VPLS

• Prequisites
  • PE routers have IP reachability amongst themselves.
  • MPLS configured in the core with a LSP between the PE routers.
  • Configure loopback for originating and terminating L2 traffic. PE routers can reach those loopbacks.
  • Note: A tunnel interface doesn't need a loopback when VPLS is directly mapped to a TE tunnel.
• Information about VPLS
  • VPLS Overview
    • VPLS enables enterprises to link together their Ethernet-based LANs from multiple sites via the infrastructure provided by their SP. From the enterprise's perspective, the SP's public network looks like one giant Ethernet LAN.
    • VPLS uses the provider core to join multiple attachment circuits together to simulate a virtual bridge that connects the multiple attachment circuits together.
    • From a csx POV, there is not topology for VPLS. All the CEs appear to connect to a logical bridge emulated by the provider core.

• How to configure VPLS
  • Configure PE L2 interfaces to CEs
  • Configure L2 VLAN instances on a PE
  • Configure MPLS in the PE
  • Configure the VFI in the PE
  • Associating the attachment circuit with the VSI at the PE
  • H-VPLS with MPLS Edge
  • VPLS integrated routing and bridging
  • Note: Provisioning a VPLS link involves provisioning the associated attachment circuit and the VFI on the PE
• Configure PE L2 interfaces to CEs
  • Configure 802.1Q trunks for tagged traffic from a CE
  • Configure 802.1Q access ports for untagged traffic from CE
  • Configure Q-in-Q to place all VLANs into a single VPLS instance
• Configure 802.1Q trunks for tagged traffic from a CE
  • Note: When EVCS is configured, the PE router forwards all Ethernet packets with a particular VLAN tag to a local Ethernet interface or emulated VC if the destination MAC address is found in the L2 forwarding table.

int g 4/4
  no ip add
  switchport
  switchport trunk encap dot1q
  switchport trunk allow vlan 501
  switchport mode trunk

• Configure Q-in-Q to place all VLANs into a single VPLS instance

int g 4/4
  no ip add
    speed nonegotiate
    switchport
    switchport access vlan 501
    switchport mode dotq1-tunnel
    switchport l2protocol-tunnel cdp

• Configure 802.1Q access ports for untagged traffic from CE

int g 4/4
  no ip add
  speed nonegotiate
  switchport
  switchport mode access
  switchport access vlan 501

• Configure L2 VLAN instances on a PE
  • vlan 501
  • int vlan 501
• Configure MPLS in the PE
  • mpls label protocol ldp
    • tag-switching tdp discovery directed hello
• Configure the interval between transmission of LDP (TDP) discovery hello messages, or the hold time for a LDP transport connection
  • tag-switching tdp router-id lo0 force
• Configures MPLS
  • Optional: mpls ldp logging neighbor-changes
• Configure the VFI in the PE
  • The virtual switch instance (VFI) specifies the VPN ID of a VPLS domain, the addresses of other PE routers in this domain, and the type of tunnel signaling and encapsulation mechanism for each peer. (This is where you create the VSI and associated VCs.)
  • Note: Only MPLS encapsulation is supported
  • R1(config)# l2 vfi vfi17 manual
    • Enables the L2 VFI manual config mode
  • R1(config-vfi)# vpn id 17
• Configures a VPN ID for a VPLS domain. The emulated VCs bound to this L2 VRF use this VPN ID for signaling.
  • R1(config-vfi)# nei 1.5.1.1 encap mpls
    • Specifies the remote peering router ID and the tunnel encapsulation type or the p-w property to be used to set up the emulated VC.
  • Split horizon is the default config to avoid broadcast packet looping and to isolate L2 traffic. Use the no-split-horizon keyword to disable split horizon and to config multiple VCs per spoke into the same VFI.
  • R1(config-vfi)# shutdown
    • Disconnects all emulted VCs previously established under the L2 VFI and prevents the establishment of new attachment circuits
    • It doesn't prevent the establishment of new attachment circuits configured with L2 VFI using CLI
  • Example VFI configuration:

l2 vfi VPSLA manual
  vpn id 100
  nei 11.11.11.11 encap mpls
  nei 33.33.33.33 encap mpls
  nei 44.44.44.44 encap mpls

• Example VFI config for hub and spoke:

l2 vfi VPSLA manual
  vpn id 100
  nei 9.9.9.9 encap mpls
  nei 12.12.12.12 encap mpls
  nei 33.33.33.33 encap mpls no-split-horizon
  show mpls l2transport vc 201

• Associating the attachment circuit with the VSI at the PE
  • int vlan 100
    • no ip add
    • xconnect vfi VPLS_501
      • Specifies the L2 VFI that you are binding to the VLAN port
    • show vfi VPLS_501
• H-VPLS with MPLS Edge
  • Overview
    • The hierarchical VPLS model comprises hub and spoke, and full-mesh networks.
    • In a full-mesh configuration, each PE router creates a multipoint-to-multipoint forwarding relationship with all other PE routers in the VPLS domain using VFIs.
    • In the hub and spoke configuration, a PE router can operate in a non-split-horizon mode that allows inter-VC connectivity without the requirement to add a L2 port in the VLAN.
    • In the next example, the VLANs on CE1-4 connect through a full-mesh network. The VLANs on CE2, CE5, and ISP POP connect through a hub and spoke network where the ISP POP is the hub and CE2 and CE5 are the spokes.
    • Configuration on PE1

• Configuring VSIs and VCs
• Configuring the CE device interface
• Associating the attachment with the VFI

• This sample shows the crating of VSIs and associated VCs. Note: the VCs in green require the no-split-horizon keyword. The no-split-horizon command disables the default L2 split horizon in the data path.

l2 vfi Internet manual
  vpn id 100
  nei 120.0.0.3 encap mpls
  nei 162.0.0.2 encap mpls
int lo0
  ip add 20.0.0.1 255.255.255.255

• Configuring the CE device interface
• There can be multiple L2 interfaces in a VLAN

int g 1/1
  switchport
  switchport mode trunk
  switchport encap dot1q
  switchport trunk allow vlan 1001-1005

• Associating the attachment circuit with the VFI

int vlan 1001
  xconnect vfi Internet
int f 2/1
  switchport
  switchport mode trunk
  switchport trunk encap dot1q
  switchport trunk allow vlan 211,1002-1005
int vlan 211
  xconnect vfi PE1-VPLS-A

• Configuring VSIs and VCs
• Configuring the CE device interface
• Associating the attachment circuit with the VFI
• Configuring VSIs and VCs

l2 vfi Internet manual
  vpn id 100
  nei 20.0.0.1 encap mpls
  l2 vfi PE2-VPLS-A manual
  vpn id 200:1
  nei 120.0.0.3 encap mpls
  nei 20.0.0.1 encap mpls
int lo0
  ip add 162.0.0.2 255.255.255.255

int g 2/1
  switchport
  switchport mode trunk
  switchport encap dot1q
  switchport trunk allow vlan 211,1001-1005

int vlan 1001
  xconnect vfi Internet
int vlan 211
  xconnect vfi PE2-VPLS-A

• Configuring VSIs and VCs
• Configuring the CE device interface
• Configuring the attachment circuits
• Configuring port-based EoMPLS on the uPE device

l2 vfi Internet manual
  vpn id 100
  nei 20.0.0.1 encap mpls
  nei 162.0.0.2 encap mpls
  nei 30.0.0.1 encap mpls no-split-horizon
l2 vfi PE3-VPLS-A manual
  vpn id 200
  nei 162.0.0.2 encap mpls
  nei 20.0.0.1 encap mpls
int lo0
  ip add 120.0.0.3 255.255.255.255

int g 6/1
  switchport
  switchport mode trunk
  switchport trunk encap dot1q
  switchport trunk allow vlan 211

int g 1/1
  xconnect 120.0.0.3 100 encap mpls

• Can route L2/L3 traffic for p-w connections between PE devices using VPLS multipoint PE. The ability to route frames to and from these interfaces supports termination of a p-w into a L3 network (VPN or global) on the same switch, or to tunnel L3 frames over a L2 tunnel (VPLS).
• VPLS integrated routing and bridging is also know as routed p-w and routed VPLS.
• VPLS integrated routing and bridging doesn't support multicast routing.
• The following example assigns the IP address 10.10.10.1 to the VLAN 100 interface. (L2 forwarding is defined by the VFI VFI100.)

int vlan 200
  xconnect vfi VFI200
  ip vrf forwarding VFI200
  ip add 20.20.20.1 255.255.255.0

• In a full-mesh configuration, each PE router creates a multipoint-to-multipoint forwarding relationship with all other PE routers in the VPLS domain using a VFI.
• An Ethernet or VLAN packet received from the customer network can be forwarded to one or more local interfaces and or emulated VCs in the VPLS domain.
• To avoid broadcasted packets looping around in the network, no packet received from an emulated VC an be forwarded to any emulated VC of the VPLS domain on a PE router. That is, the L2 split horizon should always be enabled as the default in a full-mesh network.

• Configuration on PE 1
  • Creating the VSIs and associated VCs

l2 vfi PE1-VPLS-A manual
  vpn id 100
  nei 2.2.2.2 encap mpls
  nei 3.3.3.3 encap mpls
int lo0
  ip add 1.1.1.1 255.255.255.255

• Creating the CE device interface

int f 0/0
  switchport
  switchport mode dot1qtunnel
  switchport access vlan 100

• Creating the attachment circuit (VLAN) and associating it with the VSI

int vlan 100
  no ip add
  xconnect vfi PE1-VPLS-A

• Enablement of the L2 VLAN instance

vlan 100
  state active

• Configuration on PE 2
  • Creating the VSIs and associated VCs

l2 vfi PE2-VPLS-A manual
  vpn id 100
  nei 1.1.1.1 encap mpls
  nei 3.3.3.3 encap mpls
int lo0
  ip add 2.2.2.2 255.255.255.255

• Here the attachement circuit (VLAN) is associated with the VSI

int f 0/0
  switchport
  switchport mode dot1qtunnel
  switchport access vlan 100

• This is the enablement of the L2 VLAN instance

vlan 100
  state active

• Configuration on PE 3
  • This shows the creation of the VSIs and associated VCs

l2 vfi PE3-VPLS-A manual
  vpn id 100
  nei 1.1.1.1 encap mpls
  nei 2.2.2.2 encap mpls
int lo0
  ip add 3.3.3.3 255.255.255.255

• This configures the CE device interface

int f 0/1
  switchport
  switchport mode dot1qtunnel
  switchport access vlan 100

• Here the attachement circuit (VLAN) is associated with the VSI

int vlan 100
  no ip add
  xconnect vfi PE3-VPLS-A

* This is the enablement of the L2 VLAN instance

vlan 100
  state active
sh mpls l2 vc
sh vfi PE1-VPLS-A
sh mpls l2 vc detail

Images credit: cisco.com

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/vpls.html#50655