Configuring VPLS
The following sections provide information about how to configure VPLS.
Information About VPLS
VPLS Overview
VPLS (Virtual Private LAN Service) enables enterprises to link together their Ethernet-based LANs from multiple sites via the infrastructure provided by their service provider. From the enterprise perspective, the service provider's public network looks like one giant Ethernet LAN. For the service provider, VPLS provides an opportunity to deploy another revenue-generating service on top of their existing network without major capital expenditures. Operators can extend the operational life of equipment in their network.
Virtual Private LAN Service (VPLS) uses the provider core to join multiple attachment circuits together to simulate a virtual bridge that connects the multiple attachment circuits together. From a customer point of view, there is no topology for VPLS. All of the CE devices appear to connect to a logical bridge emulated by the provider core.
Full-Mesh Configuration
The full-mesh configuration requires a full mesh of tunnel label switched paths (LSPs) between all the PEs that participate in the VPLS. With full-mesh, signaling overhead and packet replication requirements for each provisioned VC on a PE can be high.
You set up a VPLS by first creating a virtual forwarding instance (VFI) on each participating PE router. The VFI specifies the VPN ID of a VPLS domain, the addresses of other PE devices in the domain, and the type of tunnel signaling and encapsulation mechanism for each peer PE router.
The set of VFIs formed by the interconnection of the emulated VCs is called a VPLS instance; it is the VPLS instance that forms the logic bridge over a packet switched network. The VPLS instance is assigned a unique VPN ID.
The PE devices use the VFI to establish a full-mesh LSP of emulated VCs to all the other PE devices in the VPLS instance. PE devices obtain the membership of a VPLS instance through static configuration using the Cisco IOS CLI.
The full-mesh configuration allows the PE router to maintain a single broadcast domain. Thus, when the PE router receives a broadcast, multicast, or unknown unicast packet on an attachment circuit, it sends the packet out on all other attachment circuits and emulated circuits to all other CE devices participating in that VPLS instance. The CE devices see the VPLS instance as an emulated LAN.
To avoid the problem of a packet looping in the provider core, the PE devices enforce a "split-horizon" principle for the emulated VCs. That means if a packet is received on an emulated VC, it is not forwarded on any other emulated VC.
After the VFI has been defined, it needs to be bound to an attachment circuit to the CE device.
The packet forwarding decision is made by looking up the Layer 2 virtual forwarding instance (VFI) of a particular VPLS domain.
A VPLS instance on a particular PE router receives Ethernet frames that enter on specific physical or logical ports and populates a MAC table similarly to how an Ethernet switch works. The PE router can use the MAC address to switch those frames into the appropriate LSP for delivery to the another PE router at a remote site.
If the MAC address is not in the MAC address table, the PE router replicates the Ethernet frame and floods it to all logical ports associated with that VPLS instance, except the ingress port where it just entered. The PE router updates the MAC table as it receives packets on specific ports and removes addresses not used for specific periods.
Restrictions for VPLS
-
Layer 2 protocol tunneling configuration is not supported
-
Integrated Routing and Bridging (IRB) configuration is not supported.
-
Virtual Circuit Connectivity Verification (VCCV) ping with explicit null is not supported.
-
The switch is supported if configured only as a spoke in hierarchical Virtual Private LAN Services (VPLS) and not as a hub.
-
Layer 2 VPN interworking functions are not supported.
-
ip unnumbered command is not supported in Multiprotocol Label Switching (MPLS) configuration.
-
Virtual Circuit (VC) statistics are not displayed for flood traffic in the output of show mpls l2 vc vcid detail command.
-
Dot1q tunnel configuration is not supported in the attachment circuit.
Configuring Layer 2 PE Device Interfaces to CE Devices
You must configure Layer 2 PE device interfaces to CE devices. You can either configure 802.1Q trunks on the PE device for tagged traffic from a CE device or configure 802.1Q access ports on the PE device for untagged traffic from a CE device. The following sections provides configuration information for both.
Configuring 802.1Q Trunks on a PE Device for Tagged Traffic from a CE Device
To configure 802.1Q trunks on a PE device, perform this procedure:
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
Step 3 |
interface interface-id Example:
|
Defines the interface to be configured as a trunk, and enters interface configuration mode. |
Step 4 |
no ip address ip_address mask [secondary] Example:
|
Disables IP processing and enters interface configuration mode. |
Step 5 |
switchport Example:
|
Modifies the switching characteristics of the Layer 2 switched interface. |
Step 6 |
switchport trunk encapsulation dot1q Example:
|
Sets the switch port encapsulation format to 802.1Q. |
Step 7 |
switchport trunk allow vlan vlan_ID Example:
|
Sets the list of allowed VLANs. |
Step 8 |
switchport mode trunk Example:
|
Sets the interface to a trunking VLAN Layer 2 interface. |
Step 9 |
end Example:
|
Returns to privileged EXEC mode. |
Configuring 802.1Q Access Ports on a PE Device for Untagged Traffic from a CE Device
To configure 802.1Q access ports on a PE device, perform this procedure:
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
Step 3 |
interface interface-id Example:
|
Defines the interface to be configured as a trunk, and enters interface configuration mode. |
Step 4 |
no ip address ip_address mask [secondary ] Example:
|
Disables IP processing. |
Step 5 |
switchport Example:
|
Modifies the switching characteristics of the Layer 2 switched interface. |
Step 6 |
switchport mode access Example:
|
Sets the interface type to nontrunking and nontagged single VLAN Layer 2 interface. |
Step 7 |
switchport access vlan vlan_ID Example:
|
Sets the VLAN when the interface is in access mode. |
Step 8 |
end Example:
|
Returns to privileged EXEC mode. |
Configuring Layer 2 VLAN Instances on a PE Device
Configuring the Layer 2 VLAN interface on the PE device, enables the Layer 2 VLAN instance on the PE device to the VLAN database, to set up the mapping between the VPLS and VLANs.
To configure Layer 2 VLAN instance on a PE device, perform this procedure:
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
Step 3 |
vlan vlan-id Example:
|
Configures a specific VLAN. |
Step 4 |
interface vlan vlan-id Example:
|
Configures an interface on the VLAN. |
Step 5 |
end Example:
|
Returns to privileged EXEC mode. |
Configuring MPLS on a PE Device
To configure MPLS on a PE device, perform this procedure:
Procedure
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
Step 3 |
mpls ip Example:
|
Configures MPLS hop-by-hop forwarding. |
Step 4 |
mpls label protocol ldp Example:
|
Specifies the default Label Distribution Protocol (LDP) for a platform. |
Step 5 |
mpls ldp logging neighbor-changes Example:
|
(Optional) Determines logging neighbor changes. |
Step 6 |
end Example:
|
Returns to privileged EXEC mode. |
Configuring VFI on a PE Device
The VFI specifies the VPN ID of a VPLS domain, the addresses of other PE devices in this domain, and the type of tunnel signaling and encapsulation mechanism for each peer device.
To configure VFI and associated VCs on the PE device, perform this procedure:
Procedure
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode. Enter your password if prompted. |
||
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 3 |
l2 vfi vfi-name manual Example:
|
Enables the Layer 2 VFI manual configuration mode. |
||
Step 4 |
vpn id vpn-id Example:
|
Configures a VPN ID for a VPLS domain. The emulated VCs bound to this Layer 2 virtual routing and forwarding (VRF) use this VPN ID for signaling.
|
||
Step 5 |
neighbor router-id {encapsulation mpls} Example:
|
Specifies the remote peering router ID and the tunnel encapsulation type or the pseudowire (PW) property to be used to set up the emulated VC. |
||
Step 6 |
end Example:
|
Returns to privileged EXEC mode. |
Associating the Attachment Circuit with the VFI on the PE Device
After defining the VFI, you must associate it to one or more attachment circuits.
To associate the attachment circuit with the VFI, perform this procedure:
Procedure
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode. Enter your password if prompted. |
||
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 3 |
interface vlan vlan-id Example:
|
Creates or accesses a dynamic switched virtual interface (SVI).
|
||
Step 4 |
no ip address Example:
|
Disables IP processing. (You can configure a Layer 3 interface for the VLAN if you need to configure an IP address.) |
||
Step 5 |
xconnect vfi vfi-name Example:
|
Specifies the Layer 2 VFI that you are binding to the VLAN port. |
||
Step 6 |
end Example:
|
Returns to privileged EXEC mode. |
Configuration Examples for VPLS
PE1 Configuration |
PE2 Configuration |
---|---|
|
|
Local interface: VFI 2129 vfi up
Interworking type is Ethernet
Destination address: 44.254.44.44, VC ID: 2129, VC status: up
Output interface: Gi1/0/9, imposed label stack {18 17}
Preferred path: not configured
Default path: active
Next hop: 177.77.177.2
Create time: 19:09:33, last status change time: 09:24:14
Last label FSM state change time: 09:24:14
Signaling protocol: LDP, peer 44.254.44.44:0 up
Targeted Hello: 1.1.1.72(LDP Id) -> 44.254.44.44, LDP is UP
Graceful restart: configured and enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 512, remote 17
Group ID: local n/a, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: Off
SSO Descriptor: 44.254.44.44/2129, local label: 512
Dataplane:
SSM segment/switch IDs: 20498/20492 (used), PWID: 2
VC statistics:
transit packet totals: receive 0, send 0
transit byte totals: receive 0, send 0
transit packet drops: receive 0, seq error 0, send 0
pseudowire100005 is up, VC status is up PW type: Ethernet
Create time: 19:25:56, last status change time: 09:40:37
Last label FSM state change time: 09:40:37
Destination address: 44.254.44.44 VC ID: 2129
Output interface: Gi1/0/9, imposed label stack {18 17}
Preferred path: not configured
Default path: active
Next hop: 177.77.177.2
Member of vfi service 2129
Bridge-Domain id: 2129
Service id: 0x32000003
Signaling protocol: LDP, peer 44.254.44.44:0 up
Targeted Hello: 1.1.1.72(LDP Id) -> 44.254.44.44, LDP is UP
Graceful restart: configured and enabled
Non stop routing: not configured and not enabled
PWid FEC (128), VC ID: 2129
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Local dataplane status received : No fault
BFD dataplane status received : Not sent
BFD peer monitor status received : No fault
Status received from access circuit : No fault
Status sent to access circuit : No fault
Status received from pseudowire i/f : No fault
Status sent to network peer : No fault
Status received from network peer : No fault
Adjacency status of remote peer : No fault
Sequencing: receive disabled, send disabled
Bindings
Parameter Local Remote
------------ ------------------------------ ------------------------------
Label 512 17
Group ID n/a 0
Interface
MTU 1500 1500
Control word off off
PW type Ethernet Ethernet
VCCV CV type 0x02 0x02
LSPV [2] LSPV [2]
VCCV CC type 0x06 0x06
RA [2], TTL [3] RA [2], TTL [3]
Status TLV enabled supported
SSO Descriptor: 44.254.44.44/2129, local label: 512
Dataplane:
SSM segment/switch IDs: 20498/20492 (used), PWID: 2
Rx Counters
0 input transit packets, 0 bytes
0 drops, 0 seq err
Tx Counters
0 output transit packets, 0 bytes
0 drops