26 Ağustos 2015 Çarşamba

VPLS LAB 1 - Example

Before you configure VPLS, you need to ensure that IP routing and MPLS forwarding are configured properly and that the minimal Layer 2 VPN connectivity requirements

Every PE router has a loopback interface that is configured with an IP address and a /32 network mask >  Router ID in LDP signaling for the PE router.

PE routers have IP connectivity to each other >  LDP Neighborship

PE routers have MPLS label switched paths (LSPs) for those host route > Activate MPLS Routing


Attachment circuits that are used in VPLS can be Layer 2 switch-port interfaces, Gigabit Ethernet interfaces on intelligent line cards, or other interfaces with bridged encapsulation.

Before going into the configuration steps for Layer 2 switchport interface, it is necessary to explain the difference and the correlation between a service-delimiting VLAN tag and an internal VLAN tag


Service providers use service-delimiting VLAN tags to identify different types of customer traffic. Because a service-delimiting VLAN tag usually has only local significance, it is removed at the ingress PE router. The egress PE router might have a different service-delimiting VLAN tag, which is added to the packets that are sending to a CE router.


An internal VLAN tag identifies a bridge domain on a PE router. In the context of VPLS, it is the virtual switch.
 Conceptually, service-delimiting VLAN tags and internal VLAN tags are two independent entities.

A port can operate in 3 different modes as:

Access :The interface sends and accepts untagged Ethernet packets only. Tagged Ethernet VLAN packets are dropped.

interface FastEthernet4/3
 no ip address
 switchport
 switchport access vlan 2
 switchport mode access



 Trunk : The interface sends and receives tagged Ethernet VLAN packets and native VLAN packets.

 interface FastEthernet4/3
 no ip address
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2-10
 switchport mode trunk
 


Dot1q Tunnel : Any packet, tagged or untagged, is forwarded through a QinQ tunnel. A QinQ tunnel is identified by the access VLAN tag that is configured on the Layer 2 switchport interface. The access VLAN tag is added to the packet at the ingress tunnel interface and removed at the egress tunnel interface, which means that the VLAN tags must be identical at both interfaces for a given QinQ tunnel.


QinQ tunneling is an Ethernet native tunneling mechanism that stacks VLAN tags together in a similar fashion to the MPLS labels. The outer VLAN tag that is added at the tunnel ingress interface is the access VLAN tag that is configured on the Layer 2 switchport interface. The purpose of the outer VLAN tag is similar to that of the tunnel label in an MPLS-encapsulated pseudowire packet. The outer VLAN tag is to forward the packet from the ingress tunnel endpoint to the egress tunnel endpoint and hide the inner VLAN tag from the transit network.
In VPLS, the transit network is an MPLS network, and a tunnel label is used to move packets from the LSP ingress endpoint to the egress endpoint. Because the function of an outer VLAN tag is effectively replaced by an MPLS tunnel label, the outer VLAN tag is no longer added to the Ethernet header when the Layer 2 switchport interface is configured as dot1q-tunnel mode. That is the main difference in the way dot1q-tunnel mode operates in VPLS versus normal bridging.


The main difference is dot1q tunneling and VPLS mechanism is ;
the outer VLAN tag is replaced with MPLS Tunnel Labels !!!!! 


 interface FastEthernet4/3
 no ip address
 switchport
 switchport access vlan 2
 switchport mode dot1q-tunnel



Configuring VFI : 

We need mapping mechanisim like ( Frame Relay = DLCI, ATM= PVC etc)

In this case;

VPLS = VFI
Also VFI needs some VPN ID.

l2 vfi blue manual
 vpn id 100
 neighbor 10.0.0.2 encapsulation mpls
 neighbor 10.0.0.3 encapsulation mpls

 neighbor 10.0.0.4 encapsulation mpls


Associating Attachment Circuits to the VFI:

The final step is building the many-to-many mapping involves how to associate attachment circuits to a VFI in configuration.


 Step 1.
  VPLS-PE1(config)#interface vlan 2


Note that the VLAN ID needs to be identical to the service-delimiting VLAN tag when using Layer 2 switchport trunk mode. Otherwise, it can be the tag value of an unused VLAN.

Step 2.
Attach the VFI to the VLAN interface:

  VPLS-PE1(config-if)#xconnect vfi blue





CE1 sends and receives untagged Ethernet packets, null service-delimiting VLAN tags.
PE1 configures the switchport mode as dot1q-tunnel to forward packets that have an unmodified Ethernet header. 


The internal VLAN that is associated with the switchport is 2.


CE2 sends and receives tagged Ethernet VLAN packets of which the service-delimiting VLAN tag is 4. PE2 configures the switchport mode as a trunk to remove or add the service-delimiting VLAN tag accordingly. The internal VLAN that is associated with the switchport is 4.

CE3 sends and receives untagged Ethernet packets that, null service-delimiting VLAN tags. PE3 configures the switchport mode as access to forward all untagged packets. The internal VLAN that is associated with the switchport is 8.

CE4 sends and receives tagged Ethernet VLAN packets of which the service-delimiting VLAN tag is 10. PE4 configures the switchport mode as a trunk to remove or add the service-delimiting VLAN tag accordingly. The internal VLAN that is associated with the switchport is 10.




hostname PE1
!
mpls label protocol ldp
mpls ldp logging neighbor-changes
mpls ldp router-id Loopback0
!
l2 vfi l2vpn manual
 vpn id 1
 neighbor 10.0.0.2 encapsulation mpls
 neighbor 10.0.0.3 encapsulation mpls
 neighbor 10.0.0.4 encapsulation mpls
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface POS3/1
 ip address 10.0.1.1 255.255.255.252
 mpls ip
!
interface FastEthernet4/2
 no ip address
 switchport
 switchport access vlan 2
 switchport mode dot1q-tunnel
!
interface Vlan2
 no ip address
 xconnect vfi l2vpn

PE2 --

hostname PE2
!
mpls label protocol ldp
mpls ldp logging neighbor-changes
mpls ldp router-id Loopback0
!
l2 vfi l2vpn manual
 vpn id 1
 neighbor 10.0.0.1 encapsulation mpls
 neighbor 10.0.0.3 encapsulation mpls
 neighbor 10.0.0.4 encapsulation mpls
!
interface Loopback0
 ip address 10.0.0.2 255.255.255.255
!
interface POS3/1
 ip address 10.0.2.1 255.255.255.252
 mpls ip
!
interface FastEthernet4/2
 no ip address
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 4
 switchport mode trunk
!
interface Vlan4
 no ip address
 xconnect vfi l2vpn

PE3

hostname PE3
!
mpls label protocol ldp
mpls ldp logging neighbor-changes
mpls ldp router-id Loopback0
!
l2 vfi l2vpn manual
 vpn id 1
 neighbor 10.0.0.1 encapsulation mpls
 neighbor 10.0.0.2 encapsulation mpls
 neighbor 10.0.0.4 encapsulation mpls
!
interface Loopback0
 ip address 10.0.0.3 255.255.255.255
!
interface POS3/1
 ip address 10.0.3.1 255.255.255.252
 mpls ip
!
interface FastEthernet4/2
 no ip address
 switchport
 switchport access vlan 8
 switchport mode access
!
interface Vlan8
 no ip address
 xconnect vfi l2vpn

Example 15-8 shows the configuration on PE4.

Example 15-8. PE4 Configuration

hostname PE4
!
mpls label protocol ldp
mpls ldp logging neighbor-changes
mpls ldp router-id Loopback0
!
l2 vfi l2vpn manual
 vpn id 1
 neighbor 10.0.0.1 encapsulation mpls
 neighbor 10.0.0.2 encapsulation mpls
 neighbor 10.0.0.3 encapsulation mpls
!
interface Loopback0
 ip address 10.0.0.4 255.255.255.255
!
interface POS3/1
 ip address 10.0.4.1 255.255.255.252
 mpls ip
!
interface FastEthernet4/2
 no ip address
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10
 switchport mode trunk
!
interface Vlan10
 no ip address
 xconnect vfi l2vpn
After full connectivity is established among all CE routers, every PE router should learn all MAC addresses from the CE routers.
 

Hiç yorum yok:

Yorum Gönder