Hierarchical VPLS Configuration for a Scalable MPLS L2VPN
- What is Hierarchical VPLS? ‹
- What design options are possible with H-VPLS? ‹
- Configuring H-VPLS with L2 VFI (MPLS) in Edge domain ‹
- Configuring H-VPLS with EoMPLS in Edge domain ‹
- Configuring H-VPLS with Q-in-Q in Edge domain ‹
- Download section ‹
What is Hierarchical VPLS?
H-VPLS is a variation of VPLS that introduces a tiered approach to the network design. Two domains are created to form a hierarchical topology. The Core network uses traditional VPLS discovery and signaling mechanisms together with MPLS, targeted LDP sessions and optionally BGP. Network Provider Edge (N-PE) routers are placed at the border of the H-VPLS Core, a full mesh of pseudowires is needed between N-PEs.
Flexibility and scalability is improved by deploying H-VPLS Edge domains (also called Access or Outer network, or Aggregation domain) where a full mesh of pseudowires is not needed. Two Edge domains are joined through a Core domain. The Core domain is bordered by N-PE routers.
The following capture shows a packet with an MPLS label stack in the H-VPLS Core domain. This packet is also encapsulated with Q-in-Q (double VLAN tags) which were assigned in the H-VPLS Edge domain.
An H-VPLS Edge domain is borderd by User Provider Edge (U-PE) devices that connect to the individual Customer Edge (CE) devices. The U-PEs communicate with the N-PEs by using Q-in-Q (as in the above packet capture) or through an MPLS point-to-point L2VPN. The scalability problem is solved because a full mesh of pseudowires is not needed between each U-PE and N-PE.
What design options are possible with H-VPLS?
There are several ways to configure an H-VPLS L2VPN mentioned in the following table.
| Method | Description |
|---|---|
| L2 VFI (MPLS) between U-PE and N-PE | L2 Virtual Forwarding Interface (VFI) is configured with bridge domain on the U-PE and N-PE devices, including a service instance on the CE-facing interface of the U-PE. A VFI is essentially a bridge port created for a VPLS instance and provides MAC address learning. |
| EoMPLS between U-PE and N-PE | On the U-PE the xconnect command is configured under the CE-facing subinterface assigned to a VLAN. There is no bridge domain or service instance configuration added on the U-PE. This creates a point-to-point pseudowire without MAC address learning. |
| Q-in-Q between U-PE and N-PE | Q-in-Q does not use MPLS to forward traffic, and instead the frames are double-tagged by the U-PE device before accessing the H-VPLS edge domain. The N-PE device translates the Q-in-Q tag into an MPLS label when forwarding the traffic within the H-VPLS core network. |
| Redundant N-PE devices | To avoid having a single link between the U-PE and the N-PE a redundant design is possible in the H-VPLS edge domain. This means that one U-PE is connected to multiple N-PE devices. |
Configuring H-VPLS with L2 VFI (MPLS) in Edge domain
In the following example topology VLAN 10 is stretched between Site 1 and Site 2 by using Hierarchical VPLS. This means, Host1 and Host2 are both part of the IP subnet 192.168.1.0/24 and can directly send ARP frames to each other. The two sites are one broadcast domain in VLAN 10.
In the Core network a full mesh of pseudowires is needed between each N-PE router. To facilitate discovery of N-PE routers, BGP autodiscovery is configured in the L2VPN VPLS address-family. Meanwhile, pseudowire signaling uses targeted-LDP sessions. These details are configured with the command autodiscovery bgp signaling ldp on the N-PE routers.
Regarding the H-VPLS Edge areas MPLS point-to-point connections are configured between the N-PE and the U-PE. The configuration is applied under the bridge-domain on the N-PE, and under the L2VPN VFI context on the U-PE.
Configuration:
R1 (U-PE)
R1#show run all | sec ^mpls ip__ mpls ip R1#show run | sec ^mpls mpls label range 100 199 mpls ldp router-id Loopback10 force R1#show run int Lo10 | sec int interface Loopback10 ip address 1.1.1.1 255.255.255.255 R1#show run int Gi1 | sec int interface GigabitEthernet1 description ** to CE SW1 ** no ip address negotiation auto no mop enabled no mop sysid service instance 10 ethernet encapsulation dot1q 10 ! R1#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R2 ** ip address 10.1.0.2 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R1#show run | sec ^router router isis net 49.0010.0000.0000.0001.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 R1#show run | sec ^l2vpn l2vpn vfi context EXAMPLE-HVPLS vpn id 10 member 3.3.3.3 encapsulation mpls R1#show run | sec ^bridge bridge-domain 10 member GigabitEthernet1 service-instance 10 member vfi EXAMPLE-HVPLS
R7 (U-PE)
R7#show run all | sec ^mpls ip__ mpls ip R7#show run | sec ^mpls mpls label range 700 799 mpls ldp router-id Loopback10 force R7#show run int Lo10 | sec int interface Loopback10 ip address 7.7.7.7 255.255.255.255 R7#show run int Gi1 | sec int interface GigabitEthernet1 description ** to CE SW2 ** no ip address negotiation auto no mop enabled no mop sysid service instance 10 ethernet encapsulation dot1q 10 ! R7#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R6 ** ip address 10.7.0.2 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R7#show run | sec ^router router isis net 49.0010.0000.0000.0007.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 R7#show run | sec ^l2vpn l2vpn vfi context EXAMPLE-HVPLS vpn id 10 member 5.5.5.5 encapsulation mpls R7#show run | sec ^bridge bridge-domain 10 member GigabitEthernet1 service-instance 10 member vfi EXAMPLE-HVPLS
R3 (N-PE)
R3#show run all | sec ^mpls ip__ mpls ip R3#show run | sec ^mpls mpls label range 300 399 mpls ldp router-id Loopback10 force R3#show run int Lo10 | sec int interface Loopback10 ip address 3.3.3.3 255.255.255.255 R3#show run int Gi1 | sec int interface GigabitEthernet1 description ** to R2 ** ip address 10.2.0.2 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R3#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R4 ** ip address 10.3.0.1 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R3#show run | sec ^router router isis net 49.0010.0000.0000.0003.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65010 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 8.8.8.8 remote-as 65010 neighbor 8.8.8.8 update-source Loopback10 ! address-family l2vpn vpls neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended exit-address-family R3#show run | sec ^l2vpn l2vpn vfi context EXAMPLE-HVPLS vpn id 10 autodiscovery bgp signaling ldp vpls-id 65010:10 route-target export 65010:100 route-target import 65010:200 R3#show run | sec ^bridge bridge-domain 10 member vfi EXAMPLE-HVPLS member 1.1.1.1 10 encapsulation mpls
R5 (N-PE)
R5#show run all | sec ^mpls ip__ mpls ip R5#show run | sec ^mpls mpls label range 500 599 mpls ldp router-id Loopback10 force R5#show run int Lo10 | sec int interface Loopback10 ip address 5.5.5.5 255.255.255.255 R5#show run int Gi1 | sec int interface GigabitEthernet1 description ** to R6 ** ip address 10.6.0.1 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R5#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R4 ** ip address 10.4.0.2 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R5#show run | sec ^router router isis net 49.0010.0000.0000.0005.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65010 bgp router-id 5.5.5.5 bgp log-neighbor-changes neighbor 8.8.8.8 remote-as 65010 neighbor 8.8.8.8 update-source Loopback10 ! address-family l2vpn vpls neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended exit-address-family R5#show run | sec ^l2vpn l2vpn vfi context EXAMPLE-HVPLS vpn id 10 autodiscovery bgp signaling ldp vpls-id 65010:10 route-target export 65010:200 route-target import 65010:100 R5#show run | sec ^bridge bridge-domain 10 member vfi EXAMPLE-HVPLS member 7.7.7.7 10 encapsulation mpls
R8 (BGP RR)
R8#show run int Lo10 | sec int interface Loopback10 ip address 8.8.8.8 255.255.255.255 R8#show run int Gi1 | sec int interface GigabitEthernet1 description ** to R4 ** ip address 10.5.0.2 255.255.255.252 ip router isis negotiation auto no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R8#show run | sec ^router router isis net 49.0010.0000.0000.0008.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65010 bgp router-id 8.8.8.8 bgp log-neighbor-changes neighbor 3.3.3.3 remote-as 65010 neighbor 3.3.3.3 update-source Loopback10 neighbor 5.5.5.5 remote-as 65010 neighbor 5.5.5.5 update-source Loopback10 ! address-family l2vpn vpls neighbor 3.3.3.3 activate neighbor 3.3.3.3 send-community extended neighbor 3.3.3.3 route-reflector-client neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community extended neighbor 5.5.5.5 route-reflector-client exit-address-family
R2
R2#show run all | sec ^mpls ip$ mpls ip R2#show run | sec ^mpls mpls label range 200 299 mpls ldp router-id Loopback10 force R2#show run int Lo10 | sec int interface Loopback10 ip address 2.2.2.2 255.255.255.255 R2#show run int Gi1 | sec int interface GigabitEthernet1 description ** to U-PE R1 ** ip address 10.1.0.1 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R2#show run int Gi2 | sec int interface GigabitEthernet2 description ** to N-PE R3 ** ip address 10.2.0.1 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R2#show run | sec ^router router isis net 49.0010.0000.0000.0002.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R4
R4#show run all | sec ^mpls ip__ mpls ip R4#show run | sec ^mpls mpls label range 400 499 mpls ldp router-id Loopback10 force R4#show run int Lo10 | sec int interface Loopback10 ip address 4.4.4.4 255.255.255.255 R4#show run int Gi1 | sec int interface GigabitEthernet1 description ** to N-PE R3 ** ip address 10.3.0.2 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R4#show run int Gi2 | sec int interface GigabitEthernet2 description ** to N-PE R5 ** ip address 10.4.0.1 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R4#show run int Gi3 | sec int interface GigabitEthernet3 description ** to RR R8 ** ip address 10.5.0.1 255.255.255.252 ip router isis negotiation auto no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R4#show run | sec ^router router isis net 49.0010.0000.0000.0004.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
SW1 (CE)
SW1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host1 in VLAN 10 ** switchport access vlan 10 switchport mode access negotiation auto SW1#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to U-PE R1 ** switchport trunk allowed vlan 10 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto
SW2 (CE)
SW2#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host2 in VLAN 10 ** switchport access vlan 10 switchport mode access negotiation auto SW2#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to U-PE R7 ** switchport trunk allowed vlan 10 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto
Host1
Host1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE SW1 **
mac-address 0000.0000.0001
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
Host2
Host2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE SW2 **
mac-address 0000.0000.0002
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
media-type rj45
Host1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 50/50/52 ms « Host1 can ping Host2 Host1#trace 192.168.1.2 probe 1 Type escape sequence to abort. Tracing the route to 192.168.1.2 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.1.2 53 msec « Host1 and Host2 are directly connected at OSI Layer-3 Host1#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.1.1 - 0000.0000.0001 ARPA GigabitEthernet0/0 Internet 192.168.1.2 84 0000.0000.0002 ARPA GigabitEthernet0/0 « Host1 installs MAC address of Host2 into local ARP cache R1#show bridge-domain 10 Bridge-domain 10 (2 ports in all) State: UP Mac learning: Enabled Aging-Timer: 300 second(s) Maximum address limit: 65536 GigabitEthernet1 service instance 10 vfi EXAMPLE-HVPLS neighbor 3.3.3.3 10 AED MAC address Policy Tag Age Pseudoport 0 0000.0000.0002 forward dynamic 286 EXAMPLE-HVPLS.404010 « U-PE R1 learns MAC address of Host2 0 0000.0000.0001 forward dynamic 296 GigabitEthernet1.EFP10 « U-PE R1 learns MAC address of Host1 R1#show mpls l2transport vc Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- VFI EXAMPLE-HVPLS \ vfi 3.3.3.3 10 UP « Point-to-point pseudowire is UP between U-PE R1 and N-PE R3 R1#show l2vpn service all Legend: St=State XC St=State in the L2VPN Service Prio=Priority UP=Up DN=Down AD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware m=manually selected Interface Group Encapsulation Prio St XC St --------- ----- ------------- ---- -- ----- VPLS name: EXAMPLE-HVPLS, State: UP pw100001 EXAMPLE-HVPLS(VFI) 0 UP UP pw100002 core_pw 3.3.3.3:10(MPLS) 0 UP UP « H-VPLS Edge uses MPLS BD name: 10, State: -- - 10(BD) 0 UP -- - EXAMPLE-HVPLS(VFI) 0 UP UP
As visible in the above outputs, Host1 and Host2 are in the same IP subnet, and this is made possible with H-VPLS which uses an MPLS encapsulation (tunneling) mechanism to carry Layer-2 frames between the two sites.
The following packet capture was taken in the H-VPLS Core domain. It shows a packet carrying a TCP segment sent from Host1 to Host2. It is visible that the entire packet including the Ethernet frame header is encapsulated in another frame using VPLS. A Pseudowire control word separates the two Ethernet frames. There is an MPLS label stack inserted, with the bottom VPN service label 509.
The MPLS label range is statically configured on each Label Switching Router (LSR) within the H-VPLS network. R1 assigns labels in the range 100 - 199, R4 uses 400 - 499, R5 uses 500 - 599 and so on. Therefore, it is visible that the bottom label in the above packet capture was advertised by the N-PE router R5.
Configuring H-VPLS with EoMPLS in Edge domain
In the following example topology, the H-VPLS Edge network uses EoMPLS to connect with the Core network. This means, between the U-PE and the N-PE an EoMPLS pseudowire is configured, and as a result there is no MAC address learning on the U-PE routers. Within the Core network a full mesh of VPLS pseudowires is still needed, and BGP is used for the discovery phase.
Configuration:
R1 (U-PE)
R1#show run all | sec ^mpls ip__ mpls ip R1#show run | sec ^mpls mpls label range 100 199 mpls ldp router-id Loopback10 force R1#show run int Lo10 | sec int interface Loopback10 ip address 1.1.1.1 255.255.255.255 R1#show run int Gi1 | sec int interface GigabitEthernet1 description ** to CE SW1 ** no ip address negotiation auto no mop enabled no mop sysid R1#show run int Gi1.10 | sec int interface GigabitEthernet1.10 encapsulation dot1Q 10 xconnect 3.3.3.3 10 encapsulation mpls R1#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R2 ** ip address 10.1.0.2 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R1#show run | sec ^router router isis net 49.0010.0000.0000.0001.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R7 (U-PE)
R7#show run all | sec ^mpls ip__ mpls ip R7#show run | sec ^mpls mpls label range 700 799 mpls ldp router-id Loopback10 force R7#show run int Lo10 | sec int interface Loopback10 ip address 7.7.7.7 255.255.255.255 R7#show run int Gi1 | sec int interface GigabitEthernet1 description ** to CE SW2 ** no ip address negotiation auto no mop enabled no mop sysid R7#show run int Gi1.10 | sec int interface GigabitEthernet1.10 encapsulation dot1Q 10 xconnect 5.5.5.5 10 encapsulation mpls R7#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R6 ** ip address 10.7.0.2 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R7#show run | sec ^router router isis net 49.0010.0000.0000.0007.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R3 (N-PE)
R3#show run all | sec ^mpls ip__ mpls ip R3#show run | sec ^mpls mpls label range 300 399 mpls ldp router-id Loopback10 force R3#show run int Lo10 | sec int interface Loopback10 ip address 3.3.3.3 255.255.255.255 R3#show run int Gi1 | sec int interface GigabitEthernet1 description ** to R2 ** ip address 10.2.0.2 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R3#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R4 ** ip address 10.3.0.1 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R3#show run | sec ^router router isis net 49.0010.0000.0000.0003.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65010 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 8.8.8.8 remote-as 65010 neighbor 8.8.8.8 update-source Loopback10 ! address-family l2vpn vpls neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended exit-address-family R3#show run | sec ^l2vpn l2vpn vfi context EXAMPLE-HVPLS vpn id 10 autodiscovery bgp signaling ldp vpls-id 65010:10 route-target export 65010:100 route-target import 65010:200 R3#show run | sec ^bridge bridge-domain 10 member vfi EXAMPLE-HVPLS member 1.1.1.1 10 encapsulation mpls
R5 (N-PE)
R5#show run all | sec ^mpls ip__ mpls ip R5#show run | sec ^mpls mpls label range 500 599 mpls ldp router-id Loopback10 force R5#show run int Lo10 | sec int interface Loopback10 ip address 5.5.5.5 255.255.255.255 R5#show run int Gi1 | sec int interface GigabitEthernet1 description ** to R6 ** ip address 10.6.0.1 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R5#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R4 ** ip address 10.4.0.2 255.255.255.252 ip router isis negotiation auto mpls ip no mop enabled no mop sysid isis circuit-type level-2-only isis network point-to-point R5#show run | sec ^router router isis net 49.0010.0000.0000.0005.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65010 bgp router-id 5.5.5.5 bgp log-neighbor-changes neighbor 8.8.8.8 remote-as 65010 neighbor 8.8.8.8 update-source Loopback10 ! address-family l2vpn vpls neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended exit-address-family R5#show run | sec ^l2vpn l2vpn vfi context EXAMPLE-HVPLS vpn id 10 autodiscovery bgp signaling ldp vpls-id 65010:10 route-target export 65010:200 route-target import 65010:100 R5#show run | sec ^bridge bridge-domain 10 member vfi EXAMPLE-HVPLS member 7.7.7.7 10 encapsulation mpls
Host1#ping 192.168.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 50/51/52 ms « Host1 can ping Host2 Host1#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.1.1 - 0000.0000.0001 ARPA GigabitEthernet0/0 Internet 192.168.1.2 7 0000.0000.0002 ARPA GigabitEthernet0/0 « Host1 installs MAC address of Host2 in local ARP cache R1#show mpls l2transport vc Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- Gi1.10 Eth VLAN 10 3.3.3.3 10 UP « EoMPLS Pseudowire between R1 and R3 is UP R1#show l2vpn service all Legend: St=State XC St=State in the L2VPN Service Prio=Priority UP=Up DN=Down AD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware m=manually selected Interface Group Encapsulation Prio St XC St --------- ----- ------------- ---- -- ----- VPWS name: Gi1.10-10, State: UP « A VPWS (EoMPLS) point-to-point pseudowire is used Gi1.10 left Gi1.10:10(Eth VLAN) 0 UP UP pw100001 right 3.3.3.3:10(MPLS) 0 UP UP
Configuring H-VPLS with Q-in-Q in Edge domain
In the following example scenario, H-VPLS is configured with Q-in-Q in the Edge domain. This means, two VLAN tags are assigned to frames by the U-PE devices as traffic enters the H-VPLS Edge domain. The double-tagged frames have the Service VLAN (S-VLAN) 300 assigned, and the Customer VLAN (C-VLAN) 10. The N-PE device expects to receive frames with the SVLAN 300, and encapsulates the frames in an MPLS label stack before forwarding them within the H-VPLS Core network.
Configuration:
SW1 (U-PE)
SW1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE SW5 ** switchport access vlan 300 switchport mode dot1q-tunnel negotiation auto no cdp enable SW1#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to SW2 ** switchport trunk allowed vlan 300 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto
SW4 (U-PE)
SW4#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE SW6 ** switchport access vlan 300 switchport mode dot1q-tunnel negotiation auto no cdp enable SW4#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to SW3 ** switchport trunk allowed vlan 300 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto
R1 (N-PE)
R1#show run all | sec ^mpls ip__ mpls ip R1#show run | sec ^mpls mpls label range 100 199 mpls ldp router-id Loopback10 force R1#show run int Lo10 | sec int interface Loopback10 ip address 1.1.1.1 255.255.255.255 R1#show run int Gi1 | sec int interface GigabitEthernet1 description ** to SW2 ** no ip address negotiation auto no mop enabled no mop sysid service instance 10 ethernet encapsulation dot1q 300 ! R1#show run int Gi2 | sec int interface GigabitEthernet2 description ** to H-VPLS Core R2 ** ip address 10.1.0.1 255.255.255.252 ip ospf network point-to-point negotiation auto mpls ip no mop enabled no mop sysid R1#show run | sec ^router router ospf 10 router-id 1.1.1.1 network 1.1.1.1 0.0.0.0 area 0 network 10.1.0.0 0.0.0.3 area 0 router bgp 65010 bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 65010 neighbor 4.4.4.4 update-source Loopback10 ! address-family l2vpn vpls neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community extended exit-address-family R1#show run | sec ^l2vpn l2vpn vfi context EXAMPLE-HVPLS vpn id 10 autodiscovery bgp signaling ldp vpls-id 65010:10 route-target export 65010:100 route-target import 65010:200 R1#show run | sec ^bridge bridge-domain 10 member GigabitEthernet1 service-instance 10 member vfi EXAMPLE-HVPLS
R3 (N-PE)
R3#show run all | sec ^mpls ip__ mpls ip R3#show run | sec ^mpls mpls label range 300 399 mpls ldp router-id Loopback10 force R3#show run int Lo10 | sec int interface Loopback10 ip address 3.3.3.3 255.255.255.255 R3#show run int Gi1 | sec int interface GigabitEthernet1 description ** to SW3 ** no ip address negotiation auto no mop enabled no mop sysid service instance 10 ethernet encapsulation dot1q 300 ! R3#show run int Gi2 | sec int interface GigabitEthernet2 description ** to H-VPLS Core R2 ** ip address 10.2.0.1 255.255.255.252 ip ospf network point-to-point negotiation auto mpls ip no mop enabled no mop sysid R3#show run | sec ^router router ospf 10 router-id 3.3.3.3 network 3.3.3.3 0.0.0.0 area 0 network 10.2.0.0 0.0.0.3 area 0 router bgp 65010 bgp router-id 3.3.3.3 bgp log-neighbor-changes neighbor 4.4.4.4 remote-as 65010 neighbor 4.4.4.4 update-source Loopback10 ! address-family l2vpn vpls neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community extended exit-address-family R3#show run | sec ^l2vpn l2vpn vfi context EXAMPLE-HVPLS vpn id 10 autodiscovery bgp signaling ldp vpls-id 65010:10 route-target export 65010:200 route-target import 65010:100 R3#show run | sec ^bridge bridge-domain 10 member GigabitEthernet1 service-instance 10 member vfi EXAMPLE-HVPLS
R4 (BGP RR)
R4#show run int Lo10 | sec int interface Loopback10 ip address 4.4.4.4 255.255.255.255 R4#show run int Gi1 | sec int interface GigabitEthernet1 description ** to R2 ** ip address 10.3.0.2 255.255.255.252 ip ospf network point-to-point negotiation auto no mop enabled no mop sysid R4#show run | sec ^router router ospf 10 router-id 4.4.4.4 network 4.4.4.4 0.0.0.0 area 0 network 10.3.0.0 0.0.0.3 area 0 router bgp 65010 bgp router-id 4.4.4.4 bgp log-neighbor-changes neighbor 1.1.1.1 remote-as 65010 neighbor 1.1.1.1 update-source Loopback10 neighbor 3.3.3.3 remote-as 65010 neighbor 3.3.3.3 update-source Loopback10 ! address-family l2vpn vpls neighbor 1.1.1.1 activate neighbor 1.1.1.1 send-community extended neighbor 1.1.1.1 route-reflector-client neighbor 3.3.3.3 activate neighbor 3.3.3.3 send-community extended neighbor 3.3.3.3 route-reflector-client exit-address-family
SW5 (CE)
SW5#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host1 ** switchport access vlan 10 switchport mode access negotiation auto SW5#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to U-PE SW1 ** switchport trunk allowed vlan 10 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto
SW6 (CE)
SW6#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host2 ** switchport access vlan 10 switchport mode access negotiation auto SW6#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to U-PE SW4 ** switchport trunk allowed vlan 10 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto
SW2
SW2#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to U-PE SW1 ** switchport trunk allowed vlan 300 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto SW2#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to N-PE R1 ** switchport trunk allowed vlan 300 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto
SW3
SW3#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to U-PE SW4 ** switchport trunk allowed vlan 300 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto SW3#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to N-PE R3 ** switchport trunk allowed vlan 300 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto
R2
R2#show run all | sec ^mpls ip__ mpls ip R2#show run | sec ^mpls mpls label range 200 299 mpls ldp router-id Loopback10 force R2#show run int Lo10 | sec int interface Loopback10 ip address 2.2.2.2 255.255.255.255 R2#show run int Gi1 | sec int interface GigabitEthernet1 description ** to N-PE R1 ** ip address 10.1.0.2 255.255.255.252 ip ospf network point-to-point negotiation auto mpls ip no mop enabled no mop sysid R2#show run int Gi2 | sec int interface GigabitEthernet2 description ** to N-PE R3 ** ip address 10.2.0.2 255.255.255.252 ip ospf network point-to-point negotiation auto mpls ip no mop enabled no mop sysid R2#show run int Gi3 | sec int interface GigabitEthernet3 description ** to BGP RR R4 ** ip address 10.3.0.1 255.255.255.252 ip ospf network point-to-point negotiation auto no mop enabled no mop sysid R2#show run | sec ^router router ospf 10 router-id 2.2.2.2 network 2.2.2.2 0.0.0.0 area 0 network 10.1.0.0 0.0.0.3 area 0 network 10.2.0.0 0.0.0.3 area 0 network 10.3.0.0 0.0.0.3 area 0
Host1
Host1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE SW5 **
mac-address 0000.0000.0001
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
R1#show bridge-domain 10 Bridge-domain 10 (2 ports in all) State: UP Mac learning: Enabled Aging-Timer: 300 second(s) Maximum address limit: 65536 GigabitEthernet1 service instance 10 vfi EXAMPLE-HVPLS neighbor 3.3.3.3 10 « N-PE R1 has N-PE R3 as VPLS neighbor AED MAC address Policy Tag Age Pseudoport 0 0000.0000.0002 forward dynamic 289 EXAMPLE-HVPLS.404011 « MAC address of Host2 0 0000.0000.0001 forward dynamic 289 GigabitEthernet1.EFP10 R1#show mpls l2transport vc Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- VFI EXAMPLE-HVPLS \ vfi 3.3.3.3 10 UP R1#show l2vpn service all Legend: St=State XC St=State in the L2VPN Service Prio=Priority UP=Up DN=Down AD=Admin Down IA=Inactive SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware m=manually selected Interface Group Encapsulation Prio St XC St --------- ----- ------------- ---- -- ----- VPLS name: EXAMPLE-HVPLS, State: UP pw100001 EXAMPLE-HVPLS(VFI) 0 UP UP pw100002 core_pw 3.3.3.3:10(MPLS) 0 UP UP « VPLS uses MPLS encapsulation to forward QinQ frames BD name: 10, State: -- - 10(BD) 0 UP -- - EXAMPLE-HVPLS(VFI) 0 UP UP Host1#show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.1.1 - 0000.0000.0001 ARPA GigabitEthernet0/0 Internet 192.168.1.2 107 0000.0000.0002 ARPA GigabitEthernet0/0 « Host1 learns Host2 MAC address through H-VPLS with QinQ