostic TDM over Packet (SAToP - RFC 4553) for encapsulating TDM bit-streams

(T1/E1, T3/E3) as PWs Example: full T1/E1 from cell site to BSC

‒  Circuit Emulation Services over PSN (CESoPSN - RFC 5086) for encapsulating structured TDM signals (NxDS0) as PWs

More efficient with use of transport resources than SAToP

Example: fractional T1/E1 from cell site to BSC

‒  ATMoMPLS for carrying ATM cells over an MPLS network using ATM PWE3 (Cell relay)

  Statistical multiplexing gains of packet transport ‒  Enabled with ATM PWE3 for UMTS

‒  Not enabled with SAToP or CESoPSN for GSM


TDM / ATM PW Backhaul

37

Cell Site

Access Layer

Aggregation Layer

GE Ring

BSC RNC

10 GE Ring

Aggregation node Distribution node Ethernet uW

Fibre

Cell site Router

Pre-Aggregation Layer

TDM (CESoPSN,SAToP) & ATM (VC,VP) PWE3

L2 Rings or Point-to-Point IP/MPLS

TDM & ATM PWE3

S-PE

MS-PW

10GE 10GE STM1 STM1 GE TDM / ATM

L2 P2P or rings REP/G.8032/MSTP/

L2 Rings or Point-to-Point

IP / MPLS IP/MPLS MS-PW

10GE 10GE STM1 STM1 GE TDM / ATM

IP / MPLS RAN Access

IP / MPLS

Multi-Segment PWs deployed to minimize reachability information down to cell site router

TDM / ATM PW Backhaul with Layer 2 (Ethernet) Access

TDM / ATM PW Backhaul with MPLS in Access

Latest Trends and Future Unified MPLS - Extending MPLS to the Access of Mobile & Wireline Networks


Challenges with Traditional MPLS Designs

  As MPLS moves into access layers, large number of network elements pose challenges ‒  Core Edge / Distribution (100s-1,000s nodes), AGG (1,000s - 10,000s), Access (10,000s - 100,000s)

  End-to-end LSPs between access devices requires distributing large amount of loopback prefixes ‒  IGP RIB table would be required to support say 100K prefixes

‒  MPLS LIB / LFIB tables would be required to support say 200K labels (assuming two paths per prefix)

  Multi-Segment PWs and Prefix aggregation with LDP inter-area LSPs can only partially alleviate scale challenge

39

Access Access

MPLS MPLS MPLS

Aggregation Core Aggregation

PE ABR ABR PE

MPLS MPLS

MPLS MPLS


Unified MPLS Requirements

  What is it? - End-to-end packet transport architecture based on MPLS forwarding addressing scale and operational simplification

  Scalability – Interconnection of large number of access nodes (e.g.100k)

  Flexible placement of L2 / L3 service nodes ‒  Seamless LSPs to any location in the network

  Service Provisioning Simplicity - Service provisioning only required at the edge of the network

  High network availability (protection or fast restoration) 40

Access Access

MPLS MPLS MPLS


PE ABR ABR PE

MPLS MPLS


Addressing Scale - Hierarchical LSPs

  Addresses scale with hierarchical LSPs using two transport labels ‒  Intra-domain LSP (IGP+LDP or RSVP-TE)

‒  Inter-domain LSP (iBGP+label per RFC3107)

  Isolates IGP domains - No IP prefix redistribution ‒  Area Border Routers (ABR) used as BGP Route Reflectors (RR) for inter-domain exchange of prefix/label

‒  ABR / RRs inserted into the data plane by modifying next-hop attribute (next-hop-self) 41

Access Access

MPLS MPLS MPLS


PE ABR ABR PE

Inter-domain LSP

Intra-domain LSP

Intra-domain LSP

Intra-domain LSP


Control Plane Operation (Pseudowire)

PE1 P ABR1 ABR2 P P PE2

LDP / RSVP-TE

LDP / RSVP-TE

LDP / RSVP-TE

LDP / RSVP-TE

LDP / RSVP-TE

LDP / RSVP-TE

iBGP IP+Label

iBGP IP+Label

iBGP IP+Label

T-LDP

PE to ABR and ABR to ABR LSPs

PE to PE LSPs

Pseudowire signaling E2E Single Segment PW


Forwarding Plane Operation (Pseudowire)

PE1 P ABR1 ABR2 P P PE2

Payload

Push Push Push

PW Label

BGP Label

IGP Label

Payload

Pop Pop

Pop

PW Label

BGP Label

Payload

PW Label

BGP Label

IGP Label

Payload

PW Label

BGP Label

Payload

PW Label

IGP Label

Payload

PW Label

Payload Payload

Swap Push

Pop Push

Pop

Latest Trends and Future MPLS Transport Profile (MPLS-TP)


MPLS Transport Profile

  Extends MPLS to meet packet transport requirements ‒ Connection-oriented ‒ Deployable with or without control

plane ‒ Separation of control/management

plane from data-plane ‒  In-band OAM ‒ 1:1, 1:n, 1+1 protection ‒ Multi-service

  Identifies subset of MPLS supporting traditional transport requirements

45

MPLS Forwarding P2P / P2MP LSP

Pseudowire Architecture OAM

Resilicency GMPLS

MPLS

New extensions based on transport

requirements

Existing functionality meeting transport requirements Existing functionality

prior to MPLS Transport profile

MP2P / MP2MP LSP IP forwarding

ECMP

Transport Profile


MPLS-TP Components

46

 Bi-directional, co-routed LSPs

 Static LSP  QoS

 CC/RDI  On-demand CV

 Route Tracing  AIS/LDI/LKR  CFI (PW Status)

Forwarding Plane

OAM

 Linear protection (1:1, 1+1, 1:N)

 Reversion  Wait-to-restore timer

Protection

 Ethernet/VLAN  ATM  TDM  MS-PW integration with IP/MPLS

Services

 Static  Dynamic (GMPLS)

Control Plane


MPLS-TP Transport and Service Options   Existing pseudowire architecture

applies to MPLS-TP   LSPs typically aggregate multiple

services   As usual, pseudowires can be

signaled or established via manual configuration

  Ethernet PW ‒ EoMPLS / VPLS

  TDM PW ‒ CESoPSN / SAToP

  ATM PW ‒ AAL5 and Cell Relay

47

MPLS-TP currently focuses on

Layer-2/1services

IP/MPLS (LDP / RSVP-TE / BGP) MPLS-TP (Static / RSVP-TE)

MPLS Forwarding

IPv4 IPv6

Services (clients)

Transport

IPv4 VPN

IPv6 VPN VPMS VPWS VPLS

LSP

PW1

PW2

PW3


MPLS-TP and IP/MPLS Integration

48

MPLS-TP MPLS-TP IP/MPLS

Aggregation Access Core Aggregation Access

T-PE S-PE S-PE T-PE

Static PW Static Tunnel

Signaled PW Signaled Tunnel

Static PW Static Tunnel

  Multi-segment pseudowires (MS-PW) enable layer-2/-1 services over a combined MPLS-TP and IP/MPLS infrastructure

  S-PE switches traffic between a static and a dynamic segment

  MPLS-TP domain uses static LSP as PSN tunnel and static PW segment

  IP/MPLS domain uses signaled LSP (LDP or RSVP-TE) as PSN tunnel and signaled PW segment

Latest Trends and Future Ethernet Virtual Private Network (E-VPN) Provider Backbone Bridges E-VPN (PBB-EVPN)


Motivation   L2VPN (VPLS) currently used as PE-

based data center interconnect (DCI) solution

  Need to address technology evolution requirements ‒  Active / Active Multi-homing

‒  Load balancing and Multi-Pathing (vlan-based / flow-based)

‒  Multicast optimization

‒  Scale (e.g. PW and MAC-addresses)

‒  Multi-tenancy (service scale)

  Enhancements bring benefits to other VPLS applications ‒  Business services

‒  Mobile backhaul 50

SP DC1 SP DC2

Ent DC1 Ent DC2

SP NGN DCPE

DCPE

DCE DCE

PE PE

CE CE

Enterprise DCI “back door”

Standalone DCI network


E-VPN At A Glance   Active IETF L2VPN working group document

‒  draft-ietf-l2vpn-evpn-00

  Treat learned MAC addresses as routable addresses and distribute them in BGP over IP/MPLS network ‒  Receiving PE injects these MAC addresses into

forwarding table along with its associated adjacency

  When multiple PE nodes advertise the same MAC, then multiple adjacency is created for that MAC address in the forwarding table ‒  When forwarding traffic for a given unicast MAC DA,

a hashing algorithm could be based on L2/L3/L4 header is used to pick one of the adjacencies for forwarding

  Full-Mesh of PW no longer required ‒  MP2P tunnels used for unicast

‒  Ingress PE replication (MP2P tunnels) or LSM used for multi-destination traffic (multicast / broadcast / unknown unicast)

51

BGP

PE PE

PE PE


E-VPN Broadcast Example (e.g. ARP)

  Host M1 sends a message with MAC SA = M1 and MAC DA=bcast   PE1 learns M1 over its Agg2-PE1 AC and distributes it via BGP to other PE devices   All other PE devices learn that M1 sits behind PE1   Broadcast frame sent to remote PEs using MP2P tunnels (or LSM)

52

PE1

PE2 PE4

PE3

AGG1

AGG2

AGG3

AGG4

AGG5

AGG6

MH-ID=1

MH-ID=3

MH-ID=2

C-MAC1

C-MAC2

iBGP L2-NLRI •  next-hop: n-PE1 •  <C-MAC1, Label 100>

BGP

M1

M2


PE1

PE2 PE4

PE3

AGG1

AGG2

AGG3

AGG4

AGG5

AGG6

MH-ID=1

MH-ID=3

MH-ID=2

M1

M2

iBGP L2-NLRI •  next-hop: n-PE4 •  <C-MAC2, Label 200>

100

E-VPN Unicast Example

  Host M2 sends response with MAC SA = M2 and MAC DA = M1   PE4 learns M2 over its Agg5-PE4 AC and distributes it via BGP to other PE devices   PE4 forwards the frame to PE1 (MP2P tunnel) since it has learned previously that

M1 sits behind PE1   All other PE devices learn that M2 sits behind PE4 53


MAC Address Scalability

  BGP MAC Advertisement Route Scalability ‒ Multiple orders of magnitude difference between C-MAC & B-MAC addresses

  C-MAC Address Confinement ‒ E-VPN - control plane C-MAC learning, C-MACs are always in RIB and maybe

also in FIB ‒ PBB-EVPN - data plane C-MAC learning, C-MACs are never in RIB and are only

present in FIB for active flows

Introducing PBB-EVPN

54

WAN

DC Site 1

DC Site 2 DC Site N

O(1M) C-MACs

O(100) B-MACs


Ethernet Encapsulation Evolution

55

C-DA C-SA

Payload

FCS

C-DA: Customer dest addr C-SA: Customer src addr C-TAG: Customer tag S-TAG: Service tag B-DA: Backbone dest addr S-SA: Backbone src addr I-TAG: Service instance tag VID: VLAN identifier (part of C-/S-/B-TAG) I-SID: Backbone service instance identifier (part of I-TAG) PB: Provider Bridges PBB: Provider backbone bridges

802.1ah service Instances (224)

802.1Q/ad service

Instances (212)

802.1ah PBB

802.1ad PB

802.1ad PB

802.1Q

802.1Q 802.3

802.3

C-DA C-SA

S-TAG C-TAG

Payload

FCS

Service Instances

(VID) 212=4,096

B-DA B-SA

B-TAG I-TAG C-DA C-SA

S-TAG C-TAG

Payload

FCS

Service Instances (I-SID)

224=16,777,216

C-DA C-SA

C-TAG

Payload

FCS

Service Instances

(VID) 212=4,096


Provider Backbone Bridges – EVPN (PBB-EVPN) Solution Overview   Active L2VPN working group document

‒  draft-ietf-l2vpn-pbb-evpn-03

  Advertise local Backbone MAC (B-MAC) addresses in BGP to all other PEs that have at least one VPN in common just like E-VPN ‒  Build a forwarding table from remote BGP

advertisements just like E-VPN (e.g., association of B-MAC to MPLS labels)

  Single B-MAC to represent site ID ‒  Can derive the B-MAC automatically from system

MAC address of LACP peer

  PEs perform PBB functionality just like PBB-VPLS

  C-MAC learning for traffic received from ACs and C-MAC/B-MAC association for traffic received from core

56

PE2

PE1 PE3 LACP

CE1

MPLS

BEB BEB

B-MAC = Site ID

802.1Qbp

B-MAC Routes

BEB = IEEE 802.1ah Backbone Edge Bridge


PBB-EVPN: Dual Homed Device

  Each PE advertises a MAC route per Ethernet Segment (carries B-MAC associated with Ethernet Segment).

‒  Both PEs advertise the same B-MAC for the same Ethernet Segment.

  Remote PE installs both next hops into FIB for associated B-MAC.

‒  Hashing used to load-balance traffic among next hops.

  PE1 MAC Routes:

‒  Route: Route Descriptor (RD11), B-MAC1, RT2, RT3

  PE2 MAC Routes:

‒  Route: RD22, B-MAC1, RT2, RT3

57

VPN B-MAC NH

RouteTarget 3 B-MAC1 PE1

RT3 B-MAC1 PE2

RT2 B-MAC1 PE1

RT2 B-MAC1 PE2

RIB

VPN B-MAC NH RT3 B-MAC1 PE1, PE2

RT2 B-MAC1 PE1, PE2

FIB

PE1

PE2

VLAN 2, 3

VLAN 2,3

B-MAC1

PE3

MPLS/ IP


What best describes your company’s interest on E-VPN / PBB-EVPN? [single choice]

A.  Not Interested

B.  Would like to learn more

C.  Interested. Would consider deployment in the next 12 months

D.  Interested. Would consider deployment in the next 18-24 months

Poll Question #3 What applications would you be most interested for deployment of E-VPN / PBB-EVPN in your network? [multiple choice]

A.  E-LAN Business Ethernet Services

B.  E-Tree Business Ethernet Services

C.  Mobile Backhaul

D.  Data Center Interconnect (DCI)

E.  No interest for now

Summary


Summary

  Ethernet-based WAN services, Data Center Interconnect and Mobile Backhaul are the key applications driving deployments of L2VPN today

  MPLS-based Layer 2 VPNs are fairly mature and have been deployed by Service Providers and Enterprises around the globe

  MPLS-TP extends MPLS to support operational model of traditional transport networks while supporting L2VPNs

  PBB-EVPN emerging as solution that meets next generation requirements for Layer 2 connectivity in verticals such as DCI


Additional References   Cisco Community – Service Provider Mobility

https://communities.cisco.com/community/solutions/sp/mobility

  Unified MPLS for Mobile Transport 2.0 – Design Guide https://communities.cisco.com/docs/DOC-29526

  Data Center Interconnect (DCI) http://www.cisco.com/go/dci

  Implementing MPLS Transport Profile (IOS XR) http://cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/mpls/configuration/guide/b_mpls_cg42asr9k_chapter_0110.html

 MPLS Transport Profile Configuration Guide (IOS) http://cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_transport_profile.html

 Cisco SP360: Service Provider Blog http://blogs.cisco.com/tag/mpls-tp/

61


Comparison of L2VPN Solutions

64

VPLS E-VPN PBB-EVPN All-Active Redundancy

Flow Based Load Balancing No Yes Yes Flow Based Multi-pathing No Yes Yes

Geo-redundancy and Flexible Redundancy Grouping No Yes Yes Simplified Provisioning and Operation

Core Auto-Discovery Yes Yes Yes Access Multi-homing Auto-Discovery No Yes Yes

New Service Interfaces No Yes Yes Optimal Multicast with LSM

P2MP Trees Yes Yes Yes MP2MP Trees No Yes Yes

Fast Convergence Link/Port/Node Failure Yes Yes Yes

MAC Mobility Yes Yes Yes Avoiding C-MAC Flushing No No Yes

Scalable for SP Virtual Private Cloud Services Support O(10 Million) MAC Addresses per DC No No Yes

Confinement of C-MAC Learning No No Yes Seamless Interworking (TRILL/802.1aq/802.1Qbp/MST/

RSTP

Guarantee C-MAC Transparency on PE No No Yes


PBB-EVPN: A Closer Look

Designated Forwarder (DF) Election with Service Carving ‒ Prevent duplicate delivery of flooded frames (multicast,

broadcast, unknown unicast)

‒ Non-DF ports are blocked for flooded traffic

‒ Uses BGP Ethernet Segment Route.

‒ Announcements per Segment rather than per (VLAN, Segment).

Split Horizon for Ethernet Segment ‒ Prevent looping of traffic originated from a multi-homed

segment.

‒ Performed based on B-MAC source address rather than E-VPN’s Ethernet Segment Identifier (ESI) MPLS Label.

Aliasing ‒ PEs connected to the same multi-homed Ethernet Segment

advertise the same B-MAC address.

‒ Remote PEs use these MAC Route advertisements for aliasing load-balancing traffic destined to C-MACs reachable via a given B-MAC.

65

PE PE

PE PE

PE PE

PE PE

PE PE

PE

B-‐MAC1

B-‐MAC1