Networking Software (IOS & NX-OS)

Table Of Contents

H-VPLS N-PE Redundancy for QinQ and MPLS Access

Contents

Prerequisites for H-VPLS N-PE Redundancy for QinQ and MPLS Access

Restrictions for H-VPLS N-PE Redundancy for QinQ and MPLS Access

Information About H-VPLS N-PE Redundancy for QinQ and MPLS Access

How H-VPLS N-PE Redundancy for QinQ and MPLS Access Works

H-VPLS N-PE Redundancy with QinQ Access Based on MSTP

H-VPLS N-PE Redundancy with MPLS Access Based on Pseudowire Redundancy

MAC Address Withdrawal

How MAC Address Withdrawal Works with H-VPLS N-PE Redundancy with QinQ Access

How MAC Address Withdrawal Works with H-VPLS N-PE Redundancy with MPLS Access

How to Configure H-VPLS N-PE Redundancy for QinQ and MPLS Access

Configuring the VPLS Pseudowire Between the N-PE Routers

Prerequisites

Configuring the SVI for the Native VLAN

Verifying the H-VPLS N-PE Redundancy for QinQ and MPLS Access Configuration

Configuration Examples for H-VPLS N-PE Redundancy for QinQ and MPLS Access

H-VPLS N-PE Redundancy for QinQ Access: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

Feature Information for H-VPLS N-PE Redundancy for QinQ and MPLS Access

Glossary

H-VPLS N-PE Redundancy for QinQ and MPLS Access

---

First Published: November 15, 2007

Last Updated: December 21, 2007

The H-VPLS N-PE Redundancy for QinQ and MPLS Access feature enables two network provider edge (N-PE) routers to provide failover services to a user provider edge (U-PE) router in a hierarchical virtual private LAN service (H-VPLS). Having redundant N-PE routers provides improved stability and reliability against link and node failures. This document explains how to implement this feature.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. For the latest feature information and caveats, see the release notes for your Cisco IOS software release. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for H-VPLS N-PE Redundancy for QinQ and MPLS Access" section.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

•Prerequisites for H-VPLS N-PE Redundancy for QinQ and MPLS Access

•Restrictions for H-VPLS N-PE Redundancy for QinQ and MPLS Access

•Information About H-VPLS N-PE Redundancy for QinQ and MPLS Access

•How to Configure H-VPLS N-PE Redundancy for QinQ and MPLS Access

•Configuration Examples for H-VPLS N-PE Redundancy for QinQ and MPLS Access

•Additional References

•Command Reference

•Feature Information for H-VPLS N-PE Redundancy for QinQ and MPLS Access

•Glossary

Prerequisites for H-VPLS N-PE Redundancy for QinQ and MPLS Access

•Before configuring the H-VPLS N-PE Redundancy for QinQ and MPLS Access feature, configure your H-VPLS network and make sure it is operating correctly. For more information about configuring the H-VPLS network, see the "Configuring VPLS" chapter of the Cisco 7600 Series Router Module Configuration Notes.

•Make sure that the PE-to-CE interface is configured the switchport trunk with a list of allowed VLANs. For more information, see the "Configuring VPLS" chapter of the Cisco 7600 Series Router Module Configuration Notes.

•To provide faster convergence, you can optionally enable the MPLS Traffic Engineering: Fast Reroute feature in the Multiprotocol Label Swithing (MPLS) core. See the MPLS Traffic Engineering (TE)—Fast Reroute (FRR) Link and Node Protection documentation.

•Enable the L2VPN Pseudowire Redundancy feature on the U-PE routers for MPLS access. For information about configuring the L2VPN Pseudowire Redundancy feature, see the L2VPN Pseudowire Redundancy documentation.

•When configuring MSTP, specify that one of N-PEs routers is the root by assigning it the lowest priority, using the following command:

spanning-tree mst instance-id priority priority

For information about configuring MSTP, see the "Configuring MST Instance Parameters" chapter of the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E.

•When configuring MSTP, make sure each of the routers participating in the spanning-tree are in the same region and are the same revision by issuing the revision, name, and instance commands in MST configuration mode. For more information on configuring these MSTP parameters, see the "Configuring IEEE 802.1s MST" chapter of the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E.

Restrictions for H-VPLS N-PE Redundancy for QinQ and MPLS Access

•H-VPLS N-PE Redundancy for QinQ and MPLS Access cannot be used with the VPLS Autodiscovery feature on the pseudowires that attach to the U-PE routers. When you create the VPLS, manually create the virtual forwarding interface (VFI).

•You cannot configure more than one pseudowire (PW) to carry the bridge protocol data unit (BPDU) information between the N-PE routers. If you attempt to enter the forward permit l2protocol all command for multiple VFIs, you receive an error message.

•You cannot configure a local loopback address as a neighbor when you configure the H-VPLS N-PE Redundancy for QinQ and MPLS Access featureon the N-PE routers. If you do, the following error is displayed:

VPLS local switching to peer address not supported

•Only two N-PE routers can be connected to each U-PE router.

•For a list of supported hardware for this feature, see the Release Notes for Cisco IOS Release 12.2SR for the Cisco 7600 Series Routers.

•The spanning tree mode must be MSTP for the H-VPLS N-PE Redundancy for QinQ and MPLS Access feature. If the spanning tree mode changes, the H-VPLS N-PE Redundancy for QinQ and MPLS Access feature may not work correctly, even though the the pseudowire that carries the BPDU information still exists and the H-VPLS N-PE Redundancy is still configured.

Information About H-VPLS N-PE Redundancy for QinQ and MPLS Access

Before configuring the H-VPLS N-PE Redundancy for QinQ and MPLS Access feature, you should understand the following concepts:

•How H-VPLS N-PE Redundancy for QinQ and MPLS Access Works

•MAC Address Withdrawal

How H-VPLS N-PE Redundancy for QinQ and MPLS Access Works

In a network configured with the H-VPLS N-PE Redundancy for QinQ and MPLS Access feature, the U-PE router is connected to two N-PE routers, which provides a level of redundancy that can tolerate both link or device faults. If a failure occurs in the network that disables one N-PE router from transmitting data, the other N-PE router will take over. This feature works with both QinQ access based on Multiple Spanning Tree Protocol (MSTP) and MPLS access based on pseudowire redundancy.

H-VPLS N-PE Redundancy with QinQ Access Based on MSTP

H-VPLS N-PE redundancy with QinQ access uses MSTP running on the N-PE routers and U-PE routers in an H-VPLS network. A pseudowire running between N-PE routers carries only MSTP BPDUs. The pseudowire running between the N-PE routers is always up and is used to create a loop path between N-PE routers so that MSTP will block one of the redundant paths between the U-PE router and the N-PE routers. If the primary N-PE router or the path to it fails, MSTP will enable the path to the backup N-PE router.

Figure 1 shows an H-VPLS network with redundant access. Each U-PE router has two trunk connections, one to each N-PE router. Between the two N-PE routers is a pseudowire to provide a loop path for MSTP BPDUs. The network topology shown in Figure 1 allows for the backup N-PE router to take over if the primary N-PE router or the path to it fails.

Figure 1 H-VPLS N-PE Redundancy with QinQ access Based on MSTP

H-VPLS N-PE Redundancy with MPLS Access Based on Pseudowire Redundancy

For H-VPLS redundancy with MPLS access based on pseudowire redundancy, the MPLS network has pseudowires to the VPLS core N-PE routers.

As shown in Figure 2, one pseudowire transports data between the U-PE router and its peer N-PE routers. When a failure occurs along the path of the U-PE router, the backup pseudowire and the redundant N-PE router become active and start transporting data.

Figure 2 H-VPLS N-PE Redundancy for QinQ and MPLS Access with MPLS Access Based On Pseudowire Redundancy

MAC Address Withdrawal

PE routers learn the remote MAC addresses and directly attached MAC addresses on customer-facing ports by deriving topology and forwarding information from packets originating at customer sites. To display the number of MAC address withdrawal messages, enter the show mpls l2transport vc detail command, as shown in the following example. The MAC address withdrawal message is shown in bold.

Router# show mpls l2transport vc detail

Local interface: VFI TEST VFI up

  MPLS VC type is VFI, interworking type is Ethernet

  Destination address: 10.1.1.1, VC ID: 1000, VC status: up

    Output interface: Se2/0, imposed label stack {17}

    Preferred path: not configured  

    Default path: active

    Next hop: point2point

  Create time: 00:04:34, last status change time: 00:04:15

  Signaling protocol: LDP, peer 10.1.1.1:0 up

    Targeted Hello: 10.1.1.1(LDP Id) -> 10.1.1.1

    MPLS VC labels: local 16, remote 17 

    Group ID: local 0, remote 0

    MTU: local 1500, remote 1500

    Remote interface description:

    MAC Withdraw: sent 5, received 3

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 0, send 0

    byte totals:   receive 0, send 0

    packet drops:  receive 0, send 0

How MAC Address Withdrawal Works with H-VPLS N-PE Redundancy with QinQ Access

If a failure occurs in the customer switched network, a spanning tree Topology Change Notification (TCN) is issued to the U-PE router, which issues an LDP-based MAC address withdrawal message to the peer N-PE routers and flushes its MAC address table.

How MAC Address Withdrawal Works with H-VPLS N-PE Redundancy with MPLS Access

If the pseudowire between the U-PE router and N-PE router fails, then the L2VPN Pseudowire Redundancy feature on the U-PE router activates the standby pseudowire. In addition, the U-PE router sends a Label Distribution Protocol (LDP) MAC address withdrawal request to the new N-PE router, which forwards the message to all pseudowires in the VPLS core and flushes its MAC address table.

If a switched virtual interface (SVI) on the N-PE router fails, the L2VPN Pseudowire Redundancy feature activates the standby pseudowire and the U-PE router sends a MAC withdrawal message to the newly active N-PE router.

For information about the L2VPN Pseudowire Redundancy feature, see the L2VPN Pseudowire Redundancy feature.

How to Configure H-VPLS N-PE Redundancy for QinQ and MPLS Access

This section contains the following procedures:

•Configuring the VPLS Pseudowire Between the N-PE Routers (required)

•Configuring the SVI for the Native VLAN (required)

•Verifying the H-VPLS N-PE Redundancy for QinQ and MPLS Access Configuration (optional)

Configuring the VPLS Pseudowire Between the N-PE Routers

Configuring N-PE redundancy in an H-VPLS network requires two steps. First you define the VPLS pseudowire for transporting BPDU data. Then, you connect that pseudowire to the native VLAN. This provides a redundancy that provides improved reliability against link and node failures.

Prerequisites

•Before configuring the H-VPLS N-PE Redundancy for QinQ and MPLS Access feature, configure your H-VPLS network and make sure it is operating correctly. For more information about configuring the H-VPLS network, see the "Configuring VPLS" chapter of the Cisco 7600 Series Router Module Configuration Notes.

•Make sure that the PE-to-CE interface is configured the switchport trunk with a list of allowed VLANs. For more information, see the "Configuring VPLS" chapter of the Cisco 7600 Series Router Module Configuration Notes.

•To provide faster convergence, you can optionally enable the MPLS Traffic Engineering: Fast Reroute feature in the Multiprotocol Label Swithing (MPLS) core. See the MPLS Traffic Engineering (TE)—Fast Reroute (FRR) Link and Node Protection documentation.

•Enable the L2VPN Pseudowire Redundancy feature on the U-PE routers for MPLS access. For information about configuring the L2VPN Pseudowire Redundancy feature, see the L2VPN Pseudowire Redundancy documentation.

•When configuring MSTP, specify that one of N-PEs routers is the root by assigning it the lowest priority, using the following command:

spanning-tree mst instance-id priority priority

For information about configuring MSTP, see the "Configuring MST Instance Parameters" chapter of the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E.

•When configuring MSTP, make sure each of the routers participating in the spanning-tree are in the same region and are the same revision by issuing the revision, name, and instance commands in MST configuration mode. For more information on configuring these MSTP parameters, see the "Configuring IEEE 802.1s MST" chapter of the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E.

SUMMARY STEPS

1. enable

2. configure terminal

3. l2 vfi name manual

4. vpn id id-number

5. forward permit l2protocol all

6. neighbor remote-router-id vc-id {encapsulation encapsulation-type | pw-class pw-name} [no-split-horizon]

7. end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	l2 vfi name manual Example: Router(config)# l2 vfi vfitest1 manual	Creates a Layer 2 VFI and enters Layer 2 VFI manual configuration mode.
Step 4	vpn id id-number Example: Router(config-vfi)# vpn id 200	Specifies the VPN ID.
Step 5	forward permit l2protocol all Example: Router(config-vfi)# forward permit l2protocol all	Creates a pseudowire that is to be used to transport BPDU data between the two N-PE routers.
Step 6	neighbor remote-router-id vc-id {encapsulation encapsulation-type | pw-class pw-name} [no-split-horizon] Example: Router(config-vfi)# neighbor 10.2.2.2 3 encapsulation mpls	Specifies the peer IP address of the redundant N-PE router and the type of tunnel signaling and encapsulation mechanism.
Step 7	end Example: Router(config-vfi)# end	Ends the current configuration session and returns to privileged EXEC mode.

Configuring the SVI for the Native VLAN

Perform the following task to configure the switch virtual interface for the native VLAN.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface vlan vlanid

4. xconnect vfi vfi-name

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	interface vlan vlanid Example: Router(config)# interface vlan 23	Creates a dynamic SVI.
Step 4	xconnect vfi vfi-name Example: Router(config)# xconnect vfi vfitest1	Specifies the Layer 2 VFI that you are binding to the VLAN port.

Verifying the H-VPLS N-PE Redundancy for QinQ and MPLS Access Configuration

To ensure that the H-VPLS N-PE Redundancy for QinQ and MPLS Access feature is correctly configured, perform the following task.

SUMMARY STEPS

1. show vfi vfi-name

DETAILED STEPS

---

Step 1 show vfi vfi-name

Use this command on the pseudowire between the two N-PE routers to displays information about the pseudowire, as shown in the following example:

Router# show vfi VPLS-2

VFI name: VPLS-2, state: up

  VPN ID: 100

  Local attachment circuits:

    Vlan2

  Neighbors connected via pseudowires:

  Peer Address     VC ID     Split-horizon

  10.1.1.1          2             Y

  10.1.1.2          2             Y

  10.2.2.3          2             N

---

Configuration Examples for H-VPLS N-PE Redundancy for QinQ and MPLS Access

This section provides the following example for configuring H-VPLS redundancy:

•H-VPLS N-PE Redundancy for QinQ Access: Example

H-VPLS N-PE Redundancy for QinQ Access: Example

Figure 3 shows a configuration that is set up for H-VPLS N-PE redundancy with QinQ access.

Figure 3 H-VPLS N-PE Redundancy with QinQ Access Topology

Table 1 shows the configuration of two N-PE routers for H-VPLS N-PE redundancy with QinQ access.

Table 1 H-VPLS N-PE Redundancy for QinQ Access: Example 

N-PE1

N-PE2

l2 vfi l2trunk manual vpn id 10 forward permit l2protocol all neighbor 10.4.4.4 encapsulation mpls ! interface Vlan1 no ip address xconnect vfi l2trunk ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration revision 10 instance 1 vlan 20 ! interface GigabitEthernet5/2 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 20 switchport mode trunk

l2 vfi l2trunk manual vpn id 10 forward permit l2protocol all neighbor 10.2.2.2 encapsulation mpls ! interface Vlan1 no ip address xconnect vfi l2trunk ! spanning-tree mode mst spanning-tree extend system-id ! spanning-tree mst configuration revision 10 instance 1 vlan 20 ! spanning-tree mst 1 priority 0 ! interface GigabitEthernet2/0/5 switchport switchport trunk allowed vlan 20 switchport mode trunk mls qos trust dscp

Additional References

The following sections provide references related to the H-VPLS N-PE Redundancy feature.

Related Documents

Related Topic	Document Title
L2VPN pseudowire redundancy	L2VPN Pseudowire Redundancy
H-VPLS	"Configuring VPLS" chapter of the Cisco 7600 Series Router Module Configuration Notes
Multiple spanning tree configuration	"Configuring MST Instance Parameters" chapter of the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E "Configuring IEEE 802.1s MST" chapter of the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E
MPLS traffic engineering	MPLS Traffic Engineering (TE)—Fast Reroute (FRR) Link and Node Protection
Supported hardware on the Cisco 7600 series routers	Release Notes for Cisco IOS Release 12.2SR for the Cisco 7600 Series Routers

Standards

Standard	Title
http://www.ietf.org/rfc/rfc4447.txt	Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)
http://www3.ietf.org/proceedings/06mar/IDs/draft-ietf-l2vpn-vpls-ldp-08.txt	Virtual Private LAN Services over MPLS
http://www.ietf.org/internet-drafts/draft-ietf-pwe3-segmented-pw-02.txt	Segmented Pseudo Wire
draft-ietf-pwe3-vccv-10.txt	Pseudo Wire Virtual Circuit Connectivity Verification (VCCV)
draft-ietf-pwe3-oam-msg-map-03.txt	Pseudo Wire (PW) OAM Message Mapping

MIBs

MIB	MIBs Link
Pseudowire Emulation Edge-to-Edge MIBs for Ethernet, Frame Relay, and ATM Services	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFCs

RFC	Title
None	—

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport

Command Reference

The following commands are introduced or modified in the feature or features documented in this module.

•forward permit l2protocol

•show mpls l2transport vc

For information about these commands, see the Cisco IOS Multiprotocol Label Switching Command Reference at http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_book.html.

For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List.

Feature Information for H-VPLS N-PE Redundancy for QinQ and MPLS Access

Table 2 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

---

Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

---

Table 2 Feature Information for H-VPLS N-PE Redundancy for QinQ and MPLS Access 

Feature Name	Releases	Feature Information
H-VPLS N-PE Redundancy for QinQ and MPLS Access	12.2(33)SRC	The H-VPLS N-PE Redundancy for QinQ and MPLS Access feature enables two network provider edge (N-PE) routers to provide redundancy to a user provider edge (U-PE) router in a hierarchical virtual private LAN service (VPLS). Having redundant N-PE routers provides improved stability and reliability against link and node failures. In Release 12.2(33)SRC, this feature was introduced on the Cisco Series 7600 router. The following commands were introduced or modified by this feature: forward permit l2protocol and show mpls l2transport vc.

Glossary

CE router—Customer edge router. A router that belongs to a customer network, which connects to a PE router to utilize MPLS VPN network services.

LAN—Local area network. High-speed, low-error data network covering a relatively small geographic area. LANs connect workstations, peripherals, terminals, and other devices in a single building or other geographically limited area.

MPLS—Multiprotocol Label Switching. Packet-forwarding technology, used in the network core, that applies data link layer labels to tell switching nodes how to forward data, resulting in faster and more scalable forwarding than network layer routing normally can do.

MSTP—Multiple Spanning Tree Protocol. The MSTP enables multiple VLANs to be mapped to the same spanning-tree instance, reducing the number of spanning-tree instances needed to support a large number of VLANs.

PE router—Provider edge router. The PE router is the entry point into the Service Provider network. The PE router is typically deployed on the edge of the network and is administered by the Service Provider.

PW—Pseudowire.

N-PE—Network-facing PE router. This router acts as a gateway between the MPLS core and edge domains.

pseudowire—A pseudowire is a virtual connection that, in the context of VPLS, connects two VSIs. A pseudowire is bidirectional and consists of a pair of uni-directional MPLS Virtual Circuits (VCs). A pseudowire can be used to connect a point-to-point circuit.

PW—Pseudowire. A mechanism that carries the elements of an emulated service from one PE router to one or more PEs over a packet switched network (PSN).

QinQ—An IEEE 802.1Q VLAN tunnel.

redundancy—The duplication of devices, services, or connections so that, in the event of a failure, the redundant devices, services, or connections can perform the work of those that failed.

router—A network layer device that uses one or more metrics to determine the optimal path along which network traffic should be forwarded. Routers forward packets from one network to another based on network layer information.

U-PE—Customer-facing PE router. This router connects Customer Edge (CE) routers to the service.

QinQ—A mechanism for constructing multipoint Layer 2 VPN using Ethernet switches.

spanning tree—Loop-free subset of a network topology.

VFI—Virtual forwarding instance. A VFI is a collection of data structures used by the data plane, software-based or hardware-based, to forward packets to one or more VCs.

VLAN—Virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments.

VPLS—Virtual Private LAN Service. VPLS describes an architecture that delivers Layer 2 service that emulates an Ethernet LAN across a Wide Area Network (WAN) and inherits the scaling characteristics of a LAN.

VPLS redundancy—Also called N-PE redundancy. Allows U-PEs to be dual-honed (to their N-PEs) in a loop-free topology with MPLS or QinQ as the access or aggregation domain.

VPN—Virtual Private Network. Allows IP traffic to travel securely over public TCP/IP networks and the Internet by encapsulating and encrypting all IP packets. VPN uses a tunnel to encrypt all information at the IP level.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2007 Cisco Systems, Inc. All rights reserved.