Yes, VPLS needs MPLS to encapsulate and carry Layer-2 frames across a Service Provider's network. The two technologies work together based on the technical standard outlined in RFC 4448. The Service Provider's use case is to leverage its existing IP/MPLS network and transport Layer-2 frames between customer sites. Thus, a Service Provider can offer a Layer-2 WAN connection with QoS and service level guarantees to its customers. In exchange, VPLS customers have full control over their routing tables, and the customer sites are connected at Layer-2.
The following packet capture is taken in a VPLS core network. It shows the MPLS label stack, with the top label 504 and the bottom VPN label 310 which identifies the egress PE router. The entire Ethernet frame is encapsulated with two MPLS headers which transport it across the VPLS core network, and towards the correct egress Attachment Circuit (AC).
What is the difference between VPLS and MPLS?
VPLS is a Layer-2 VPN control plane technology and MPLS is a data plane transport method that encapsulates and forwards traffic. MPLS can encapsulate Layer-2 Ethernet frames and transport them across a Service Provider core network. This enables the use of VPLS as a type of control plane that leverages MPLS encapsulation as its data plane transport method.
VPLS is a set of protocols that create a bridged domain (multipoint L2VPN) which acts as a virtual switch for the connected subscriber locations. VPLS includes BGP and LDP for autodiscovery of PE routers and for signaling of pseudowires. VPLS uses split horizon for loop avoidance. Hierarchical VPLS (H-VPLS) can be deployed to scale VPLS and reduce the number of full-mesh pseudowires by creating a core and access VPLS domain. And inter-AS VPLS can be configured to stitch two L2VPN domains together across Service Provider network boundaries. All these features are enabled by the VPLS control plane which uses the underlying MPLS to forward Layer-2 frames.
Meanwhile, MPLS as a data plane transport method can leverage other control plane technologies to create a L2VPN. For example, EVPN can be used instead of VPLS to create a L2VPN. EVPN-MPLS is standardized in RFC 7432.
How to configure VPLS?
This blog post focuses on intra-AS VPLS, and the following list contains a variety of design choices when deploying intra-AS VPLS.
VPLS Discovery and Signaling options
Method
Description
Manual Discovery → LDP Signaling
Every PE needs to be statically configured with a targeted LDP session to another PE, this is not scalable. Once the static LDP session is configured, the VPLS pseudowire is negotiated through LDP Label Mapping Messages.
Autodiscovery with BGP → LDP Signaling
BGP can by configured so that PE routers dynamically discover other PE routers in the same VPLS domain. When a PE router learns about another PE, it can establish a VPLS pseudowire using LDP. A BGP Route Reflector can be added for improved scalability. This means, each VPLS PE router has only one BGP session with the Route Reflector.
Beyond the discovery phase using BGP, the signaling phase can also use BGP. The benefit of this option is that LDP is not used, so there is one less protocol in the deployment and provisioning.
VPLS manual discovery and signaling with targeted LDP
The following five sections describe configuration methods based around the VPLS manual discovery process with LDP used for pseudowire signaling. This means, a targeted LDP session needs to be manually configured on a PE router to let it know about another PE router in the VPLS domain. Once this task is completed, the PE routers use LDP Label Mapping Messages in order to establish a VPLS pseudowire between each other. The pseudowires transport Layer-2 frames across the Service Provider MPLS network.
The following packet capture shows such an LDP Label Mapping Message used during pseudowire signaling.
Service Instance dot1q configuration
In this example scenario there is one customer with two sites (Site 1 and Site 2) which are connected by a Service Provider VPLS network. Two VLANs (VLAN 10 and VLAN 20) are transported across the Service Provider's MPLS backbone with the L2VPN technology VPLS. The CE devices are not VPLS-aware, they are essentially Layer-2 switches with their PE-facing interface configured as a trunk port.
On the PE routers R1 and R2 the command l2 vfi EXAMPLE-VPLS manual is used to configure a Virtual Forwarding Instance (VFI). The keyword manual indicates that the targeted LDP sessions between the PE routers are configured manually, and autodiscovery is not used.
Under the VFI, the VPN ID 10 indicates the VPLS domain for this customer. The Bridge Domain connects the VFI with the Service Instance. On the CE-facing interface of the PE routers, a Service Instance is configured. This instructs the PE to forward VLAN 10 and 20 across the VPLS, and also includes the Bridge Domain ID.
Configuration:
R1 (PE)
R1#show run all | sec mpls ip__
mpls ip
R1#show run | sec ^mpls
mpls label range 100 199
mpls ldp router-id Loopback10 force
R1#show run int Lo10 | sec int
interface Loopback10
ip address 1.1.1.1 255.255.255.255
R1#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R2 **
ip address 10.0.1.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R1#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW1 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10,20
bridge-domain 10
!
R1#show run | sec l2
l2 vfi EXAMPLE-VPLS manual
vpn id 10
bridge-domain 10
neighbor 5.5.5.5 encapsulation mpls
R1#show run | sec ^router
router ospf 10
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.0.1.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R2
R2#show run all | sec mpls ip__
mpls ip
R2#show run | sec ^mpls
mpls label range 200 299
mpls ldp router-id Loopback10 force
R2#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to PE R1 **
ip address 10.0.1.2 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R2#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to R3 **
ip address 10.0.2.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R2#show run int Lo10 | sec int
interface Loopback10
ip address 2.2.2.2 255.255.255.255
R2#show run | sec ^router
router ospf 10
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 10.0.1.0 0.0.0.3 area 0
network 10.0.2.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R3
R3#show run all | sec mpls ip__
mpls ip
R3#show run | sec ^mpls
mpls label range 300 399
mpls ldp router-id Loopback10 force
R3#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to R2 **
ip address 10.0.2.2 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R3#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to R4 **
ip address 10.0.3.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R3#show run int Lo10 | sec int
interface Loopback10
ip address 3.3.3.3 255.255.255.255
R3#show run | sec ^router
router ospf 10
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 10.0.2.0 0.0.0.3 area 0
network 10.0.3.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R5 (PE)
R5#show run all | sec mpls ip__
mpls ip
R5#show run | sec ^mpls
mpls label range 500 599
mpls ldp router-id Loopback10 force
R5#show run int Lo10 | sec int
interface Loopback10
ip address 5.5.5.5 255.255.255.255
R5#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R4 **
ip address 10.0.4.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R5#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW2 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10,20
bridge-domain 10
!
R5#show run | sec l2
l2 vfi EXAMPLE-VPLS manual
vpn id 10
bridge-domain 10
neighbor 1.1.1.1 encapsulation mpls
R5#show run | sec ^router
router ospf 10
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 10.0.4.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
SW1 (CE)
SW1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to PE R1 **
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
SW1#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to R6 **
switchport access vlan 10
switchport mode access
negotiation auto
SW1#show run int Gi0/2 | sec int
interface GigabitEthernet0/2
description ** to Host **
switchport access vlan 20
switchport mode access
negotiation auto
SW2 (CE)
SW2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to PE R5 **
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
SW2#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to R7 **
switchport access vlan 10
switchport mode access
negotiation auto
SW2#show run int Gi0/2 | sec int
interface GigabitEthernet0/2
description ** to Server **
switchport access vlan 20
switchport mode access
negotiation auto
R1#show bridge-domain
Bridge-domain 10 (2 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
Maximum address limit: 65536
GigabitEthernet1 service instance 10
vfi EXAMPLE-VPLS neighbor 5.5.5.5 10
AED MAC address Policy Tag Age Pseudoport
0 5254.0018.70F9 forward dynamic 300 GigabitEthernet1.EFP10 « MAC address of R6
0 5254.0010.5B76 forward dynamic 291 EXAMPLE-VPLS.404018 « MAC address of the Server
0 5254.0011.8A3D forward dynamic 300 EXAMPLE-VPLS.404018 « MAC address of R7
0 5254.001F.4FC7 forward dynamic 291 GigabitEthernet1.EFP10 « MAC address of the HostR1#show mpls ldp discovery
Local LDP Identifier:
1.1.1.1:0
Discovery Sources:
Interfaces:
GigabitEthernet2 (ldp): xmit/recv
LDP Id: 2.2.2.2:0
Targeted Hellos:« Target LDP is used1.1.1.1 -> 5.5.5.5 (ldp): active/passive, xmit/recv « LDP router-ID of R1 and R5
LDP Id: 5.5.5.5:0
R1#show vfi name EXAMPLE-VPLS
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: EXAMPLE-VPLS, state: up, type: multipoint, signaling: LDP« LDP is used for VPLS signaling
VPN ID: 10
Bridge-Domain 10 attachment circuits:
Neighbors connected via pseudowires:
Peer Address VC ID S
5.5.5.5 10 Y
R1#show mpls l2transport pwid
AToM Pseudowire IDs: In use: 1, In holddown: 0
Peer-Address VCID or
Label or Local ID EVPN ID PWID In-Use FirstUse ReusedAt FreedAt
------ --------------- ---------- ---------- ------ -------- -------- --------
100 5.5.5.5 10 1 Yes 00:01:33 00:01:33 00:01:33 « The pseudowire is in useR1#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI EXAMPLE-VPLS \
vfi 5.5.5.5 10 UP« The Virtual Circuit is UPR1#show mpls l2transport vc detail
Local interface: VFI EXAMPLE-VPLS vfi up
Interworking type is Ethernet
Destination address: 5.5.5.5, VC ID: 10, VC status: up« The Virtual Circuit is UPOutput interface: Gi2, imposed label stack {205 500}« MPLS label stack, top label 250, bottom label 500
Preferred path: not configured
Default path: active
Next hop: 10.0.1.2« Next-hop from R1 is R2
Create time: 00:54:09, last status change time: 00:53:40
Last label FSM state change time: 00:53:40
Signaling protocol: LDP, peer 5.5.5.5:0 up« LDP is the VPLS signaling protocol
Targeted Hello: 1.1.1.1(LDP Id) -> 5.5.5.5, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 100, remote 500
Group ID: local n/a, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: On (configured: autosense)
SSO Descriptor: 5.5.5.5/10, local label: 100
Dataplane:
SSM segment/switch IDs: 8196/8194 (used), PWID: 1
VC statistics:
transit packet totals: receive 74408, send 74399« Traffic statistics
transit byte totals: receive 6421993, send 6718761
transit packet drops: receive 0, seq error 0, send 0
As visible above, the pseudowire is established between PE R1 and R5. This means that Layer-2 frames can now be transported using MPLS labels between CE SW1 and SW2.
As a result, the two routers R6 and R7 located at the customer sites can see each other in the same IP subnet 192.168.1.0/30. This also means, the two routers could use a routing protocol over the VPLS connection to exchange IP prefixes. In fact, R6 and R7 may themselves be a PE and CE device for another Service Provider's product offering, such as a Layer-3 VPN MPLS, provisioned with a VPLS (L2VPN) access network.
R6#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/7 ms
R6#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 - 5254.0018.70f9 ARPA GigabitEthernet0/0
Internet 192.168.1.2 80 5254.0011.8a3d ARPA GigabitEthernet0/0
Service Instance untagged configuration
In this example scenario there is one customer with two sites (Site 1 and Site 2) which are connected by a Service Provider VPLS network. Traffic in the native VLAN (untagged) is transported across the Service Provider's MPLS backbone with the L2VPN technology VPLS. This is accomplished with the PE router command encapsulation untagged under the CE-facing interface Service Instance configuration mode.
Note, the CE devices are not VPLS-aware, they are essentially Layer-2 switches with their PE-facing interface configured as a trunk port. In this specific scenario, there are no VLANs configured on the CE devices. As a result, the Host and the Server can be connected to the network and start communicating with each other in the native VLAN.
Configuration:
R1 (PE)
R1#show run all | sec mpls ip__
mpls ip
R1#show run | sec ^mpls
mpls label range 100 199
mpls ldp router-id Loopback10 force
R1#show run int Lo10 | sec int
interface Loopback10
ip address 1.1.1.1 255.255.255.255
R1#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R2 **
ip address 10.0.1.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R1#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW1 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation untagged
bridge-domain 10
!
R1#show run | sec l2
l2 vfi EXAMPLE-VPLS manual
vpn id 10
bridge-domain 10
neighbor 5.5.5.5 encapsulation mpls
R1#show run | sec ^router
router ospf 10
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.0.1.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R5 (PE)
R5#show run all | sec mpls ip__
mpls ip
R5#show run | sec ^mpls
mpls label range 500 599
mpls ldp router-id Loopback10 force
R5#show run int Lo10 | sec int
interface Loopback10
ip address 5.5.5.5 255.255.255.255
R5#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R4 **
ip address 10.0.4.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R5#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW2 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation untagged
bridge-domain 10
!
R5#show run | sec l2
l2 vfi EXAMPLE-VPLS manual
vpn id 10
bridge-domain 10
neighbor 1.1.1.1 encapsulation mpls
R5#show run | sec ^router
router ospf 10
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 10.0.4.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R1#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI EXAMPLE-VPLS \
vfi 5.5.5.5 10 UP
Host#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/12 ms
Host#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 - 5254.001f.4fc7 ARPA GigabitEthernet0/0
Internet 192.168.1.2 9 5254.0010.5b76 ARPA GigabitEthernet0/0
As shown in the above output, the Host and the Server see each other in the same subnet 192.168.1.0/29.
Multiple Service Instances under single interface
In this example scenario there is one customer with two sites (Site 1 and Site 2) which are connected by a Service Provider VPLS network. The customer uses VLAN 10 to connect R6 and R7, but the customer also uses the native VLAN to connect the Host and the Server. Thus, the Service Provider needs to transport tagged and untagged traffic across its VPLS network.
This is achieved by configuring two Service Instances on a single CE-facing physical interface of the PE router. Both Service Instances belong to Bridge Domain 10, however one Service Instance transports tagged traffic with VLAN ID 10, and another Service Instance transports untagged traffic in the native VLAN. The CE devices are not VPLS-aware, they are essentially Layer-2 switches with their PE-facing interface configured as a trunk port.
Configuration:
R1 (PE)
R1#show run all | sec mpls ip__
mpls ip
R1#show run | sec ^mpls
mpls label range 100 199
mpls ldp router-id Loopback10 force
R1#show run int Lo10 | sec int
interface Loopback10
ip address 1.1.1.1 255.255.255.255
R1#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R2 **
ip address 10.0.1.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R1#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW1 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 1 ethernet
encapsulation untagged
bridge-domain 10
!
service instance 10 ethernet
encapsulation dot1q 10
bridge-domain 10
!
R1#show run | sec l2
l2 vfi EXAMPLE-VPLS manual
vpn id 10
bridge-domain 10
neighbor 5.5.5.5 encapsulation mpls
R1#show run | sec ^router
router ospf 10
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.0.1.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R5 (PE)
R5#show run all | sec mpls ip__
mpls ip
R5#show run | sec ^mpls
mpls label range 500 599
mpls ldp router-id Loopback10 force
R5#show run int Lo10 | sec int
interface Loopback10
ip address 5.5.5.5 255.255.255.255
R5#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R4 **
ip address 10.0.4.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R5#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW2 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 1 ethernet
encapsulation untagged
bridge-domain 10
!
service instance 10 ethernet
encapsulation dot1q 10
bridge-domain 10
!
R5#show run | sec l2
l2 vfi EXAMPLE-VPLS manual
vpn id 10
bridge-domain 10
neighbor 1.1.1.1 encapsulation mpls
R5#show run | sec ^router
router ospf 10
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 10.0.4.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R1#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI EXAMPLE-VPLS \
vfi 5.5.5.5 10 UP
R6#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/9/12 ms
Host#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/10 ms
Protocol-Based CLI configuration method
In this example scenario there is one customer with two sites (Site 1 and Site 2) which are connected by a Service Provider VPLS network. Two VLANs (VLAN 10 and VLAN 20) are transported across the Service Provider's MPLS backbone with the L2VPN technology VPLS. The VPLS network is configured using the Protocol-Based CLI method, including the following components:
the command l2vpn vfi context EXAMPLE-VPLS configures a Virtual Forwarding Instance context on the PE routers and defines the VPLS domain ID 10 and targeted-LDP neighbor
the command service instance 10 ethernet is issued on the CE-facing interface of the PE routers and defines the allowed VLANs and the Bridge-Domain ID
the command bridge-domain 10 enables on the PE routers to bind the Service Instance with the Virtual Forwarding Instance
Configuration:
R1 (PE)
R1#show run all | sec mpls ip__
mpls ip
R1#show run | sec ^mpls
mpls label range 100 199
mpls ldp router-id Loopback10 force
R1#show run int Lo10 | sec int
interface Loopback10
ip address 1.1.1.1 255.255.255.255
R1#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R2 **
ip address 10.0.1.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R1#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW1 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10,20
bridge-domain 10
!
R1#show run | sec l2vpn
l2vpn vfi context EXAMPLE-VPLS
vpn id 10
member 5.5.5.5 encapsulation mpls
R1#show run | sec ^bridge-domain
bridge-domain 10
member GigabitEthernet1 service-instance 10
member vfi EXAMPLE-VPLS
R1#show run | sec ^router
router ospf 10
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.0.1.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R5 (PE)
R5#show run all | sec mpls ip__
mpls ip
R5#show run | sec ^mpls
mpls label range 500 599
mpls ldp router-id Loopback10 force
R5#show run int Lo10 | sec int
interface Loopback10
ip address 5.5.5.5 255.255.255.255
R5#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R4 **
ip address 10.0.4.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R5#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW2 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10,20
bridge-domain 10
!
R5#show run | sec l2vpn
l2vpn vfi context EXAMPLE-VPLS
vpn id 10
member 1.1.1.1 encapsulation mpls
R5#show run | sec ^bridge-domain
bridge-domain 10
member GigabitEthernet1 service-instance 10
member vfi EXAMPLE-VPLS
R5#show run | sec ^router
router ospf 10
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 10.0.4.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R1#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI EXAMPLE-VPLS \
vfi 5.5.5.5 10 UP
R1#show l2vpn service all
Legend: St=State XC St=State in the L2VPN Service Prio=Priority
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected
Interface Group Encapsulation Prio St XC St
--------- ----- ------------- ---- -- -----
VPLS name: EXAMPLE-VPLS, State: UP
pw100005 EXAMPLE-VPLS(VFI) 0 UP UP
pw100002 core_pw 5.5.5.5:10(MPLS) 0 UP UP
BD name: 10, State: --
- 10(BD) 0 UP --
- EXAMPLE-VPLS(VFI) 0 UP UP
R1#show l2vpn vfi
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: EXAMPLE-VPLS, state: up, type: multipoint, signaling: LDP
VPN ID: 10
Bridge-Domain 10 attachment circuits:
Pseudo-port interface: pseudowire100005
Interface Peer Address VC ID S
pseudowire100002 5.5.5.5 10 Y
As shown in the above outputs, the VPLS Virtual Circuit and Pseudowire status is UP, and both VLAN 10 and VLAN 20 can communicate with each other through the Service Provider VPLS network.
Configuration with Pseudowire template
In this example scenario there is one customer with two sites (Site 1 and Site 2) connected through a Service Provider VPLS network. Two VLANs (VLAN 10 and VLAN 20) are transported across the Service Provider's MPLS backbone using the L2VPN technology VPLS. The VPLS network is configured using a Pseudowire template on the PE routers.
This is achieved by issueing the command pseudowire-class VPLS-PW, and defining the encapsulation type.
The template is applied to the neighbor under the L2 Virtual Forawrding Instance (VFI) configuration mode, with the command neighbor 5.5.5.5 pw-class VPLS-PW (example from PE R1).
Configuration:
R1 (PE)
R1#show run all | sec mpls ip__
mpls ip
R1#show run | sec ^mpls
mpls label range 100 199
mpls ldp router-id Loopback10 force
R1#show run int Lo10 | sec int
interface Loopback10
ip address 1.1.1.1 255.255.255.255
R1#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R2 **
ip address 10.0.1.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R1#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW1 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10,20
bridge-domain 10
!
R1#show run | sec ^l2
l2 vfi EXAMPLE-VPLS manual
vpn id 10
bridge-domain 10
neighbor 5.5.5.5 pw-class VPLS-PW
R1#show run | sec ^pseudo
pseudowire-class VPLS-PW
encapsulation mpls
R1#show run | sec ^router
router ospf 10
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.0.1.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R5 (PE)
R5#show run all | sec mpls ip__
mpls ip
R5#show run | sec ^mpls
mpls label range 500 599
mpls ldp router-id Loopback10 force
R5#show run int Lo10 | sec int
interface Loopback10
ip address 5.5.5.5 255.255.255.255
R5#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R4 **
ip address 10.0.4.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R5#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW2 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10,20
bridge-domain 10
!
R5#show run | sec ^l2
l2 vfi EXAMPLE-VPLS manual
vpn id 10
bridge-domain 10
neighbor 1.1.1.1 pw-class VPLS-PW
R5#show run | sec ^pseudo
pseudowire-class VPLS-PW
encapsulation mpls
R5#show run | sec ^router
router ospf 10
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 10.0.4.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R1#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI EXAMPLE-VPLS \
vfi 5.5.5.5 10 UP
R1#show l2vpn service all
Legend: St=State XC St=State in the L2VPN Service Prio=Priority
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected
Interface Group Encapsulation Prio St XC St
--------- ----- ------------- ---- -- -----
VPLS name: EXAMPLE-VPLS, State: UP
pw100007 EXAMPLE-VPLS(VFI) 0 UP UP
pw100002 core_pw 5.5.5.5:10(MPLS) 0 UP UP
BD name: 10, State: --
- 10(BD) 0 UP --
- EXAMPLE-VPLS(VFI) 0 UP UP
R6#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/9 ms
Host#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/9 ms
As visible in the above outputs, the VPLS connection is UP between PE router R1 and R5. As a result, Site 1 and Site 2 are connected at OSI model Layer-2 using the Service Provider MPLS/VPLS network.
VPLS autodiscovery with BGP including Route Reflector
In the following two sections, the VPLS PE routers leverage Multiprotocol BGP for the discovery process. This is called autodiscovery, and it simplifies the provisioning of VPLS PE routers. Essentially, a PE router learns about all other PE routers in the VPLS domain through BGP. Once a PE learns about another PE router, it can initiate the pseudowire signaling process. It is important to note, even though BGP is used for autodiscovery, the pseudowire signaling can either be done with LDP or BGP. The following configuration output shows this option.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
R1(config)#l2vpn vfi context EXAMPLE-VPLS
R1(config-vfi)#autodiscovery bgp signaling ?
bgp Use BGP signaling and discovery
ldp Use LDP signaling
To further improve scalability, a BGP Route Reflector is also configured. As a result, a PE router only needs a single iBGP neighborship to trigger the VPLS autodiscovery mechanism. Information about the VPLS PE routers is carried in BGP Update messages, such as the one shown below.
As soon as the BGP Update packet is received by a VPLS PE router, it can initiate a targeted LDP session to the advertised PE router in order to establish a VPLS pseudowire.
L2 VFI configuration
In this scenario there is one customer with three sites. The three sites are connected through the Service Provider (SP) VPLS network at OSI model Layer-2. This means that Host1, Host2, and Host3 see each other in the same IP subnet 192.168.1.0/29. The three hosts share the same broadcast domain.
The SP VPLS network uses three PE routers R1, R2, and R3. For the VPLS discovery process BGP is configured on the PE routers. A BGP Route Reflector (RR) R7 is also configured to improve the scalability of the VPLS network. Thus, anytime a PE router joins this VPLS domain it only needs to establish a BGP connection with the RR, and then all other PE routers can automatically establish a VPLS pseudowire to that new PE router.
The BGP autodiscovery process significantly improves and simplifies the provisioning of VPLS. Note that although the VPLS Discovery is managed by BGP, the VPLS Signaling uses targeted LDP. Details are shown in the following image.
Configuration:
R1 (PE)
R1#show run all | sec mpls ip__
mpls ip
R1#show run | sec ^mpls
mpls label range 100 199
mpls ldp router-id Loopback10 force
R1#show run int Lo10 | sec int
interface Loopback10
ip address 1.1.1.1 255.255.255.255
R1#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R4 **
ip address 10.0.1.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R1#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW1 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10
bridge-domain 10
!
R1#show run | sec ^l2
l2 vfi EXAMPLE-VPLS autodiscovery
vpn id 10
bridge-domain 10
vpls-id 65001:10
rd 65001:100
route-target export 65001:100
route-target import 65001:200
route-target import 65001:300
R1#show run | sec ^router
router ospf 10
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.0.1.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
router bgp 65001
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65001
neighbor 7.7.7.7 update-source Loopback10
!
address-family l2vpn vpls
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
exit-address-family
R2 (PE)
R2#show run all | sec mpls ip__
mpls ip
R2#show run | sec ^mpls
mpls label range 200 299
mpls ldp router-id Loopback10 force
R2#show run int Lo10 | sec int
interface Loopback10
ip address 2.2.2.2 255.255.255.255
R2#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R5 **
ip address 10.0.5.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R2#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW2 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10
bridge-domain 10
!
R2#show run | sec ^l2
l2 vfi EXAMPLE-VPLS autodiscovery
vpn id 10
bridge-domain 10
vpls-id 65001:10
rd 65001:200
route-target export 65001:200
route-target import 65001:100
route-target import 65001:300
R2#show run | sec ^router
router ospf 10
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 10.0.5.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
router bgp 65001
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65001
neighbor 7.7.7.7 update-source Loopback10
!
address-family l2vpn vpls
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
exit-address-family
R3 (PE)
R3#show run all | sec mpls ip__
mpls ip
R3#show run | sec ^mpls
mpls label range 300 399
mpls ldp router-id Loopback10 force
R3#show run int Lo10 | sec int
interface Loopback10
ip address 3.3.3.3 255.255.255.255
R3#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R6 **
ip address 10.0.4.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R3#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW3 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10
bridge-domain 10
!
R3#show run | sec ^l2
l2 vfi EXAMPLE-VPLS autodiscovery
vpn id 10
bridge-domain 10
vpls-id 65001:10
rd 65001:300
route-target export 65001:300
route-target import 65001:100
route-target import 65001:200
R3#show run | sec ^router
router ospf 10
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 10.0.4.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
router bgp 65001
bgp router-id 3.3.3.3
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65001
neighbor 7.7.7.7 update-source Loopback10
!
address-family l2vpn vpls
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
exit-address-family
R4
R4#show run all | sec mpls ip__
mpls ip
R4#show run | sec ^mpls
mpls label range 400 499
mpls ldp router-id Loopback10 force
R4#show run int Lo10 | sec int
interface Loopback10
ip address 4.4.4.4 255.255.255.255
R4#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to PE R1 **
ip address 10.0.1.2 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R4#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to R5 **
ip address 10.0.2.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R4#show run | sec ^router
router ospf 10
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 10.0.1.0 0.0.0.3 area 0
network 10.0.2.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R5
R5#show run all | sec mpls ip__
mpls ip
R5#show run | sec ^mpls
mpls label range 500 599
mpls ldp router-id Loopback10 force
R5#show run int Lo10 | sec int
interface Loopback10
ip address 5.5.5.5 255.255.255.255
R5#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to R4 **
ip address 10.0.2.2 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R5#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to R6 **
ip address 10.0.3.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R5#show run int Gi3 | sec int
interface GigabitEthernet3
description ** to PE R2 **
ip address 10.0.5.2 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R5#show run | sec ^router
router ospf 10
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 10.0.2.0 0.0.0.3 area 0
network 10.0.3.0 0.0.0.3 area 0
network 10.0.5.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R6
R6#show run all | sec ^mpls ip__
mpls ip
R6#show run | sec ^mpls
mpls label range 600 699
mpls ldp router-id Loopback10 force
R6#show run int Lo10 | sec int
interface Loopback10
ip address 6.6.6.6 255.255.255.255
R6#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to PE R3 **
ip address 10.0.4.2 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R6#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to R5 **
ip address 10.0.3.2 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R6#show run int Gi3 | sec int
interface GigabitEthernet3
description ** to Route Reflector R7 **
ip address 10.0.6.2 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R6#show run | sec ^router
router ospf 10
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 0
network 10.0.3.0 0.0.0.3 area 0
network 10.0.4.0 0.0.0.3 area 0
network 10.0.6.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
R7 (Route Reflector)
R7#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to R6 **
ip address 10.0.6.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R7#show run int Lo10 | sec int
interface Loopback10
ip address 7.7.7.7 255.255.255.255
R7#show run | sec ^router
router ospf 10
router-id 7.7.7.7
network 7.7.7.7 0.0.0.0 area 0
network 10.0.6.0 0.0.0.3 area 0
router bgp 65001
bgp router-id 7.7.7.7
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65001
neighbor 1.1.1.1 update-source Loopback10
neighbor 2.2.2.2 remote-as 65001
neighbor 2.2.2.2 update-source Loopback10
neighbor 3.3.3.3 remote-as 65001
neighbor 3.3.3.3 update-source Loopback10
!
address-family l2vpn vpls
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
neighbor 1.1.1.1 route-reflector-client
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
neighbor 2.2.2.2 route-reflector-client
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community both
neighbor 3.3.3.3 route-reflector-client
exit-address-family
SW1 (CE)
SW1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to PE R1 **
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
SW1#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to Host1 **
switchport access vlan 10
switchport mode access
negotiation auto
SW2 (CE)
SW2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to PE R2 **
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
SW2#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to Host2 **
switchport access vlan 10
switchport mode access
negotiation auto
SW3 (CE)
SW2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to PE R3 **
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
SW2#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to Host3 **
switchport access vlan 10
switchport mode access
negotiation auto
Host1
Host1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE SW1 **
ip address 192.168.1.1 255.255.255.248
duplex auto
speed auto
media-type rj45
Host2
Host2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE SW2 **
ip address 192.168.1.2 255.255.255.248
duplex auto
speed auto
media-type rj45
Host3
Host3#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE SW3 **
ip address 192.168.1.3 255.255.255.248
duplex auto
speed auto
media-type rj45
R1#show ip bgp l2vpn vpls all summary | beg Ne
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
7.7.7.7 4 65001 145 143 4 0 0 02:06:43 2« Prefixes of other PE routers received through BGPR1#show ip bgp l2vpn vpls all
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65001:100
*> 65001:100:1.1.1.1/96
0.0.0.0 32768 ?
Route Distinguisher: 65001:200
*>i 65001:200:2.2.2.2/96« PE router R2 BGP prefix received from Route Reflector
2.2.2.2 0 100 0 ?
Route Distinguisher: 65001:300
*>i 65001:300:3.3.3.3/96« PE router R3 BGP prefix received from Route Reflector
3.3.3.3 0 100 0 ?
R1#show bgp l2vpn vpls rd 65001:200 2.2.2.2
BGP routing table entry for 65001:200:2.2.2.2/96, version 4
Paths: (1 available, best #1, table L2VPN-VPLS-BGP-Table)
Flag: 0x100
Not advertised to any peer
Refresh Epoch 1
Local
2.2.2.2 (metric 4) from 7.7.7.7 (7.7.7.7)
Origin incomplete, metric 0, localpref 100, valid, internal, best, AGI version(654311426)
Extended Community: RT:65001:10 RT:65001:200 L2VPN AGI:65001:10 « Extended communities are added to BGP prefixes
Originator: 2.2.2.2, Cluster list: 7.7.7.7
mpls labels in/out exp-null/4240657
rx pathid: 0, tx pathid: 0x0
Updated on Jan 6 2024 09:33:14 UTC
R1#show bgp l2vpn vpls rd 65001:300 3.3.3.3
BGP routing table entry for 65001:300:3.3.3.3/96, version 3
Paths: (1 available, best #1, table L2VPN-VPLS-BGP-Table)
Flag: 0x100
Not advertised to any peer
Refresh Epoch 1
Local
3.3.3.3 (metric 5) from 7.7.7.7 (7.7.7.7)
Origin incomplete, metric 0, localpref 100, valid, internal, best, AGI version(654311426)
Extended Community: RT:65001:10 RT:65001:300 L2VPN AGI:65001:10
Originator: 3.3.3.3, Cluster list: 7.7.7.7
mpls labels in/out exp-null/4240657
rx pathid: 0, tx pathid: 0x0
Updated on Jan 6 2024 09:33:13 UTC
R1#show mpls ldp discovery
Local LDP Identifier:
1.1.1.1:0
Discovery Sources:
Interfaces:
GigabitEthernet2 (ldp): xmit/recv
LDP Id: 4.4.4.4:0
Targeted Hellos:
1.1.1.1 -> 2.2.2.2 (ldp): active/passive, xmit/recv « Signaling protocol is targeted LDP
LDP Id: 2.2.2.2:0
1.1.1.1 -> 3.3.3.3 (ldp): active/passive, xmit/recv
LDP Id: 3.3.3.3:0
R1#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI EXAMPLE-VPLS \
vfi 2.2.2.2 10 UP« VPLS Virtual Circuit is UP
VFI EXAMPLE-VPLS \
vfi 3.3.3.3 10 UP
R1#show l2vpn service all
Legend: St=State XC St=State in the L2VPN Service Prio=Priority
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware
m=manually selected
Interface Group Encapsulation Prio St XC St
--------- ----- ------------- ---- -- -----
VPLS name: EXAMPLE-VPLS, State: UP
pw100001 EXAMPLE-VPLS(VFI) 0 UP UP
pw100003 core_pw 2.2.2.2:10(MPLS) 0 UP UP« Pseudowires between PE routers are UP
pw100002 core_pw 3.3.3.3:10(MPLS) 0 UP UP
BD name: 10, State: --
- 10(BD) 0 UP --
- EXAMPLE-VPLS(VFI) 0 UP UP
R1#show vfi name EXAMPLE-VPLS
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: EXAMPLE-VPLS, state: up, type: multipoint, signaling: LDP« Signaling protocol is LDP
VPN ID: 10, VPLS-ID: 65001:10
RD: 65001:100, RT: 65001:10, export 65001:100, import 65001:200, , import 65001:300, « Route Distinguisher, Route Target, import/export rules
Bridge-Domain 10 attachment circuits:
Neighbors connected via pseudowires:
Peer Address VC ID Discovered Router ID S
2.2.2.2 10 2.2.2.2 Y
3.3.3.3 10 3.3.3.3 Y
R1#show bridge-domain 10
Bridge-domain 10 (3 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
Maximum address limit: 65536
GigabitEthernet1 service instance 10
vfi EXAMPLE-VPLS neighbor 3.3.3.3 10
vfi EXAMPLE-VPLS neighbor 2.2.2.2 10
AED MAC address Policy Tag Age Pseudoport
0 5254.0018.70F9 forward dynamic 297 GigabitEthernet1.EFP10 « MAC address of Host1
0 5254.0011.8A3D forward dynamic 298 EXAMPLE-VPLS.404011 « MAC address of Host3
0 5254.001F.4FC7 forward dynamic 296 EXAMPLE-VPLS.404012 « MAC address of Host2
As visible in the above outputs, although BGP is used for autodiscovery, the signaling protocol between the PE routers is LDP. he Virtual Circuit between each PE router is UP, and as a result Host1, Host2, and Host3 see each other in the same IP subnet, and can ping each other. This is show in the following output.
Host1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/8 ms
Host1#ping 192.168.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/8/9 ms
Host1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 - 5254.0018.70f9 ARPA GigabitEthernet0/0
Internet 192.168.1.2 90 5254.001f.4fc7 ARPA GigabitEthernet0/0
Internet 192.168.1.3 90 5254.0011.8a3d ARPA GigabitEthernet0/0
Protocol-Based CLI configuration method
In this example scenario there is one customer with three sites. The three sites are connected through the Service Provider (SP) VPLS network at OSI model Layer-2. The VPLS uses BGP autodiscovery with LDP signaling, and the configuration is applied on the PE devices with the Protocol-Based CLI method.
An important aspect of this VPLS configuration method is the command l2vpn vfi context issued on each PE router. This command enters the L2VPN Virtual Forwarding Instance (VFI) context configuration mode, and allows to configure the VPN ID, the VPLS autodiscovery and signaling method, and also the Route Target values.
The vpls-id needs to match on all PE devices participating in the VPLS domain. Furthermore, the bridge-domain command is not issued under the CE-facing interface's service instance. Instead, a separate bridge-domain configuration section is created.
Configuration:
R1 (PE)
R1#show run all | sec mpls ip__
mpls ip
R1#show run | sec ^mpls
mpls label range 100 199
mpls ldp router-id Loopback10 force
R1#show run int Lo10 | sec int
interface Loopback10
ip address 1.1.1.1 255.255.255.255
R1#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R4 **
ip address 10.0.1.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R1#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW1 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10
!
R1#show run | sec ^l2
l2vpn vfi context EXAMPLE-VPLS
vpn id 10
autodiscovery bgp signaling ldp
vpls-id 65001:10
route-target export 65001:100
route-target import 65001:200
route-target import 65001:300
R1#show run | sec ^bridge-domain
bridge-domain 10
member GigabitEthernet1 service-instance 10
member vfi EXAMPLE-VPLS
R1#show run | sec ^router
router ospf 10
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.0.1.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
router bgp 65001
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65001
neighbor 7.7.7.7 update-source Loopback10
!
address-family l2vpn vpls
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
exit-address-family
R2 (PE)
R2#show run all | sec mpls ip__
mpls ip
R2#show run | sec ^mpls
mpls label range 200 299
mpls ldp router-id Loopback10 force
R2#show run int Lo10 | sec int
interface Loopback10
ip address 2.2.2.2 255.255.255.255
R2#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R5 **
ip address 10.0.5.2 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R2#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW2 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10
!
R2#show run | sec ^l2
l2vpn vfi context EXAMPLE-VPLS
vpn id 10
autodiscovery bgp signaling ldp
vpls-id 65001:10
route-target export 65001:200
route-target import 65001:100
route-target import 65001:300
R2#show run | sec ^bridge
bridge-domain 10
member GigabitEthernet1 service-instance 10
member vfi EXAMPLE-VPLS
R2#show run | sec ^router
router ospf 10
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 10.0.5.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
router bgp 65001
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65001
neighbor 7.7.7.7 update-source Loopback10
!
address-family l2vpn vpls
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
exit-address-family
R3 (PE)
R3#show run all | sec mpls ip__
mpls ip
R3#show run | sec ^mpls
mpls label range 300 399
mpls ldp router-id Loopback10 force
R3#show run int Lo10 | sec int
interface Loopback10
ip address 3.3.3.3 255.255.255.255
R3#show run int Gi2 | sec int
interface GigabitEthernet2
description ** to Core R6 **
ip address 10.0.4.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R3#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to CE SW3 **
no ip address
negotiation auto
no mop enabled
no mop sysid
service instance 10 ethernet
encapsulation dot1q 10
!
R3#show run | sec ^l2
l2vpn vfi context EXAMPLE-VPLS
vpn id 10
autodiscovery bgp signaling ldp
vpls-id 65001:10
route-target export 65001:300
route-target import 65001:200
route-target import 65001:100
R3#show run | sec ^bridge
bridge-domain 10
member GigabitEthernet1 service-instance 10
member vfi EXAMPLE-VPLS
R3#show run | sec ^router
router ospf 10
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 10.0.4.0 0.0.0.3 area 0
mpls ldp autoconfig area 0
router bgp 65001
bgp router-id 3.3.3.3
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 65001
neighbor 7.7.7.7 update-source Loopback10
!
address-family l2vpn vpls
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
exit-address-family
R7 (Route Reflector)
R7#show run int Gi1 | sec int
interface GigabitEthernet1
description ** to R6 **
ip address 10.0.6.1 255.255.255.252
ip ospf network point-to-point
negotiation auto
no mop enabled
no mop sysid
R7#show run int Lo10 | sec int
interface Loopback10
ip address 7.7.7.7 255.255.255.255
R7#show run | sec ^router
router ospf 10
router-id 7.7.7.7
network 7.7.7.7 0.0.0.0 area 0
network 10.0.6.0 0.0.0.3 area 0
router bgp 65001
bgp router-id 7.7.7.7
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65001
neighbor 1.1.1.1 update-source Loopback10
neighbor 2.2.2.2 remote-as 65001
neighbor 2.2.2.2 update-source Loopback10
neighbor 3.3.3.3 remote-as 65001
neighbor 3.3.3.3 update-source Loopback10
!
address-family l2vpn vpls
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
neighbor 1.1.1.1 route-reflector-client
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
neighbor 2.2.2.2 route-reflector-client
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community both
neighbor 3.3.3.3 route-reflector-client
exit-address-family
SW1 (CE)
SW1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to PE R1 **
switchport trunk encapsulation dot1q
switchport mode trunk
negotiation auto
SW1#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to Host1 **
switchport access vlan 10
switchport mode access
negotiation auto
Host1
Host1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE SW1 **
ip address 192.168.1.1 255.255.255.248
duplex auto
speed auto
media-type rj45
R1#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI EXAMPLE-VPLS \
vfi 2.2.2.2 10 UP« VPLS Virtual Circuit is UP
VFI EXAMPLE-VPLS \
vfi 3.3.3.3 10 UP
R1#show ip bgp l2vpn vpls all sum | beg Ne
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
7.7.7.7 4 65001 376 366 10 0 0 05:26:16 2
R1#show ip bgp l2vpn vpls all | beg Ne
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65001:10
*> 65001:10:1.1.1.1/96
0.0.0.0 32768 ?
*>i 65001:10:2.2.2.2/96« PE R1 learns BGP prefixes of other VPLS PE routers
2.2.2.2 0 100 0 ?
*>i 65001:10:3.3.3.3/96
3.3.3.3 0 100 0 ?
Host1#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/9 ms
Host1#ping 192.168.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms
Host1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 - 5254.0018.70f9 ARPA GigabitEthernet0/0
Internet 192.168.1.2 15 5254.001f.4fc7 ARPA GigabitEthernet0/0
Internet 192.168.1.3 15 5254.0011.8a3d ARPA GigabitEthernet0/0
As visible in the above outputs, the hosts in the three sites can communicate with each other, and in fact Host1, Host2, and Host3 see each other in the same IP subnet 192.168.1.0/29. However, notice that during the PE router configuration the following error messages may appear.
R1(config)#bridge-domain 10
R1(config-bdomain)# member GigabitEthernet1 service-instance 10
% Legacy configuration model is being used,
Please use bridge-domain command under this service instance.
-----------------------------------------------------------------
R1(config)#int Gi1
R1(config-if)#service instance 10 ethernet
R1(config-if-srv)#bridge-domain 10
% New configuration model is being used.
Please use member command under bridge-domain.
This means that the type of service instance and bridge-domain configuration model needs to be consistent. The new configuration model is used in this example, where the command bridge-domain 10 is not configured under the service instance.
R1>
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
R1(config)#bridge-domain 10
R1(config-bdomain)#member vfi EXAMPLE-VPLS
R1(config-bdomain)#member GigabitEthernet1 service-instance 10
R1(config-bdomain-efp)#exit
R1(config-bdomain)#exit
R1(config)#
R1(config)#
R1(config)#interface Gi1
R1(config-if)#service instance 10 ethernet
R1(config-if-srv)#encapsulation dot1q 10
R1(config-if-srv)#exit
R1(config-if)#exit
R1(config)#exit
R1#
Download section
Disclaimer: You download and use files from networkstudysite.com at your own risk.
vpls-ldp-label-mapping-message-pseudowire-signaling.pcap — You find details under "Label Mapping Message" >> "FEC" >> "FEC Elements" >> "FEC Element 1" section which includes "Generalized PWid FEC Element (129)" and "PW Type: Ethernet (0x0005)"
vpls-mpls-encapsulation-label-stack.pcap — You may need to decode the captures by right-clicking on each packet, choosing "Decode As..." and selecting "Ethernet PW (with CW)" from the dropdown list, it stands for "Ethernet Pseudowire with Control Word"
vpls-arp-request-reply-mpls-label-stack.pcap — You may need to decode the capture by right-clicking on a packet, choosing "Decode As..." and selecting "Ethernet PW (with CW)" from the dropdown list, it stands for "Ethernet Pseudowire with Control Word"
Use at your own risk: networkstudysite.com makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information found on this website. Full disclaimer on the About page.
Privacy Policy:
networkstudysite.com does not install browser cookies to collect or store your data.
Thank you for your interest in this blog post!
Looking for something else? View infographics, explore the archives or read the recommended posts below:
