Configuring Layer 2 VPN Pseudowire Redundancy
This chapter describes how to configure the Layer 2 Virtual Private Network (VPN) Pseudowires Redundancy feature for detecting a failure in the network and rerouting the Layer 2 service to another endpoint that can continue to provide the service.
This chapter includes the following sections:
Information About Layer 2 VPN Pseudowire Redundancy
When connectivity between end-to-end provider edge (PE) devices fails, L2VPN pseudowire redundancy can select an alternate path to the directed Label Distribution Protocol ( LDP) session and the user data can take over. However, there are some parts of the network where this rerouting mechanism does not protect against interruptions in service. The figure below shows those parts of the network that are vulnerable to an interruption in service.
Figure 30-1 Points of Potential Failure in a Layer 2 VPN Network
The L2VPN Pseudowire Redundancy feature ensures that the customer edge (CE) device, CE2, in the figure above can always maintain network connectivity, even if one or all the failures in the figure occur. When you configure L2VPN pseudowire redundancy, you configure the network with redundant pseudowires (PWs) and redundant network elements.
The figures below show how to set up redundant PWs and Attachment Circuits (ACs) to maintain connectivity.
Figure 30-2 L2VPN Network with Redundant PWs and Attachment Circuits
Figure 30-3 L2VPN Network with Redundant PWs, Attachment Circuits, and CE Devices
Figure 30-4 L2VPN Network with Redundant PWs, Attachment Circuits, CE Devices, and PE Devices
Licensing Requirements for Layer 2 VPN Pseudowire Redundancy
The following table shows the licensing requirements for this feature:
|
|
Cisco DCNM |
IP tunnels require a LAN Enterprise license. For a complete explanation of the DCNM licensing scheme and how to obtain and apply licenses, see the Cisco DCNM Installation and Licensing Guide, Release 5.x. |
Cisco NX-OS |
Layer 2 MVPNs require an MPLS license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide. |
Configuring Layer 2 VPN Pseudowire Redundancy
This section includes the following topics:
Configuring a Pseudowire (Optional)
SUMMARY STEPS
1. configure terminal
2. port-profile type pseudowire profile-name
3. encapsulation mpls
4. state enabled
5. end
6. [ no ] interface pseudowire pw-id
7. inherit port-profile profile-name
8. neighbor peer-ip-address vc-id
9. (Optional) copy running-config start-up config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal
switch# configure terminal switch(config)# |
Enters global configuration mode. |
Step 2 |
port-profile type pseudowire profile-name
switch(config)# port-profile type pseudowire TestSet switch(config-if-prof)# |
Enters interface port-profile configuration mode and configures a port profile. |
Step 3 |
encapsulation mpls
switch(config-if-prof)# encapsulation mpls |
Specifies MPLS encapsulation for this profile. |
Step 4 |
state enable
switch(config-if-prof)# state enable |
Enables the profile. |
Step 5 |
end
switch(config-if-prof)# end switch(config) |
Returns to privileged EXEC mode. |
Step 6 |
[ no ] interface pseudowire pw-id
switch(config)# interface pseudowire 12 switch(config-if-pseudowire)# |
Enters interface pseudowire configuration mode and configures a static pseudowire logical interface.
- The pw-id argument is a unique per-interface identifier for this pseudowire. The range is from 1 to 200000. The range for a static pseudowire is from 1 to 8192.
Note You can use the no form of this command to delete the pseudowire interface and the associated configuration. |
Step 7 |
inherit port-profile profile-name
switch(config-if-pseudowire)# inherit port-profile TestSet |
Applies a port profile to this interface. |
Step 8 |
neighbor peer-ip-address vc-id
switch(config-if-pseudowire)# neighbor 10.2.2.2 100 |
Configures a emulated virtual circuit for this interface.
- The combination of the peer-ip-address and vc-id arguments must be unique on a device.
- The peer IP address is the address of the provider edge (PE) peer.
- The vc-id argument is an identifier for the virtual circuit between devices. The valid range is from 1 to 4294967295.
|
Step 9 |
copy running-config startup-config
switch(config-if-pseudowire)# copy running-config startup-config |
(Optional) Saves this configuration change. |
Configuring a Layer 2 VPN XConnect Context
You can perform this task to add a Layer 2 VPN Attachment Circuit (AC) to associate a backup pseudowire (PW) to the AC.
BEFORE YOU BEGIN
- Ensure that you have configured the AC (Ethernet Flow Point, pseudowire, Ethernet VLAN) for the Layer 2 VPN services.
Restrictions
- There can only be two groups, with a maximum of four members (one as the active and three as backup) in each group, for redundancy.
- If the group name is not specified, only two members can be configured under the Layer 2 VPN XConnect context.
SUMMARY STEPS
1. configure terminal
2. [ no ] interface ethernet slot / port
3. no shutdown
4. l2vpn xconnect context context-name
5. [ no ] member interface-type slot / port [ service-instance service-instance-id ] [ group group-name ] [ priority number ]
6. [ no ] member pseudowire pw-id [ group name ] [ priority number ]
7. [ no ] member pseudowire pw-id [ peer-addr vc-id { encapsulation mpls | port-profile profile-name }] [ group name ] [ priority number ]
8. redundancy delay enable-delay { disable-delay | never } group name
9. (Optional) copy running-config start-up config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal
switch# configure terminal switch(config)# |
Enters global configuration mode. |
Step 2 |
interface ethernet slot / port
switch(config)# interface ethernet 2/1 switch(config-if)# |
Enters interface configuration mode. Make sure that the subinterface on the adjoining CE device is on the same VLAN as this PE device. Note You can use the no form of this command to delete the interface and the associated configuration. |
Step 3 |
no shutdown
switch(config-if)# no shutdown |
Brings the port administratively up. |
Step 4 |
[ no ] l2vpn xconnect context context-name
switch(config-if)# l2vpn xconnect context redundancytest switch(config-xconnect)# |
Enters Xconnect configuration mode and establishes a Layer 2 VPN (L2VPN) XConnect context for identifying the two members in a Virtual Private Wire Service (VPWS), multisegment pseudowire, or local connect service.
- The context-name argument is a unique per-interface identifier for this context. The maximum range is 100 alphanumeric, case-sensitive characters.
Note You can use the no form of this command to delete the context and the associated configuration. |
Step 5 |
[ no ] member i nterface-type slot / port [ service-instance service-instance-id ] [ group group-name ] [ priority number ]
switch(config-xconnect)# member ethernet 2/1 service-instance 1 group access-side |
Adds an active Ethernet AC, with or without an Ethernet Flow Point (EFP), to the XConnect context.
- The service-instance-id argument is a unique per-interface identifier for the EFP. The valid range is from 1 to 4000. The range might be restricted due to resource constraints.
- (Optional) The group group-name keyword and argument combination specifies to which of the redundant groups the member belongs. This configuration is required if the member is backed up by one or more other group members in order to identify to which redundant group each member belongs.
- (Optional) The priority number keyword and argument combination specifies the priority of the backup pseudowire in instances where multiple backup pseudowires exist. The range is from 1 to 10, with 1 being the highest priority. The default is 0 and is higher than 1.
- You can use the no form of this command to delete the specified member configuration.
|
Step 6 |
[ no ] member pseudowire pw-id [ group group-name ] [ priority number ]
switch(config-xconnect)# member pseudowire 2 group access-side priority 1 |
Adds an active pseudowire to the XConnect context.
- The pw-id argument is a unique per-interface identifier for this pseudowire. The range is from 1 to 200000. The range for a static pseudowire is from 1 to 8192.
- (Optional) The group group-name keyword and argument combination specifies to which of the redundant groups the member belongs. This configuration is required if the member is backed up by one or more other group members in order to identify to which redundant group each member belongs.
- (Optional) The priority number keyword and argument combination specifies the priority of the backup pseudowire in instances where multiple backup pseudowires exist. The range is from 1 to 10, with 1 being the highest priority. The default is 0 and is higher than 1.
- You can use the no form of this command to delete the specified member configuration.
|
Step 7 |
[ no ] member pseudowire pw-id [ peer-addr vc-id { encapsulation mpls | port-profile profile-name }] [ group name ] [ priority number ]
switch(config-xconnect)# member pseudowire 3 port-profile TestSet group core priority 1 |
(Optional) Creates a backup pseudowire in the XConnect context. This pseudowire configuration is not be displayed in the running configuration and it is not persistent across stateless start ups.
- The pw-id argument is a unique per-interface identifier for this pseudowire. The range is from 1 to 200000. The range for a static pseudowire is from 1 to 8192.
- (Optional) The peer-address and vc-id arguments configure a emulated virtual circuit for this pseudowire.
– The combination of the peer-ip-address and vc-id arguments must be unique on a device. – The peer IP address is the address of the provider edge (PE) peer. – The vc-id argument is an identifier for the virtual circuit between devices. The valid range is from 1 to 4294967295.
- (Optional) The encapsulation mpls keywords specify MPLS encapsulation for this interface.
- (Optional) The port-profile and profile-name keyword and argument combination specifies that an already-configured pseudowire port profile is to be used for this interface.
- (Optional) The group group-name keyword and argument combination specifies to which of the redundant groups the member belongs. This configuration is required if the member is backed up by one or more other group members in order to identify to which redundant group each member belongs.
- (Optional) The priority number keyword and argument combination specifies the priority of the backup pseudowire in instances where multiple backup pseudowires exist. The range is from 1 to 10, with 1 being the highest priority. The default is 0 and is higher than 1.
Note You can use the no form of this command to delete the specified member configuration. |
Step 8 |
copy running-config startup-config
switch(config-xconnect)# copy running-config startup-config |
(Optional) Saves this configuration change. |
Verifying the Layer 2 VPN Pseudowire Configuration
To verify pseudowire redundancy configuration information, perform one of the following tasks:
|
|
show l2vpn atom vc |
Displays information about the A ny Transport over MPLS ( AToM) virtual circuit. |
show l2vpn service xconnect all |
Displays status information about the specified XConnect service. |
Monitoring Tunnel Interfaces
You can configure DCNM to collect tunnel interface statistics. Choose Interfaces > Logical > Tunnel from the Feature Selector and navigate to the interface that you want to collect statistics on.
You see the Port Traffic Statistics window. You can collect statistics on input and output (packet and byte) counters, broadcast, multicast, and unicast traffic.
See the Fundamentals Configuration Guide, Cisco DCNM for LAN, Release 5.x , for more information on collecting statistics for layer 3 interfaces.
Configuration Examples for Layer 2 Pseudowire Redundancy
The following example shows an Ethernet attachment circuit XConnect and a backup pseudowire:
l2vpn xconnect context test
member pseudowire1 group core
member 9.9.9.3 200 encapsulation mpls group core priority 2
The following example shows an Ethernet VLAN attachment circuit XConnect with a service instance and a backup pseudowire:
service instance 100 ethernet
l2vpn xconnect context test
member pseudowire1 group core
member 9.9.9.3 200 encapsulation mpls group core priority 2
member Ethernet2/1 service-instance 100
The following example shows an Ethernet VLAN attachment circuit XConnect with a subinterface and a backup pseudowire:
interface Ethernet2/1.100
l2vpn xconnect context test
member pseudowire1 group core
member 9.9.9.3 200 encapsulation mpls group core priority 2
Additional References for Layer 2 VPN Pseudowire Redundancy
For additional information related to configuring ACs for VPLS, see the following sections:
Related Documents
|
|
Interface commands |
Cisco Nexus 7000 Series NX-OS Interfaces Command Reference |
MPLS commands |
Cisco Nexus 7000 Series NX-OS MPLS Command Reference |
Feature History for Layer 2 VPN Pseudowire Redundancy
Table 30-1 lists the release history for this feature.
Table 30-1 Feature History for Pseudowire Logical Interfaces
|
|
|
Layer 2 VPN Pseudowire Redundancy |
6.2(2) |
This feature enables you to set up your network to detect a failure in the network and reroute the Layer 2 service to another endpoint that can continue to provide service. The following commands were introduced or modified: encapsulation, inherit port-profile, interface pseudowire, l2vpn xconnect context , member, neighbor, port-profile, show l2vpn atom vc, show l2vpn service xconnect. |
IP tunnels in VDC other than default |
4.2(1) |
This features was introduced. |