present and future of mpls-based layer 2 virtual private networks (ios advantage webinar)
DESCRIPTION
With the adoption of MPLS in service provider and enterprise networks, L2VPN allows the delivery of Layer 2 connectivity to end-users over this infrastructure. The most popular examples include Ethernet services used by Enterprises for WAN or Data Center Interconnect applications. L2VPN also plays an important role for Mobile Operators fulfilling ATM/TDM connectivity requirements used for legacy mobile backhaul transport. The presentation provides fundamental and advanced topics associated with the deployment of L2VPN over an MPLS network, emphasizing Ethernet-based point-to-point and multipoint VPNs. We will cover deployment considerations including: Signaling, Auto-discovery, Resiliency and Inter-Autonomous Systems (Inter-AS). Discussion topics will be illustrated with IOS and IOS-XR sample configurations. Finally, we will look at the latest work at the Internet Engineering Task Force (IETF), including BGP MPLS-based Ethernet VPNs (E-VPN).TRANSCRIPT
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
The Present and Future of MPLS-based Layer 2 Virtual Private Networks An Overview and Evolution June 2012
1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Today’s Presenters
Tina Lam ([email protected]) Product Manager Cisco
Jose Liste ([email protected]) Technical Marketing Engineer Cisco
2
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Agenda
Market Overview
Fundamentals
Use Cases
Latest Trends and Future
PW Signaling and PE Auto-‐Discovery
Market Overview
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Motivation for L2VPNs
Current Drivers IP Next Generation Network
‒ Network convergence of legacy (ATM, TDM, FR) and Ethernet, fixed and mobile on to the same network
Business Ethernet Services ‒ Flexible offering. P2P, MP. Can be L2VPN, L3VPN or a hybrid
‒ High speed services driven by cloud connectivity
Mobile Backhaul Evolution ‒ TDM / PDH to Dual/Hybrid to All-packet (IP/Ethernet)
‒ Single (voice + data) IP/Ethernet mobile backhaul universally accepted solution
New Drivers Data Center Interconnection (DCI)
‒ L2 connectivity across data centers in disjoint geographical locations across MPLS or IP networks
L2 Services over MPLS Transport Profile (MPLS-TP) ‒ Provides TDM/ATM/Ethernet services over SDH/SONET like transport using MPLS networks
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Ethernet Services by the Numbers Worldwide market for Ethernet services projected to reach
$40B+ by 2014 ‒ Double-digit annual growth across all geographic regional markets
‒ Asia Pac will be the largest market at 31%
‒ Fastest growing strategic wireline data product for SPs
U.S. Business Ethernet market will grow from $6B in 2011 to $11B in 2014 ‒ 1Gbps fastest growing and will be 50% of the revenue by 2014
‒ 100M will have the highest number of ports, followed closely by 10M, 1G and sub-10M
Bandwidth tipping point in 2011 ‒ Aggregated Ethernet BW purchased in US surpassed BW for
legacy circuits
Source: Ver*cal System Group 2012
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Poll Question #1
What are the key business applications / drivers for deploying L2VPNs in your network? [multiple choice] A. Legacy Services (F/R, ATM, TDM) B. Business Ethernet Services (E-Line / E-LAN) C. Mobile Backhaul D. Data Center Interconnect (DCI) E. Layer 2 services over MPLS TP F. No L2VPN deployed
Fundamentals Virtual Private Wire Service (VPWS) Overview
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Layer 2 VPN Enabler
L2VPNs are built with Pseudowire (PW) technology
PWs provide a common intermediate format to transport multiple types of network services over a Packet Switched Network (PSN)
PW technology provides Like-to-Like transport and also Interworking (IW)
The Pseudowire
Ethernet
ATM
TDM PPP/HDLC
FR
Pseudowire
Provider Edge
Packet Switched Network
Provider Edge
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Ethernet
Unmuxed UNI
Ethernet Private Line (EPL)
Ethernet Virtual Private Line (EVPL)
Ethernet Private LAN (EPLAN)
Ethernet Virtual Private LAN (EVPLAN)
Muxed UNI
Muxed UNI
Unmuxed UNI
Service Offerings L2VPN Transport Services
Muxed UNI
FR over Pseudowire
Frame Relay
Unmuxed UNI
PPP/HDLC over Pseudowire
PPP/HDLC
Virtual Private LAN Service (VPLS)
ATM
Muxed UNI
AAL5 over Pseudowire
Cell Relay with Packing over Pseudowire
Muxed UNI
Virtual Private Wire Service (VPWS) TDM
Muxed UNI
Circuit Emulation Service over PSN (CESoPSN)
Structure Agnostic TDM over Packet (SAToP)
Muxed UNI
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Layer 2 Transport over MPLS
Targeted LDP session / BGP session / Static ‒ Used for VC-label negotiation, withdrawal, error notification
The “emulated circuit” has three (3) layers of encapsulation Tunnel header (Tunnel Label) ‒ To get PDU from ingress to egress PE
‒ MPLS LSP derived through static configuration (MPLS-TP) or dynamic (LDP or RSVP-TE)
Demultiplexer field (VC Label) ‒ To identify individual circuits within a tunnel
‒ Could be an MPLS label, L2TPv3 header, GRE key, etc.
Emulated VC encapsulation (Control Word) ‒ Information on enclosed Layer 2 PDU
‒ Implemented as a 32-bit control word
Demultiplexing Component
Tunneling Component
Layer 2 Encapsulation
Control Connection
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
MPLS CE-2 CE-1
Pseudowire
P1 P2 PE1 PE2
Traffic direction
VPWS Forwarding Plane Processing
Payload
Push Push
Label = 34 Label = 28
Payload
VC and Tunnel label imposition
VC Label Tunnel Label
Label = 28
Payload
Pop
Penultimate Hop Popping (PHP)
Payload
Pop
VC label disposition
Label = 45 Label = 28
Payload
Swap
Tunnel label swapping through MPLS cloud
Fundamentals Ethernet over MPLS (EoMPLS) Virtual Private LAN Service (VPLS) Overview
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
How Are Ethernet Frames Transported?
Ethernet frames transported without Preamble, Start Frame Delimiter (SFD) and FCS
Two (2) modes of operation supported: ‒ Ethernet VLAN mode (VC type 0x0004) – created for VLAN over MPLS application
‒ Ethernet Port / Raw mode (VC type 0x0005) – created for Ethernet port tunneling application
LSP Label
VC Label
Ethernet Header Ethernet Payload
Ethernet Payload DA SA Length/Type FCS Preamble 802.1q
tag
0x8847 DA’ SA’ FCS’
Original Ethernet Frame
MPLS E-Type
Control Word
4B 4B 4B (optional)
MPLS-encapsulated Ethernet Frame
MPLS Stack AToM Header
6B 6B 4B (optional) 2B
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Introducing Cisco EVC Framework Functional Highlights
Service Abstraction
Multiplexed Forwarding services
Flexible Service Mapping
EVC Framework
Advanced Frame
Manipulation
Flexible service delimiters • Single-tagged, Double-tagged
• VLAN Lists, VLAN Ranges
• Header fields (COS, Ethertype)
Ethernet Service Layer • Ethernet Flow Point (EFP) • Ethernet Virtual Circuit (EVC) • Bridge Domain (BD) • Local VLAN significance
VLAN Header operations -VLAN Rewrites • POP
• PUSH
• SWAP ANY service – ANY port • Layer 2 Point-to-Point
• Layer 2 Multipoint
• Layer 3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Encapsulation Adjustment Considerations
VLAN tags can be added, removed or translated prior to VC label imposition or after disposition ‒ Any VLAN tag(s), if retained, will
appear as payload to the VC
VC label imposition and service delimiting tag are independent from EVC VLAN tag operations ‒ Dummy VLAN tag – RFC 4448 (sec
4.4.1)
At disposition, VC service-delimiting VLAN-ID is removed before passing packet to AC processing
EoMPLS PW VC Type and EVC VLAN Rewrites
16
MPLS Imposition
MPLS Disposition
PW
POP 1 VLAN tag
AC
EVC VLAN Rewrite (Egress)
MPLS Label Disposition
VC Type
5 4
AC PW
MPLS Label Imposition
PUSH 1 VLAN tag
VC Type
EVC VLAN Rewrite
(Ingress) 5
4
Dummy VLAN tag
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Virtual Private LAN Service
Flooding / Forwarding ‒ Forwarding based on destination MAC
addresses
‒ Flooding (Broadcast, Multicast, Unknown Unicast)
MAC Learning/Aging/Withdrawal ‒ Dynamic learning based on Source MAC
and VLAN
‒ Refresh aging timers with incoming packet
‒ MAC withdrawal upon topology changes
Split-Horizon and Full-Mesh of PWs for loop-avoidance in core ‒ SP does not run STP in the core
Operation
U-PE B
Customer Equipment
CE
CE
CE
Ethernet UNI Ethernet UNI
N-PE 3
N-PE 4 N-PE 2
N-PE 1
PW
Applies Split-
Horizon Applies Split-
Horizon
Applies Split-
Horizon
U-PE B
Customer Equipment
CE
CE
CE
Ethernet UNI Ethernet UNI
N-PE 3
N-PE 4 N-PE 2
N-PE 1
PW
Pseudowire (PW) Signaling and PE Auto-Discovery
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
VPWS / VPLS
Provisioning Model ‒ What information needs to be configured
and in what entities
‒ Semantic structure of the endpoint identifiers (e.g. VC ID, VPN ID)
Discovery ‒ Provisioning information is distributed by a
"discovery process“
‒ Distribution of endpoint identifiers
Signaling ‒ When the discovery process is complete, a
signaling protocol is automatically invoked to set up pseudowires (PWs)
An abstraction
19
Discovery
Signaling
Provisioning Model
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
VPWS
VPWS Signaling ‒ LDP-based (RFC 4447) ‒ BGP-based (informational RFC)
VPWS with LDP-signaling and No auto-discovery ‒ Most widely deployed solution
Auto-discovery for point-to-point services not as relevant as for multipoint
Discovery and Signaling Alternatives
20
Manual No Auto-Discovery
Border Gateway Protocol (BGP)
Static No Signaling BGP
Label Distribution
Protocol (LDP)
VPN Discovery
Signaling
Most widely deployed
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
VPLS
VPLS Signaling ‒ LDP-based (RFC 4762) ‒ BGP-based (RFC 4761)
VPLS with LDP-signaling and No auto-discovery ‒ Most widely deployed solution ‒ Operational complexity for larger
deployments
BGP-based Auto-Discovery (BGP-AD) (RFC 6074) ‒ Enables discovery of PE devices in a
VPLS instance
Discovery and Signaling Alternatives
21
Manual No Auto-Discovery
Border Gateway Protocol (BGP)
Static No Signaling BGP
Label Distribution
Protocol (LDP)
VPN Discovery
Signaling
Most widely deployed
RFC 6074
RFC 4761
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
PW Control Plane Operation LDP Signaling
MPLS CE-1 CE-2
PE-1 PE-2
PW manually provisioned – Remote PE info included
1 Local_int = A Remote PE = PE2_ip VC-id <123>
Interface A
Local_int = B Remote PE = PE1_ip VC-id <123>
PW manually provisioned – Remote PE info included 1
New targeted LDP session between PE routers established, in case one does not already exist
2
4 PEs advertize local VC label using LDP label-mapping message: Label TLV + PW FEC TLV
PEs assigns local VC label to PW
Local Label X 3 Local Label Y 3 Remote Label Y
5 Remote Label X 5
PEs bind remote label for PW with matching VC-id
Interface B
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
BGP Auto-Discovery (BGP-AD) Eliminates need to manually provision
VPLS neighbors Automatically detects when new PEs are
added / removed from the VPLS domain Uses BGP Update messages to advertize
PE/VFI mapping (VPLS NLRI) Typically used in conjunction with BGP
Route Reflectors to minimize iBGP full-mesh peering requirements
Two (2) RFCs define use of BGP for VPLS AD1
‒ RFC 6074 – when LDP used for PW signaling
‒ RFC 4761 – when BGP used for PW signaling
23
MPLS
PE1
VFI PE2
VFI
PE3
CE-A1 CE-A3
CE-A2
I am a new PE with ACs on BLACK VFI Pseudowire
BGP RR
VFI BGP session
BGP Update message with VPLS NLRI
(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
Covered in this section
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
BGP Signaling and Auto-Discovery
RFC 47611 defines use of BGP for VPLS PE Auto-Discovery and Signaling
All PEs within a given VPLS are assigned a unique VPLS Edge device ID (VE ID)
A PE X wishing to send a VPLS update sends the same label block information to all other PEs using BGP VPLS NLRI
Each receiving PE infers the label intended for PE X by adding its (unique) VE ID to the label base ‒ Each receiving PE gets a unique label for
PE X for that VPLS
Overview
24
MPLS
PE1 VE_ID 1
VFI PE2
VE_ID 2
VFI
PE X VE_ID X
CE-A1 CE-A3
CE-A2
I am PE X with ACs on BLACK VFI Here is my label block for this VFI
Pseudowire
BGP RR
VFI BGP session
BGP Update message with VPLS NLRI
(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values
Use Cases Data Center Interconnect
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Poll Question #2
What is the most important factor when selecting a DCI solution? (single choice) A. Ease of Provisioning B. Flow-Based Load-Balancing / Multi-Homing C. Sub-second Convergence for Link / Port / Node failures D. Massive MAC address scalability (order of millions) E. Optimal Multicast Forwarding
Use Cases Data Center Interconnect – Catalyst 6500
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Data Center Interconnect with VPLS
DC WAN Edge device (Catalyst 6500) implements VPLS with Advanced –VPLS (A-VPLS) for DCI applications
A-VPLS provides: ‒ Single-Chassis (Virtual) Redundancy solution – Virtual Switching System (VSS)
‒ Multichassis EtherChannel (MEC)
‒ Flow-based load balancing over WAN using Flow Aware Transport (FAT) PW
‒ Simplified configuration
DC 1 DC 2
Access Agg WAN Edge
WAN
Catalyst 6500
SiSi
SiSi
SiSi
SiSi
Catalyst 6500
VSS VSS
VFI PW vlan X
VFI PW vlan Y
VFI VFI VFI
VFI
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Data Center Interconnect with VPLS Sample Configuration – Catalyst 6500
29
Single VFI PW per Vlan per VSS pair
PE1 10.0.0.1
VSS
Note: Complete Virtual Switching System (VSS) / Multichassis EtherChannel (MEC) configuration not shown
SiSi
SiSi
SiSi
SiSi
VFI VFI
PE2 10.0.0.2
VFI VFI PW VC id
80 Multichassis EtherChannel (MEC)
hostname PE1 ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! pseudowire-class sample-class encapsulation mpls load-balance flow flow-label enable
interface virtual-ethernet 1 transport vpls mesh neighbor 10.0.0.2 pw-class sample-class switchport switchport mode trunk switchport trunk allowed vlan 80,81
interface port-channel50 switchport switchport mode trunk switchport trunk allowed vlan 80,81
PE 1 hostname PE2 ! interface Loopback0 ip address 10.0.0.2 255.255.255.255 ! pseudowire-class sample-class encapsulation mpls load-balance flow flow-label enable
interface virtual-ethernet 1 transport vpls mesh neighbor 10.0.0.1 pw-class sample-class switchport switchport mode trunk switchport trunk allowed vlan 80,81
interface port-channel50 switchport switchport mode trunk switchport trunk allowed vlan 80,81
PE 2
81
Virtual Ethernet interface modeled as Switchport trunk towards VFIs One VFI per vlan on virtual interface
Deployment Use Cases Data Center Interconnect – ASR 9000
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Edge
Residential Business
Third-‐Party Services/ Content
AggregaOon
Access
Core
Converged
Cisco Prime IP NGN
SP Services/ Content
nV
Before: nV Technology AUer: nV Technology
nV Edge
nV Satellite
ASR 9000 Network Virtualization (nV) Technology Overview
Individual device to manage
Complex network protocols
Feature inconsistent, inter-operability
Physical port limit
One virtual system to manage
No network protocols within virtual system,
Remote satellite is plug-n-play, zero touch
Single feature set, one release cycle
Scale to 10 of 1000s physical ports
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Data Center Interconnect with VPLS Example 1 – nV Edge
DC WAN Edge device (ASR 9000) implements VPLS with Network Virtualization (nV) for DCI applications
nV and VPLS provides: ‒ Single-Chassis (Virtual) Redundancy solution – Network Virtualization Cluster
Single control and management plane, distributed data plane
‒ Multichassis EtherChannel
‒ Flow-based load balancing over Pseudowire using Flow Aware Transport (FAT) PW
‒ Scalability
DC 1 DC 2
Access Agg WAN Edge
WAN
Cisco ASR 9000
nV Edge nV Edge
WAN Edge Cisco ASR 9000
VFI PW vlan X
VFI PW vlan Y
VFI VFI VFI
VFI
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Data Center Interconnect with VPLS Sample Configuration – ASR 9000
33
PE1 10.0.0.1
nV
Note: nV cluster configuration not shown Etherchannel configuration incomplete
VFI VFI
PE2 10.0.0.2
VFI VFI PW VC id
1111 Multichassis EtherChannel
hostname PE1 ! interface Loopback0 ipv4 address 10.0.0.1 255.255.255.255
l2vpn pw-class sample-flow-lb encapsulation mpls load-balancing load-balancing flow-label ! bridge group DCI bridge-domain bd-80 interface bundle-ethernet1.1 vfi vfi1111 neighbor 10.0.0.2 pw-id 1111 pw-class sample-flow-lb ! bridge-domain bd-81 interface bundle-ethernet1.2 vfi vfi2222 neighbor 10.0.0.2 pw-id 2222 pw-class sample-flow-lb
PE 1
interface bundle-ethernet1.1 l2transport encapsulation dot1q 80 interface bundle-ethernet1.2 l2transport encapsulation dot1q 81
2222
hostname PE2 ! interface Loopback0 ipv4 address 10.0.0.2 255.255.255.255
l2vpn pw-class sample-flow-lb encapsulation mpls load-balancing load-balancing flow-label ! bridge group DCI bridge-domain bd-80 interface bundle-ethernet1.1 vfi vfi1111 neighbor 10.0.0.1 pw-id 1111 pw-class sample-flow-lb ! bridge-domain bd-81 interface bundle-ethernet1.2 vfi vfi2222 neighbor 10.0.0.1 pw-id 2222 pw-class sample-flow-lb
PE 2
interface bundle-ethernet1.1 l2transport encapsulation dot1q 80 interface bundle-ethernet1.2 l2transport encapsulation dot1q 81
Single PW per VFI/ Vlan
nV
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Data Center Interconnect with VPLS Example 2 – mLACP
DC WAN Edge device (ASR 9000) implements VPLS with multi-chassis LACP (mLACP) for DCI applications
mLACP and VPLS provides: ‒ Geo-Redundant dual-home DCI layer solution
‒ Distributed Control / Management / Data Plane
‒ Multichassis EtherChannel (mLACP) (Active / Standby links – 1:1 protection) using Inter-Chassis Communication Protocol (ICCP)
‒ Flow-based load balancing over Pseudowire using Flow Aware Transport (FAT) PW
DC 1 DC 2
Access Agg WAN Edge
WAN
Cisco ASR 9000 WAN Edge
Cisco ASR 9000
ICCP ICCP
VFI
VFI
VFI
VFI
Use Cases Mobile Backhaul – Legacy TDM / ATM Transport
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Legacy ATM and TDM Transport
Mobile Backhaul migration strategies vary among Challengers and Incumbents Circuit Emulation required to support legacy interfaces across a packet-based
network ‒ Structure Agnostic TDM over Packet (SAToP - RFC 4553) for encapsulating TDM bit-streams
(T1/E1, T3/E3) as PWs Example: full T1/E1 from cell site to BSC
‒ Circuit Emulation Services over PSN (CESoPSN - RFC 5086) for encapsulating structured TDM signals (NxDS0) as PWs
More efficient with use of transport resources than SAToP
Example: fractional T1/E1 from cell site to BSC
‒ ATMoMPLS for carrying ATM cells over an MPLS network using ATM PWE3 (Cell relay)
Statistical multiplexing gains of packet transport ‒ Enabled with ATM PWE3 for UMTS
‒ Not enabled with SAToP or CESoPSN for GSM
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
TDM / ATM PW Backhaul
37
Cell Site
Access Layer
Aggregation Layer
GE Ring
BSC RNC
10 GE Ring
Aggregation node Distribution node Ethernet uW
Fibre
Cell site Router
Pre-Aggregation Layer
TDM (CESoPSN,SAToP) & ATM (VC,VP) PWE3
L2 Rings or Point-to-Point IP/MPLS
TDM & ATM PWE3
S-PE
MS-PW
10GE 10GE STM1 STM1 GE TDM / ATM
L2 P2P or rings REP/G.8032/MSTP/
L2 Rings or Point-to-Point
IP / MPLS IP/MPLS MS-PW
10GE 10GE STM1 STM1 GE TDM / ATM
IP / MPLS RAN Access
IP / MPLS
Multi-Segment PWs deployed to minimize reachability information down to cell site router
TDM / ATM PW Backhaul with Layer 2 (Ethernet) Access
TDM / ATM PW Backhaul with MPLS in Access
Latest Trends and Future Unified MPLS - Extending MPLS to the Access of Mobile & Wireline Networks
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Challenges with Traditional MPLS Designs
As MPLS moves into access layers, large number of network elements pose challenges ‒ Core Edge / Distribution (100s-1,000s nodes), AGG (1,000s - 10,000s), Access (10,000s - 100,000s)
End-to-end LSPs between access devices requires distributing large amount of loopback prefixes ‒ IGP RIB table would be required to support say 100K prefixes
‒ MPLS LIB / LFIB tables would be required to support say 200K labels (assuming two paths per prefix)
Multi-Segment PWs and Prefix aggregation with LDP inter-area LSPs can only partially alleviate scale challenge
39
Access Access
MPLS MPLS MPLS
Aggregation Core Aggregation
PE ABR ABR PE
MPLS MPLS
MPLS MPLS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Unified MPLS Requirements
What is it? - End-to-end packet transport architecture based on MPLS forwarding addressing scale and operational simplification
Scalability – Interconnection of large number of access nodes (e.g.100k)
Flexible placement of L2 / L3 service nodes ‒ Seamless LSPs to any location in the network
Service Provisioning Simplicity - Service provisioning only required at the edge of the network
High network availability (protection or fast restoration) 40
Access Access
MPLS MPLS MPLS
Aggregation Core Aggregation
PE ABR ABR PE
MPLS MPLS
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Addressing Scale - Hierarchical LSPs
Addresses scale with hierarchical LSPs using two transport labels ‒ Intra-domain LSP (IGP+LDP or RSVP-TE)
‒ Inter-domain LSP (iBGP+label per RFC3107)
Isolates IGP domains - No IP prefix redistribution ‒ Area Border Routers (ABR) used as BGP Route Reflectors (RR) for inter-domain exchange of prefix/label
‒ ABR / RRs inserted into the data plane by modifying next-hop attribute (next-hop-self) 41
Access Access
MPLS MPLS MPLS
Aggregation Core Aggregation
PE ABR ABR PE
Inter-domain LSP
Intra-domain LSP
Intra-domain LSP
Intra-domain LSP
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Control Plane Operation (Pseudowire)
PE1 P ABR1 ABR2 P P PE2
LDP / RSVP-TE
LDP / RSVP-TE
LDP / RSVP-TE
LDP / RSVP-TE
LDP / RSVP-TE
LDP / RSVP-TE
iBGP IP+Label
iBGP IP+Label
iBGP IP+Label
T-LDP
PE to ABR and ABR to ABR LSPs
PE to PE LSPs
Pseudowire signaling E2E Single Segment PW
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Forwarding Plane Operation (Pseudowire)
PE1 P ABR1 ABR2 P P PE2
Payload
Push Push Push
PW Label
BGP Label
IGP Label
Payload
Pop Pop
Pop
PW Label
BGP Label
Payload
PW Label
BGP Label
IGP Label
Payload
PW Label
BGP Label
Payload
PW Label
IGP Label
Payload
PW Label
Payload Payload
Swap Push
Pop Push
Pop
Latest Trends and Future MPLS Transport Profile (MPLS-TP)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
MPLS Transport Profile
Extends MPLS to meet packet transport requirements ‒ Connection-oriented ‒ Deployable with or without control
plane ‒ Separation of control/management
plane from data-plane ‒ In-band OAM ‒ 1:1, 1:n, 1+1 protection ‒ Multi-service
Identifies subset of MPLS supporting traditional transport requirements
45
MPLS Forwarding P2P / P2MP LSP
Pseudowire Architecture OAM
Resilicency GMPLS
MPLS
New extensions based on transport
requirements
Existing functionality meeting transport requirements Existing functionality
prior to MPLS Transport profile
MP2P / MP2MP LSP IP forwarding
ECMP
Transport Profile
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
MPLS-TP Components
46
Bi-directional, co-routed LSPs
Static LSP QoS
CC/RDI On-demand CV
Route Tracing AIS/LDI/LKR CFI (PW Status)
Forwarding Plane
OAM
Linear protection (1:1, 1+1, 1:N)
Reversion Wait-to-restore timer
Protection
Ethernet/VLAN ATM TDM MS-PW integration with IP/MPLS
Services
Static Dynamic (GMPLS)
Control Plane
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
MPLS-TP Transport and Service Options Existing pseudowire architecture
applies to MPLS-TP LSPs typically aggregate multiple
services As usual, pseudowires can be
signaled or established via manual configuration
Ethernet PW ‒ EoMPLS / VPLS
TDM PW ‒ CESoPSN / SAToP
ATM PW ‒ AAL5 and Cell Relay
47
MPLS-TP currently focuses on
Layer-2/1services
IP/MPLS (LDP / RSVP-TE / BGP) MPLS-TP (Static / RSVP-TE)
MPLS Forwarding
IPv4 IPv6
Services (clients)
Transport
IPv4 VPN
IPv6 VPN VPMS VPWS VPLS
LSP
PW1
PW2
PW3
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
MPLS-TP and IP/MPLS Integration
48
MPLS-TP MPLS-TP IP/MPLS
Aggregation Access Core Aggregation Access
T-PE S-PE S-PE T-PE
Static PW Static Tunnel
Signaled PW Signaled Tunnel
Static PW Static Tunnel
Multi-segment pseudowires (MS-PW) enable layer-2/-1 services over a combined MPLS-TP and IP/MPLS infrastructure
S-PE switches traffic between a static and a dynamic segment
MPLS-TP domain uses static LSP as PSN tunnel and static PW segment
IP/MPLS domain uses signaled LSP (LDP or RSVP-TE) as PSN tunnel and signaled PW segment
Latest Trends and Future Ethernet Virtual Private Network (E-VPN) Provider Backbone Bridges E-VPN (PBB-EVPN)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Motivation L2VPN (VPLS) currently used as PE-
based data center interconnect (DCI) solution
Need to address technology evolution requirements ‒ Active / Active Multi-homing
‒ Load balancing and Multi-Pathing (vlan-based / flow-based)
‒ Multicast optimization
‒ Scale (e.g. PW and MAC-addresses)
‒ Multi-tenancy (service scale)
Enhancements bring benefits to other VPLS applications ‒ Business services
‒ Mobile backhaul 50
SP DC1 SP DC2
Ent DC1 Ent DC2
SP NGN DCPE
DCPE
DCE DCE
PE PE
CE CE
Enterprise DCI “back door”
Standalone DCI network
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
E-VPN At A Glance Active IETF L2VPN working group document
‒ draft-ietf-l2vpn-evpn-00
Treat learned MAC addresses as routable addresses and distribute them in BGP over IP/MPLS network ‒ Receiving PE injects these MAC addresses into
forwarding table along with its associated adjacency
When multiple PE nodes advertise the same MAC, then multiple adjacency is created for that MAC address in the forwarding table ‒ When forwarding traffic for a given unicast MAC DA,
a hashing algorithm could be based on L2/L3/L4 header is used to pick one of the adjacencies for forwarding
Full-Mesh of PW no longer required ‒ MP2P tunnels used for unicast
‒ Ingress PE replication (MP2P tunnels) or LSM used for multi-destination traffic (multicast / broadcast / unknown unicast)
51
BGP
PE PE
PE PE
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
E-VPN Broadcast Example (e.g. ARP)
Host M1 sends a message with MAC SA = M1 and MAC DA=bcast PE1 learns M1 over its Agg2-PE1 AC and distributes it via BGP to other PE devices All other PE devices learn that M1 sits behind PE1 Broadcast frame sent to remote PEs using MP2P tunnels (or LSM)
52
PE1
PE2 PE4
PE3
AGG1
AGG2
AGG3
AGG4
AGG5
AGG6
MH-ID=1
MH-ID=3
MH-ID=2
C-MAC1
C-MAC2
iBGP L2-NLRI • next-hop: n-PE1 • <C-MAC1, Label 100>
BGP
M1
M2
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
PE1
PE2 PE4
PE3
AGG1
AGG2
AGG3
AGG4
AGG5
AGG6
MH-ID=1
MH-ID=3
MH-ID=2
M1
M2
iBGP L2-NLRI • next-hop: n-PE4 • <C-MAC2, Label 200>
100
E-VPN Unicast Example
Host M2 sends response with MAC SA = M2 and MAC DA = M1 PE4 learns M2 over its Agg5-PE4 AC and distributes it via BGP to other PE devices PE4 forwards the frame to PE1 (MP2P tunnel) since it has learned previously that
M1 sits behind PE1 All other PE devices learn that M2 sits behind PE4 53
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
MAC Address Scalability
BGP MAC Advertisement Route Scalability ‒ Multiple orders of magnitude difference between C-MAC & B-MAC addresses
C-MAC Address Confinement ‒ E-VPN - control plane C-MAC learning, C-MACs are always in RIB and maybe
also in FIB ‒ PBB-EVPN - data plane C-MAC learning, C-MACs are never in RIB and are only
present in FIB for active flows
Introducing PBB-EVPN
54
WAN
DC Site 1
DC Site 2 DC Site N
O(1M) C-MACs
O(100) B-MACs
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Ethernet Encapsulation Evolution
55
C-DA C-SA
Payload
FCS
C-DA: Customer dest addr C-SA: Customer src addr C-TAG: Customer tag S-TAG: Service tag B-DA: Backbone dest addr S-SA: Backbone src addr I-TAG: Service instance tag VID: VLAN identifier (part of C-/S-/B-TAG) I-SID: Backbone service instance identifier (part of I-TAG) PB: Provider Bridges PBB: Provider backbone bridges
802.1ah service Instances (224)
802.1Q/ad service
Instances (212)
802.1ah PBB
802.1ad PB
802.1ad PB
802.1Q
802.1Q 802.3
802.3
C-DA C-SA
S-TAG C-TAG
Payload
FCS
Service Instances
(VID) 212=4,096
B-DA B-SA
B-TAG I-TAG C-DA C-SA
S-TAG C-TAG
Payload
FCS
Service Instances (I-SID)
224=16,777,216
C-DA C-SA
C-TAG
Payload
FCS
Service Instances
(VID) 212=4,096
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Provider Backbone Bridges – EVPN (PBB-EVPN) Solution Overview Active L2VPN working group document
‒ draft-ietf-l2vpn-pbb-evpn-03
Advertise local Backbone MAC (B-MAC) addresses in BGP to all other PEs that have at least one VPN in common just like E-VPN ‒ Build a forwarding table from remote BGP
advertisements just like E-VPN (e.g., association of B-MAC to MPLS labels)
Single B-MAC to represent site ID ‒ Can derive the B-MAC automatically from system
MAC address of LACP peer
PEs perform PBB functionality just like PBB-VPLS
C-MAC learning for traffic received from ACs and C-MAC/B-MAC association for traffic received from core
56
PE2
PE1 PE3 LACP
CE1
MPLS
BEB BEB
B-MAC = Site ID
802.1Qbp
B-MAC Routes
BEB = IEEE 802.1ah Backbone Edge Bridge
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
PBB-EVPN: Dual Homed Device
Each PE advertises a MAC route per Ethernet Segment (carries B-MAC associated with Ethernet Segment).
‒ Both PEs advertise the same B-MAC for the same Ethernet Segment.
Remote PE installs both next hops into FIB for associated B-MAC.
‒ Hashing used to load-balance traffic among next hops.
PE1 MAC Routes:
‒ Route: Route Descriptor (RD11), B-MAC1, RT2, RT3
PE2 MAC Routes:
‒ Route: RD22, B-MAC1, RT2, RT3
57
VPN B-MAC NH
RouteTarget 3 B-MAC1 PE1
RT3 B-MAC1 PE2
RT2 B-MAC1 PE1
RT2 B-MAC1 PE2
RIB
VPN B-MAC NH RT3 B-MAC1 PE1, PE2
RT2 B-MAC1 PE1, PE2
FIB
PE1
PE2
VLAN 2, 3
VLAN 2,3
B-MAC1
PE3
MPLS/ IP
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
What best describes your company’s interest on E-VPN / PBB-EVPN? [single choice]
A. Not Interested
B. Would like to learn more
C. Interested. Would consider deployment in the next 12 months
D. Interested. Would consider deployment in the next 18-24 months
Poll Question #3 What applications would you be most interested for deployment of E-VPN / PBB-EVPN in your network? [multiple choice]
A. E-LAN Business Ethernet Services
B. E-Tree Business Ethernet Services
C. Mobile Backhaul
D. Data Center Interconnect (DCI)
E. No interest for now
Summary
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Summary
Ethernet-based WAN services, Data Center Interconnect and Mobile Backhaul are the key applications driving deployments of L2VPN today
MPLS-based Layer 2 VPNs are fairly mature and have been deployed by Service Providers and Enterprises around the globe
MPLS-TP extends MPLS to support operational model of traditional transport networks while supporting L2VPNs
PBB-EVPN emerging as solution that meets next generation requirements for Layer 2 connectivity in verticals such as DCI
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public [email protected]
Additional References Cisco Community – Service Provider Mobility
https://communities.cisco.com/community/solutions/sp/mobility
Unified MPLS for Mobile Transport 2.0 – Design Guide https://communities.cisco.com/docs/DOC-29526
Data Center Interconnect (DCI) http://www.cisco.com/go/dci
Implementing MPLS Transport Profile (IOS XR) http://cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/mpls/configuration/guide/b_mpls_cg42asr9k_chapter_0110.html
MPLS Transport Profile Configuration Guide (IOS) http://cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_transport_profile.html
Cisco SP360: Service Provider Blog http://blogs.cisco.com/tag/mpls-tp/
61
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Comparison of L2VPN Solutions
64
VPLS E-VPN PBB-EVPN All-Active Redundancy
Flow Based Load Balancing No Yes Yes Flow Based Multi-pathing No Yes Yes
Geo-redundancy and Flexible Redundancy Grouping No Yes Yes Simplified Provisioning and Operation
Core Auto-Discovery Yes Yes Yes Access Multi-homing Auto-Discovery No Yes Yes
New Service Interfaces No Yes Yes Optimal Multicast with LSM
P2MP Trees Yes Yes Yes MP2MP Trees No Yes Yes
Fast Convergence Link/Port/Node Failure Yes Yes Yes
MAC Mobility Yes Yes Yes Avoiding C-MAC Flushing No No Yes
Scalable for SP Virtual Private Cloud Services Support O(10 Million) MAC Addresses per DC No No Yes
Confinement of C-MAC Learning No No Yes Seamless Interworking (TRILL/802.1aq/802.1Qbp/MST/
RSTP
Guarantee C-MAC Transparency on PE No No Yes
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
PBB-EVPN: A Closer Look
Designated Forwarder (DF) Election with Service Carving ‒ Prevent duplicate delivery of flooded frames (multicast,
broadcast, unknown unicast)
‒ Non-DF ports are blocked for flooded traffic
‒ Uses BGP Ethernet Segment Route.
‒ Announcements per Segment rather than per (VLAN, Segment).
Split Horizon for Ethernet Segment ‒ Prevent looping of traffic originated from a multi-homed
segment.
‒ Performed based on B-MAC source address rather than E-VPN’s Ethernet Segment Identifier (ESI) MPLS Label.
Aliasing ‒ PEs connected to the same multi-homed Ethernet Segment
advertise the same B-MAC address.
‒ Remote PEs use these MAC Route advertisements for aliasing load-balancing traffic destined to C-MACs reachable via a given B-MAC.
65
PE PE
PE PE
PE PE
PE PE
PE PE
PE
B-‐MAC1
B-‐MAC1