Cisco device configuration tutorials and networking fundamentals

Cisco configuration tutorials

Archive

VPLS BGP Signaling Configuration over Segment Routing MPLS

«    2025 Feb 16    »

What is VPLS BGP Signaling?

VPLS is a Layer-2 VPN technology enabling multipoint-to-multipoint shared Ethernet domains as a WAN service for subscriber locations. VPLS can be implemented in a variety of ways involving LDP and BGP. However, VPLS can also be deployed using BGP only.

This means, the two operational phases of a VPLS setup (Discovery and Signaling) are handled only with BGP, and without the use of LDP. In this example scenario, the more recent and improved MPLS signaling protocol Segment Routing is configured to avoid LDP altogether.

How to configure VPLS with BGP Discovery and Signaling?

In this scenario which is introduced in the above video, a VPLS L2VPN connects the hosts in Site 1 and in Site 2 over a stretched OSI Layer-2 domain in VLAN 10. The VPLS PE R1 and PE R5 use only BGP for peer autodiscovery and pseudowire signaling. The transport network uses Segment Routing MPLS. Thus, LDP is not configured at all in this example network. Site-to-site traffic is label switched in the VPLS domain.

VPLS autodiscovery BGP Update message

The following list highlights configuration details involved in this example.

  • The BGP router command neighbor X.X.X.X suppress-signaling-protocol ldp must be configured under the VPLS address-family on the PE routers as well as on the BGP Route Reflector. The command enables VPLS with BGP signaling.
  • The Route Distinguisher (RD) and the Route Target (RT) value can be autogenerated or manually configured.
  • On the PE, the bridge-domain is not configured under the CE-facing interface's service instance, but instead a separate bridge-domain section is configured that binds the service instance with the VPLS VFI.
Virtual Private LAN Services with BGP Discovery and Signaling

Configuration:

R1 (PE)
    R1#show run | sec ^mpls
    mpls label range 100 199
    
    R1#show run | sec ^segment
    segment-routing mpls
     !
     connected-prefix-sid-map
      address-family ipv4
       1.1.1.1/32 index 1 range 1 
      exit-address-family
     !
    
    R1#show run int Lo10 | sec ^int
    interface Loopback10
     ip address 1.1.1.1 255.255.255.255
    
    R1#show run int Gi1 | sec ^int
    interface GigabitEthernet1
     description ** to CE SW1 **
     no ip address
     negotiation auto
     no mop enabled
     no mop sysid
     service instance 10 ethernet
      encapsulation dot1q 10
     !
    
    R1#show run int Gi2 | sec ^int
    interface GigabitEthernet2
     description ** to R2 **
     ip address 10.1.0.1 255.255.255.252
     ip router isis EXAMPLE-ISIS
     negotiation auto
     no mop enabled
     no mop sysid
     isis circuit-type level-2-only
     isis network point-to-point
    
    R1#show run | sec ^router isis
    router isis EXAMPLE-ISIS
     net 49.0010.0000.0000.0001.00
     is-type level-2-only
     advertise passive-only
     metric-style wide
     log-adjacency-changes
     segment-routing mpls
     passive-interface Loopback10
    
    R1#show run | sec ^router bgp
    router bgp 65001
     bgp router-id 1.1.1.1
     bgp log-neighbor-changes
     neighbor 6.6.6.6 remote-as 65001
     neighbor 6.6.6.6 update-source Loopback10
     !
     address-family l2vpn vpls
      neighbor 6.6.6.6 activate
      neighbor 6.6.6.6 send-community both
      neighbor 6.6.6.6 suppress-signaling-protocol ldp
     exit-address-family
    
    R1#show run | sec ^l2
    l2vpn vfi context EXAMPLE-VPLS 
     vpn id 100
     autodiscovery bgp signaling bgp 
      ve id 1
      rd 65001:100
      route-target export 65001:1
      route-target import 65001:2
    
    R1#show run | sec ^bridge
    bridge-domain 10 
     member GigabitEthernet1 service-instance 10
     member vfi EXAMPLE-VPLS
    
R5 (PE)
    R5#show run | sec ^mpls
    mpls label range 500 599
    
    R5#show run | sec ^segment
    segment-routing mpls
     !
     connected-prefix-sid-map
      address-family ipv4
       5.5.5.5/32 index 5 range 1 
      exit-address-family
     !
    
    R5#show run int Lo10 | sec ^int
    interface Loopback10
     ip address 5.5.5.5 255.255.255.255
    
    R5#show run int Gi1 | sec ^int
    interface GigabitEthernet1
     description ** to CE SW2 **
     no ip address
     negotiation auto
     no mop enabled
     no mop sysid
     service instance 10 ethernet
      encapsulation dot1q 10
     !
    
    R5#show run int Gi2 | sec ^int
    interface GigabitEthernet2
     description ** to R4 **
     ip address 10.4.0.1 255.255.255.252
     ip router isis EXAMPLE-ISIS
     negotiation auto
     no mop enabled
     no mop sysid
     isis circuit-type level-2-only
     isis network point-to-point 
    
    R5#show run | sec ^router isis
    router isis EXAMPLE-ISIS
     net 49.0010.0000.0000.0005.00
     is-type level-2-only
     advertise passive-only
     metric-style wide
     log-adjacency-changes
     segment-routing mpls
     passive-interface Loopback10
    
    R5#show run | sec ^router bgp
    router bgp 65001
     bgp router-id 5.5.5.5
     bgp log-neighbor-changes
     neighbor 6.6.6.6 remote-as 65001
     neighbor 6.6.6.6 update-source Loopback10
     !
     address-family l2vpn vpls
      neighbor 6.6.6.6 activate
      neighbor 6.6.6.6 send-community both
      neighbor 6.6.6.6 suppress-signaling-protocol ldp
     exit-address-family
    
    R5#show run | sec ^l2
    l2vpn vfi context EXAMPLE-VPLS 
     vpn id 100
     autodiscovery bgp signaling bgp 
      ve id 2
      rd 65001:100
      route-target export 65001:2
      route-target import 65001:1
    
    R5#show run | sec ^bridge
    bridge-domain 10 
     member GigabitEthernet1 service-instance 10
     member vfi EXAMPLE-VPLS
    
R2
    R2#show run | sec ^segment
    segment-routing mpls
     !
     connected-prefix-sid-map
      address-family ipv4
       2.2.2.2/32 index 2 range 1 
      exit-address-family
     !
    
    R2#show run int Lo10 | sec ^int
    interface Loopback10
     ip address 2.2.2.2 255.255.255.255
    
    R2#show run int Gi1 | sec ^int
    interface GigabitEthernet1
     description ** to PE R1 **
     ip address 10.1.0.2 255.255.255.252
     ip router isis EXAMPLE-ISIS
     negotiation auto
     no mop enabled
     no mop sysid
     isis circuit-type level-2-only
     isis network point-to-point 
    
    R2#show run int Gi2 | sec ^int
    interface GigabitEthernet2
     description ** to R3 **
     ip address 10.2.0.1 255.255.255.252
     ip router isis EXAMPLE-ISIS
     negotiation auto
     no mop enabled
     no mop sysid
     isis circuit-type level-2-only
     isis network point-to-point
    
    R2#show run | sec ^router
    router isis EXAMPLE-ISIS
     net 49.0010.0000.0000.0002.00
     is-type level-2-only
     advertise passive-only
     metric-style wide
     log-adjacency-changes
     segment-routing mpls
     passive-interface Loopback10
    
R3
    R3#show run | sec ^segment
    segment-routing mpls
     !
     connected-prefix-sid-map
      address-family ipv4
       3.3.3.3/32 index 3 range 1 
      exit-address-family
     !
    
    R3#show run int Lo10 | sec ^int
    interface Loopback10
     ip address 3.3.3.3 255.255.255.255
    
    R3#show run int Gi1 | sec ^int
    interface GigabitEthernet1
     description ** to R2 **
     ip address 10.2.0.2 255.255.255.252
     ip router isis EXAMPLE-ISIS
     negotiation auto
     no mop enabled
     no mop sysid
     isis circuit-type level-2-only
     isis network point-to-point
    
    R3#show run int Gi2 | sec ^int
    interface GigabitEthernet2
     description ** to R4 **
     ip address 10.3.0.1 255.255.255.252
     ip router isis EXAMPLE-ISIS
     negotiation auto
     no mop enabled
     no mop sysid
     isis circuit-type level-2-only
     isis network point-to-point
    
    R3#show run int Gi3 | sec ^int
    interface GigabitEthernet3
     description ** to RR R6 **
     ip address 10.5.0.1 255.255.255.252
     ip router isis EXAMPLE-ISIS
     negotiation auto
     no mop enabled
     no mop sysid
     isis circuit-type level-2-only
     isis network point-to-point
    
    R3#show run | sec ^router
    router isis EXAMPLE-ISIS
     net 49.0010.0000.0000.0003.00
     is-type level-2-only
     advertise passive-only
     metric-style wide
     log-adjacency-changes
     segment-routing mpls
     passive-interface Loopback10
    
R6 (BGP RR)
    R6#show run int Lo10 | sec ^int
    interface Loopback10
     ip address 6.6.6.6 255.255.255.255
    
    R6#show run int Gi1 | sec ^int
    interface GigabitEthernet1
     description ** to R3 **
     ip address 10.5.0.2 255.255.255.252
     ip router isis EXAMPLE-ISIS
     negotiation auto
     no mop enabled
     no mop sysid
     isis circuit-type level-2-only
     isis network point-to-point 
    
    R6#show run | sec ^router isis
    router isis EXAMPLE-ISIS
     net 49.0010.0000.0000.0006.00
     is-type level-2-only
     advertise passive-only
     metric-style wide
     log-adjacency-changes
     passive-interface Loopback10
    
    R6#show run | sec ^router bgp
    router bgp 65001
     bgp router-id 6.6.6.6
     bgp log-neighbor-changes
     neighbor 1.1.1.1 remote-as 65001
     neighbor 1.1.1.1 update-source Loopback10
     neighbor 5.5.5.5 remote-as 65001
     neighbor 5.5.5.5 update-source Loopback10
     !
     address-family l2vpn vpls
      neighbor 1.1.1.1 activate
      neighbor 1.1.1.1 send-community both
      neighbor 1.1.1.1 route-reflector-client
      neighbor 1.1.1.1 suppress-signaling-protocol ldp
      neighbor 5.5.5.5 activate
      neighbor 5.5.5.5 send-community both
      neighbor 5.5.5.5 route-reflector-client
      neighbor 5.5.5.5 suppress-signaling-protocol ldp
     exit-address-family
    
SW1 (CE)
    SW1#show run int Gi0/0 | sec ^int
    interface GigabitEthernet0/0
     description ** to Host1 (Site 1) **
     switchport access vlan 10
     switchport mode access
     negotiation auto
    
    SW1#show run int Gi0/1 | sec ^int
    interface GigabitEthernet0/1
     description ** to PE R1 **
     switchport trunk encapsulation dot1q
     switchport mode trunk
     negotiation auto
    
SW2 (CE)
    SW2#show run int Gi0/0 | sec ^int
    interface GigabitEthernet0/0
     description ** to Host2 (Site 2) **
     switchport access vlan 10
     switchport mode access
     negotiation auto
    
    SW2#show run int Gi0/1 | sec ^int
    interface GigabitEthernet0/1
     description ** to PE R5 **
     switchport trunk encapsulation dot1q
     switchport mode trunk
     negotiation auto
    
Host1
    Host1#show run int Gi0/0 | sec int
    interface GigabitEthernet0/0
     description ** to CE SW1 **
     ip address 192.168.1.1 255.255.255.0
     duplex auto
     speed auto
     media-type rj45
    
R1#show xconnect all
Legend:    XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
  UP=Up       DN=Down            AD=Admin Down      IA=Inactive
  SB=Standby  HS=Hot Standby     RV=Recovering      NH=No Hardware

XC ST  Segment 1                         S1 Segment 2                         S2
------+---------------------------------+--+---------------------------------+--
UP pri  vfi EXAMPLE-VPLS                 UP mpls 2:100                        UP         « L2VFI "EXAMPLE-VPLS" connects to MPLS pseudowire
UP pri   bd 10                           UP  vfi EXAMPLE-VPLS                 UP         « Bridge-domain 10 connects to L2VFI "EXAMPLE-VPLS"





R1#show mpls l2transport vc

Local intf     Local circuit              Dest address    VC ID      Status
-------------  -------------------------- --------------- ---------- ----------
VFI EXAMPLE-VPLS  \
               vfi                        5.5.5.5         100        UP





R1#show ip bgp l2vpn vpls all | beg Ne
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65001:100
 *>   65001:100:VEID-1:Blk-1/136
                      0.0.0.0                            32768 ?
 *>i  65001:100:VEID-2:Blk-1/136
                      5.5.5.5                  0    100      0 ?





R6#show ip bgp l2vpn vpls rd 65001:100 detail                          « From the perspective of the BGP Route Reflector, VPLS routes received

Route Distinguisher: 65001:100
BGP routing table entry for 65001:100:VEID-1:Blk-1/136, version 3
  Paths: (1 available, best #1, table L2VPN-VPLS-BGP-Table)
  Flag: 0x100
  Advertised to update-groups:
     2         
  Refresh Epoch 1
  Local, (Received from a RR-client)
    1.1.1.1 (metric 30) from 1.1.1.1 (1.1.1.1)                         « Route from VPLS PE R1
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      AGI version(0), VE Block Size(10) Label Base(100)
      Extended Community: RT:65001:1 RT:65001:100 L2VPN L2:0x0:MTU-1500
      mpls labels in/out exp-null/100
      rx pathid: 0, tx pathid: 0x0
      Updated on Feb 14 2025 17:05:01 UTC
BGP routing table entry for 65001:100:VEID-2:Blk-1/136, version 2
  Paths: (1 available, best #1, table L2VPN-VPLS-BGP-Table)
  Advertised to update-groups:
     2         
  Refresh Epoch 1
  Local, (Received from a RR-client)
    5.5.5.5 (metric 30) from 5.5.5.5 (5.5.5.5)                         « Route from VPLS PE R5
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      AGI version(0), VE Block Size(10) Label Base(500)
      Extended Community: RT:65001:2 RT:65001:100 L2VPN L2:0x0:MTU-1500
      mpls labels in/out exp-null/500
      rx pathid: 0, tx pathid: 0x0
      Updated on Feb 14 2025 17:02:40 UTC
	  
	  
	  
	  


R1#show bridge-domain 10
Bridge-domain 10 (2 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
Maximum address limit: 65536
    GigabitEthernet1 service instance 10
    vfi EXAMPLE-VPLS neighbor 5.5.5.5 100
   AED MAC address    Policy  Tag       Age  Pseudoport
   0   5254.0015.A706 forward dynamic   297  EXAMPLE-VPLS.404012
   0   5254.001A.93B6 forward dynamic   297  GigabitEthernet1.EFP10






Host1#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.1.1             -   5254.001a.93b6  ARPA   GigabitEthernet0/0
Internet  192.168.1.2           165   5254.0015.a706  ARPA   GigabitEthernet0/0






Host1#ping 192.168.1.2         
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/11/25 ms

Download section

Disclaimer: You download and use files from networkstudysite.com at your own risk.

Lab YAML file:

Packet captures:

  • bgp-open-l2vpn-vpls-address-family.pcap — Under the first "Optional Parameter: Capability" there is the "AFI: Layer-2 VPN (25)" with "SAFI: VPLS (65)"
  • vpls-autodiscovery-l2vpn-bgp-update.pcap — BGP can be used with VPLS for Autodiscovery and Pseudowire Signaling, in this BGP Update under the "Path Attribute - MP_REACH_NLRI" there is information about the remote VPLS PE router
  • vpls-l2vpn-arp-and-icmp.pcap — ARP exchange and ICMP over MPLS L2VPN with VPLS, notice the VLAN 10 tag is added to each packet, this is because two sites have a stretched VLAN 10 between them, in Wireshark the packets may need to be decoded by right clicking on a packet and selecting "Decode As..." and choosing "Ethernet PW (no CW)" from the dropdown list, it stands for Ethernet Pseudowire no Control Word

Text files with configurations:

How to use these files:

With YAML files you can easily recreate the example labs on networkstudysite.com. Learn more in this short guide.

Explore 313 packet captures

You can find more information at the following external links:

By clicking on the links below, you are leaving the networkstudysite.com website.

Cisco - VPLS with BGP Signaling Tech Note

Cisco - Chapter: VPLS BGP Signaling

RFC 4761 - Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling

Disclaimer:

Use at your own risk: networkstudysite.com makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information found on this website. Full disclaimer on the About page.

Privacy Policy:

networkstudysite.com does not install browser cookies to collect or store your data.

Thank you for your interest in this blog post!

Looking for something else? View infographics, explore the archives or read the recommended posts below: