The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
VPLS is a Layer 2 extension technology which most customers use with ISP's and over borrowed/leased services with 3rd party vendors. The usage of VPLS extends beyond the scope of this configuration guide. This is a basic configuration guide on trying to help customers configure L2VPN between the existing ISR4K platforms and the new Cat9500 switches.
You should be aware of basic L2VPN concepts and configuring pseudowire-templates for configuring L2 VFI contexts
ISR4K Router (Any ISR4400/ISR4300), Cat9500 Switch and two devices being used as CE devices
ISR4451-X
C9500-40X-A
CISCO1921
CISCO2911
The configuration tells the usage of the VPLS context and the VC types/details supported
On CE1 and CE2 :
CE1#sh run Building configuration... Current configuration : 105 bytes ! interface GigabitEthernet0/0 no ip address duplex auto speed auto ! interface GigabitEthernet0/0.100 encapsulation dot1Q 100 ip address 101.101.101.2 255.255.255.0 ! |
CE2#sh run Building configuration... Current configuration : 1718 bytes ! interface GigabitEthernet0/1 no ip address duplex auto speed auto ! interface GigabitEthernet0/1.100 encapsulation dot1Q 100 ip address 101.101.101.1 255.255.255.0 ! |
On PE1 and PE2 :
PE1#sh run Building configuration... Current configuration : 5049 bytes ! pseudowire-class VPLS100 encapsulation mpls no control-word ! l2 vfi 100 manual vpn id 100 bridge-domain 100 mtu 9180 neighbor 3.3.3.3 pw-class VPLS100 ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface GigabitEthernet0/0/0 mtu 9180 no ip address negotiation auto service instance 100 ethernet encapsulation dot1q 100 rewrite ingress tag pop 1 symmetric bridge-domain 100 ! ! interface GigabitEthernet0/0/2 ip address 30.30.30.1 255.255.255.0 negotiation auto mpls ip ! ip route 3.3.3.3 255.255.255.255 30.30.30.2 ! mpls ldp router-id Loopback0 force ! |
PE2#sh run Building configuration... Current configuration : 10722 bytes ! ip routing ! pseudowire-class VPLS100 encapsulation mpls no control-word ! l2 vfi 100 manual vpn id 100 neighbor 2.2.2.2 pw-class VPLS100 ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface TenGigabitEthernet2/0/1 no switchport ip address 30.30.30.2 255.255.255.0 mpls ip ! interface TenGigabitEthernet2/0/2 switchport trunk allowed vlan 100 switchport mode trunk ! interface Vlan100 no ip address xconnect vfi 100 ! ip route 2.2.2.2 255.255.255.255 30.30.30.1 ! mpls ldp router-id Loopback0 force ! |
Note : On the ISR4K and ASR1000 devices which run on EFP(Ethernet Flow Point) Service Instances, ensure we configure the "rewrite ingress tag pop 1 symmetric" command under the respective SI (Service Instance) where we want to extend the subnet/broadcast-domain, so that the ISR4K/ASR1k would be able to receive the tagged (802.1Q Vlan Tag) packets being sent over from the CE end.
The Cat9500 platforms support internetworking with "ethernet" so far under VPLS. So first check the VC type is ethernet (Which is default) :
PE1#show mpls l2transport binding Destination Address: 3.3.3.3,VC ID: 100 Local Label: 19 Cbit: 0, VC Type: Ethernet, GroupID: n/a MTU: 9180, Interface Desc: n/a VCCV: CC Type: RA [2], TTL [3] CV Type: LSPV [2] Remote Label: 17 Cbit: 0, VC Type: Ethernet, GroupID: 0 MTU: 9180, Interface Desc: n/a VCCV: CC Type: RA [2], TTL [3] CV Type: LSPV [2]
PE2#show mpls l2transport binding Destination Address: 2.2.2.2,VC ID: 100 Local Label: 17 Cbit: 0, VC Type: Ethernet, GroupID: n/a MTU: 9180, Interface Desc: n/a VCCV: CC Type: RA [2], TTL [3] CV Type: LSPV [2] Remote Label: 19 Cbit: 0, VC Type: Ethernet, GroupID: 0 MTU: 9180, Interface Desc: n/a VCCV: CC Type: RA [2], TTL [3] CV Type: LSPV [2]
Now the rest of the commands would be similar to the way you verify L2VPN VC. But it is important to understand that the Cat9500 has system mtu, hence you wont be able to modify the individual interface MTU values facing the LAN side. Hence you would need to explicitly configure "mtu <>" under the l2 vfi context on the ISR4K platform so that the MTU values get negotiated based on the system mtu configured on the Cat9500 switch :
PE2 :
PE2#show system mtu Global Ethernet MTU is 9180 bytes.
PE1 :
PE1#show mpls l2transport vc detail Local interface: VFI 100 vfi up Interworking type is Ethernet Destination address: 3.3.3.3, VC ID: 100, VC status: up Output interface: Gi0/0/2, imposed label stack {17} Preferred path: not configured Default path: active Next hop: 30.30.30.2 Create time: 00:02:10, last status change time: 00:02:10 Last label FSM state change time: 00:02:10 Signaling protocol: LDP, peer 3.3.3.3:0 up Targeted Hello: 2.2.2.2(LDP Id) -> 3.3.3.3, LDP is UP Graceful restart: not configured and not enabled Non stop routing: not configured and not enabled Status TLV support (local/remote) : enabled/supported LDP route watch : enabled Label/status state machine : established, LruRru Last local dataplane status rcvd: No fault Last BFD dataplane status rcvd: Not sent Last BFD peer monitor status rcvd: No fault Last local AC circuit status rcvd: No fault Last local AC circuit status sent: No fault Last local PW i/f circ status rcvd: No fault Last local LDP TLV status sent: No fault Last remote LDP TLV status rcvd: No fault Last remote LDP ADJ status rcvd: No fault MPLS VC labels: local 19, remote 17 Group ID: local n/a, remote 0 MTU: local 9180, remote 9180 Remote interface description: Sequencing: receive disabled, send disabled Control Word: Off SSO Descriptor: 3.3.3.3/100, local label: 19 Dataplane: SSM segment/switch IDs: 8387/4289 (used), PWID: 4 VC statistics: transit packet totals: receive 0, send 0 transit byte totals: receive 0, send 0 transit packet drops: receive 0, seq error 0, send 0
PE2 :
PE2#show mpls l2transport vc detail Local interface: VFI 100 vfi up Interworking type is Ethernet Destination address: 2.2.2.2, VC ID: 100, VC status: up Output interface: Te2/0/1, imposed label stack {19} Preferred path: not configured Default path: active Next hop: 30.30.30.1 Create time: 01:02:03, last status change time: 00:03:09 Last label FSM state change time: 00:03:09 Signaling protocol: LDP, peer 2.2.2.2:0 up Targeted Hello: 3.3.3.3(LDP Id) -> 2.2.2.2, LDP is UP Graceful restart: not configured and not enabled Non stop routing: not configured and not enabled Status TLV support (local/remote) : enabled/supported LDP route watch : enabled Label/status state machine : established, LruRru Last local dataplane status rcvd: No fault Last BFD dataplane status rcvd: Not sent Last BFD peer monitor status rcvd: No fault Last local AC circuit status rcvd: No fault Last local AC circuit status sent: No fault Last local PW i/f circ status rcvd: No fault Last local LDP TLV status sent: No fault Last remote LDP TLV status rcvd: No fault Last remote LDP ADJ status rcvd: No fault MPLS VC labels: local 17, remote 19 Group ID: local n/a, remote 0 MTU: local 9180, remote 9180 Remote interface description: Sequencing: receive disabled, send disabled Control Word: Off SSO Descriptor: 2.2.2.2/100, local label: 17 Dataplane: SSM segment/switch IDs: 12297/8194 (used), PWID: 1 VC statistics: transit packet totals: receive 0, send 0 transit byte totals: receive 0, send 0 transit packet drops: receive 0, seq error 0, send 0
Now when we try to initiate pings from CE1 to CE2 :
CE1#ping 101.101.101.1 source 101.101.101.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 101.101.101.1, timeout is 2 seconds: Packet sent with a source address of 101.101.101.2 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Then when we check the VC statistics to ensure the packets are going via VPLS :
PE1 :
PE1#show mpls l2transport vc detail | sec statistics VC statistics: transit packet totals: receive 5, send 5 transit byte totals: receive 660, send 660 transit packet drops: receive 0, seq error 0, send 0
PE2 :
PE2#show mpls l2transport vc detail | sec statistics VC statistics: transit packet totals: receive 5, send 5 transit byte totals: receive 680, send 680 transit packet drops: receive 0, seq error 0, send 0
This document was meant to highlight the compatibility issues while configuring a VPLS VC between the ISR/ASR routers and the Cat9500 swtiches acting as the PE nodes, so presently no troubleshooting steps.