• Like

Present and Future of MPLS-based Layer 2 Virtual Private Networks (IOS Advantage Webinar)

  • 2,206 views
Uploaded on

With the adoption of MPLS in service provider and enterprise networks, L2VPN allows the delivery of Layer 2 connectivity to end-users over this infrastructure. The most popular examples include …

With the adoption of MPLS in service provider and enterprise networks, L2VPN allows the delivery of Layer 2 connectivity to end-users over this infrastructure. The most popular examples include Ethernet services used by Enterprises for WAN or Data Center Interconnect applications. L2VPN also plays an important role for Mobile Operators fulfilling ATM/TDM connectivity requirements used for legacy mobile backhaul transport.

The presentation provides fundamental and advanced topics associated with the deployment of L2VPN over an MPLS network, emphasizing Ethernet-based point-to-point and multipoint VPNs. We will cover deployment considerations including: Signaling, Auto-discovery, Resiliency and Inter-Autonomous Systems (Inter-AS). Discussion topics will be illustrated with IOS and IOS-XR sample configurations. Finally, we will look at the latest work at the Internet Engineering Task Force (IETF), including BGP MPLS-based Ethernet VPNs (E-VPN).

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
2,206
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
244
Comments
2
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. The Present and Future of MPLS-based Layer 2 Virtual Private Networks An Overview and Evolution June 2012jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1  
  • 2. Today’s Presenters   Tina Lam (tinalam@cisco.com) Product Manager Cisco   Jose Liste (jliste@cisco.com) Technical Marketing Engineer Ciscojliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2  
  • 3. Agenda Market  Overview   Fundamentals   PW  Signaling  and  PE  Auto-­‐Discovery   Use  Cases   Latest  Trends  and  Future  jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 4. Market Overview
  • 5. Motivation for L2VPNs Current Drivers   IP Next Generation Network ‒  Network convergence of legacy (ATM, TDM, FR) and Ethernet, fixed and mobile on to the same network   Business Ethernet Services ‒  Flexible offering. P2P, MP. Can be L2VPN, L3VPN or a hybrid ‒  High speed services driven by cloud connectivity   Mobile Backhaul Evolution ‒  TDM / PDH to Dual/Hybrid to All-packet (IP/Ethernet) ‒  Single (voice + data) IP/Ethernet mobile backhaul universally accepted solution New Drivers   Data Center Interconnection (DCI) ‒  L2 connectivity across data centers in disjoint geographical locations across MPLS or IP networks   L2 Services over MPLS Transport Profile (MPLS-TP) ‒  Provides TDM/ATM/Ethernet services over SDH/SONET like transport using MPLS networksjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 6. Ethernet Services by the Numbers   Worldwide market for Ethernet services projected to reach $40B+ by 2014 ‒  Double-digit annual growth across all geographic regional markets ‒  Asia Pac will be the largest market at 31% ‒  Fastest growing strategic wireline data product for SPs   U.S. Business Ethernet market will grow from $6B in 2011 to $11B in 2014 ‒  1Gbps fastest growing and will be 50% of the revenue by 2014 ‒  100M will have the highest number of ports, followed closely by 10M, 1G and sub-10M   Bandwidth tipping point in 2011 ‒  Aggregated Ethernet BW purchased in US surpassed BW for legacy circuitsSource:  Ver*cal  System  Group  2012   jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 7. Poll Question #1 What are the key business applications / drivers for deploying L2VPNs in your network? [multiple choice] A.  Legacy Services (F/R, ATM, TDM) B.  Business Ethernet Services (E-Line / E-LAN) C.  Mobile Backhaul D.  Data Center Interconnect (DCI) E.  Layer 2 services over MPLS TP F.  No L2VPN deployedjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 8. FundamentalsVirtual Private Wire Service (VPWS) Overview
  • 9. Layer 2 VPN Enabler The Pseudowire   L2VPNs are built with Pseudowire Provider  Edge   (PW) technology   PWs provide a common Packet Switched intermediate format to transport Provider  Edge   Network multiple types of network services over a Packet Switched Network (PSN)   PW technology provides Like-to- Pseudowire   Like transport and also ATM   FR   Interworking (IW) TDM   PPP/HDLC   Ethernet  jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 10. Service Offerings L2VPN Transport Services TDM ATM Frame Relay Ethernet Virtual Private LAN Virtual Private Wire Service (VPWS) Service (VPLS)Circuit Emulation AAL5 over Pseudowire FR over Pseudowire Ethernet Virtual Ethernet PrivateService over PSN Private Line (EVPL) LAN (EPLAN)(CESoPSN)Muxed UNI Muxed UNI Muxed UNI Muxed UNI Unmuxed UNIStructure Agnostic TDM Cell Relay with Packingover Packet (SAToP) over Pseudowire Ethernet Virtual PPP/HDLC over Ethernet Private Pseudowire Private LAN (EVPLAN) Line (EPL)Muxed UNI Muxed UNI Muxed Unmuxed UNI Unmuxed UNI UNI PPP/HDLC jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 11. Layer 2 Transport over MPLS Control   Targeted LDP session / BGP session / Static Connection ‒  Used for VC-label negotiation, withdrawal, error notification The “emulated circuit” has three (3) layers of encapsulation   Tunnel header (Tunnel Label) Tunneling ‒  To get PDU from ingress to egress PE Component ‒  MPLS LSP derived through static configuration (MPLS-TP) or dynamic (LDP or RSVP-TE) Demultiplexing   Demultiplexer field (VC Label) Component ‒  To identify individual circuits within a tunnel ‒  Could be an MPLS label, L2TPv3 header, GRE key, etc.   Emulated VC encapsulation (Control Word) Layer 2 ‒  Information on enclosed Layer 2 PDU Encapsulation ‒  Implemented as a 32-bit control wordjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 12. VPWS Forwarding Plane Processing PE1 PE2 CE-1 CE-2 P1 P2 MPLS Pseudowire Traffic direction Tunnel label swapping through Penultimate Hop Popping (PHP) VC label VC and Tunnel MPLS cloud disposition label imposition Push Swap Pop Pop Push Tunnel Label Label = 34 Label = 45 VC Label Label = 28 Label = 28 Label = 28 Payload Payload Payload Payload Payloadjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 13. FundamentalsEthernet over MPLS (EoMPLS)Virtual Private LAN Service (VPLS) Overview
  • 14. How Are Ethernet Frames Transported?   Ethernet frames transported without Preamble, Start Frame Delimiter (SFD) and FCS   Two (2) modes of operation supported: ‒  Ethernet VLAN mode (VC type 0x0004) – created for VLAN over MPLS application ‒  Ethernet Port / Raw mode (VC type 0x0005) – created for Ethernet port tunneling application Original Ethernet Frame 802.1q   Length/ Preamble   DA   SA   Ethernet  Payload   FCS   tag   Type   6B 6B 4B (optional) 2B MPLS E-Type MPLS-encapsulated Ethernet Frame LSP   VC   Ethernet   DA’   SA’   0x8847   Control  Word    Header   Ethernet  Payload   FCS’    Label   Label   4B 4B 4B (optional) MPLS Stack AToM Headerjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 15. Introducing Cisco EVC Framework Functional Highlights Ethernet Service Layer •  Ethernet Flow Point (EFP) •  Ethernet Virtual Circuit (EVC)Flexible service delimiters •  Bridge Domain (BD)•  Single-tagged, Double-tagged •  Local VLAN significance Service Abstraction•  VLAN Lists, VLAN Ranges•  Header fields (COS, Ethertype) VLAN Header operations - Flexible EVC Advanced VLAN Rewrites Service Framework Frame Mapping •  POP Manipulation •  PUSH •  SWAP ANY service – ANY port Multiplexed Forwarding services •  Layer 2 Point-to-Point •  Layer 2 Multipoint •  Layer 3jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 16. Encapsulation Adjustment Considerations EoMPLS PW VC Type and EVC VLAN Rewrites Dummy VLAN tag MPLS Imposition   VLAN tags can be added, removed or translated prior to VC label PUSH 1 VLAN tag imposition or after disposition 4 EVC VLAN ‒  Any VLAN tag(s), if retained, will Rewrite VC 5 MPLS Label (Ingress) Type Imposition appear as payload to the VC AC PW   VC label imposition and service delimiting tag are independent from MPLS Disposition EVC VLAN tag operations POP 1 VLAN tag ‒  Dummy VLAN tag – RFC 4448 (sec 4.4.1) 4 EVC VLAN MPLS Label VC 5 Rewrite   At disposition, VC service-delimiting Disposition Type (Egress) VLAN-ID is removed before passing PW AC packet to AC processingjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16  
  • 17. Virtual Private LAN Service Operation Applies   Flooding / Forwarding Split- Horizon Customer ‒  Forwarding based on destination MAC Equipment N-PE 1 N-PE 3 addresses CE CE ‒  Flooding (Broadcast, Multicast, Unknown PW Unicast) CE U-PE B N-PE 2 Applies N-PE 4 Applies Split-   MAC Learning/Aging/Withdrawal Ethernet UNI Horizon Split- Horizon Ethernet UNI ‒  Dynamic learning based on Source MAC and VLAN Customer ‒  Refresh aging timers with incoming packet Equipment N-PE 1 N-PE 3 CE ‒  MAC withdrawal upon topology changes CE   Split-Horizon and Full-Mesh of PWs for CE PW U-PE B loop-avoidance in core N-PE 2 N-PE 4 Ethernet UNI Ethernet UNI ‒  SP does not run STP in the corejliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 18. Pseudowire (PW) Signaling and PE Auto-Discovery
  • 19. VPWS / VPLS An abstraction   Provisioning Model Provisioning ‒  What information needs to be configured Model and in what entities ‒  Semantic structure of the endpoint identifiers (e.g. VC ID, VPN ID)   Discovery Discovery ‒  Provisioning information is distributed by a "discovery process“ ‒  Distribution of endpoint identifiers   Signaling Signaling ‒  When the discovery process is complete, a signaling protocol is automatically invoked to set up pseudowires (PWs)jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19  
  • 20. VPWS Discovery and Signaling Alternatives   VPWS Signaling VPN Discovery ‒  LDP-based (RFC 4447) Manual Border Gateway ‒  BGP-based (informational RFC) No Auto-Discovery Protocol (BGP)   VPWS with LDP-signaling and No Most widely auto-discovery deployed ‒  Most widely deployed solution Signaling   Auto-discovery for point-to-point services not as relevant as for Label Static Distribution BGP multipoint No Signaling Protocol (LDP)jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20  
  • 21. VPLS Discovery and Signaling Alternatives   VPLS Signaling VPN Discovery ‒  LDP-based (RFC 4762) Manual Border Gateway ‒  BGP-based (RFC 4761) No Auto-Discovery Protocol (BGP)   VPLS with LDP-signaling and No Most widely auto-discovery deployed RFC RFC 4761 ‒  Most widely deployed solution Signaling 6074 ‒  Operational complexity for larger deployments Label Static Distribution No Signaling BGP   BGP-based Auto-Discovery (BGP- Protocol (LDP) AD) (RFC 6074) ‒  Enables discovery of PE devices in a VPLS instancejliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21  
  • 22. PW Control Plane Operation LDP Signaling PEs advertize local VC label using LDP label-mapping message: 4 Label TLV + PW FEC TLV 2 New targeted LDP session between PE routers established, in case one does not already exist PE-1 PE-2 CE-1 MPLS CE-2 1 Interface A Interface B PW manually Local_int = A Local_int = B Remote PE = PE2_ip Remote PE = PE1_ip PW manually provisioned – Remote provisioned – Remote PE info included VC-id <123> PEs assigns VC-id <123> PE info included 1 local VC label to PW 5 PEs bind remote label for PW with Local Label X 3 Local Label Y 3 matching VC-id Remote Label Y 5 Remote Label Xjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 23. BGP Auto-Discovery (BGP-AD)   Eliminates need to manually provision BGP Update VPLS neighbors BGP session message with VPLS NLRI   Automatically detects when new PEs are PE1 BGP RR PE3 added / removed from the VPLS domain CE-A1 CE-A3   Uses BGP Update messages to advertize VFI VFI PE/VFI mapping (VPLS NLRI) MPLS   Typically used in conjunction with BGP PE2 I am a new PE with ACs Route Reflectors to minimize iBGP full- Pseudowire on BLACK VFI mesh peering requirements VFI   Two (2) RFCs define use of BGP for CE-A2 VPLS AD1 Covered in this section ‒  RFC 6074 – when LDP used for PW signaling ‒  RFC 4761 – when BGP used for PW signaling(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23  
  • 24. BGP Signaling and Auto-Discovery Overview BGP Update   RFC 47611 defines use of BGP for BGP session message with VPLS PE Auto-Discovery and Signaling VPLS NLRI PE1 PE X VE_ID 1 BGP RR VE_ID X   All PEs within a given VPLS are CE-A1 CE-A3 assigned a unique VPLS Edge device VFI VFI ID (VE ID) MPLS   A PE X wishing to send a VPLS update PE2 I am PE X with ACs on sends the same label block information VE_ID 2 BLACK VFI Pseudowire Here is my label block for to all other PEs using BGP VPLS NLRI this VFI VFI   Each receiving PE infers the label intended for PE X by adding its CE-A2 (unique) VE ID to the label base ‒  Each receiving PE gets a unique label for PE X for that VPLS(1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24  
  • 25. Use CasesData Center Interconnect
  • 26. Poll Question #2 What is the most important factor when selecting a DCI solution? (single choice) A.  Ease of Provisioning B.  Flow-Based Load-Balancing / Multi-Homing C.  Sub-second Convergence for Link / Port / Node failures D.  Massive MAC address scalability (order of millions) E.  Optimal Multicast Forwardingjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 27. Use CasesData Center Interconnect – Catalyst 6500
  • 28. Data Center Interconnect with VPLS Catalyst  6500   Catalyst  6500   WAN  Edge   Access   Agg   Si VFI  PW   Si vlan  X   WAN   VFI VFI VFI VFI VFI  PW   vlan  Y   Si Si DC  1   VSS   VSS   DC  2    DC WAN Edge device (Catalyst 6500) implements VPLS with Advanced –VPLS (A-VPLS) for DCI applications  A-VPLS provides: ‒  Single-Chassis (Virtual) Redundancy solution – Virtual Switching System (VSS) ‒  Multichassis EtherChannel (MEC) ‒  Flow-based load balancing over WAN using Flow Aware Transport (FAT) PW ‒  Simplified configuration jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 29. Data Center Interconnect with VPLSSample Configuration – Catalyst 6500 Virtual Ethernet interface modeled as SwitchportPE 1 trunk towards VFIs PE 2hostname PE1 One VFI per vlan on virtual hostname PE2 PE1 PE2! interface ! 10.0.0.1 10.0.0.2interface Loopback0 interface Loopback0 ip address 10.0.0.1 255.255.255.255 ip address 10.0.0.2 255.255.255.255! !pseudowire-class sample-class pseudowire-class sample-class Multichassis PW VC id encapsulation mpls encapsulation mpls EtherChannel Si 80 Si load-balance flow load-balance flow (MEC) VFI VFI flow-label enable flow-label enable VSS VFI VFIinterface virtual-ethernet 1 interface virtual-ethernet 1 81 transport vpls mesh transport vpls mesh neighbor 10.0.0.2 pw-class sample-class neighbor 10.0.0.1 pw-class sample-class Si Si switchport switchport switchport mode trunk switchport mode trunk switchport trunk allowed vlan 80,81 switchport trunk allowed vlan 80,81interface port-channel50 interface port-channel50 switchport switchport switchport mode trunk switchport mode trunk Single VFI PW per Vlan switchport trunk allowed vlan 80,81 switchport trunk allowed vlan 80,81 per VSS pair Note: Complete Virtual Switching System (VSS) / Multichassis EtherChannel (MEC) configuration not shown jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 29  
  • 30. Deployment Use CasesData Center Interconnect – ASR 9000
  • 31. ASR 9000 Network Virtualization (nV) Technology Overview SP  Services/   Third-­‐Party   Content   Services/  Content   Before:      nV  Technology   AUer:      nV  Technology   Cisco     Prime  IP  NGN   Individual device to One virtual system to manage Core   manage Edge   nV  Edge   No network protocols Complex network within virtual system, protocols Residential Converged Business nV   Remote satellite is plug- n-play, zero touch AggregaOon   Feature inconsistent, nV  Satellite   inter-operability Single feature set, one Access   release cycle Physical port limit Scale to 10 of 1000s physical portsjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 32. Data Center Interconnect with VPLSExample 1 – nV Edge Cisco  ASR  9000   Cisco  ASR  9000   WAN  Edge   WAN  Edge   Access   Agg   VFI  PW   vlan  X   WAN   VFI VFI VFI VFI VFI  PW   vlan  Y   DC  1   nV  Edge   nV  Edge   DC  2    DC WAN Edge device (ASR 9000) implements VPLS with Network Virtualization (nV) for DCI applications  nV and VPLS provides: ‒  Single-Chassis (Virtual) Redundancy solution – Network Virtualization Cluster Single control and management plane, distributed data plane ‒  Multichassis EtherChannel ‒  Flow-based load balancing over Pseudowire using Flow Aware Transport (FAT) PW ‒  Scalability jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 33. Data Center Interconnect with VPLSSample Configuration – ASR 9000PE 1 PE 2hostname PE1 hostname PE2! !interface Loopback0 interface Loopback0 ipv4 address 10.0.0.1 255.255.255.255 ipv4 address 10.0.0.2 255.255.255.255 PE1 PE2 10.0.0.1 10.0.0.2interface bundle-ethernet1.1 l2transport interface bundle-ethernet1.1 l2transport encapsulation dot1q 80 encapsulation dot1q 80interface bundle-ethernet1.2 l2transport interface bundle-ethernet1.2 l2transport Multichassis encapsulation dot1q 81 encapsulation dot1q 81 PW VC id EtherChannel 1111l2vpn l2vpn VFI VFI pw-class sample-flow-lb pw-class sample-flow-lb nV nV encapsulation mpls encapsulation mpls VFI VFI load-balancing load-balancing 2222 load-balancing flow-label load-balancing flow-label! ! bridge group DCI bridge group DCI bridge-domain bd-80 bridge-domain bd-80 interface bundle-ethernet1.1 interface bundle-ethernet1.1 vfi vfi1111 vfi vfi1111 neighbor 10.0.0.2 pw-id 1111 neighbor 10.0.0.1 pw-id 1111 pw-class sample-flow-lb pw-class sample-flow-lb Single PW per VFI/ Vlan! ! bridge-domain bd-81 bridge-domain bd-81 interface bundle-ethernet1.2 interface bundle-ethernet1.2 vfi vfi2222 vfi vfi2222 neighbor 10.0.0.2 pw-id 2222 neighbor 10.0.0.1 pw-id 2222 Note: nV cluster configuration not shown pw-class sample-flow-lb pw-class sample-flow-lb Etherchannel configuration incomplete jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33  
  • 34. Data Center Interconnect with VPLSExample 2 – mLACP Cisco  ASR  9000   Cisco  ASR  9000   WAN  Edge   WAN  Edge   Access   Agg   VFI VFI WAN   ICCP   ICCP   VFI VFI DC  1   DC  2    DC WAN Edge device (ASR 9000) implements VPLS with multi-chassis LACP (mLACP) for DCI applications  mLACP and VPLS provides: ‒  Geo-Redundant dual-home DCI layer solution ‒  Distributed Control / Management / Data Plane ‒  Multichassis EtherChannel (mLACP) (Active / Standby links – 1:1 protection) using Inter-Chassis Communication Protocol (ICCP) ‒  Flow-based load balancing over Pseudowire using Flow Aware Transport (FAT) PW jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 35. Use CasesMobile Backhaul – Legacy TDM / ATM Transport
  • 36. Legacy ATM and TDM Transport   Mobile Backhaul migration strategies vary among Challengers and Incumbents   Circuit Emulation required to support legacy interfaces across a packet-based network ‒  Structure Agnostic TDM over Packet (SAToP - RFC 4553) for encapsulating TDM bit-streams (T1/E1, T3/E3) as PWs Example: full T1/E1 from cell site to BSC ‒  Circuit Emulation Services over PSN (CESoPSN - RFC 5086) for encapsulating structured TDM signals (NxDS0) as PWs More efficient with use of transport resources than SAToP Example: fractional T1/E1 from cell site to BSC ‒  ATMoMPLS for carrying ATM cells over an MPLS network using ATM PWE3 (Cell relay)   Statistical multiplexing gains of packet transport ‒  Enabled with ATM PWE3 for UMTS ‒  Not enabled with SAToP or CESoPSN for GSMjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 37. TDM / ATM PW Backhaul Cell Access Pre-Aggregation Aggregation BSC RNC Site Layer Layer Layer Etherne Aggregation node Distribution node t uW Cell site Router GE Ring 10 GE Ring Fibre S-PE Multi-Segment PWs deployed to minimizeTDM / ATM PW TDM (CESoPSN,SAToP) & ATM (VC,VP) PWE3 TDM & ATM PWE3 reachability informationBackhaul with Layer 2 down to cell site router(Ethernet) Access L2 Rings or Point-to-Point L2 Rings or Point-to-Point MS-PW IP/MPLS TDM / ATM L2 P2P or rings GE 10GE 10GE STM1 STM1 REP/G.8032/MSTP/TDM / ATM PW MS-PWBackhaul with MPLS in IP / MPLS IP / MPLS IP/MPLSAccess TDM / ATM IP / MPLS RAN Access GE 10GE 10GE STM1 STM1 jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37  
  • 38. Latest Trends and FutureUnified MPLS - Extending MPLS to the Accessof Mobile & Wireline Networks
  • 39. Challenges with Traditional MPLS Designs Access Aggregation Core Aggregation Access PE MPLS ABR ABR PE MPLS MPLS MPLS MPLS MPLS MPLS   As MPLS moves into access layers, large number of network elements pose challenges ‒  Core Edge / Distribution (100s-1,000s nodes), AGG (1,000s - 10,000s), Access (10,000s - 100,000s)   End-to-end LSPs between access devices requires distributing large amount of loopback prefixes ‒  IGP RIB table would be required to support say 100K prefixes ‒  MPLS LIB / LFIB tables would be required to support say 200K labels (assuming two paths per prefix)   Multi-Segment PWs and Prefix aggregation with LDP inter-area LSPs can only partially alleviate scale challengejliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39  
  • 40. Unified MPLS Requirements Access Aggregation Core Aggregation Access PE MPLS ABR ABR PE MPLS MPLS MPLS MPLS   What is it? - End-to-end packet transport architecture based on MPLS forwarding addressing scale and operational simplification   Scalability – Interconnection of large number of access nodes (e.g.100k)   Flexible placement of L2 / L3 service nodes ‒  Seamless LSPs to any location in the network   Service Provisioning Simplicity - Service provisioning only required at the edge of the network   High network availability (protection or fast restoration)jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40  
  • 41. Addressing Scale - Hierarchical LSPs Access Aggregation Core Aggregation Access PE MPLS ABR ABR PE MPLS MPLS Inter-domain LSP Intra-domain Intra-domain Intra-domain LSP LSP LSP   Addresses scale with hierarchical LSPs using two transport labels ‒  Intra-domain LSP (IGP+LDP or RSVP-TE) ‒  Inter-domain LSP (iBGP+label per RFC3107)   Isolates IGP domains - No IP prefix redistribution ‒  Area Border Routers (ABR) used as BGP Route Reflectors (RR) for inter-domain exchange of prefix/label ‒  ABR / RRs inserted into the data plane by modifying next-hop attribute (next-hop-self)jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41  
  • 42. Control Plane Operation (Pseudowire) PE1 P ABR1 P ABR2 P PE2 PE to ABR and LDP / LDP / LDP / LDP / LDP / LDP / ABR to ABR LSPs RSVP-TE RSVP-TE RSVP-TE RSVP-TE RSVP-TE RSVP-TE iBGP iBGP iBGP PE to PE LSPs IP+Label IP+Label IP+Label Pseudowire signaling T-LDP E2E Single Segment PWjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 43. Forwarding Plane Operation (Pseudowire) PE1 P ABR1 P ABR2 P PE2 Push Pop Swap Pop Pop Pop Pop Push Push Push Push IGP Label IGP Label BGP Label BGP Label BGP Label BGP Label IGP Label PW Label PW Label PW Label PW Label PW Label PW LabelPayload Payload Payload Payload Payload Payload Payload Payload jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 44. Latest Trends and FutureMPLS Transport Profile (MPLS-TP)
  • 45. MPLS Transport Profile Existing functionality meeting   Extends MPLS to meet packet Existing functionality transport requirements transport requirements prior to MPLS Transport profile ‒  Connection-oriented ‒  Deployable with or without control MPLS plane Transport Profile ‒  Separation of control/management MP2P / MP2MP LSP IP forwarding MPLS Forwarding New plane from data-plane extensions ECMP P2P / P2MP LSP based on Pseudowire Architecture transport ‒  In-band OAM OAM Resilicency requirements ‒  1:1, 1:n, 1+1 protection GMPLS ‒  Multi-service   Identifies subset of MPLS supporting traditional transport requirementsjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 45  
  • 46. MPLS-TP Components Forwarding OAM Protection Control Services Plane Plane  Bi-directional,  CC/RDI  Linear  Static  Ethernet/VLAN co-routed  On-demand protection (1:1,  Dynamic  ATM LSPs CV 1+1, 1:N) (GMPLS)  TDM  Static LSP  Route Tracing  Reversion  MS-PW  QoS  AIS/LDI/LKR  Wait-to-restore integration with  CFI (PW timer IP/MPLS Status)jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 46  
  • 47. MPLS-TP Transport and Service Options   Existing pseudowire architecture applies to MPLS-TP MPLS-TP currently PW1   LSPs typically aggregate multiple focuses on Layer-2/1services PW2 LSP services PW3   As usual, pseudowires can be signaled or established via manual Services (clients) configuration IPv4 IPv6 IPv4 IPv6 VPN VPN VPMS VPWS VPLS   Ethernet PW ‒  EoMPLS / VPLS Transport   TDM PW IP/MPLS (LDP / RSVP-TE / BGP) MPLS-TP (Static / RSVP-TE) ‒  CESoPSN / SAToP MPLS Forwarding   ATM PW ‒  AAL5 and Cell Relayjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 47  
  • 48. MPLS-TP and IP/MPLS Integration Access Aggregation Core Aggregation Access T-PE S-PE S-PE T-PE MPLS-TP IP/MPLS MPLS-TP Signaled PW Signaled Tunnel Static PW Static PW Static Tunnel Static Tunnel   Multi-segment pseudowires (MS-PW) enable layer-2/-1 services over a combined MPLS-TP and IP/MPLS infrastructure   S-PE switches traffic between a static and a dynamic segment   MPLS-TP domain uses static LSP as PSN tunnel and static PW segment   IP/MPLS domain uses signaled LSP (LDP or RSVP-TE) as PSN tunnel and signaled PW segmentjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 48  
  • 49. Latest Trends and FutureEthernet Virtual Private Network (E-VPN)Provider Backbone Bridges E-VPN (PBB-EVPN)
  • 50. Motivation   L2VPN (VPLS) currently used as PE- based data center interconnect (DCI) Ent DC1 Enterprise DCI “back door” Ent DC2 solution   Need to address technology evolution requirements PE PE ‒  Active / Active Multi-homing ‒  Load balancing and Multi-Pathing (vlan- CE DCPE SP NGN CE based / flow-based) DCPE ‒  Multicast optimization DCE DCE SP DC1 SP DC2 ‒  Scale (e.g. PW and MAC-addresses) ‒  Multi-tenancy (service scale) Standalone DCI network   Enhancements bring benefits to other VPLS applications ‒  Business services ‒  Mobile backhauljliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 50  
  • 51. E-VPN At A Glance   Active IETF L2VPN working group document ‒  draft-ietf-l2vpn-evpn-00   Treat learned MAC addresses as routable addresses and distribute them in BGP over IP/ MPLS network BGP ‒  Receiving PE injects these MAC addresses into forwarding table along with its associated adjacency PE PE   When multiple PE nodes advertise the same MAC, then multiple adjacency is created for that MAC address in the forwarding table PE PE ‒  When forwarding traffic for a given unicast MAC DA, a hashing algorithm could be based on L2/L3/L4 header is used to pick one of the adjacencies for forwarding   Full-Mesh of PW no longer required ‒  MP2P tunnels used for unicast ‒  Ingress PE replication (MP2P tunnels) or LSM used for multi-destination traffic (multicast / broadcast / unknown unicast)jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51  
  • 52. E-VPN Broadcast Example (e.g. ARP) AGG1 BGP AGG4 M2 PE1 PE3 MH-ID=3 M1 AGG2 AGG5 C-MAC2 MH-ID=1 C-MAC1 AGG3 AGG6 PE2 PE4 MH-ID=2 iBGP L2-NLRI •  next-hop: n-PE1 •  <C-MAC1, Label 100>   Host M1 sends a message with MAC SA = M1 and MAC DA=bcast   PE1 learns M1 over its Agg2-PE1 AC and distributes it via BGP to other PE devices   All other PE devices learn that M1 sits behind PE1   Broadcast frame sent to remote PEs using MP2P tunnels (or LSM)jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 52  
  • 53. E-VPN Unicast Example AGG1 AGG4 M2 PE1 PE3 MH-ID=3 M1 AGG2 AGG5 MH-ID=1 100   AGG3 AGG6 PE2 PE4 MH-ID=2 iBGP L2-NLRI •  next-hop: n-PE4 •  <C-MAC2, Label 200>   Host M2 sends response with MAC SA = M2 and MAC DA = M1   PE4 learns M2 over its Agg5-PE4 AC and distributes it via BGP to other PE devices   PE4 forwards the frame to PE1 (MP2P tunnel) since it has learned previously that M1 sits behind PE1   All other PE devices learn that M2rights reserved.jliste@cisco.com © 2012 Cisco and/or its affiliates. All sits behind PE4 Cisco Public 53  
  • 54. MAC Address Scalability Introducing PBB-EVPN O(100) B-MACs WAN O(1M) C-MACs DC Site 1 DC Site N DC Site 2   BGP MAC Advertisement Route Scalability ‒  Multiple orders of magnitude difference between C-MAC & B-MAC addresses   C-MAC Address Confinement ‒  E-VPN - control plane C-MAC learning, C-MACs are always in RIB and maybe also in FIB ‒  PBB-EVPN - data plane C-MAC learning, C-MACs are never in RIB and are only present in FIB for active flowsjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 54  
  • 55. Ethernet Encapsulation Evolution 802.1ad C-DA: Customer dest addr 802.3 802.1Q PB C-SA: Customer src addr C-TAG: Customer tag 802.1ah PBB S-TAG: Service tag 802.1ad 802.3 802.1Q PB B-DA: Backbone dest addr S-SA: Backbone src addr Service Instances I-TAG: Service instance tag (I-SID) VID: VLAN identifier (part of C-/S-/B-TAG) 2 24=16,777,216 I-SID: Backbone service instance identifier Service B-DA (part of I-TAG) Service Instances B-SA Instances (VID) B-TAG PB: Provider Bridges (VID) 212=4,096 PBB: Provider backbone bridges I-TAG 2 12=4,096 C-DA C-DA C-DA C-SA C-SA 802.1Q/ad C-DA C-SA S-TAG S-TAG service C-SA C-TAG C-TAG C-TAG Instances (212) Payload Payload Payload Payload 802.1ah service Instances (224) FCS FCS FCS FCSjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 55  
  • 56. Provider Backbone Bridges – EVPN (PBB-EVPN) Solution Overview   Active L2VPN working group document ‒  draft-ietf-l2vpn-pbb-evpn-03   Advertise local Backbone MAC (B-MAC) addresses in BGP to all other PEs that have BEB PE1 B-MAC Routes BEB at least one VPN in common just like E-VPN CE1 LACP PE3 ‒  Build a forwarding table from remote BGP advertisements just like E-VPN (e.g., association of 802.1Qbp B-MAC to MPLS labels) B-MAC = Site ID MPLS   Single B-MAC to represent site ID PE2 ‒  Can derive the B-MAC automatically from system MAC address of LACP peer   PEs perform PBB functionality just like PBB- VPLS   C-MAC learning for traffic received from ACs and C-MAC/B-MAC association for traffic BEB = IEEE 802.1ah Backbone Edge Bridge received from corejliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 56  
  • 57. PBB-EVPN: Dual Homed Device VPN B-MAC NH PE1 PE3 RIB   VLAN 2, 3 RouteTarget 3 B-MAC1 PE1 RT3 B-MAC1 PE2 RT2 B-MAC1 PE1 B-MAC1 MPLS/ IP RT2 B-MAC1 PE2 PE2 VPN B-MAC NH FIB   VLAN 2,3 RT3 B-MAC1 PE1, PE2 RT2 B-MAC1 PE1, PE2   Each PE advertises a MAC route per Ethernet Segment (carries B-MAC associated with Ethernet Segment). ‒  Both PEs advertise the same B-MAC for the same Ethernet Segment.   Remote PE installs both next hops into FIB for associated B-MAC. ‒  Hashing used to load-balance traffic among next hops.   PE1 MAC Routes: ‒  Route: Route Descriptor (RD11), B-MAC1, RT2, RT3   PE2 MAC Routes: ‒  Route: RD22, B-MAC1, RT2, RT3jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 57  
  • 58. Poll Question #3 What applications would you be most interested for deployment of E-VPN / PBB-EVPN in your network? [multiple choice] A.  E-LAN Business Ethernet Services B.  E-Tree Business Ethernet Services C.  Mobile Backhaul D.  Data Center Interconnect (DCI) E.  No interest for now What best describes your company’s interest on E-VPN / PBB-EVPN? [single choice] A.  Not Interested B.  Would like to learn more C.  Interested. Would consider deployment in the next 12 months D.  Interested. Would consider deployment in the next 18-24 monthsjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 59. Summary
  • 60. Summary   Ethernet-based WAN services, Data Center Interconnect and Mobile Backhaul are the key applications driving deployments of L2VPN today   MPLS-based Layer 2 VPNs are fairly mature and have been deployed by Service Providers and Enterprises around the globe   MPLS-TP extends MPLS to support operational model of traditional transport networks while supporting L2VPNs   PBB-EVPN emerging as solution that meets next generation requirements for Layer 2 connectivity in verticals such as DCIjliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 61. Additional References   Cisco Community – Service Provider Mobility https://communities.cisco.com/community/solutions/sp/mobility   Unified MPLS for Mobile Transport 2.0 – Design Guide https://communities.cisco.com/docs/DOC-29526   Data Center Interconnect (DCI) http://www.cisco.com/go/dci   Implementing MPLS Transport Profile (IOS XR) http://cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/mpls/configuration/guide/ b_mpls_cg42asr9k_chapter_0110.html   MPLS Transport Profile Configuration Guide (IOS) http://cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_transport_profile.html   Cisco SP360: Service Provider Blog http://blogs.cisco.com/tag/mpls-tp/jliste@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 61  
  • 62. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  • 63. Comparison of L2VPN Solutions VPLS E-VPN PBB-EVPNAll-Active Redundancy Flow Based Load Balancing No Yes Yes Flow Based Multi-pathing No Yes Yes Geo-redundancy and Flexible Redundancy Grouping No Yes YesSimplified Provisioning and Operation Core Auto-Discovery Yes Yes Yes Access Multi-homing Auto-Discovery No Yes Yes New Service Interfaces No Yes Yes Optimal Multicast with LSM P2MP Trees Yes Yes Yes MP2MP Trees No Yes Yes Fast Convergence Link/Port/Node Failure Yes Yes Yes MAC Mobility Yes Yes Yes Avoiding C-MAC Flushing No No Yes Scalable for SP Virtual Private Cloud Services Support O(10 Million) MAC Addresses per DC No No Yes Confinement of C-MAC Learning No No YesSeamless Interworking (TRILL/802.1aq/802.1Qbp/MST/ RSTP Guarantee C-MAC Transparency on PE No No Yes © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 64  
  • 64. PBB-EVPN: A Closer LookDesignated Forwarder (DF) Election with Service PE   PE  Carving ‒ Prevent duplicate delivery of flooded frames (multicast, broadcast, unknown unicast) ‒ Non-DF ports are blocked for flooded traffic PE   PE   ‒ Uses BGP Ethernet Segment Route. ‒ Announcements per Segment rather than per (VLAN, Segment). PE   PE  Split Horizon for Ethernet Segment ‒ Prevent looping of traffic originated from a multi-homed segment. PE   PE   ‒ Performed based on B-MAC source address rather than E- VPN’s Ethernet Segment Identifier (ESI) MPLS Label.Aliasing B-­‐MAC1   PE   PE   ‒ PEs connected to the same multi-homed Ethernet Segment B-­‐MAC1   advertise the same B-MAC address. ‒ Remote PEs use these MAC Route advertisements for PE   aliasing load-balancing traffic destined to C-MACs reachable via a given B-MAC. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 65