Configure Multipoint Layer 2 Services

This module provides the conceptual and configuration information for Multipoint Layer 2 Bridging Services, also called Virtual Private LAN Services (VPLS).


Note

VPLS supports Layer 2 VPN technology and provides transparent multipoint Layer 2 connectivity for customers. This approach enables service providers to host a multitude of new services such as broadcast TV and Layer 2 VPNs.


Prerequisites for Implementing Multipoint Layer 2 Services

Before configuring Multipoint Layer 2 Services, ensure that these tasks and conditions are met:

  • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command.

    If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

  • Configure IP routing in the core so that the provider edge (PE) routers can reach each other through IP.

  • Configure a loopback interface to originate and terminate Layer 2 traffic. Make sure that the PE routers can access the other router's loopback interface.

Information About Implementing Multipoint Layer 2 Services

To implement Multipoint Layer 2 Services, you must understand these concepts:

Multipoint Layer 2 Services Overview

Multipoint Layer 2 Services enable geographically separated local-area network (LAN) segments to be interconnected as a single bridged domain over an MPLS network. The full functions of the traditional LAN such as MAC address learning, aging, and switching are emulated across all the remotely connected LAN segments that are part of a single bridged domain. A service provider can offer VPLS service to multiple customers over the MPLS network by defining different bridged domains for different customers. Packets from one bridged domain are never carried over or delivered to another bridged domain, thus ensuring the privacy of the LAN service.


Note

VPLS PW is not supported over BGP multipath.


Some of the components present in a Multipoint Layer 2 Services network are described in these sections.


Note

Multipoint Layer 2 services are also called as Virtual Private LAN Services.


Bridge Domain

The native bridge domain refers to a Layer 2 broadcast domain consisting of a set of physical or virtual ports (including VFI). Data frames are switched within a bridge domain based on the destination MAC address. Multicast, broadcast, and unknown destination unicast frames are flooded within the bridge domain. In addition, the source MAC address learning is performed on all incoming frames on a bridge domain. A learned address is aged out. Incoming frames are mapped to a bridge domain, based on either the ingress port or a combination of both an ingress port and a MAC header field.

When the number of bridge domains exceeds 200, to enable clean up and reprogramming, it takes about 120 seconds for unconfiguring L2VPN and rollback.

The following table details the minimum interval required between unconfiguring L2VPN and rollback:

Number of BDs

Minimum interval in seconds

250

180

500

300

750 or greater

600

Bridge Domain and BVI Scale

The number of bridge domains (BDs) depends on the number of attachment circuits (ACs) configured per BD and also if Bridge-Group Virtual Interface (BVI) is configured or not. The number of logical interfaces (LIF) supported is less than 4000.

The following table provides an example of how the number of logical interfaces (LIF) required is calculated when two ACs are configured per BD.

Bridge Domain

Number of Bridges

AC

Total LIF required

BD with BVI

625

2

3750

BD without BVI

125

2

250

Total BD

750

-

-

Here is how the number of LIF required is calculated:

a*3+b, where a is the number of ACs with BVI and b is the number of ACs without BVI, must not exceed 4000.

Pseudowires

A pseudowire is a point-to-point connection between pairs of PE routers. Its primary function is to emulate services like Ethernet over an underlying core MPLS network through encapsulation into a common MPLS format. By encapsulating services into a common MPLS format, a pseudowire allows carriers to converge their services to an MPLS network.

Access Pseudowire

The Access Pseudowire feature allows you to reduce the number of pseudowires (PWs) between the network Provider Edge (N-PE) devices. The user Provider Edge (U-PE) device connects to the N- PE device using access pseudowire (PW). This feature prevents signalling overhead and packet replication.

Unlike traditional VPLS where PWs terminate on a physical or logical port, an access PW terminates on N-PE devices. For each VPLS service, create an access PW between U-PEs and N-PEs.

VPLS requires a full mesh of pseudowire (PWs) between L2VPN PEs that participate in the VPLS service. For each VPLS service, PWs must be set up between the PEs. In a full mesh of PWs, the number of PWs increases as the number of PEs increases causing scalability issues. You can decrease the number of PWs with a hierarchy of PEs.

Figure 1. Access Pseudowire

In this topology, a user Provider Edge (U-PE) device has ACs to the CEs. The U-PE device transports the CE traffic over an access PW to a network Provider Edge (N-PE) device. The N-PE is a core VPLS PE connected with other N-PEs in a VPLS mesh. On the N-PE, the access PW coming from the U-PE is much like an AC. The U-PE is not part of the mesh with the other N-PEs. So the N-PE considers the access PW as an AC. The N-PE forwards traffic from that access PW to the core PWs that are part of the VPLS full mesh. Configure the core PWs between N-PEs under a VFI. Apply the split horizon rule to all the core PWs configured under the VFI. Access PWs from U-PEs are not configured under a VFI, so they do not belong to the same Split Horizon Groups (SHGs) as the VFI PWs. Traffic is forwarded from an access PW to a VFI PW and conversely.

You must configure the access pseudowire in a split-horizon group.

Configure Access Pseudowire

Perform this task to configure Access Pseudowire feature.

/* Configure U-PE1 */
Router#configure
Router(config)# interface TenGigE0/1/0/5.2 l2transport
Router(config-l2vpn-subif)# encapsulation dot1q 2
Router(config-l2vpn-subif)# rewrite ingress tag pop 1 symmetric
Router(config-l2vpn-subif)# exit
Router# configure 
Router(config)# l2vpn 
Router(config-l2vpn)# xconnect group XCON1
Router(config-l2vpn-xc)# p2p xc1
Router(config-l2vpn-xc-p2p)# interface TenGigE0/1/0/5.2
Router(config-l2vpn-xc-p2p)# neighbor 172.16.0.1 pw-id 1
Router(config-l2vpn-xc-p2p-pw)# commit
/* Configure N-PE1 */
Router#configure
Router(config)l2vpn
Router(config-l2vpn)#router-id 172.16.0.1
Router(config-l2vpn)#pw-class class1
Router(config-l2vpn-pwc)#encapsulation mpls
Router(config-l2vpn-pwc-mpls)#transport-mode ethernet
Router(config-l2vpn-pwc-mpls)#exit
Router# configure 
Router(config)# l2vpn 
Router(config-l2vpn)# bridge group bg1
Router(config-l2vpn-bg)# bridge-domain bd1
Router(config-l2vpn-bg-bd)# interface GigabitEthernet0/1/0/3.2
Router(config-l2vpn-bg-bd-ac)# split-horizon group
Router(config-l2vpn-bg-bd-ac)#exit
Router(config-l2vpn-bg-bd)#vfi vfi1
Router(config-l2vpn-bg-bd-vfi)#neighbor 10.0.0.1 pw-id 2
Router(config-l2vpn-bg-bd-vfi-pw)#pw-class class1
Router(config-l2vpn-bg-bd-vfi-pw-pw)#commit
Running Configuration

This sections shows Access Pseudowire running configuration.


/* On U-PE1 */
configure
 interface TenGigE0/1/0/5.2
  encapsulation dot1q 2
  rewrite ingress tag pop 1 symmetric
!
l2vpn
 xconnect group XCON1
  p2p xc1
   interface TenGigE0/1/0/5.2
   neighbor 172.16.0.1 pw-id 1
   !
!
--------------------------------------------------------------------------
/* On N-PE1 */
l2vpn
 router-id 172.16.0.1
 pw-class class1
 encapsulation mpls
 transport-mode ethernet
 !
!
l2vpn
 bridge group bg1
  bridge-domain bd1
   interface GigabitEthernet0/1/0/3.2
    split-horizon group
   !
 !
!
vfi vf1
 neighbor 10.0.0.1 pw-id 2
  pw-class class1
  ! 
!
Verification

Verify Access Pseudowire configuration.



Router:U-PE1#show l2vpn xconnect group XCON1
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
        SB = Standby, SR = Standby Ready, (PP) = Partially Programmed

XConnect                   Segment 1                       Segment 2                
Group      Name       ST   Description            ST       Description      ST    
-----------------   ----- --------------   -----------------------------   ------
XCON_1     xc1        UP   Te0/1/0/5.2            UP       172.16.0.1   1   UP    
-----------------------------------------------------------------------------------



Router:N-PE1#show l2vpn bridge-domain bd1
PW: neighbor 10.0.0.1, PW ID 2, state is up ( established )
      PW class mpls, XC ID 0xc0000008
      Encapsulation MPLS, protocol LDP
      Source address 172.16.0.1
      PW type Ethernet, control word disabled, interworking none
      PW backup disable delay 0 sec
      Sequencing not set
      LSP : Up
 
      PW Status TLV in use
        MPLS         Local                          Remote                       
        ------------ ------------------------------ ---------------------------
        Label        24752                          24752                        
        Group ID     0x2                            0x2                          
        Interface    Access PW                      Access PW                    
        MTU          1500                           1500                         
        Control word disabled                       disabled                     
        PW type      Ethernet                       Ethernet                     
        VCCV CV type 0x2                            0x2                          
                     (LSP ping verification)        (LSP ping verification)      
        VCCV CC type 0x6                            0x6                          
                     (router alert label)           (router alert label)         
                     (TTL expiry)                   (TTL expiry)                 
        ------------ ------------------------------ ---------------------------
Related Topics
Associated Commands
  • show l2vpn xconnect group

  • show l2vpn bridge-domain

Virtual Forwarding Instance

VPLS is based on the characteristic of virtual forwarding instance (VFI). A VFI is a virtual bridge port that is capable of performing native bridging functions, such as forwarding, based on the destination MAC address, source MAC address learning and aging, and so forth.

A VFI is created on the PE router for each VPLS instance. The PE routers make packet-forwarding decisions by looking up the VFI of a particular VPLS instance. The VFI acts like a virtual bridge for a given VPLS instance. More than one attachment circuit belonging to a given VPLS are connected to the VFI. The PE router establishes emulated VCs to all the other PE routers in that VPLS instance and attaches these emulated VCs to the VFI. Packet forwarding decisions are based on the data structures maintained in the VFI.

VPLS for an MPLS-based Provider Core

VPLS is a multipoint Layer 2 VPN technology that connects two or more customer devices using bridging techniques. A bridge domain, which is the building block for multipoint bridging, is present on each of the PE routers. The access connections to the bridge domain on a PE router are called attachment circuits. The attachment circuits can be a set of physical ports, virtual ports, or both that are connected to the bridge at each PE device in the network.

After provisioning attachment circuits, neighbor relationships across the MPLS network for this specific instance are established through a set of manual commands identifying the end PEs. When the neighbor association is complete, a full mesh of pseudowires is established among the network-facing provider edge devices, which is a gateway between the MPLS core and the customer domain.

The MPLS/IP provider core simulates a virtual bridge that connects the multiple attachment circuits on each of the PE devices together to form a single broadcast domain. This also requires all of the PE routers that are participating in a VPLS instance to form emulated virtual circuits (VCs) among them.

Now, the service provider network starts switching the packets within the bridged domain specific to the customer by looking at destination MAC addresses. All traffic with unknown, broadcast, and multicast destination MAC addresses is flooded to all the connected customer edge devices, which connect to the service provider network. The network-facing provider edge devices learn the source MAC addresses as the packets are flooded. The traffic is unicasted to the customer edge device for all the learned MAC addresses.

VPLS for Layer 2 Switching

VPLS technology includes the capability of configuring the router to perform Layer 2 bridging. In this mode, the router can be configured to operate like other Cisco switches.


Note

  • The storm control configuration is supported only on one sub-interface under a main interface, though the system allows you to configure storm control on more than one sub-interface. However, only the first storm control configuration under a main interface takes effect, though the running configuration shows all the storm control configurations that are committed. After reload, any of the storm control configurations may take effect irrespective of the order of configuration.

  • The storm control configuration under a bridge domain is not supported.

  • Storm control counters are not supported.


The storm control that is applied to multiple subinterfaces of the same physical port pertains to that physical port only. All subinterfaces with storm control configured are policed as aggregate under a single policer rate shared by all EFPs. None of the subinterfaces are configured with a dedicated policer rate. When a storm occurs on several subinterfaces simultaneously, and because subinterfaces share the policer, you can slightly increase the policer rate to accommodate additional policing.

These features are supported:

  • Bridging IOS XR Trunk Interfaces

  • Bridging on EFPs

Interoperability Between Cisco IOS XR and Cisco IOS on VPLS LDP Signaling

The Cisco IOS Software encodes the NLRI length in the fist byte in bits format in the BGP Update message. However, the Cisco IOS XR Software interprets the NLRI length in 2 bytes. Therefore, when the BGP neighbor with VPLS-VPWS address family is configured between the IOS and the IOS XR, NLRI mismatch can happen, leading to flapping between neighbors. To avoid this conflict, IOS supports prefix-length-size 2 command that needs to be enabled for IOS to work with IOS XR. When the prefix-length-size 2 command is configured in IOS, the NLRI length is encoded in bytes. This configuration is mandatory for IOS to work with IOS XR.

This is a sample IOS configuration with the prefix-length-size 2 command:


router bgp 1
 address-family l2vpn vpls
  neighbor 5.5.5.2 activate
  neighbor 5.5.5.2 prefix-length-size 2 --------> NLRI length = 2 bytes
 exit-address-family

MAC Address-related Parameters

The MAC address table contains a list of the known MAC addresses and their forwarding information. In the current VPLS design, the MAC address table and its management are maintained on the route processor (RP) card.

These topics provide information about the MAC address-related parameters:

MAC Address Flooding

Ethernet services require that frames that are sent to broadcast addresses and to unknown destination addresses be flooded to all ports. To obtain flooding within VPLS broadcast models, all unknown unicast, broadcast, and multicast frames are flooded over the corresponding pseudowires and to all attachment circuits. Therefore, a PE must replicate packets across both attachment circuits and pseudowires.

MAC Address-based Forwarding

To forward a frame, a PE must associate a destination MAC address with a pseudowire or attachment circuit. This type of association is provided through a static configuration on each PE or through dynamic learning, which is flooded to all bridge ports.

MAC Address Source-based Learning

When a frame arrives on a bridge port (for example, pseudowire or attachment circuit) and the source MAC address is unknown to the receiving PE router, the source MAC address is associated with the pseudowire or attachment circuit. Outbound frames to the MAC address are forwarded to the appropriate pseudowire or attachment circuit.

MAC address source-based learning uses the MAC address information that is learned in the hardware forwarding path. The updated MAC tables are propagated and programs the hardware for the router.


Note

Static MAC move is not supported from one port, interface, or AC to another port, interface, or AC. For example, if a static MAC is configured on AC1 (port 1) and then, if you send a packet with the same MAC as source MAC on AC2 (port 2), then you can’t attach this MAC to AC2 as a dynamic MAC. Therefore, do not send any packet with a MAC as any of the static MAC addresses configured.


The number of learned MAC addresses is limited through configurable per-port and per-bridge domain MAC address limits.

MAC Address Aging

A MAC address in the MAC table is considered valid only for the duration of the MAC address aging time. When the time expires, the relevant MAC entries are repopulated. When the MAC aging time is configured only under a bridge domain, all the pseudowires and attachment circuits in the bridge domain use that configured MAC aging time.

A bridge forwards, floods, or drops packets based on the bridge table. The bridge table maintains both static entries and dynamic entries. Static entries are entered by the network manager or by the bridge itself. Dynamic entries are entered by the bridge learning process. A dynamic entry is automatically removed after a specified length of time, known as aging time, from the time the entry was created or last updated.

If hosts on a bridged network are likely to move, decrease the aging-time to enable the bridge to adapt to the change quickly. If hosts do not transmit continuously, increase the aging time to record the dynamic entries for a longer time, thus reducing the possibility of flooding when the hosts transmit again.

MAC Address Limit

The MAC address limit is used to limit the number of learned MAC addresses. The default value for the MAC address limit is 64000 for Cisco NCS 5501 and Cisco NCS 5502.

When a limit is exceeded, the system is configured to perform these notifications:

  • Syslog (default)

  • Simple Network Management Protocol (SNMP) trap

  • Syslog and SNMP trap

  • None (no notification)

To generate syslogs messages and SNMP trap notifications, use the mac limit notification both command in the L2VPN bridge-domain configuration mode.

MAC address limit action applies only when the number of local MAC addresses exceeds the configured limit. The software unlearns the MAC addresses until it reaches the configured MAC limit threshold value. Later, the router restarts learning new MAC addresses. In the event when the MAC limit threshold is not configured, the default threshold is 75% of the configured MAC address limit.

Restrictions
  • You can configure up to a maximum of six different mac-limit values under a bridge domain for the following routers and line cards:

    • NCS-55A1-24H

    • NCS-55A1-48Q6H

    • NCS-55A1-36H

    • NCS-55A1-36H-SE

    • NCS-55A2-MOD-HD-S

    • NCS-55A2-MOD-S

    • NCS-5502

    • NCS-5502-SE

    • NCS55-36x100G-S

    • NC55-24H12F-SE

    • NCS55-36x100G-A-SS

  • You can configure up to a maximum of 30 different mac-limit values under a bridge domain on routers that have the Cisco NC57 line cards installed.

  • For NCS55xx routers and NCS57 line cards, the mac-limit value programmed in the hardware depends on the:

    • Static MAC address configured under the AC for a bridge domain.

    • BVI configured under a bridge domain.

Depending on the BVI or static MAC address configured, new mac-limit profiles are required. The following example shows the different bridge domains with default mac-limit with static MAC address and BVI.

Example 1

In this example, the bridge domain requires a default mac-limit profile. For instance, default mac-limit = X.

bridge-domain 1
 interface HundredGigE 0/0/0/10

Example 2

In this example, the bridge domain requires a new mac-limit profile with mac-limit = X+1 to accommodate the static BVI MAC address.

bridge-domain 2
 interface HundredGigE 0/0/0/11
  routed interface bvi 

Example 3

In this example, the bridge domain requires a new mac-limit profile with mac-limit = X+2 to accommodate two static MAC addresses configured under the AC.

bridge-domain 3
 interface HundredGigE 0/0/0/12
  static-mac-address 0000.1111.2222
  static-mac-address 0000.2222.1111

MAC Address Withdrawal

For faster VPLS convergence, you can remove or unlearn the MAC addresses that are learned dynamically. The Label Distribution Protocol (LDP) Address Withdrawal message is sent with the list of MAC addresses, which need to be withdrawn to all other PEs that are participating in the corresponding VPLS service.

For the Cisco IOS XR VPLS implementation, a portion of the dynamically learned MAC addresses are cleared by using the MAC addresses aging mechanism by default. The MAC address withdrawal feature is added through the LDP Address Withdrawal message. To enable the MAC address withdrawal feature, use the withdrawal command in l2vpn bridge group bridge domain MAC configuration mode. To verify that the MAC address withdrawal is enabled, use the show l2vpn bridge-domain command with the detail keyword.


Note

By default, the LDP MAC Withdrawal feature is enabled on Cisco IOS XR.


The LDP MAC Withdrawal feature is generated due to these events:

  • Attachment circuit goes down. You can remove or add the attachment circuit through the CLI.

  • MAC withdrawal messages are received over a VFI pseudowire. RFC 4762 specifies that both wildcards (by means of an empty Type, Length and Value [TLV]) and a specific MAC address withdrawal. Cisco IOS XR software supports only a wildcard MAC address withdrawal.

MAC Address Withdrawal

The MAC Address Withdrawal feature provides faster convergence by removing MAC addresses that are dynamically learned. This feature uses Label Distribution Protocol (LDP)-based MAC address withdrawal message. A MAC list Type Length Value (TLV) is part of the MAC address withdrawal message.

This feature also supports optimization of MAC address withdrawal. The optimization allows PEs to retain the MAC addresses that are learned from the CE devices over the access side. Only MAC addresses that are learned from peer PEs are flushed out. This avoids unnecessary MAC flushing toward attachment circuit (AC) side and ensures better utilization of bandwidth and resources.

The MAC address withdrawal feature is enabled by default. Use mac withdraw disable command to disable the MAC address withdrawal feature.

Topology

Consider the following topology in which CE1 is dual-homed to PE1 and PE2. The link X actively participates in VPLS while Y is a redundant link. Initially PE1, PE2, PE3, and PE4 learn their MAC forwarding tables that are based on the traffic profile and traffic becomes a known unicast. When the MAC address withdrawal feature is enabled on all PEs, PEs delete MAC entries when they receive MAC address withdrawal message. The following are the MAC address withdrawal messages that are based on the status of link:

  • Scenario 1: When link X, which is the AC of PE1 goes down, PE1 sends an LDP MAC withdrawal TLV message “FLUSH ALL MAC FROM ME” to neighbor PEs. Peer PEs delete MAC addresses that are learned only from PE1. PE2, PE3, and PE4 flush only MAC addresses that are learned from PE1. The PE1 initiates MAC flush when its access side AC goes down.

  • Scenario 2: When link Y, which is the AC of PE2 comes up, PE2 sends an LDP MAC withdrawal TLV message “FLUSH ALL MAC BUT ME” to neighbor PEs. Peer PEs flush all MAC addresses except those from the PE which receives the request.

Figure 2. MAC Address Withdrawal

Restrictions

To configure MAC address withdrawal, the following restrictions are applicable:

  • This feature is not supported on Access PW.

  • This feature is not supported over H-VPLS network.

  • This feature is not supported over BGP signaling and discovery.

  • MAC withdraw relaying is not supported.

Configure MAC Address Withdrawal

Configuration Example

Perform this task to configure MAC address withdrawal.

/* Configure MAC address withdrawal on PE1. This configuration is required for scenario 1 */
Router# configure 
Router(config)# l2vpn 
Router(config-l2vpn)# bridge group bg1
Router(config-l2vpn-bg)# bridge-domain bd1
Router(config-l2vpn-bg-bd)# mac
Router(config-l2vpn-bg-bd-mac)# withdraw state-down
Router(config-l2vpn-bg-bd-mac)# exit
Router(config-l2vpn-bg-bd)# interface tenGigE0/0/0/0
Router(config-l2vpn-bg-bd-ac)# exit
Router(config-l2vpn-bg-bd)# vfi vf1
Router(config-l2vpn-bg-bd-vfi)# neighbor 192.0.2.1 pw-id 1 
Router(config-l2vpn-bg-bd-vfi-pw)# commit

/* Configure optimization of MAC address withdrawal on PE1. This configuration is required for scenario 1  */
Router# configure 
Router(config)# l2vpn 
Router(config-l2vpn)# bridge group bg1
Router(config-l2vpn-bg)# bridge-domain bd1
Router(config-l2vpn-bg-bd)# mac
Router(config-l2vpn-bg-bd-mac)# withdraw optimize
Router(config-l2vpn-bg-bd-mac)# exit
Router(config-l2vpn-bg-bd)# neighbor 192.0.2.1 pw-id 1234
Router(config-l2vpn-bg-bd-pw)# exit
Router(config-l2vpn-bg-bd)# vfi vf1
Router(config-l2vpn-bg-bd-vfi)# neighbor 192.0.2.2 pw-id 1 
Router(config-l2vpn-bg-bd-vfi-pw)# exit
Router(config-l2vpn-bg-bd-vfi)# neighbor 192.0.2.3 pw-id 2 
Router(config-l2vpn-bg-bd-vfi-pw)# commit

/* MAC address withdrawal is enabled by default when AC comes up. Use the following configuration if you want to disable MAC address withdrawal. This configuration is required for scenario 2 */
Router# configure 
Router(config)# l2vpn 
Router(config-l2vpn)# bridge group bg1
Router(config-l2vpn-bg)# bridge-domain bd1
Router(config-l2vpn-bg-bd)# mac
Router(config-l2vpn-bg-bd-mac)# withdraw disable
Router(config-l2vpn-bg-bd-mac)# commit 

Running Configuration

This section shows the running configuration of MAC address withdrawal.


/* Configure MAC address withdrawal on PE1 */ 
l2vpn
 bridge group bg1
  bridge-domain bd1
   mac
    withdraw state-down
   !
   interface tengige 0/0/0/0
   !
   vfi vf1
    neighbor 192.0.2.1 pw-id 1
    !

/* Configure optimization of MAC address withdrawal on PE1 */
l2vpn
 bridge group bg1
  bridge-domain bd1
   mac
    withdraw optimize
   !
   neighbor neighbor 192.0.2.1 pw-id 1234
   !
   vfi vf1
    neighbor neighbor 192.0.2.2 pw-id 1
    !
    neighbor neighbor 192.0.2.3 pw-id 2


/* Disable MAC address widhrawal on PE2 */ 
l2vpn
 bridge group bg1
  bridge-domain bd1
   mac
    withdraw disable
   !

Verification

Verify MAC address withdrawal configuration.


/* Verify if MAC address widhrawal is configured on PE1 */
Router:PE1# show l2vpn bridge-domain detail
MAC learning: enabled
  MAC withdraw: enabled
    MAC withdraw sent on: bridge port down
    
/* Verify if optimization of MAC address withdrawal is configured on PE1 */
Router:PE1# show l2vpn bridge-domain detail
MAC learning: enabled
  MAC withdraw: enabled
    MAC withdraw sent on: bridge port down (optimization)

Related Topics

Associated Commands

  • mac withdraw

  • show l2vpn bridge-domain detail

Configuration Examples for Multipoint Layer 2 Services

This section includes these configuration examples:

Multipoint Layer 2 Services Configuration for Provider Edge-to-Provider Edge: Example

These configuration examples show how to create a Layer 2 VFI with a full-mesh of participating Multipoint Layer 2 Services provider edge (PE) nodes.

This configuration example shows how to configure PE 1:

configure
 l2vpn
  bridge group 1
   bridge-domain PE1-VPLS-A
    interface TenGigE0/0/0/0
    vfi 1
     neighbor 10.2.2.2 pw-id 1
     neighbor 10.3.3.3 pw-id 1
     !
   !
 interface loopback 0
  ipv4 address 10.1.1.1 255.255.255.255

This configuration example shows how to configure PE 2:

configure
 l2vpn
  bridge group 1
   bridge-domain PE2-VPLS-A
    interface TenGigE0/0/0/1

    vfi 1
     neighbor 10.1.1.1 pw-id 1
     neighbor 10.3.3.3 pw-id 1
     !
   !
 interface loopback 0
  ipv4 address 10.2.2.2 255.255.255.255

This configuration example shows how to configure PE 3:

configure
 l2vpn
  bridge group 1
   bridge-domain PE3-VPLS-A
    interface TenGigE0/0/0/2
    vfi 1
     neighbor 10.1.1.1 pw-id 1
     neighbor 10.2.2.2 pw-id 1
     !
   !
 interface loopback 0
  ipv4 address 10.3.3.3 255.255.255.255

Multipoint Layer 2 Services Configuration for Provider Edge-to-Customer Edge: Example

This configuration shows how to configure Multipoint Layer 2 Services for a PE-to-CE nodes:

configure
 interface TenGigE0/0/0/0
  l2transport---AC interface
   
  no ipv4 address
  no ipv4 directed-broadcast						
  negotiation auto
  no cdp enable
  
 

Displaying MAC Address Withdrawal Fields: Example

This sample output shows the MAC address withdrawal fields:

RP/0/RSP0/CPU0:router# show l2vpn bridge-domain detail

Legend: pp = Partially Programmed.
Bridge group: 222, bridge-domain: 222, id: 0, state: up, ShgId: 0, MSTi: 0
  Coupled state: disabled
  MAC learning: enabled
  MAC withdraw: enabled
    MAC withdraw sent on: bridge port up
    MAC withdraw relaying (access to access): disabled
  Flooding:
    Broadcast & Multicast: enabled
    Unknown unicast: enabled
  MAC aging time: 300 s, Type: inactivity
  MAC limit: 4000, Action: none, Notification: syslog
  MAC limit reached: no
  MAC port down flush: enabled
  MAC Secure: disabled, Logging: disabled
  Split Horizon Group: none
  Dynamic ARP Inspection: disabled, Logging: disabled
  IP Source Guard: disabled, Logging: disabled
  DHCPv4 snooping: disabled
  IGMP Snooping: enabled
  IGMP Snooping profile: none
  MLD Snooping profile: none
  Storm Control: disabled
  Bridge MTU: 1500
  MIB cvplsConfigIndex: 1
  Filter MAC addresses:
  P2MP PW: disabled
  Create time: 01/03/2017 11:01:11 (00:21:33 ago)
  No status change since creation
  ACs: 1 (1 up), VFIs: 1, PWs: 1 (1 up), PBBs: 0 (0 up)
  List of ACs:
    AC: TenGigE0/2/0/1.7, state is up
      Type VLAN; Num Ranges: 1
      Outer Tag: 21
      VLAN ranges: [22, 22]
      MTU 1508; XC ID 0x208000b; interworking none
      MAC learning: enabled
      Flooding:
        Broadcast & Multicast: enabled
        Unknown unicast: enabled
      MAC aging time: 300 s, Type: inactivity
      MAC limit: 4000, Action: none, Notification: syslog
      MAC limit reached: no
      MAC port down flush: enabled
      MAC Secure: disabled, Logging: disabled
      Split Horizon Group: none
      Dynamic ARP Inspection: disabled, Logging: disabled
      IP Source Guard: disabled, Logging: disabled
      DHCPv4 snooping: disabled
      IGMP Snooping: enabled
      IGMP Snooping profile: none
      MLD Snooping profile: none
      Storm Control: bridge-domain policer
      Static MAC addresses:
      Statistics:
        packets: received 714472608 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 97708776
        bytes: received 88594603392 (multicast 0, broadcast 0, unknown unicast 0, unicast 0), sent 12115888224
        MAC move: 0
      Storm control drop counters: 
        packets: broadcast 0, multicast 0, unknown unicast 0 
        bytes: broadcast 0, multicast 0, unknown unicast 0 
      Dynamic ARP inspection drop counters: 
        packets: 0, bytes: 0
      IP source guard drop counters: 
        packets: 0, bytes: 0
  List of VFIs:
    VFI 222 (up)
      PW: neighbor 1.1.1.1, PW ID 222, state is up ( established )
        PW class not set, XC ID 0xc000000a
        Encapsulation MPLS, protocol LDP
        Source address 21.21.21.21
        PW type Ethernet, control word disabled, interworking none
        Sequencing not set

        PW Status TLV in use
          MPLS         Local                          Remote                        
          ------------ ------------------------------ -------------------------
          Label        24017                          24010                         
          Group ID     0x0                            0x0                           
          Interface    222                            222                           
          MTU          1500                           1500                          
          Control word disabled                       disabled                      
          PW type      Ethernet                       Ethernet                      
          VCCV CV type 0x2                            0x2                           
                       (LSP ping verification)        (LSP ping verification)       
          VCCV CC type 0x6                            0x6                           
                       (router alert label)           (router alert label)          
                       (TTL expiry)                   (TTL expiry)                  
          ------------ ------------------------------ -------------------------
        Incoming Status (PW Status TLV):
          Status code: 0x0 (Up) in Notification message
        MIB cpwVcIndex: 3221225482
        Create time: 01/03/2017 11:01:11 (00:21:33 ago)
        Last time status changed: 01/03/2017 11:21:01 (00:01:43 ago)
        Last time PW went down: 01/03/2017 11:15:21 (00:07:23 ago)
        MAC withdraw messages: sent 0, received 0
        Forward-class: 0
        Static MAC addresses:
        Statistics:
          packets: received 95320440 (unicast 0), sent 425092569
          bytes: received 11819734560 (unicast 0), sent 52711478556
          MAC move: 0
        Storm control drop counters: 
          packets: broadcast 0, multicast 0, unknown unicast 0 
          bytes: broadcast 0, multicast 0, unknown unicast 0 
      DHCPv4 snooping: disabled
      IGMP Snooping profile: none
      MLD Snooping profile: none
      VFI Statistics:
        drops: illegal VLAN 0, illegal length 0 

Bridging on IOS XR Trunk Interfaces: Example

This example shows how to configure a Cisco NCS 5500 Series Routers as a simple L2 switch.

Important notes:

Create a bridge domain that has four attachment circuits (AC). Each AC is an IOS XR trunk interface (i.e. not a subinterface/EFP).

  • This example assumes that the running config is empty, and that all the components are created.

  • This example provides all the necessary steps to configure the Cisco NCS 5500 Series Routers to perform switching between the interfaces. However, the commands to prepare the interfaces such as no shut, negotiation auto, etc., have been excluded.

  • The bridge domain is in a no shut state, immediately after being created.

  • Only trunk (i.e. main) interfaces are used in this example.

  • The trunk interfaces are capable of handling tagged (i.e. IEEE 802.1Q) or untagged (i.e. no VLAN header) frames.

  • The bridge domain learns, floods, and forwards based on MAC address. This functionality works for frames regardless of tag configuration.

  • The bridge domain entity spans the entire system. It is not necessary to place all the bridge domain ACs on a single LC. This applies to any bridge domain configuration.

  • The show bundle and the show l2vpn bridge-domain commands are used to verify that the router was configured as expected, and that the commands show the status of the new configurations.

  • The ACs in this example use interfaces that are in the admin down state.

Configuration Example

RP/0/RSP0/CPU0:router#config 
RP/0/RSP0/CPU0:router(config)#interface Bundle-ether10 
RP/0/RSP0/CPU0:router(config-if)#l2transport
RP/0/RSP0/CPU0:router(config-if-l2)#interface GigabitEthernet0/2/0/5 
RP/0/RSP0/CPU0:router(config-if)#bundle id 10 mode active 
RP/0/RSP0/CPU0:router(config-if)#interface GigabitEthernet0/2/0/6 
RP/0/RSP0/CPU0:router(config-if)#bundle id 10 mode active 
RP/0/RSP0/CPU0:router(config-if)#interface GigabitEthernet0/2/0/0 
RP/0/RSP0/CPU0:router(config-if)#l2transport
RP/0/RSP0/CPU0:router(config-if-l2)#interface GigabitEthernet0/2/0/1 
RP/0/RSP0/CPU0:router(config-if)#l2transport
RP/0/RSP0/CPU0:router(config-if-l2)#interface TenGigE0/1/0/2 
RP/0/RSP0/CPU0:router(config-if)#l2transport
RP/0/RSP0/CPU0:router(config-if-l2)#l2vpn
RP/0/RSP0/CPU0:router(config-l2vpn)#bridge group examples 
RP/0/RSP0/CPU0:router(config-l2vpn-bg)#bridge-domain test-switch 
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface Bundle-ether10 
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet0/2/0/0 
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet0/2/0/1 
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#exit
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd)#interface TenGigE0/1/0/2 
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#commit
RP/0/RSP0/CPU0:Jul 26 10:48:21.320 EDT: config[65751]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'lab'. Use 'show configuration commit changes 1000000973' to view the changes.
RP/0/RSP0/CPU0:router(config-l2vpn-bg-bd-ac)#end
RP/0/RSP0/CPU0:Jul 26 10:48:21.342 EDT: config[65751]: %MGBL-SYS-5-CONFIG_I : Configured from console by lab
RP/0/RSP0/CPU0:router#show bundle Bundle-ether10

Bundle-Ether10
  Status:                                    Down
  Local links <active/standby/configured>:   0 / 0 / 2
  Local bandwidth <effective/available>:     0 (0) kbps
  MAC address (source):                      0024.f71e.22eb (Chassis pool)
  Minimum active links / bandwidth:          1 / 1 kbps
  Maximum active links:                      64
  Wait while timer:                          2000 ms
  LACP:                                      Operational
    Flap suppression timer:                  Off
  mLACP:                                     Not configured
  IPv4 BFD:                                  Not configured

  Port                  Device           State        Port ID         B/W, kbps
  --------------------  ---------------  -----------  --------------  ----------
  Gi0/2/0/5             Local            Configured   0x8000, 0x0001     1000000
      Link is down
  Gi0/2/0/6             Local            Configured   0x8000, 0x0002     1000000
      Link is down

RP/0/RSP0/CPU0:router#
RP/0/RSP0/CPU0:router#show l2vpn bridge-domain group examples 
Bridge group: examples, bridge-domain: test-switch, id: 2000, state: up, ShgId: 0, MSTi: 0
  Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
  Filter MAC addresses: 0
  ACs: 4 (1 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up)
  List of ACs:
    BE10, state: down, Static MAC addresses: 0
    Gi0/2/0/0, state: up, Static MAC addresses: 0
    Gi0/2/0/1, state: down, Static MAC addresses: 0
    Te0/5/0/1, state: down, Static MAC addresses: 0
  List of VFIs:
RP/0/RSP0/CPU0:router#

This table lists the configuration steps (actions) and the corresponding purpose for this example:

SUMMARY STEPS

  1. configure
  2. interface Bundle-ether10
  3. l2transport
  4. interface GigabitEthernet0/2/0/5
  5. bundle id 10 mode active
  6. interface GigabitEthernet0/2/0/6
  7. bundle id 10 mode active
  8. interface GigabitEthernet0/2/0/0
  9. l2transport
  10. interface GigabitEthernet0/2/0/1
  11. l2transport
  12. interface TenGigE0/1/0/2
  13. l2transport
  14. l2vpn
  15. bridge group examples
  16. bridge-domain test-switch
  17. interface Bundle-ether10
  18. exit
  19. interface GigabitEthernet0/2/0/0
  20. exit
  21. interface GigabitEthernet0/2/0/1
  22. exit
  23. interface TenGigE0/1/0/2
  24. Use the commit or end command.

DETAILED STEPS


Step 1

configure

Enters global configuration mode.

Step 2

interface Bundle-ether10

Creates a new bundle trunk interface.

Step 3

l2transport

Changes Bundle-ether10 from an L3 interface to an L2 interface.

Step 4

interface GigabitEthernet0/2/0/5

Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/5.

Step 5

bundle id 10 mode active

Establishes GigabitEthernet0/2/0/5 as a member of Bundle-ether10. The mode active keywords specify LACP protocol.

Step 6

interface GigabitEthernet0/2/0/6

Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/6.

Step 7

bundle id 10 mode active

Establishes GigabitEthernet0/2/0/6 as a member of Bundle-ether10. The mode active keywords specify LACP protocol.

Step 8

interface GigabitEthernet0/2/0/0

Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/0.

Step 9

l2transport

Change GigabitEthernet0/2/0/0 from an L3 interface to an L2 interface.

Step 10

interface GigabitEthernet0/2/0/1

Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/2/0/1.

Step 11

l2transport

Change GigabitEthernet0/2/0/1 from an L3 interface to an L2 interface.

Step 12

interface TenGigE0/1/0/2

Enters interface configuration mode. Changes configuration mode to act on TenGigE0/1/0/2.

Step 13

l2transport

Changes TenGigE0/1/0/2 from an L3 interface to an L2 interface.

Step 14

l2vpn

Enters L2VPN configuration mode.

Step 15

bridge group examples

Creates the bridge group examples.

Step 16

bridge-domain test-switch

Creates the bridge domain test-switch, that is a member of bridge group examples.

Step 17

interface Bundle-ether10

Establishes Bundle-ether10 as an AC of bridge domain test-switch.

Step 18

exit

Exits bridge domain AC configuration submode, allowing next AC to be configured.

Step 19

interface GigabitEthernet0/2/0/0

Establishes GigabitEthernet0/2/0/0 as an AC of bridge domain test-switch.

Step 20

exit

Exits bridge domain AC configuration submode, allowing next AC to be configured.

Step 21

interface GigabitEthernet0/2/0/1

Establishes GigabitEthernet0/2/0/1 as an AC of bridge domain test-switch.

Step 22

exit

Exits bridge domain AC configuration submode, allowing next AC to be configured.

Step 23

interface TenGigE0/1/0/2

Establishes interface TenGigE0/1/0/2 as an AC of bridge domain test-switch.

Step 24

Use the commit or end command.

commit - Saves the configuration changes and remains within the configuration session.

end - Prompts user to take one of these actions:

  • Yes - Saves configuration changes and exits the configuration session.

  • No - Exits the configuration session without committing the configuration changes.

  • Cancel - Remains in the configuration mode, without committing the configuration changes.


Bridging on Ethernet Flow Points: Example

This example shows how to configure a Cisco NCS 5500 Series Router to perform Layer 2 switching on traffic that passes through Ethernet Flow Points (EFPs). EFP traffic typically has one or more VLAN headers. Although both IOS XR trunks and IOS XR EFPs can be combined as attachment circuits in bridge domains, this example uses EFPs exclusively.

Important notes:

  • An EFP is a Layer 2 subinterface. It is always created under a trunk interface. The trunk interface must exist before the EFP is created.

  • In an empty configuration, the bundle interface trunk does not exist, but the physical trunk interfaces are automatically configured. Therefore, only the bundle trunk is created.

  • In this example the subinterface number and the VLAN IDs are identical, but this is out of convenience, and is not a necessity. They do not need to be the same values.

  • The bridge domain test-efp has three attachment circuits (ACs). All the ACs are EFPs.

  • Only frames with a VLAN ID of 999 enter the EFPs. This ensures that all the traffic in this bridge domain has the same VLAN encapsulation.

  • The ACs in this example use interfaces that are in the admin down state (unresolved state). Bridge domains that use nonexistent interfaces as ACs are legal, and the commit for such configurations does not fail. In this case, the status of the bridge domain shows unresolved until you configure the missing interface.

Configuration Example


RP/0/RSP1/CPU0:router#configure
RP/0/RSP1/CPU0:router(config)#interface Bundle-ether10 
RP/0/RSP1/CPU0:router(config-if)#interface Bundle-ether10.999 l2transport 
RP/0/RSP1/CPU0:router(config-subif)#encapsulation dot1q 999 
RP/0/RSP1/CPU0:router(config-subif)#interface GigabitEthernet0/6/0/5 
RP/0/RSP1/CPU0:router(config-if)#bundle id 10 mode active 
RP/0/RSP1/CPU0:router(config-if)#interface GigabitEthernet0/6/0/6 
RP/0/RSP1/CPU0:router(config-if)#bundle id 10 mode active 
RP/0/RSP1/CPU0:router(config-if)#interface GigabitEthernet0/6/0/7.999 l2transport 
RP/0/RSP1/CPU0:router(config-subif)#encapsulation dot1q 999 
RP/0/RSP1/CPU0:router(config-subif)#interface TenGigE0/1/0/2.999 l2transport 
RP/0/RSP1/CPU0:router(config-subif)#encapsulation dot1q 999 
RP/0/RSP1/CPU0:router(config-subif)#l2vpn
RP/0/RSP1/CPU0:router(config-l2vpn)#bridge group examples 
RP/0/RSP1/CPU0:router(config-l2vpn-bg)#bridge-domain test-efp 
RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd)#interface Bundle-ether10.999 
RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#exit
RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd)#interface GigabitEthernet0/6/0/7.999 
RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#exit
RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd)#interface TenGigE0/1/0/2.999 
RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#commit
RP/0/RSP1/CPU0:router(config-l2vpn-bg-bd-ac)#end
RP/0/RSP1/CPU0:router#
RP/0/RSP1/CPU0:router#show l2vpn bridge group examples 
Fri Jul 23 21:56:34.473 UTC Bridge group: examples, bridge-domain: test-efp, id: 0, state: up, ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
  Filter MAC addresses: 0
  ACs: 3 (0 up), VFIs: 0, PWs: 0 (0 up), PBBs: 0 (0 up)
  List of ACs:
    BE10.999, state: down, Static MAC addresses: 0
    Gi0/6/0/7.999, state: unresolved, Static MAC addresses: 0
    Te0/1/0/2.999, state: down, Static MAC addresses: 0
  List of VFIs:
RP/0/RSP1/CPU0:router#

This table lists the configuration steps (actions) and the corresponding purpose for this example:

SUMMARY STEPS

  1. configure
  2. interface Bundle-ether10
  3. interface Bundle-ether10.999 l2transport
  4. encapsulation dot1q 999
  5. interface GigabitEthernet0/6/0/5
  6. bundle id 10 mode active
  7. interface GigabitEthernet0/6/0/6
  8. bundle id 10 mode active
  9. interface GigabitEthernet0/6/0/7.999 l2transport
  10. encapsulation dot1q 999
  11. interface TenGigE0/1/0/2.999 l2transport
  12. encapsulation dot1q 999
  13. l2vpn
  14. bridge group examples
  15. bridge-domain test-efp
  16. interface Bundle-ether10.999
  17. exit
  18. interface GigabitEthernet0/6/0/7.999
  19. exit
  20. interface TenGigE0/1/0/2.999
  21. Use the commit or end command.

DETAILED STEPS


Step 1

configure

Enters global configuration mode.

Step 2

interface Bundle-ether10

Creates a new bundle trunk interface.

Step 3

interface Bundle-ether10.999 l2transport

Creates an EFP under the new bundle trunk.

Step 4

encapsulation dot1q 999

Assigns VLAN ID of 999 to this EFP.

Step 5

interface GigabitEthernet0/6/0/5

Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/6/0/5.

Step 6

bundle id 10 mode active

Establishes GigabitEthernet0/6/0/5 as a member of Bundle-ether10. The mode active keywords specify LACP protocol.

Step 7

interface GigabitEthernet0/6/0/6

Enters interface configuration mode. Changes configuration mode to act on GigabitEthernet0/6/0/6.

Step 8

bundle id 10 mode active

Establishes GigabitEthernet0/6/0/6 as a member of Bundle-ether10. The mode active keywords specify LACP protocol.

Step 9

interface GigabitEthernet0/6/0/7.999 l2transport

Creates an EFP under GigabitEthernet0/6/0/7.

Step 10

encapsulation dot1q 999

Assigns VLAN ID of 999 to this EFP.

Step 11

interface TenGigE0/1/0/2.999 l2transport

Creates an EFP under TenGigE0/1/0/2.

Step 12

encapsulation dot1q 999

Assigns VLAN ID of 999 to this EFP.

Step 13

l2vpn

Enters L2VPN configuration mode.

Step 14

bridge group examples

Creates the bridge group named examples.

Step 15

bridge-domain test-efp

Creates the bridge domain named test-efp, that is a member of bridge group examples.

Step 16

interface Bundle-ether10.999

Establishes Bundle-ether10.999 as an AC of the bridge domain named test-efp.

Step 17

exit

Exits bridge domain AC configuration submode, allowing next AC to be configured.

Step 18

interface GigabitEthernet0/6/0/7.999

Establishes GigabitEthernet0/6/0/7.999 as an AC of the bridge domain named test-efp.

Step 19

exit

Exits bridge domain AC configuration submode, allowing next AC to be configured.

Step 20

interface TenGigE0/1/0/2.999

Establishes interface TenGigE0/1/0/2.999 as an AC of bridge domain named test-efp.

Step 21

Use the commit or end command.

commit - Saves the configuration changes and remains within the configuration session.

end - Prompts user to take one of these actions:

  • Yes - Saves configuration changes and exits the configuration session.

  • No - Exits the configuration session without committing the configuration changes.

  • Cancel - Remains in the configuration mode, without committing the configuration changes.


LDP-Based VPLS and VPWS FAT Pseudowire

The LDP-based VPLS and VPWS FAT Pseudowire feature enables provider (P) routers to use the flow-based load balancing to forward traffic between the provider edge (PE) devices. This feature uses Flow-Aware Transport (FAT) of pseudowires (PW) over an MPLS packet switched network for load-balancing traffic across LDP-based signaled pseudowires for Virtual Private LAN Services (VPLS) and Virtual Private Wire Service (VPWS).

FAT PWs provide the capability to identify individual flows within a PW and provide routers the ability to use these flows to load-balance the traffic. FAT PWs are used to load balance the traffic in the core when equal cost multipaths (ECMP) are used. A flow label is created based on indivisible packet flows entering an imposition PE. This flow label is inserted as the lower most label in the packet. P routers use the flow label for load balancing to provide better traffic distribution across ECMP paths or link-bundled paths in the core. A flow is identified either by the source and destination IP address and layer 4 source and destination ports of the traffic, or the source and destination MAC address of the traffic.

The following figure shows a FAT PW with two flows distributing over ECMPs and bundle links.

Figure 3. FAT PW with Two Flows Distributing over ECMPs and Bundle Links

An extra label is added to the stack, called the flow label, which is generated for each unique incoming flow on the PE. A flow label is a unique identifier that distinguishes a flow within the PW, and is derived from source and destination MAC addresses, and source and destination IP addresses. The flow label contains the end of label stack (EOS) bit set. The flow label is inserted after the VC label and before the control word (if any). The ingress PE calculates and forwards the flow label. The FAT PW configuration enables the flow label. The egress PE discards the flow label such that no decisions are made.

All core routers perform load balancing based on the flow label in the FAT PW. Therefore, it is possible to distribute flows over ECMPs and link bundles.

In this topology, the imposition router, PE1, adds a flow label in the traffic. The disposition router, PE2, allows mixed types of traffic of which some have flow label, others do not. The P router uses flow label to load balance the traffic between the PEs. PE2 ignores the flow label in traffic, and uses one label for all unicast traffic.

Configure LDP-Based VPLS and VPWS FAT Pseudowire

This feature is not supported for traffic across BGP-signaled pseudowires for VPLS and VPWS services.

Configuration Example

Perform this task to configure VPLS and VPWS FAT Pseudowire on both PE1 and PE2.

/* Configure LDP-based VPLS FAT Pseudowire */
Router# configure 
Router(config)# l2vpn 
Router(config-l2vpn)# pw-class vpls
Router(config-l2vpn-pwc)# encapsulation mpls
Router(config-l2vpn-pwc-mpls)# load-balancing
Router(config-l2vpn-pwc-mpls-load-bal)# flow-label both
Router(config-l2vpn-pwc-mpls-load-bal)# exit
Router# configure 
Router(config)# l2vpn
Router(config-l2vpn)# bridge group bg0
Router(config-l2vpn-bg)# bridge-domain bd1
Router(config-l2vpn-bg-bd)# interface TenGigE0/0/0/5.1
Router(config-l2vpn-bg-bd-ac)# exit
Router(config-l2vpn-bg-bd)# vfi 2001
Router(config-l2vpn-bg-bd-vfi)# neighbor 192.0.2.1 pw-id 1 
Router(config-l2vpn-bg-bd-vfi-pw)# pw-class vpls
Router(config-l2vpn-bg-bd-vfi-pw)# commit

/* Configure LDP-based VPWS FAT Pseudowire */
Router# configure 
Router(config)# l2vpn 
Router(config-l2vpn)# pw-class vpws
Router(config-l2vpn-pwc)# encapsulation mpls
Router(config-l2vpn-pwc-mpls)# load-balancing
Router(config-l2vpn-pwc-mpls-load-bal)# flow-label both
Router(config-l2vpn-pwc-mpls-load-bal)# exit
Router# configure 
Router(config)# l2vpn 
Router(config-l2vpn)# xconnect group vpws
Router(config-l2vpn-xc)# p2p 1001
Router(config-l2vpn-xc-p2p)# interface TenGigE0/0/0/5.1001
Router(config-l2vpn-xc-p2p)# neighbor ipv4 192.0.2.1 pw-id 1001
Router(config-l2vpn-xc-p2p-pw)# pw-class vpws
Router(config-l2vpn-xc-p2p-pw)# commit 

Running Configuration

This section shows the running configuration of VPLS and VPWS FAT Pseudowire.


/* Configure LDP-based VPLS FAT Pseudowire */
l2vpn
pw-class vpls
  encapsulation mpls
   load-balancing
    flow-label both
   !
  !
bridge group bg0
  bridge-domain bd1
   interface TenGigE0/0/0/5.1
   !
   vfi 2001
    neighbor 192.0.2.1 pw-id 1
     pw-class vpls
    !
    !

/* Configure LDP-based VPWS FAT Pseudowire */
l2vpn
pw-class vpws
  encapsulation mpls
   load-balancing
    flow-label both
   !
  !
!
l2vpn
 xconnect group vpws
  p2p 1001
   interface interface TenGigE0/0/0/5.1001
   neighbor ipv4 192.0.2.1 pw-id 1001
    pw-class vpws
   !
  !

Verification

Verify that you have successfully configure the LDP-based VPLS and VPWS FAT Pseudowire feature.


/* Verify the LDP-based VPLS FAT Pseudowire configuration */
Router# show l2vpn bridge-domain group bg0 bd-name bd1 detail
Fri May 17 06:00:45.745 UTC
  List of VFIs:
    VFI 1 (up)
      PW: neighbor 192.0.2.1, PW ID 1, state is up ( established )
        PW class vpws, XC ID 0xc0000001
        Encapsulation MPLS, protocol LDP
        Source address 192.0.2.5
        PW type Ethernet, control word disabled, interworking none
        Sequencing not set
        LSP : Up
        Flow Label flags configured (Tx=1,Rx=1), negotiated (Tx=1,Rx=1)
 
        PW Status TLV in use
          MPLS         Local                          Remote                       
          ------------ ------------------------------ -------------------------
          Label        24000                          24000                        
          Group ID     0x0                            0x0                          
          Interface    1                              1                             
          MTU          1500                           1500                         
          Control word disabled                       disabled                     
          PW type      Ethernet                       Ethernet                      
          VCCV CV type 0x2                            0x2                          
                       (LSP ping verification)        (LSP ping verification)      
          VCCV CC type 0x6                            0x6                           
                       (router alert label)           (router alert label)         
                       (TTL expiry)                   (TTL expiry)                 
          ------------ ------------------------------ -------------------------
        Incoming Status (PW Status TLV):
          Status code: 0x0 (Up) in Notification message
        MIB cpwVcIndex: 3221225473
        Create time: 12/05/2019 11:17:59 (4d18h ago)
        Last time status changed: 12/05/2019 11:24:03 (4d18h ago)
        MAC withdraw messages: sent 7, received 9
        Forward-class: 0
        Static MAC addresses:
        Statistics:
          packets: received 0 (unicast 0), sent 0
          bytes: received 0 (unicast 0), sent 0
          MAC move: 0
        Storm control drop counters:
          packets: broadcast 0, multicast 0, unknown unicast 0
          bytes: broadcast 0, multicast 0, unknown unicast 0
      MAC learning: enabled
      Flooding:
        Broadcast & Multicast: enabled
        Unknown unicast: enabled
      MAC aging time: 900 s, Type: inactivity
      MAC limit: 32000, Action: none, Notification: syslog
      MAC limit reached: no, threshold: 75%
      MAC port down flush: enabled
      MAC Secure: disabled, Logging: disabled
      Split Horizon Group: none
      E-Tree: Root
      DHCPv4 Snooping: disabled
      DHCPv4 Snooping profile: none
      IGMP Snooping: disabled
      IGMP Snooping profile: none
      MLD Snooping profile: none
      Storm Control: bridge-domain policer
      DHCPv4 Snooping: disabled
      DHCPv4 Snooping profile: none
      IGMP Snooping: disabled
      IGMP Snooping profile: none
      MLD Snooping profile: none

/* Verify the LDP-based VPWS FAT Pseudowire configuration */
Router# show l2vpn xconnect group vpws detail
Group vpws, XC 1001, state is up; Interworking none
  AC: TenGigE0/0/0/5.1001, state is up
    Type VLAN; Num Ranges: 1
    Rewrite Tags: []
    VLAN ranges: [1001, 1001]
    MTU 1504; XC ID 0x47f; interworking none
    Statistics:
      packets: received 0, sent 0
      bytes: received 0, sent 0
      drops: illegal VLAN 0, illegal length 0
  PW: neighbor 192.0.2.1, PW ID 1001, state is up ( established )
    PW class vpws, XC ID 0xc0000548
    Encapsulation MPLS, protocol LDP
    Source address 192.0.2.2
    PW type Ethernet, control word disabled, interworking none
    PW backup disable delay 0 sec
    Sequencing not set
    LSP : Up
    Flow Label flags configured (Tx=1,Rx=1), negotiated (Tx=1,Rx=1)
 
    PW Status TLV in use
      MPLS         Local                          Remote                       
      ------------ ------------------------------ -----------------------------
      Label        25011                          25010                        
      Group ID     0xf000190                      0x228                        
      Interface    TenGigE0/0/0/5.1001            HundredGigE0/0/1/0.1001      
      MTU          1504                           1504                         
      Control word disabled                       disabled                     
      PW type      Ethernet                       Ethernet                     
      VCCV CV type 0x2                            0x2                          
                   (LSP ping verification)        (LSP ping verification)      
      VCCV CC type 0x6                            0x6                          
                   (router alert label)           (router alert label)         
                   (TTL expiry)                   (TTL expiry)                 
      ------------ ------------------------------ -----------------------------
    Incoming Status (PW Status TLV):
      Status code: 0x0 (Up) in Notification message
    Outgoing Status (PW Status TLV):
      Status code: 0x0 (Up) in Notification message
    MIB cpwVcIndex: 3221226824
    Create time: 17/05/2019 05:52:59 (00:05:22 ago)
    Last time status changed: 17/05/2019 05:53:11 (00:05:10 ago)
    Statistics:
      packets: received 0, sent 0
     bytes: received 0, sent 0

Related Topics

Associated Commands

  • show l2vpn xconnect detail