Cisco 7600 Series Ethernet Services Plus (ES+) and Ethernet Services Plus T (ES+T) Line Card Configuration Guide
Configuring MPLS Features
Downloads: This chapterpdf (PDF - 910.0KB) | Feedback

Table of Contents

Configuring MPLS Features

Configuring Any Transport over MPLS

Scalable EoMPLS on Cisco 7600 Series ES+ Line Cards

HSPW Support for Ethernet ACs

Restrictions and Usage Guidelines

Examples

Verification

MPLS VPN—L3VPN over GRE

Prerequisites for MPLS VPN—L3VPN over GRE

Restrictions for MPLS VPN—L3VPN over GRE

Information About MPLS VPN—L3VPN over GRE

PE-to-PE Tunneling

P-to-PE Tunneling

P-to-P Tunneling

How to Configure MPLS VPN—L3VPN over GRE

Configuring the MPLS VPN—L3VPN over GRE Tunnel Interface

Configuration Examples for MPLS VPN—L3VPN over GRE

Example: Configuring the MPLS VPN—L3VPN over GRE Tunnel Interface

Example: Verifying Unicast Routes

Same Source MPLSoGRE

Configuring MPLS Traffic Engineering Class-Based Tunnel Selection

MPLS Traffic Engineering Class-Based Tunnel Selection Restrictions and Usage Guidelines

Creating Multiple MPLS Member TE or DS-TE Tunnels with the Same Headend and the Same Tailend

Creating a Master Tunnel, Attaching Member Tunnels, and Making the Master Tunnel Visible

Example

Verifying the MPLS Configuration

Configuring Virtual Private LAN Service

VPLS Overview

Restrictions for VPLS

Full-Mesh Configuration

Hub and Spoke

Hierarchical Virtual Private LAN Service (H-VPLS) with MPLS to the Edge

Configuring H-VPLS with Port-Channel Core Interface

Restrictions and Usage Guidelines

Supported Features

FAT PW Load balancing

Multipoint-to-Multipoint Support

Non-Transparent Operation

Circuit Multiplexing

MAC-Address Learning Forwarding and Aging

Jumbo Frame Support

Q-in-Q Support and Q-in-Q to EoMPLS Support

TE-FRR Support on VPLS LAG NNI

BPDU PW Over LAG NNI

VPLS Services

Transparent LAN Service

Ethernet Virtual Connection Service

Benefits of VPLS

Configuring VPLS

Prerequisites

Supported Modules

Basic VPLS Configuration

Configuring the PE Layer 2 Interface to the CE

Configuring Layer 2 VLAN Instance on the PE

Configuring MPLS WAN Interface on the PE

Configuring MPLS in the PE

Configuring the VFI in the PE

Associating the Attachment Circuit with the VSI at the PE

Configuring BPDU PW on a Port Channel

Full-Mesh Configuration Example

H-VPLS with MPLS Edge Configuration Example

MAC Limit Per VLAN

Traffic Engineering for Transport Tunnel

Load Balancing

Configuring Dot1q Transparency for EoMPLS

Restrictions

Troubleshooting

MPLS-TP Support for Ethernet Access Circuits

Restrictions for MPLS-TP Support for Ethernet Access Circuits

BFD Over VCCV Control Channel, Support for Ethernet AC

Restrictions for BFD Over VCCV Control Channel on ES+ Line Card

Configuration Steps

Verifying BFD VCCV Configuration

Debugging the BFD CCV

Configuring MPLS Features

This chapter provides information about configuring Multiprotocol Label Switching (MPLS) features on the Cisco 7600 Series Ethernet Services Plus (ES+) and Ethernet Services Plus T (ES+T) line card on the Cisco 7600 series router.

For more information about the commands used in this chapter, see the Cisco IOS Release 12.2 SR Command References at http://www.cisco.com/en/US/products/ps6922/prod_command_reference_list.html .

This section includes the following topics:


Note The information provided in this chapter is applicable to both the ES+ and ES+T line cards unless specified otherwise.


Configuring Any Transport over MPLS

Any Transport over MPLS (AToM) transports Layer 2 packets over a Multiprotocol Label Switching (MPLS) backbone. AToM uses a directed Label Distribution Protocol (LDP) session between edge routers for setting up and maintaining connections. Forwarding occurs through the use of two levels of labels, switching between the edge routers. The external label (tunnel label) routes the packet over the MPLS backbone to the egress Provider Edge (PE) at the ingress PE. The VC label is a demultiplexing label that determines the connection at the tunnel endpoint (the particular egress interface on the egress PE as well as the virtual path identifier [VPI]/virtual channel identifier [VCI] value for an ATM Adaptation Layer 5 [AAL5] protocol data unit [PDU], the data-link connection identifier [DLCI] value for a Frame Relay PDU, or the virtual LAN [VLAN] identifier for an Ethernet frame).

Scalable EoMPLS on Cisco 7600 Series ES+ Line Cards

With Scalable EoMPLS, the CE-facing line card performs all EoMPLS imposition and disposition label processing. From the core-side line card perspective, the AToM packets in and out of the router appear as generic MPLS frames.

HSPW Support for Ethernet ACs

Hot-Standby capability helps to improve the switchover time for pseudowires (PW) in service providers network. This feature keeps the backup PW pre-programmed in the hardware and at switchover, the backup PW is enabled to pass the traffic.

Restrictions and Usage Guidelines

When configuring the Scalable EoMPLS on Cisco 7600 Series ES+ line cards, follow these restrictions and usage guidelines:

  • Scalable EoMPLS is supported with EVCs (ethernet virtual circuits). An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer.
  • Scalable EoMPLS is supported as a mapped service for the QinQ termination.
  • Service Instances supported: 16, 000 per line card (32, 000 per Cisco 7600 series router)
  • VC type 4 and VC type 5 are supported.
  • Control word operation is supported.
  • For ingress policing, only the drop action and the accept action for the police command are supported.
  • Ingress COS marking is not supported.
  • Ingress COS-inner marking is supported.
  • For QoS marking, mapping of the incoming VLAN dot1q p-bits to the outgoing MPLS EXP bits is supported.
  • For QoS marking, mapping of the incoming MPLS EXP bits to the outgoing VLAN dot1q p-bits is supported (if EVC rewrite is pop tag).
  • For QoS shaping, egress pseudowire shaping is supported. Matching is based on the MPLS EXP bits.
  • The Dot1q Transparency for EoMPLS feature is supported.
  • Because HWEoMPLS is not supported on the ES+ line card, the xconnect command with encapsulation mpls is rejected on the Layer 3 interface and Layer 3 subinterface.
  • The HSPW feature is supported only with Scalable EoMPLS and an ES+ line card supports a maximum of 16000 Scalable EoMPLS.
  • The HSPW feature supports only pseudowires configured on a ES+ line card within the Ethernet EVC and supports around 6000 backup PWs.
  • The HSPW feature supports only VC type 5.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface gigabitethernet slot/port or interface tengigabitethernet slot/port

4. [no] service instance id Ethernet [service-name}

5. encapsulation dot1q vlan-id second-dot1q {any | vlan-id[vlan-id[-vlan-id]]}

6. rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} symmetric

7. xconnect peer-id vc-id encapsulation mpls

DETAILED STEPS

 

Command or Action
Purpose

Step 1

enable

 

Router# enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

interface gigabitethernet slot/port

or

interface tengigabitethernet slot/port

 

Router(config)# interface gigabitethernet 4/1

Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:

  • slot/port—Specifies the location of the interface.

Step 4

[no] service instance id {Ethernet [service-name}

 

Router(config-if)# service instance 101 ethernet

Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode.

Step 5

encapsulation dot1q vlan-id second-dot1q {any | vlan-id[vlan-id[-vlan-id]]}

 

 

 

Router(config-if-srv)# encapsulation dot1q 5

Defines the matching criteria to map ingress dot1q frames on an interface to the appropriate service instance.

Note Use the encapsulation dot1q default command to configure the default service instance on a port. Use the encapsulation dot1q untagged command to map untagged Ethernet frames on an ingress interface to a service instance.

Step 6

rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} symmetric

 

Router(config-if-srv)# rewrite ingress tag dot1q single symmetric

Specifies the tag manipulation that is to be performed on the frame ingress to the service instance.

Step 7

xconnect peer-id vc-id encapsulation mpls
 
Router(config-if-srv)# xconnect 10.0.0.1 123 encapsulation mpls

Configures scalable EoMPLS on a service instance. On the ingress side, after proper encapsulation manipulations, a packet is tunneled in an EoMPLS VC and transmitted on the core.

Note Use the backup peer-id vc-id command to configure the HSPW feature.

Examples

The following is an example of a basic configuration.

This is the customer-facing port at router 1.

Router# enable
Router# configure terminal
Router(config)# interface TenGigabitEthernet 1/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rrewrite ingress tag translate 1-to-2 dot1q 5 second-dot1q 5 symmetric
Router(config-if-srv)# xconnect 2.2.2.2 100 encapsulation mpls
 

This is the global configuration at router 1.

Router# enable
Router# configure terminal
Router(config)# interface loopback1
Router(config-if)# ip address 1.1.1.1 255.255.255.255
 
!MPLS core facing port
Router(config-if)# ip address 20.1.1.1 255.255.255.0
Router(config-if)# mpls label protocol ldp
Router(config-if)# mpls ip
 

This is the customer-facing port at router 2.

Router# enable
Router# configure terminal
Router(config)# interface TenGigabitEthernet 2/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rewrite ingress tag translate 1-to-2 dot1q 5 second-dot1q 5 symmetric
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls
 

This is the global configuration at router 2.

Router# enable
Router# configure terminal
Router(config)# interface loopback1
Router(config-if)# ip address 2.2.2.2 255.255.255.255
 

This is the MPLS core facing port.

Router(config-if)# ip address 20.1.1.2 255.255.255.0
Router(config-if)# mpls label protocol ldp
Router(config-if)# mpls ip
 

The following is an example of single tag VLAN configuration for tunneling a single VLAN service instance.

This is the customer facing port.

Router# enable
Router# configure terminal
Router(config)# interface TenGigabitEthernet 2/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rewrite ingress tag translate 1-to-2 dot1q 5 second-dot1q 5 symmetric
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls
 

The following is an example of double tag VLAN configuration for tunneling double tag VLAN frames.

This is the customer facing port.

Router# enable
Router# configure terminal
Router(config)# interface TenGigabitEthernet 2/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 200
Router(config-if-srv)# rewrite ingress tag translate 2-to-2 dot1q 5 second-dot1q 5 symmetric
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls
 

The following is an example of a selective QinQ xconnect configuration.

This is the customer facing port.

Router# enable
Router# configure terminal
Router(config)# interface TenGigabitEthernet 2/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20, 30, 50-60
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls
 

The following is an example of a port-based xconnect tunnel configuration that tunnels all incoming packets to the remote peer.

!All tag and non-tag packets aggregation
Router# enable
Router# configure terminal
Router(config)# interface TenGigabitEthernet 2/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation default
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls
 
!All non-tag packets aggregation
Router(config)# interface TenGigabitEthernet 2/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation untagged
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls
 

Verification

Use the following commands to verify operation.

 

Command
Purpose
Router# show ethernet service evc [id evc-id | interface interface-id] [detail]

Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detail option provides additional information on the EVC.

Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail]

Displays information about one or more service instances. If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances on the given interface.

Router# show ethernet service interface [interface-id] [detail]

Displays information in the Port Data Block (PDB).

Router# show mpls l2 vc min VC ID max VC ID detail

Displays detailed information related to the virtual connection (VC).

Router# show mpls l2transport vc

Displays the state of VCs.

Router# show mpls forwarding

Displays the contents of the Multiprotocol Label Switching (MPLS) Label Forwarding Information Base (LFIB).

Note Output should have the label entry l2ckt.

Router# show platform atom imp-tbl remote-vc-label

Displays the imposition table on the line card for a VC based remote label.

Note You must know the remote VC Label for a VC to use this command.

Router# show platform atom disp-tbl local-vc-label

Displays the disposition table on the Line Card for a VC based local label.

Note You must know the Local VC Label for a VC to use this command.

Router# show platform atom tbl-summary

Displays the total number of PWs programmed on the line card, which includes the primary PWs and the backup PWs that are programmed.

Router# show platform atom imp-tbl backup

Displays the imposition table on the Line Card for backup VCs.

Router# show platform atom disp-tbl backup

Displays the disposition table on the Line Card for backup VCs

MPLS VPN—L3VPN over GRE

The MPLS VPN—L3VPN over GRE feature provides a mechanism for tunneling Multiprotocol Label Switching (MPLS) packets over a non-MPLS network.

The MPLS VPN—L3VPN over GRE feature utilizes MPLS over generic routing encapsulation (MPLSoGRE) to encapsulate MPLS packets inside IP tunnels thus creating virtual point-to-point links across non-MPLS networks.

Prerequisites for MPLS VPN—L3VPN over GRE

Before you configure the MPLS VPN—L3VPN over GRE feature, ensure that your MPLS Virtual Private Network (VPN) is configured and working properly. See the Configuring MPLS Layer 3 VPNs module for information about setting up MPLS VPNs.

Ensure that the following routing protocols are configured and working properly:

Restrictions for MPLS VPN—L3VPN over GRE

The MPLS VPN—L3VPN over GRE feature does not support the following:

  • Quality of service (QoS) service policies configured on the tunnel interface; they are supported on the physical or subinterface
  • GRE options: sequencing, checksum, and source route
  • IPv6 GRE
  • Advanced features such as Carrier Supporting Carrier (CSC) and Interautonomous System (Inter-AS)

Information About MPLS VPN—L3VPN over GRE

The MPLS VPN—L3VPN over GRE feature provides a mechanism for tunneling MPLS packets over non-MPLS networks.

MPLS VPN—L3VPN over GRE allows you to create a GRE tunnel across a non-MPLS network. The MPLS packets are encapsulated within the GRE tunnel packets, and the encapsulated packets traverse the non-MPLS network through the GRE tunnel. When GRE tunnel packets are received at the other side of the non-MPLS network, the GRE tunnel packet header is removed and the inner MPLS packet is forwarded to its final destination.

The MPLS VPN—L3VPN over GRE feature supports three GRE tunnel configurations:

PE-to-PE Tunneling

The provider edge-to-provider edge (PE-to-PE) tunneling configuration provides a scalable way to connect multiple customer networks across a non-MPLS network. With this configuration, traffic that is destined to multiple customer networks is multiplexed through a single GRE tunnel.


Note A similar nonscalable alternative is to connect each customer network through separate GRE tunnels (for example, connecting one customer network for each GRE tunnel).


As shown in Figure 6-1, the PE routers assign VPN routing and forwarding (VRF) numbers to the customer edge (CE) routers on each side of the non-MPLS network.

The PE routers use routing protocols such as Border Gateway Protocol (BGP), OSPF Open Shortest Path First (OSPF), or Routing Information Protocol (RIP) to learn about the IP networks behind the CE routers. The routes to the IP networks behind the CE routers are stored in the associated CE router’s VRF routing table.

The PE router on one side of the non-MPLS network uses the routing protocols (that are operating within the non-MPLS network) to learn about the PE router on the other side of the non-MPLS network. The learned routes that are established between the PE routers are then stored in the main or default routing table.

The opposing PE router uses BGP to learn about the routes that are associated with the customer networks behind the PE routers. These learned routes are not known to the non-MPLS network.

For this example, BGP defines a static route to the BGP neighbor (the opposing PE router) through the GRE tunnel that spans the non-MPLS network. Because the routes that are learned by the BGP neighbor include the GRE tunnel next hop, all customer network traffic is sent using the GRE tunnel.

Figure 6-1 PE-to-PE Tunneling

 

P-to-PE Tunneling

As shown in Figure 6-2, the provider-to-provider edge (P-to-PE) tunneling configuration provides a way to connect a PE router (P1) to an MPLS segment (PE-2) across a non-MPLS network. In this configuration, MPLS traffic that is destined to the other side of the non-MPLS network is sent through a single GRE tunnel.

Figure 6-2 P-to-PE Tunneling

 

P-to-P Tunneling

As shown in Figure 6-3, the provider-to-provider (P-to-P) configuration provides a method of connecting two MPLS segments (P1 to P2) across a non-MPLS network. In this configuration, MPLS traffic that is destined to the other side of the non-MPLS network is sent through a single GRE tunnel.

Figure 6-3 P-to-P Tunneling

 

How to Configure MPLS VPN—L3VPN over GRE

Configuring the MPLS VPN—L3VPN over GRE Tunnel Interface

To configure the MPLS VPN—L3VPN over GRE feature, you must create a GRE tunnel to span the non-MPLS networks. You must perform this procedure on the devices located at both ends of the GRE tunnel.


Note ACLs configured under the tunnel interface are not supported in hardware. Also, the ACLs configured under tunnel physical interface are not applied to the tunneled traffic.


Prerequisites

Before configuring the MPLS VPN—L3VPN over GRE feature, ensure that your MPLS VPN and the appropriate routing protocols are configured and working properly. See the “Prerequisites for MPLS VPN—L3VPN over GRE” section.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface tunnel tunnel-number

4. ip route prefix mask { ip-address | interface-type interface-number [ ip-address ]} [ dhcp ] [ distance ] [ name next-hop-name ] [ permanent | track number ] [ tag tag ]

5. tunnel source source-address

6. tunnel destination destination-address

7. mpls ip

8. exit

9. show ip route

DETAILED STEPS

Command or Action
Purpose

Step 1

enable

 

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

interface tunnel tunnel-number

 

Router(config)# interface tunnel 1

Creates a tunnel on the specified interface and enters interface configuration mode.

Step 4

ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [dhcp] [distance] [name next-hop-name] [permanent | track number] [tag tag]

 

Router(config-if)# ip route 209.165.200.253 255.255.255.224 FastEthernet 0/0

Configures a static route to the BGP neighbor on the SIP 2 interface or tunnel interface.

Step 5

tunnel source source-address

 

Router(config-if)# tunnel source 209.165.200.254

Specifies the tunnel’s source IP address.

Step 6

tunnel destination destination-address

 

Router(config-if)# tunnel destination 209.165.200.255

Specifies the tunnel’s destination IP address.

Step 7

mpls ip

 

Router(config-if)# mpls ip

Enables MPLS on the tunnel’s physical interface.

Step 8

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 9

show ip route

 

Router(config)# show ip route

Displays the current state of the routing table.

Examples

The following example shows a GRE tunnel configuration that spans a non-MPLS network. This example shows the tunnel configuration on the PE devices (PE1 and PE2) located at both ends of the tunnel:

PE1 Configuration

Router# configure terminal
Router(config)# interface Tunnel 1
Router(config-if)# ip address 209.165.200.253 255.255.255.224
Router(config-if)# tunnel source 209.165.200.254
Router(config-if)# tunnel destination 209.165.200.255
Router(config-if)# mpls ip

PE2 Configuration

Router# configure terminal
Router(config)# interface Tunnel 1
Router(config-if)# ip address 209.165.200.235 255.255.255.224
Router(config-if)# tunnel source 209.165.200.240
Router(config-if)# tunnel destination 209.165.200.245
Router(config-if)# mpls ip

Example: Configuring the MPLS VPN—L3VPN over GRE Tunnel Interface

The following basic MPLS configuration example uses a GRE tunnel to span a non-MPLS network. This example is similar to the configuration shown in Figure 6-1.

PE1 Configuration

!
mpls ip
!
ip vrf vpn1
rd 100:1
route-target import 100:1
route-target export 100:1
!
interface loopback 0
ip address 209.165.200.225 255.255.255.224
!
interface GigabitEthernet 0/1/2
ip address 209.165.200.226 255.255.255.224
!
interface Tunnel 1
ip address 209.165.200.227 255.255.255.224
tunnel source 209.165.200.228
tunnel destination 209.165.200.229
mpls ip
!
interface GigabitEthernet 0/1/3
ip vrf forwarding vpn1
ip address 209.165.200.230 255.255.255.224
!
router bgp 100
neighbor 209.165.200.231 remote-as 100
neighbor 209.165.200.231 update-source loopback0
!
address-family vpnv4
neighbor 209.165.200.232 activate
neighbor 209.165.200.232 send community-extended
!
address-family ipv4 vrf vpn1
neighbor 209.165.200.240 remote-as 20
neighbor 209.165.200.240 activate
!

PE2 Configuration

!
mpls ip
!
ip vrf vpn1
rd 100:1
route-target import 100:1
route-target export 100:1
!
interface loopback 0
ip address 209.165.200.240 255.255.255.224
!
interface GigabitEthernet 0/1/1
ip address 209.165.200.241 255.255.255.224
!
interface Tunnel 1
ip address 209.165.200.244 255.255.255.224
tunnel source 209.165.200.245
tunnel destination 209.165.200.247
mpls ip
!
interface GigabitEthernet 0/0/5
ip vrf forwarding vpn1
ip address 209.165.200.249 255.255.255.224
!
router bgp 100
neighbor 209.165.200.250 remote-as 100
neighbor 209.165.200.252 update-source loopback0
!
address-family vpnv4
neighbor 209.165.200.253 activate
neighbor 209.165.200.254 send community-extended
!
address-family ipv4 vrf vpn1
neighbor 209.165.200.254 remote-as 30
neighbor 209.165.200.255 activate
 

Example: Verifying Unicast Routes

The following example shows how to display unicast routes. This display shows the next hop for the BGP neighbor depending on the selected interface.

Router# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
 
Gateway of last resort is not set
 
209.165.200.225/32 is subnetted, 1 subnets
O 209.165.200.226 [110/3] via 209.165.200.250, 00:09:55, POS2/0/0
209.165.200.227/32 is subnetted, 1 subnets
C 209.165.200.229 is directly connected, Loopback0
209.165.200.230/32 is subnetted, 1 subnets
O 209.165.200.231 [110/2] via 209.165.200.232, 00:09:55, POS2/0/0
S 209.165.200.240/8 [1/0] via 209.165.200.252
209.165.200.245/32 is subnetted, 2 subnets
S 209.165.200.247 is directly connected, POS2/0/0
O 209.165.200.248 [110/3] via 209.165.200.249, 00:09:55, POS2/0/0
C 209.165.200.254/8 is directly connected, POS2/0/0

Same Source MPLSoGRE

Effective with Release 15.2(1)S, you can configure more than one GRE tunnel on an ES+ line card using the same source. The packets are hardware switched even when multiple tunnels share the same source. All the GRE tunnels on a specified node can use a single source IP prefix instead of multiple prefixes. The advantage is that you can minimize the prefixes required for infrastructure, and enables the network to scale the number of tunnels. The following restrictions apply:

  • All core facing interfaces should be on ES+ card.
  • Existing infra will throw a warning message when more than one tunnel is configured with the same source.
  • Tunnel key, tunnel options, and checksum are not supported in hardware.
  • Currently, tunnels do not support vrf configuration.
  • Fragmented packet processing is not supported in hardware.
  • MPLS LDP explicit-null must be enabled on both ends of the tunnel for this feature to work properly.

Note Effective with Cisco IOS Release 15.2(4)S, Same Source MPLSoGRE feature is supported on SIP 400.


Configuring MPLS Traffic Engineering Class-Based Tunnel Selection

Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) enables you to dynamically route and forward traffic with different class of service (CoS) values onto different TE tunnels between the same tunnel headend and the same tailend. The TE tunnels can be regular TE tunnels or DiffServ-aware TE (DS-TE) tunnels.

The set of TE/DS-TE tunnels from the same headend to the same tailend that you configure to carry different CoS values is referred to as a “tunnel bundle.” Tunnels are “bundled” by creating a master tunnel and then attaching member tunnels to the master tunnel. After configuration, CBTS dynamically routes and forwards each packet into the tunnel that meets the following requirements:

  • Is configured to carry the CoS of the packet
  • Has the right tailend for the destination of the packet

Because CBTS offers dynamic routing over DS-TE tunnels and requires minimum configuration, it greatly eases deployment of DS-TE in large-scale networks.

CBTS can distribute all CoS values on eight different tunnels or multiple COS value to multiple tunnels.

CBTS also allows the TE tunnels of a tunnel bundle to exit headend routers through different interfaces.

CBTS configuration involves performing the following tasks:

  • Creating multiple (DS-) TE tunnels with the same headend and tailend and indicating on each of these tunnels which CoSs are to be transported on the tunnel.
  • Creating a master tunnel, attaching the member tunnels to it, and making the master tunnel visible for routing.

MPLS Traffic Engineering Class-Based Tunnel Selection Restrictions and Usage Guidelines

When configuring MPLS Traffic Engineering Class-Based Tunnel Selection (CBTS), follow these restrictions and usage guidelines:

  • CBTS has the following prerequisites:

MPLS enabled on all tunnel interfaces

Cisco Express Forwarding (CEF) or distributed CEF (dCEF) enabled in general configuration mode

  • CBTS has the following restrictions:

For a given destination, all CoS values are carried in tunnels terminating at the same tailend. Either all CoS values are carried in tunnels or no values are carried in tunnels. In other words, for a given destination, you cannot map some CoS values in a DS-TE tunnel and other CoS values in a Shortest Path First (SPF) Label Distribution Protocol (LDP) or SPF IP path.

No LSP is established for the master tunnel and regular traffic engineering attributes (bandwidth, path option, fast reroute) are irrelevant on a master tunnel. TE attributes (bandwidth, bandwidth pool, preemption, priorities, path options, and so on) are configured completely independently for each tunnel.

CBTS does not allow load-balancing of a given EXP value in multiple tunnels. If two or more tunnels are configured to carry a given experimental (EXP) value, CBTS picks one of these tunnels to carry this EXP value (which is calculated through pre-defined rules).

CBTS supports aggregate control of bumping (that is, it is possible to define default tunnels to be used if other tunnels go down). However, CBTS does not allow control of bumping if the default tunnel goes down. CBTS does not support finer-grain control of bumping. For example, if the voice tunnel goes down, redirect voice to T2, but if video goes down, redirect to T3.

The operation of CBTS is not supported with Any Transport over MPLS (AToM), MPLS TE Automesh, or label-controlled (LC) ATM.

Prior to Release15.0(1)7, MPLS TE is not supported on port channel.

Creating Multiple MPLS Member TE or DS-TE Tunnels with the Same Headend and the Same Tailend

Perform the following task to create multiple MPLS member TE or DS-TE tunnels with the same headend and same tailend and to configure EXP values to be carried by each of these tunnels. The procedure begins in global configuration mode.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface tunnel number

4. ip unnumbered type number

5. tunnel destination { hostname | ip-address }

6. tunnel mode mpls traffic-eng

7. tunnel mpls traffic-eng bandwidth [ sub-pool | global ] bandwidth

8. tunnel mpls traffic-eng exp [ list-of-exp-values ] [ default ]

9. exit

DETAILED STEPS

 

Command
Purpose

Step 1

enable

 
Router# enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

interface tunnel number

 

Router(config)# interface tunnel 7

Configures a tunnel interface type and enters interface configuration mode.

  • number —Number of the tunnel interface that you want to create or configure.

Step 4

ip unnumbered type number

 

Router(config-if)# ip unnumbered loopback0

Enables IP processing on an interface without assigning an explicit IP address to the interface.

  • type —Type of another interface on which the router has an assigned IP address.
  • number —Number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface.

Step 5

tunnel destination { hostname | ip-address }

 

Router(config-if)# tunnel destination 10.5.5.5

Specifies the destination of the tunnel for this path option.

  • hostname —Name of the host destination.
  • ip-address —IP address of the host destination expressed in four-part, dotted decimal notation.

Step 6

tunnel mode mpls traffic-eng

 

Router(config-if)# tunnel mode mpls traffic-eng

Sets the mode of a tunnel to MPLS for TE.

Step 7

tunnel mpls traffic-eng bandwidth [ sub-pool | global ] bandwidth

 
Router(config-if)# tunnel mpls traffic-eng bandwidth 100

Configures the bandwidth for the MPLS TE tunnel. If automatic bandwidth is configured for the tunnel, use the tunnel mpls traffic-eng bandwidth command to configure the initial tunnel bandwidth, which is adjusted by the auto-bandwidth mechanism.

  • sub-pool —(Optional) Indicates a subpool tunnel.
  • global —(Optional) Indicates a global pool tunnel. Entering this keyword is not necessary, because all tunnels are global pool in the absence of the sub-pool keyword. But if users of pre-DiffServ-aware Traffic Engineering (DS-TE) images enter this keyword, it is accepted.
  • bandwidth —Bandwidth, in kilobits per second, set aside for the MPLS traffic engineering tunnel. Range is between 1 and 4294967295.

Note You can configure any existing mpls traffic-eng command on these TE or DS-TE tunnels.

Step 8

tunnel mpls traffic-eng exp [ list-of-exp-values ] [ default ]

 

Router(config-if)# tunnel mpls traffic-eng exp 7

Specifies an EXP value or values for an MPLS TE tunnel.

  • list-of-exp-values —EXP value or values that are are to be carried by the specified tunnel. Values range from 0 to 7.
  • default —The specified tunnel is to carry all EXP values that are:

Not explicitly allocated to another tunnel

Allocated to a tunnel that is currently down

Step 9

exit

 

Router(config-if)# exit

Exits to global configuration mode.

Repeat Step 1 through Step 7 on the same headend router to create additional tunnels from this headend to the same tailend.

Creating a Master Tunnel, Attaching Member Tunnels, and Making the Master Tunnel Visible

Perform the followings task to create a master tunnel, attach member tunnels to it, and make the master tunnel visible for routing. The procedure begins in global configuration mode.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface tunnel number

4. ip unnumbered type number

5. tunnel destination { hostname | ip-address }

6. tunnel mode mpls traffic-eng exp-bundle master

7. tunnel mode mpls traffic-eng exp-bundle member tunnel-id

8. tunnel mpls traffic-eng autoroute announce

9. tunnel mpls traffic-eng autoroute metric { absolute | relative } value

DETAILED STEPS

 

Command
Purpose

Step 1

enable

 
Router# enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

interface tunnel number

 

Router(config)# interface tunnel 7

Configures a tunnel interface type and enters interface configuration mode.

  • number —Number of the tunnel interface that you want to create or configure.

Step 4

ip unnumbered type number

 

Router(config-if)# ip unnumbered loopback0

Enables IP processing on an interface without assigning an explicit IP address to the interface.

  • type —Type of another interface on which the router has an assigned IP address.
  • number —Number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface.

Step 5

tunnel destination { hostname | ip-address }

 

Router(config-if)# tunnel destination 10.5.5.5

Specifies the destination of the tunnel for this path option.

  • hostname —Name of the host destination.
  • ip-address —IP address of the host destination expressed in four-part, dotted decimal notation.

Step 6

tunnel mode mpls traffic-eng exp-bundle master

 

Router(config-if)# tunnel mode mpls traffic-eng exp-bundle master

Specifies this is the master tunnel for the CBTS configuration.

Step 7

tunnel mode mpls traffic-eng exp-bundle member tunnel-id

 

Router(config-if)# tunnel mode mpls traffic-eng exp-bundle member Tunnel20000

Attaches a member tunnel to the master tunnel.

  • tunnel-id —Number of the tunnel interface to be attached to the master tunnel.

Repeat this command for each member tunnel.

Step 8

tunnel mpls traffic-eng autoroute announce

 

Router(config-if)# tunnel mpls traffic-eng autoroute announce

Specifies that the Interior Gateway Protocol (IGP) should use the tunnel (if the tunnel is up) in its enhanced shortest path first (SPF) calculation.

Step 9

tunnel mpls traffic-eng autoroute metric { absolute | relative } value

 

Router(config-if)# tunnel mpls traffic-eng autoroute metric relative -1

(Optional) Specifies the MPLS TE tunnel metric that the IGP-enhanced SPF calculation uses.

  • absolute —Indicates the absolute metric mode; you can enter a positive metric value.
  • relative —Indicates the relative metric mode; you can enter a positive, negative, or zero value.
  • value —Metric that the IGP enhanced SPF calculation uses. The relative value can be from -10 to 10.

Note Even though the value for a relative metric can be from -10 to +10, configuring a tunnel metric with a negative value is considered a misconfiguration. If the metric to the tunnel tailend appears to be 4 from the routing table, then the cost to the tunnel tailend router is actually 3 because 1 is added to the cost for getting to the loopback address. In this instance, the lowest value that you can configure for the relative metric is -3.


Note Alternatively, static routing could be used instead of autoroute to make the TE or DS-TE tunnels visible for routing.


Example

The following example shows how to configure Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Class-Based Tunnel Selection (CBTS). Tunnel1, Tunnel2, and Tunnel3 are member tunnels, and Tunnel4 is the master tunnel.

Router# enable
Router# configure terminal
Router(config)# interface Tunnel1
Router(config-if)# ip unnumbered loopback0
Router(config-if)# interface destination 24.1.1.1
Router(config-if)# tunnel mode mpls traffic-eng
Router(config-if)# tunnel mpls traffic-eng bandwidth sub-pool 30000
Router(config-if)# tunnel mpls traffic-eng exp 5
 
Router(config)# interface Tunnel2
Router(config-if)# ip unnumbered loopback0
Router(config-if)# interface destination 24.1.1.1
Router(config-if)# tunnel mode mpls traffic-eng
Router(config-if)# tunnel mpls traffic-eng bandwidth 50000
Router(config-if)# tunnel mpls traffic-eng exp 3 4
 
Router(config)# interface Tunnel3
Router(config-if)# ip unnumbered loopback0
Router(config-if)# interface destination 24.1.1.1
Router(config-if)# tunnel mode mpls traffic-eng
Router(config-if)# tunnel mpls traffic-eng bandwidth 10000
Router(config-if)# tunnel mpls traffic-eng exp default
 
Router(config)# interface Tunnel4
Router(config-if)# interface destination 24.1.1.1
Router(config-if)# tunnel mpls traffic-eng exp-bundle master
Router(config-if)# tunnel mpls traffic-eng exp-bundle member Tunnel1
Router(config-if)# tunnel mpls traffic-eng exp-bundle member Tunnel2
Router(config-if)# tunnel mpls traffic-eng exp-bundle member Tunnel3

Router(config-if)# tunnel mpls traffic-eng autoroute enable

Verifying the MPLS Configuration

The following show commands can be used to verify that the MPLS TE or DS-TE tunnels are operating and announced to the IGP. The commands are all entered in privileged EXEC configuration mode.

 

Command
Purpose

show mpls traffic-eng topology { A. B.C. D | igp-id { isis nsap-address | ospf A. B.C. D } [ brief ]}

Shows the MPLS traffic engineering global topology as currently known at this node.

  • A. B.C. D —Specifies the node by the IP address (router identifier to interface address).
  • igp-id —Specifies the node by IGP router identifier.
  • isis nsap-address —Specifies the node by router identification (nsap-address) if you are using Integrated Intermediate System-to-Intermediate System (IS-IS).
  • ospf A. B.C. D —Specifies the node by router identifier if you are using Open Shortest Path First (OSPF).
  • brief —Provides a less-detailed version of the topology.

show mpls traffic-eng exp

Displays EXP mapping.

show ip cef [ type number ] [ detail ]

Displays entries in the forwarding information base (FIB) or displays a summary of the FIB.

  • type number —Identifies the interface type and number for which to display FIB entries.
  • detail —Displays detailed FIB entry information.

show mpls forwarding-table [ network { mask | length } [ detail ]]

Displays the contents of the MPLS label forwarding information base (LFIB).

  • network —Identifies the destination network number.
  • mask —Identifies the network mask to be used with the specified network.
  • length —Identifies the number of bits in the destination mask.
  • detail —Displays information in long form (includes length of encapsulation, length of MAC string, maximum transmission unit [MTU], and all labels).

show mpls traffic-eng autoroute

 

Displays tunnels that are announced to the Interior Gateway Protocol (IGP).

The show mpls traffic-eng topology command output displays the MPLS TE global topology:

Router# show mpls traffic-eng topology 10.0.0.1
 
IGP Id: 10.0.0.1, MPLS TE Id:10.0.0.1 Router Node (ospf 10 area 0) id 1
link[0]: Broadcast, DR: 180.0.1.2, nbr_node_id:6, gen:18
frag_id 0, Intf Address:180.0.1.1
TE metric:1, IGP metric:1, attribute_flags:0x0
SRLGs: None
physical_bw: 100000 (kbps), max_reservable_bw_global: 1000 (kbps)
max_reservable_bw_sub: 0 (kbps)
Global Pool Sub Pool
Total Allocated Reservable Reservable
BW (kbps) BW (kbps) BW (kbps)
--------------- ----------- ----------
bw[0]: 0 1000 0
bw[1]: 0 1000 0
bw[2]: 0 1000 0
bw[3]: 0 1000 0
bw[4]: 0 1000 0
bw[5]: 0 1000 0
bw[6]: 0 1000 0
bw[7]: 100 900 0
 
link[1]: Broadcast, DR: 180.0.2.2, nbr_node_id:7, gen:19
frag_id 1, Intf Address:180.0.2.1
TE metric:1, IGP metric:1, attribute_flags:0x0
SRLGs: None
physical_bw: 100000 (kbps), max_reservable_bw_global: 1000 (kbps)
max_reservable_bw_sub: 0 (kbps)
Global Pool Sub Pool
Total Allocated Reservable Reservable
BW (kbps) BW (kbps) BW (kbps)
--------------- ----------- ----------
bw[0]: 0 1000 0
bw[1]: 0 1000 0
bw[2]: 0 1000 0
bw[3]: 0 1000 0
bw[4]: 0 1000 0
bw[5]: 0 1000 0
bw[6]: 0 1000 0
bw[7]: 0 1000 0
 

The show mpls traffic-eng exp command output displays EXP mapping information about a tunnel:

Router# show mpls traffic-eng exp
 
Destination: 10.0.0.9
Master: Tunnel10 Status: IP
 
Members: Status Conf EXP Actual EXP
Tunnel1 UP/ACTIVE 5 5
Tunnel2 UP/ACTIVE default 0 1 2 3 4 6 7
Tunnel3 UP/INACTIVE(T) 2
Tunnel4 DOWN 3
Tunnel5 UP/ACTIVE(NE)
 
(T)=Tailend is different to master
(NE)=There is no exp value configured on this tunnel.
 

The show ip cef detail command output displays detailed FIB entry information for a tunnel:

Router# show ip cef tunnel1 detail
 
IP CEF with switching (Table Version 46), flags=0x0
31 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 2
2 instant recursive resolutions, 0 used background process
8 load sharing elements, 8 references
6 in-place/0 aborted modifications
34696 bytes allocated to the FIB table data structures
universal per-destination load sharing algorithm, id 9EDD49E1
1(0) CEF resets
Resolution Timer: Exponential (currently 1s, peak 1s)
Tree summary:
8-8-8-8 stride pattern
short mask protection disabled
31 leaves, 23 nodes using 26428 bytes
Table epoch: 0 (31 entries at this epoch)
Adjacency Table has 13 adjacencies
10.0.0.9/32, version 45, epoch 0, per-destination sharing
0 packets, 0 bytes
tag information set, all rewrites inherited
local tag: tunnel head
via 0.0.0.0, Tunnel1, 0 dependencies
traffic share 1
next hop 0.0.0.0, Tunnel1
valid adjacency
tag rewrite with Tu1, point2point, tags imposed {12304}
0 packets, 0 bytes switched through the prefix
tmstats: external 0 packets, 0 bytes
internal 0 packets, 0 bytes
 

The show mpls forwarding-table detail command output displays detailed information from the MPLS LFIB:

Router# show mpls forwarding 10.0.0.9 detail
 
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
Tun hd Untagged 10.0.0.9/32 0 Tu1 point2point
MAC/Encaps=14/18, MRU=1500, Tag Stack{12304}, via Fa6/0
00027D884000000ED70178A88847 03010000
No output feature configured
Per-exp selection: 1
Untagged 10.0.0.9/32 0 Tu2 point2point
MAC/Encaps=14/18, MRU=1500, Tag Stack{12305}, via Fa6/1
00027D884001000ED70178A98847 03011000
No output feature configured
Per-exp selection: 2 3
Untagged 10.0.0.9/32 0 Tu3 point2point
MAC/Encaps=14/18, MRU=1500, Tag Stack{12306}, via Fa6/1
00027D884001000ED70178A98847 03012000
No output feature configured
Per-exp selection: 4 5
Untagged 10.0.0.9/32 0 Tu4 point2point
MAC/Encaps=14/18, MRU=1500, Tag Stack{12307}, via Fa6/1
00027D884001000ED70178A98847 03013000
No output feature configured
Per-exp selection: 0 6 7
 

The show mpls traffic-eng autoroute command output displays tunnels that are announced to the Interior Gateway Protocol (IGP).

Router# show mpls traffic-eng autoroute
 
MPLS TE autorouting enabled
destination 10.0.0.9, area ospf 10 area 0, has 4 tunnels
Tunnel1 (load balancing metric 20000000, nexthop 10.0.0.9)
(flags: Announce)
Tunnel2 (load balancing metric 20000000, nexthop 10.0.0.9)
(flags: Announce)
Tunnel3 (load balancing metric 20000000, nexthop 10.0.0.9)
(flags: Announce)
Tunnel4 (load balancing metric 20000000, nexthop 10.0.0.9)
(flags: Announce)
 

Configuring Virtual Private LAN Service

Virtual Private LAN Service (VPLS) enables geographically separate LAN segments to be interconnected as a single bridged domain over a packet switched network, such as IP, MPLS, or a hybrid of both.

VPLS solves the network reconfiguration problems at the customer equipment (CE) that is associated with Layer 2 Virtual Private Network (L2VPN) implementations. The current Cisco IOS software L2VPN implementation builds a point-to-point connection to interconnect the two attachment VCs of two peering customer sites. To communicate directly among all sites of an L2VPN network, a distinct emulated VC needs to be created between each pair of peering attachment VCs.

For example, when two sites of the same L2VPN network are connected to the same PE, you must establish two separate emulated VCs towards a given remote site, instead of sharing a common emulated VC between these two sites. For an L2VPN customer who uses the service provider backbone to interconnect its LAN segments, the current implementation effectively turns its multiaccess broadcast network into a fully meshed point-to-point network, which requires extensive reconfiguration on the existing CE devices.

VPLS is a multipoint L2VPN architecture that connects two or more customer devices using EoMPLS bridging techniques. VPLS with EoMPLS uses an MPLS-based provider core, where the PE routers have to cooperate to forward customer Ethernet traffic for a given VPLS instance in the core.

VPLS uses the provider core to join multiple attachment circuits together to simulate a virtual bridge that connects the multiple attachment circuits together. From a customer point of view, there is no topology for VPLS. All of the CE devices appear to connect to a logical bridge emulated by the provider core.

This section describes how to configure Virtual Private LAN Services (VPLS) on the Optical Services Modules (OSMs) and covers the topics below:

VPLS Overview

Virtual Private LAN Services (VPLS) uses the provider core to join multiple attachment circuits together to simulate a virtual bridge that connects the multiple attachment circuits together. From a customer point of view, there is no topology for VPLS. All of the CE devices appear to connect to a logical bridge emulated by the provider core. See Figure 6-4.

Figure 6-4 VPLS

 

Full-mesh, hub and spoke, and Hierarchical VPLS (H-VPLS) with MPLS edge configurations are available.

Restrictions for VPLS

The following general restrictions pertain to all transport types under VPLS:

  • Split horizon is the default configuration to avoid broadcast packet looping and to isolate Layer 2 traffic. With split horizon, a packet coming from a WAN interface never goes back to another WAN interface (it always get switched to a Layer 2 interface). Split horizon prevents packets received from an emulated VC from being forwarded into another emulated VC. This technique is important for creating loop-free paths in a full-meshed network.
  • The Cisco 7600 series routers support a maximum of 60 peer PEs and a maximum of 15,000 VCs. For example, you can configure 15,000 VCs as 1,000 VFIs with 15 VPLS peers per VFI.

Note The 60 peer PEs are distributed between the MPLS edge and the core; do not assume there are 60 peer PEs on each side.


  • No software-based data plane is supported.
  • No auto-discovery mechanism is supported.
  • Load sharing and failover on redundant CE-PE links are not supported.
  • The addition or removal of MAC addresses with Label Distribution Protocol (LDP) is not supported.
  • On the Cisco 7600 series router, the virtual forwarding instance (VFI) is supported only with the interface vlan command.
  • Switched Virtual Interface (SVI) Ethernet over MPLS (EoMPLS) does not support layer 3 etherchannel sub-interface.

Full-Mesh Configuration

The full-mesh configuration requires a full mesh of tunnel label switched paths (LSPs) between all the PEs that participate in the VPLS. With full-mesh, signaling overhead and packet replication requirements for each provisioned VC on a PE can be high.

You set up a VPLS by first creating a virtual forwarding instance (VFI) on each participating PE router. The VFI specifies the VPN ID of a VPLS domain, the addresses of other PE routers in the domain, and the type of tunnel signaling and encapsulation mechanism for each peer PE router.

The set of VFIs formed by the interconnection of the emulated VCs is called a VPLS instance; it is the VPLS instance that forms the logic bridge over a packet switched network. The VPLS instance is assigned a unique VPN ID.

The PE routers use the VFI to establish a full-mesh LSP of emulated VCs to all the other PE routers in the VPLS instance. PE routers obtain the membership of a VPLS instance through static configuration using the Cisco IOS CLI.

The full-mesh configuration allows the PE router to maintain a single broadcast domain. Thus, when the PE router receives a broadcast, multicast, or unknown unicast packet on an attachment circuit, it sends the packet out on all other attachment circuits and emulated circuits to all other CE devices participating in that VPLS instance. The CE devices see the VPLS instance as an emulated LAN.

To avoid the problem of a packet looping in the provider core, the PE devices enforce a "split-horizon" principle for the emulated VCs. That means if a packet is received on an emulated VC, it is not forwarded on any other emulated VC.

After the VFI has been defined, it needs to be bound to an attachment circuit to the CE device.

The packet forwarding decision is made by looking up the Layer 2 virtual forwarding instance (VFI) of a particular VPLS domain.

A VPLS instance on a particular PE router receives Ethernet frames that enter on specific physical or logical ports and populates a MAC table similarly to how an Ethernet switch works. The PE router can use the MAC address to switch those frames into the appropriate LSP for delivery to the another PE router at a remote site.

If the MAC address is not in the MAC address table, the PE router replicates the Ethernet frame and floods it to all logical ports associated with that VPLS instance, except the ingress port where it just entered. The PE router updates the MAC table as it receives packets on specific ports and removes addresses not used for specific periods.

Hub and Spoke

In a hub-and-spoke model, the PE router that acts as the hub establishes a point-to-multipoint forwarding relationship with all PE routers at the spoke sites. An Ethernet or VLAN packet received from the customer network on the hub PE can be forwarded to one or more emulated VCs.

The PE routers that act as the spoke establish a point-to-point connection to the PE at the hub site. Ethernet or VLAN packets received from the customer network on the spoke PE are forwarded to the VFI or VPLS instance at the hub. If there are a number of customer sites connecting to the spoke, you can terminate multiple VCs per spoke into the same VFI or VPLS instance at the hub.

Hierarchical Virtual Private LAN Service (H-VPLS) with MPLS to the Edge

In a flat or non-hierarchical VPLS configuration, a full mesh of pseudowires (PWs) is needed between all PE nodes. A pseudowire defines a VLAN and its corresponding pseudoport.

Hierarchical Virtual Private LAN Service (H-VPLS) reduces both signaling and replication overhead by using a combination of full-mesh and hub-and-spoke configurations. Hub-and-spoke configurations operate with split horizon to allow packets to be switched between PWs, which effectively reduce the number of PWs between PEs.

Figure 6-5 H-VPLS with MPLS to the Edge Network

 

In the H-VPLS with MPLS to the edge architecture, Ethernet Access Islands (EAIs) work in combination with a VPLS core network, with MPLS as the underlying transport mechanism. EAIs operate like standard Ethernet networks. In Figure 6-5, devices CE1, CE2a, and CE2b reside in an EAI. Traffic from any CE devices within the EAI is switched locally within the EAI by the user-facing provider edge (UPE) device along the computed spanning-tree path. Each UPE device is connected to one or more network-facing provider edge (NPE) devices using PWs. The traffic local to the UPE is not forwarded to any network-facing provider edge (NPE) devices.

VPLS Configuration Guidelines

When configuring VPLS on a Cisco 7600 Series ES+ line card, consider the following guidelines:

  • The Cisco 7600 Series ES+ line card supports up to 4096 (4K) VPLS domains per Cisco 7600 series router.
  • The Cisco 7600 Series ES+ line card supports up to 110 VPLS peers per domain per Cisco 7600 series router.
  • The Cisco 7600 Series ES+ line card supports up to 32,000 pseudowires (except when the core-facing interface is a port-channel interface), used in any combination of domains and peers up to the 4096-domain or 110-peer maximums. For example, up to 4000 domains with 7 peers, up to 60 peers in 500 domains, or 110 peers in 273 domains.
  • When configuring VPLS on a Cisco 7600 Series ES+ line card, consider the following guidelines:

QinQ is supported in a VPLS instance using EVC, L3 MPLS, VPN and, EoMPLS.

H-VPLS with QinQ edge—Requires a Cisco 7600 Series ES+ line card in the uplink, and any LAN port or Cisco 7600 Series ES+ line cards on the downlink.

  • H-VPLS with MPLS edge requires either an optical service module, Cisco 7600 SIP-600, Cisco 7600 SIP-400, or Cisco 7600 Series ES+ line cards in both the downlink (facing UPE) and uplink (MPLS core). The ES20 and ES40 cards support port-channel interfaces on the core side of the router, for VPLS and H-VPLS.
  • The Cisco 7600 Series ES+ line cards provide Transparent LAN Services (TLS) and Ethernet Virtual Connection Services (EVCS).
  • The Cisco 7600 Series ES+ line cards support the following VPLS features:

H-VPLS with MPLS edge

H-VPLS with QinQ edge

VPLS with point-to-multipoint EoMPLS and fully-meshed PE configuration

  • For information about configuring VPLS on the Cisco 7600 Series ES+ line cards, consider the guidelines in this document and refer to

http://www.cisco.com/en/US/products/hw/routers/ps368/products_white_paper09186a00801df1df.shtml and http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76cfgeth.html

Configuring H-VPLS with Port-Channel Core Interface

Hierarchical VPLS (H-VPLS) reduces both signaling and replication overhead by using both full-mesh as well as hub and spoke configurations. Hub and spoke configurations operate with split horizon to allow packets to be switched between pseudo-wires (PWs), effectively reducing the number of PWs between PEs.


Note Split horizon is the default configuration to avoid broadcast packet looping. To avoid looping when using the no-split-horizon keyword, be very mindful of your network configuration.


Previously, VPLS was supported only on physical interfaces and subinterfaces. The H-VPLS with Port-Channel Core Interface feature adds support for VPLS on port-channels in Cisco IOS Release 12.2(33)SRE.

Use this feature to:

  • Configure VPLS on the port-channel interfaces of the ES+ line card using a load balancing mechanism.
  • Match the capabilities and requirements of the VPLS in a single link. Due to multiple links in a link aggregation (LAG), the packets of a particular flow are always transmitted only to a single link.
  • Configure VPLS with port-channel interfaces as the core facing interface, where the member links of the port-channel are from a ES20 or ES40 line card. The load-balancing is per-flow based, where the traffic of a VPLS VC is load-balanced across member links based on the flow.

Restrictions and Usage Guidelines

Follow these restrictions and guidelines to configure H-Virtual Private LAN Service (VPLS) within a port-channel core interface:

  • The ES+ linecard supports 32,000 pseudowires on a Cisco 7600 series router, except when the core-facing interface is a PoCH interface.
  • VPLS over core-facing PoCH interfaces is supported in Cisco IOS Release 12.2(33)SRE.
  • When a fat pseudo-wire (FAT P/W) is configured, the core-facing interface should be from a ES20 or a ES40 line card.
  • A provider edge (PE) router should match the configuration of the FAT P/W load balance option, for the respective VLAN.
  • PE router link aggregation groups (LAG) are supported on the ES40 line card, for VPLS imposition or disposition functions.
  • A fat P/W should be uniformly enabled across all peer PE routers.
  • Provider router load balancing is supported on the ES40 line card.
  • Maximum of 6 VPLS capable port-channels are supported.
  • A highly scaled VPLS or a highly scaled multicast configuration over VPLS on port-channel interfaces can impact LACP fast switchover convergence.
  • On the Cisco 7600 series router, the virtual forwarding instance (VFI) is supported only with the interface vlan command

SUMMARY STEPS

1. enable

2. configure platform

3. platform vfi load-balance-label vlan [ vlan|vlan-vlan ]

or

port-channel load-balance src-dst-mixed-ip-port

or

[ no ] port-channel load-balance mpls

or

[ no ] platform mpls load-balance ingress-port

4. exit

DETAILED STEPS

 

Command
Purpose

Step 1

enable

 
Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters the global configuration mode.

Step 3

[no] platform vfi load-balance-label vlan [vlan|vlan-vlan]

 

Router(config)# platform vfi load-balance-label vlan 5

Configures fat pseudowire load balance label.

or

 

port-channel load-balance src-dst-mixed-ip-port

 

Router(config)# port-channel load-balance src-dst-mixed-ip-port

Configures port-channel load balancing.

The src-dst-mixed-ip-port mode allows load balance of IPV4 packets by source and destination MAC address, source and destination IP address and TCP/UDP port number.

or

 

[no] port-channel load-balance mpls [label|label-ip]

 

Router(config)# port-channel load-balance mpls label

Configures port-channel load balancing. The mpls mode uses the MPLS label or IP address during load balancing.

or

 

[no] platform mpls load-balance ingress-port

 

Router(config)# platform mpls load-balance ingress-port

Configures ingress port-based load balancing on the P-router. Use the no form of the command to disable the configuration.

Step 4

exit

Exits from the configuration mode.

Supported Features

FAT PW Load balancing

Fat pseudo-wire load balancing balances the VPLS VC traffic across the core network. An additional load balance label is inserted along with the VPLS VC labels such as VC label and IGP label at the PE side. The remote end PE removes the load-balance label on the packet. For a single VC, the load-balance label is calculated based on flow information of a VC.

You can use the following load balance types to streamline the traffic between peer VCs:

  • ECMP load-balancing: In a core network, multiple ECMP paths are used to reach the remote PE. Application of the load-balance label balances the traffic load across the multiple paths. This is because the load-balance label is different for different flows of a VC and the hash algorithm using the mpls label for load-balancing generates a different hash to distribute the traffic.
  • Port-channel load-balancing: In a core network, if the selected path is a port-channel, the member links are load balanced due to modifications in the load balance label.

You can use the [no] platform vfi load-balance-label vlan [vlan|vlan-vlan] command to configure the fat pseudo-wire load balancing per vlan on a PE router irrespective of the core facing interface being a port-channel or a non port-channel.

You can use the [no] port-channel load-balance src-dst-mixed-ip-port and the [no] port-channel load-balance mpls commands for port-channel load balancing.l

You can use the [no] platform mpls load-balance ingress-port command for ingress port-based P router load balalncing.

Multipoint-to-Multipoint Support

Two or more devices are associated over the core network. No one device is designated as the Root node, but all devices are treated as Root nodes. All frames can be exchanged directly between nodes.

Non-Transparent Operation

A virtual Ethernet connection (VEC) can be transparent or non-transparent with respect to Ethernet PDUs (that is, BPDUs). The purpose of VEC non-transparency is to allow the end user to have a Frame Relay-type service between Layer 3 devices.

Circuit Multiplexing

Circuit Multiplexing allows a node to participate in multiple services over a single Ethernet connection. By participating in multiple services, the Ethernet connection is attached to multiple logical networks. Some examples of possible service offerings are VPN services between sites, Internet services, and third-party connectivity for intercompany communications.

MAC-Address Learning Forwarding and Aging

PEs must learn remote MAC addresses and directly attached MAC addresses on customer facing ports. MAC address learning accomplishes this by deriving topology and forwarding information from packets originating at customer sites. A timer is associated with stored MAC addresses. After the timer expires, the entry is removed from the table.

Jumbo Frame Support

Jumbo frame support provides support for frame sizes between 1548 through 9216 bytes. You use the CLI to establish the jumbo frame size for any value specified in the above range. The default value is 1500 bytes in any Layer 2/VLAN interface. You can configure jumbo frame support on a per-interface basis.

Q-in-Q Support and Q-in-Q to EoMPLS Support

With 802.1Q tunneling (Q-in-Q), the CE issues VLAN-tagged packets and the VPLS forwards the packets to a far-end CE. Q-in-Q refers to the fact that one or more 802.1Q tags may be located in a packet within the interior of the network. As packets are received from a CE device, an additional VLAN tag is added to incoming Ethernet packets to segregate traffic from different CE devices. Untagged packets originating from the CE use a single tag within the interior of the VLAN switched network, while previously tagged packets originating from the CE use two or more tags.

TE-FRR Support on VPLS LAG NNI

In an MPLS environment, traffic engineering (TE) provides a fast protection mechanism for link and node failures using fast reroute (FRR). On the Cisco 7600 series router, TE/FRR across port-channel bundles is supported using Bidirectional Forwarding Detection (BFD), Reservation Protocol (RSVP) fast hello packets, min-link or max-bundle configuration. The default interval for hello packets is 200 milliseconds. It takes three hello packets (600 milliseconds) to detect the downtime of a bundle.

The Link Aggregation Control Protocol (LACP) fast switchover with fast link detection, takes about 200 to 600 milliseconds from the time a link has failed to the time the line card has processed the membership change request. TE/FRR measurements are highly dependent on LACP convergence, RSVP fast hello interval, and, LTL programming.

Traffic engineering fast reroute (TE-FRR) for VPLS over port-channel (PoCH) is supported in Cisco IOS Release 15.0(1)S.

For more information on MPLS Traffic Engineering (TE) - Fast Reroute (FRR), see the MPLS Traffic Engineering (TE) - Fast Reroute (FRR) Link and Node Protection feature guide at the following url:

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_te_frr_node_prot.htm l

BPDU PW Over LAG NNI

BPDU PW can be provisioned over a port channel interface. Provisioning BPDU PW on a port channel enables you to benefit from the link redundancy provided by LAG-NNI. The redundancy helps pseudowire to remain always UP.

Effective from Cisco IOS Release 15.1(2)S, this feature is supported on the Cisco 7600 series routers. For configuration information, see Configuring BPDU PW on a Port Channel.

VPLS Services

Transparent LAN Service (TLS) and Ethernet Virtual Connection Service (EVCS) are available for service provider and enterprise use.

  • Transparent LAN Service (TLS)—Use when you need transparency of bridging protocols (for example, bridge protocol data units [BPDUs]) and VLAN values. Bridges see this service as an Ethernet segment.

Note You must enable Layer 2 protocol tunneling to run the Cisco Discovery Protocol (CDP), the VLAN Trunking Protocol (VTP), and the Spanning-Tree Protocol (STP). See Chapter 18, “Configuring IEEE 802.1Q Tunneling” in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 15.0SR.


  • Ethernet Virtual Connection Service (EVCS)—Use when you need routers to reach multiple intranet and extranet locations from a single physical port. Routers see subinterfaces through which they access other routers.

Transparent LAN Service

TLS is an extension to the point-to-point port-based EoMPLS. With TLS, the PE router forwards all Ethernet packets received from the customer-facing interface (including tagged, untagged, and BPDUs) as follows:

  • To a local Ethernet interface or an emulated VC if the destination MAC address is found in the Layer 2 forwarding table.
  • To all other local Ethernet interfaces and emulated VCs belonging to the same VPLS domain if the destination MAC address is a multicast or broadcast address or if the destination MAC address is not found in the Layer 2 forwarding table.

Ethernet Virtual Connection Service

EVCS is an extension to the point-to-point VLAN-based EoMPLS. With EVCS, the PE router forwards all Ethernet packets with a particular VLAN tag received from the customer-facing interface (excluding BPDUs) as follows:

  • To a local Ethernet interface or to an emulated VC if the destination MAC address is found in the Layer 2 forwarding table.
  • To all other local Ethernet interfaces and emulated VCs belonging to the same VPLS domain if the destination MAC address is a multicast or broadcast address or if the destination MAC address is not found in the Layer 2 forwarding table.

Note Because it has only local significance, the demultiplexing VLAN tag that identifies a VPLS domain is removed before forwarding the packet to the outgoing Ethernet interfaces or emulated VCs.


Benefits of VPLS

VPLS (Virtual Private LAN Service) enables enterprises to link together their Ethernet-based LANs from multiple sites via the infrastructure provided by their service provider. From the enterprise perspective, the service provider's public network looks like one giant Ethernet LAN. For the service provider, VPLS provides an opportunity to deploy another revenue-generating service on top of their existing network without major capital expenditures. Operators can extend the operational life of equipment in their network.

Configuring VPLS

This section explains how to perform a basic VPLS configuration.


Note Provisioning a VPLS link involves provisioning the associated attachment circuit and the VFI on the PE.



Note VPLS is supported on Supervisor Engine 720-based systems and RSP720.


Prerequisites

Before you configure VPLS, ensure that the network is configured as follows:

  • Configure IP routing in the core so that the PE routers can reach each other via IP.
  • Configure MPLS in the core so that a label switched path (LSP) exists between the PE routers.
  • Configure a loopback interface for originating and terminating Layer 2 traffic. Make sure the PE routers can access the other router's loopback interface. Note that the loopback interface is not needed in all cases. For example, tunnel selection does not need a loopback interface when VPLS is directly mapped to a TE tunnel.

Supported Modules

Customer facing interfaces are all Ethernet/ Fast Ethernet/ Gigabit Ethernet interfaces based on Layer 2 Catalyst LAN ports.

Basic VPLS Configuration

VPLS configuration requires you to identify peer PE routers and to attach Layer 2 circuits to the VPLS at each PE router.

VPLS configuration requires the following:

Configuring the PE Layer 2 Interface to the CE

You must configure the Layer 2 interface as a switchport for local bridging. You have the option of selecting tagged or untagged traffic from the CE device.


Note It is important to define the trunk VLANs; use the switchport trunk allow vlan command as shown in the first example below.


SUMMARY STEPS —802.1Q Trunk for Tagged Traffic from the CE

1. interface type number

2. no ip address ip-address mask [secondary]

3. switchport

4. switchport trunk encapsulation dot1q

5. switchport trunk allow vlan

6. switchport mode trunk


Note When EVCS is configured, the PE router forwards all Ethernet packets with a particular VLAN tag to a local Ethernet interface or emulated VC if the destination MAC address is found in Layer 2 forwarding table.


DETAILED STEPS

 

 

Command or Action
Purpose

Step 1

interface type number
 
Router(config)# interface fastethernet 2/4

Selects an interface to configure.

Step 2

no ip address ip-address mask [secondary]
 
Router(config)# no ip address

Disables IP processing and enters interface configuration mode.

Step 3

switchport
 
Router(config-if)# switchport

Modifies the switching characteristics of the Layer 2-switched interface.

Step 4

switchport trunk encapsulation dot1q
 
Router(config-if)# switchport trunk encapsulation dot1q

Sets the switch port encapsulation format to 802.1Q.

Step 5

switchport trunk allow vlan
 
Router(config-if)# switchport trunk allow vlan 501

Sets the list of allowed VLANs.

Step 6

switchport mode trunk
 
Router(config-if)# switchport mode trunk

Sets the interface to a trunking VLAN Layer 2 interface.

This example shows how to configure the tagged traffic.

Router(config)# interface GigabitEthernet4/4
Router(config)# no ip address
Router(config-if)# switchport
Router(config-if)# switchport trunk encapsulation dot1q
Router(config-if)# switchport trunk allow vlan 501
Router(config-if)# switchport mode trunk
 

This example shows how to use the show run interface command to verify the configuration.

Router# show run interface GigabitEthernet4/4
Building configuration...
 
Current configuration : 212 bytes
!
interface GigabitEthernet4/4
no ip address
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 501
switchport mode trunk
end

SUMMARY STEPS

Option 2—802.1Q Access Port for Untagged Traffic from CE

1. interface type number

2. no ip address ip-address mask [secondary]

3. speed [1000 | nonegotiate]

4. switchport

5. switchport mode access

6. switchport access vlan vlan-id

DETAILED STEPS

 

 

Command or Action
Purpose

Step 1

interface type number
 
Router(config)# interface GigabitEthernet4/4

Selects an interface to configure.

Step 2

no ip address ip-address mask [secondary]
 
Router(config)# no ip address

Disables IP processing and enters interface configuration mode.

Step 3

speed [1000 | nonegotiate]
 
Router(config-if)# speed nonegotiate

Sets the port speed for an Ethernet interface; enables or disables the link negotiation protocol on the Gigabit Ethernet ports.

Step 4

switchport
 
Router(config-if)# switchport

Modifies the switching characteristics of the Layer 2-switched interface.

Step 5

switchport mode access
 
Router(config-if)# switchport mode access

Sets the interface type to nontrunking, nontagged single VLAN Layer 2 interface.

Step 6

switchport access vlan vlan-id
 
Router(config-if)# switchport access vlan 501

Sets the VLAN when the interface is in Access mode.

This example shows how to configure the untagged traffic.

Router(config)# interface GigabitEthernet4/4
Router(config)# no ip address
Router(config-if)# speed nonegotiate
Router(config-if)# switchport
Router(config-if)# switchport mode access
Router(config-if)# switchport access vlan 501
 

This example shows how to use the show run interface command to verify the configuration.

Router# show run interface GigabitEthernet4/4
Building configuration...
 
Current configuration : 212 bytes
!
interface GigabitEthernet4/4
speed nonegotiate
switchport
switchport mode access
switchport access vlan 501

end

SUMMARY STEPS

Option 3—Using Q-in-Q to Place All VLANs into a Single VPLS

1. interface type number

2. no ip address ip-address mask [secondary]

3. speed [1000 | nonegotiate]

4. switchport

5. switchport access vlan vlan-id

6. switchport mode dot1q-tunnel

7. l2protocol-tunnel [cdp | stp | vtp]


Note When TLS is configured, the PE router forwards all Ethernet packets received from the CE device to all local Ethernet interfaces and emulated VCs belonging to the same VPLS domain if the MAC address is not found in the Layer 2 forwarding table.


DETAILED STEPS

 

 

Command or Action
Purpose

Step 1

interface type number
 
Router(config)# interface GigabitEthernet4/4

Selects an interface to configure.

Step 2

no ip address ip-address mask [secondary]
 
Router(config)# no ip address

Disables IP processing and enters interface configuration mode.

Step 3

speed [1000 | nonegotiate]
 
Router(config-if)# speed nonegotiate

Sets the port speed for an Ethernet interface; enables or disables the link negotiation protocol on the Gigabit Ethernet ports.

Step 4

switchport
 
Router(config-if)# switchport

Modifies the switching characteristics of the Layer 2-switched interface.

Step 5

switchport access vlan vlan-id
 
Router(config-if)# switchport access vlan 501

Sets the VLAN when the interface is in Access mode.

Step 6

switchport mode dot1q-tunnel
 
Router(config-if)# switchport mode dot1q-tunnel

Sets the interface as an 802.1Q tunnel port.

Step 7

l2protocol-tunnel [cdp | stp | vtp]
 
Router(config-if)# l2protocol-tunnel cdp

Enables protocol tunneling on an interface.

This example shows how to configure the tagged traffic.

Router(config)# interface GigabitEthernet4/4
Router(config)# no ip address
Router(config-if)# speed nonegotiate
Router(config-if)# switchport
Router(config-if)# switchport access vlan 501
Router(config-if)# switchport mode dot1q-tunnel
Router(config-if)# l2protocol-tunnel cdp
 

This example shows how to use the show run interface command to verify the configuration.

Router# show run interface GigabitEthernet4/4
Building configuration...
 
Current configuration : 212 bytes
!
interface GigabitEthernet4/4
no ip address
speed nonegotiate
switchport
switchport access vlan 501
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
end
 

Use the show spanning-tree vlan command to verify the port is not in a blocked state.

Router# show spanning-tree vlan 501
 
VLAN0501
Spanning tree enabled protocol ieee
Root ID Priority 33269
Address 0001.6446.2300
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 
Bridge ID Priority 33269 (priority 32768 sys-id-ext 501)
Address 0001.6446.2300
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 0
 
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- --------
--------------------------------
Gi4/4 Desg FWD 4 128.388 P2p
 

Use the show vlan id command to verify that a specific port is configured to send and receive a specific VLANs traffic.

Router# show vlan id 501
 
VLAN Name Status Ports
---- -------------------------------- ---------
501 VLAN0501 active Gi4/4
 
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1
Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------
501 enet 100501 1500 - - - - - 0 0
 
Remote SPAN VLAN
----------------
Disabled
 
Primary Secondary Type Ports
------- --------- -----------------

Configuring Layer 2 VLAN Instance on the PE

Configuring the Layer 2 VLAN interface on the PE enables the Layer 2 VLAN instance on the PE router to the VLAN database to set up the mapping between the VPLS and VLANs.

For more information, see Configuring VLANs.

SUMMARY STEPS

1. vlan vlan-id

2. interface vlan vlan-id

DETAILED STEPS

 

 

Command or Action
Purpose

Step 1

vlan vlan-id
 
Router(config)# vlan 809

Configures a specific virtual LAN (VLAN).

Step 2

interface vlan vlan-id
 
Router(config)# interface vlan 501

Configures an interface on the VLAN.

This is an example of configuring a Layer 2 VLAN instance.

Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# vlan 501
Router(config)# interface vlan 501
Router(config-if)#
 

Use the show interfaces vlan command to verify the VLAN is in the up state (example not shown).

Configuring MPLS WAN Interface on the PE

The following commands configure the MPLS WAN interface.


Note The MPLS uplink must be on one of the supported OSMs.


SUMMARY STEPS

1. interface type number

2. ip address ip-address mask

3. tag-switching ip

4. mls qos trust [cos | dscp | ip-precedence]

DETAILED STEPS

 

Command or Action
Purpose

Step 1

interface type number
 
Router(config)# interface pos 2/4

Selects an interface to configure.

Step 2

ip address ip-address mask

 

Router(config)# ip address 100.1.1.1 255.255.255.0

Sets a primary or secondary IP address for an interface and enters interface configuration mode.

Step 3

tag-switching ip
 
Router(config-if)# tag-switching ip

Enables label switching of IPv4 packets on an interface.

Step 4

mls qos trust [cos | dscp | ip-precedence]
 

Router(config-if)# mls qos trust dscp

Sets the trusted state of an interface to specify that the ToS bits in the incoming packets contain a DSCP value.

This is an example of configuring the WAN interface.

Router(config)# interface gigabitethernet4/1
Router(config)# ip address 181.10.10.1 255.255.255.0
Router(config-if)# ip directed-broadcast
Router(config-if)# ip ospf network broadcast
Router(config-if)# no keepalive
Router(config-if)# mpls label protocol ldp
Router(config-if)# tag-switching ip
Router(config-if)# mls qos trust dscp
 

Use the show tag-switching interfaces command to verify operation.

Router# show tag-switching interfaces gigabitethernet4/1
Interface IP Tunnel Operational
gigabitethernet4/1 Yes (ldp) Yes Yes
Router#

Configuring MPLS in the PE

To configure MPLS in the PE, you must provide the required MPLS parameters.


Note Before configuring MPLS, ensure that you have IP connectivity between all PEs by configuring Interior Gateway Protocol (IGP) (Open Shortest Path First [OSPF] or Intermediate System to Intermediate System [IS-IS]) between the PEs.


SUMMARY STEPS

1. enable

2. configure terminal

3. mpls label protocol {ldp | tdp}

4. (Optional) mpls ldp logging neighbor-changes

5. mpls ldp discovery {hello | directed hello} {holdtime | interval} seconds

6. mpls ldp router-id Loopback0 force

DETAILED STEPS

 

 

Command or Action
Purpose

Step 1

enable
 
Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

mpls label protocol {ldp | tdp}
 
Router(config)# mpls label protocol ldp

Specifies the default Label Distribution Protocol for a platform.

Step 4

mpls ldp logging neighbor-changes
 
Router(config)# mpls ldp logging neighbor-changes

(Optional) Determines logging neighbor changes.

Step 5

mpls ldp discovery {hello | directed hello} {holdtime | interval} seconds
 
Router(config)# mpls ldp discovery hello holdtime 5

Configures the interval between transmission of LDP (TDP) discovery hello messages, or the hold time for a LDP transport connection.

Step 6

mpls ldp router-id Loopback0 force
 
Router(config)# mpls ldp router-id Loopback0 force

Configures MPLS.

This example shows global MPLS configuration.

Router(config)# mpls label protocol ldp
Router(config)# mpls ldp discovery directed hello
Router(config)# mpls ldp router-id Loopback0 force
 

This example shows how to use the show ip cef command to verify that LDP label is assigned.

 
Router# show ip cef 192.168.17.7
192.168.17.7/32, version 272, epoch 0, cached adjacency to POS4/1
0 packets, 0 bytes
tag information set
local tag: 8149
fast tag rewrite with PO4/1, point2point, tags imposed: {4017}
via 11.3.1.4, POS4/1, 283 dependencies
next hop 11.3.1.4, POS4/1
valid cached adjacency
tag rewrite with PO4/1, point2point, tags imposed: {4017}
 

Configuring the VFI in the PE

The virtual switch instance (VFI) specifies the VPN ID of a VPLS domain, the addresses of other PE routers in this domain, and the type of tunnel signaling and encapsulation mechanism for each peer. (This is where you create the VSI and associated VCs.) Configure a VFI as follows:


Note Only MPLS encapsulation is supported.


SUMMARY STEPS

1. l2 vfi name manual

2. vpn id vpn-id

3. neighbor remote router id [vc-id-value] {encapsulation mpls} [no-split-horizon]

4. shutdown

DETAILED STEPS

 

 

Command or Action
Purpose

Step 1

l2 vfi name manual
 

Router(config)# l2 vfi vfi17 manual

Enables the Layer 2 VFI manual configuration mode.

Step 2

vpn id vpn-id
 

Router(config-vfi)# vpn id 17

Configures a VPN ID for a VPLS domain. The emulated VCs bound to this Layer 2 VRF use this VPN ID for signaling.

Step 3

neighbor remote router id [vc-id-value]{encapsulation mpls} [no-split-horizon]
 

Router(config-vfi)# neighbor 1.5.1.1 101 encapsulation mpls

Specifies the remote peering router ID and the tunnel encapsulation type or the pseudo wire property to be used to set up the emulated VC.

Note Split horizon is the default configuration to avoid broadcast packet looping and to isolate Layer 2 traffic. Use the no-split-horizon keyword to disable split horizon and to configure multiple VCs per spoke into the same VFI.

Note The optional VC ID value identifies the emulated VC between a pair of peering PE routers.

Step 4

shutdown
 
Router(config-vfi)# shutdown

Disconnects all emulated VCs previously established under the Layer 2 VFI and prevents the establishment of new attachment circuits.

Note It does not prevent the establishment of new attachment circuits configured with the Layer 2 VFI using CLI.

The following example shows a VFI configuration.

Router(config)# l2 vfi VPLSA manual
Router(config-vfi)# vpn id 100
Router(config-vfi)# neighbor 11.11.11.11 encapsulation mpls
Router(config-vfi)# neighbor 33.33.33.33 encapsulation mpls
Router(config-vfi)# neighbor 44.44.44.44 encapsulation mpls

 

The following example shows a VFI configuration for hub and spoke.

Router(config)# l2 vfi VPLSA manual
Router(config-vfi)# vpn id 100
Router(config-vfi)# neighbor 9.9.9.9 2001 encapsulation mpls
Router(config-vfi)# neighbor 12.12.12.12 2002 encapsulation mpls
Router(config-vfi)# neighbor 33.33.33.33 2003 encapsulation mpls no-split-horizon

 

The show mpls 12transport vc command displays various information related to PE1.


Note The show mpls l2transport vc detail command is also available to show detailed information about the VCs on a PE router as in the following example. (This example is not based on the previous VFI configurations.)


VPLS-PE2# show mpls l2transport vc 201
 
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
VFI test1 VFI 153.1.0.1 201 UP
VFI test1 VFI 153.3.0.1 201 UP
VFI test1 VFI 153.4.0.1 201 UP
 

Note The VC ID in the output represents the VPN ID; the VC is identified by the combination of the destination address and the VC ID as in the example below. (This example is not based on the previous VFI configurations.)


The show vfi vfi name command shows VFI status.

nPE-3# show vfi VPLS-2
VFI name: VPLS-2, state: up
VPN ID: 100
Local attachment circuits:
Vlan2
Neighbors connected via pseudowires:
Peer Address VC ID Split-horizon
1.1.1.1 2 Y
1.1.1.2 2 Y
2.2.2.3 2 N

Associating the Attachment Circuit with the VSI at the PE

After defining the VFI, you must bind it to one or more attachment circuits (interfaces, subinterfaces, or virtual circuits).

SUMMARY STEPS

1. interface vlan vlan-id

2. no ip address (Configuring an IP address causes Layer 3 interface to be created for the VLAN.)

3. xconnect vfi vfi name

DETAILED STEPS

 

 

Command or Action
Purpose

Step 1

interface vlan vlan-id
 
Router(config-if)# interface vlan 100

Creates or accesses a dynamic switched virtual interface (SVI).

Step 2

no ip address
 
Router(config-if)# no ip address

Disables IP processing. (You configure a Layer 3 interface for the VLAN if you configure an IP address.)

Step 3

xconnect vfi vfi name
 

Router(config-if)# xconnect vfi vfi16

Specifies the Layer 2 VFI that you are binding to the VLAN port.

This example shows an interface VLAN configuration.

Router(config-if)# interface vlan 100
Router(config-if)# no ip address
Router(config-if)# xconnect vfi VPLS_501
 

This is an example of how to use the show vfi command for VFI status.

Router# show vfi VPLS_501
VFI name: VPLS_501, state: up
VPN ID: 100
Local attachment circuits:
vlan 100
Neighbors connected via pseudowires:
192.168.11.1 192.168.12.2 192.168.13.3 192.168.16.6
192.168.17.7

Configuring BPDU PW on a Port Channel

Configure BPDU PW on a port channel between two PEs. Before you begin, you need to configure a VFI on a remote peer enabling BPDU PW on it. Complete the following steps:

SUMMARY STEPS

1. enable

2. configure terminal

3. l2 vfi name manual

4. vpn id id-number

5. forward permit l2protocol all

6. neighbor remote-router-id vc-id { encapsulation encapsulation-type | pw-class pw-name } [ no-split-horizon ]

7. end

DETAILED STEPS

 

 

Command or Action
Purpose

Step 1

enable
 
Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

l2 vfi name manual
 
 
Router(config)# l2 vfi vfi10 manual

Creates a layer 2 VFI and enters layer 2 VFI manual configuration mode.

Step 4

vpn id id-number
 
 
Router(config-vfi)# vpn id 110

Specifies the VPN ID.

Step 5

forward permit l2protocol all
 
Router(config-vfi)# forward permit l2protocol all

Creates a pseudowire that is to be used to transport BPDU data between the two N-PE routers.

Step 6

neighbor remote-router-id vc-id { encapsulation encapsulation-type | pw-class pw-name } [ no-split-horizon]
 
Router(config-vfi)# neighbor 10.10.10.2 encapsulation mpls

Specifies the peer IP address of the redundant N-PE router and the type of tunnel signaling and encapsulation mechanism. Valid encapsulation types are L2TPv3 and MPLS.

Step 7

end
 
Router(config-vfi)# end

Ends the current configuration session and returns to privileged EXEC mode.

This example shows the enabling of BPDU PW on a remote peer:

Router> enable
Router# configure terminal
Router(config)# l2 vfi vfi10 manual
Router(config-vfi)# vpn id 110
Router(config-vfi)# forward permit l2protocol all
Router(config-vfi)# neighbor 10.10.10.2 encapsulation mpls
Router(config-vfi)# end
 

 

Configuring the MPLS Enabled Port Channel

Once you configure the BPDU PW on a peer, configure the MPLS enabled port channel towards the core:

SUMMARY STEPS

1. enable

2. configure terminal

3. interface port-channel channel-number

4. ip address ip-address

5. mpls ip

6. mls qos trust dscp

7. end

DETAILED STEPS

 

 

Command or Action
Purpose

Step 1

enable
 
Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

interface port-channel channel-number
 
 
Router(config)# interface Port-channel 1

Creates the EtherChannel (or port channel) virtual interface.

Step 4

channel-group port-channel-number mode on
 
 
Router(config)# channel-group 1 mode on

Assign a Fast Ethernet interface to an EtherChannel group. All possible modes such as, pagp,lacp, and none are valid here.

Step 5

ip address ip-address subnet-mask
 
 
Router(config-if)# ip address 100.0.0.1 255.255.255.0

Assigns the protocol IP address and subnet mask to the interface.

Step 6

mpls ip
 
Router(config-if)# mpls ip

Enables MPLS forwarding of IPv4 packets along normally routed paths for the associated interface.

Step 7

mls qos trust dscp
 
 
Router(config-if)# mls qos trust dscp

Classifies incoming packets that have packet DSCP values (the most significant 6 bits of the 8-bit service-type field).

Step 8

end
 
Router(config-if)# end

Ends the current configuration session and returns to privileged EXEC mode.

This example shows the configuration of a MPLS enabled port channel:

Router> enable
Router# configure terminal
Router(config)# interface Port-channel 1
Router(config)# channel-group 1 mode on
Router(config-if)# ip address 100.0.0.1 255.255.255.0
Router(config-if)# mpls ip
Router(config-if)# mls qos trust dscp
Router(config-if)# end

Binding the VFI to the VLAN

Bind the VFI to the VLAN you configured.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface vlan vlan-id

4. no ip address

5. xconnect vfi vfi name

6. end

DETAILED STEPS

 

Command or Action
Purpose

Step 1

enable
 
Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

interface vlan vlan-id
 
Router(config-if)# interface vlan 1

Creates or accesses a dynamic switched virtual interface (SVI).

Step 4

no ip address
 
Router(config-if)# no ip address

Disables IP processing. (You configure a Layer 3 interface for the VLAN if you configure an IP address.)

Step 5

xconnect vfi vfi name
 

Router(config-if)# xconnect vfi vfi10

Specifies the Layer 2 VFI that you are binding to the VLAN port.

This example shows an interface VLAN configuration:

Router(config-if)# interface vlan 1
Router(config-if)# no ip address
Router(config-if)# xconnect vfi vfi10
 

This example shows how to use the show vfi command for VFI status:

Router# show vfi vfi10
VFI name: vfi10, state: up
VPN ID: 100
Local attachment circuits:
vlan 1
Neighbors connected via pseudowires:
100.0.0.1 100.0.1.1 100.0.2.2 100.0.4.4 100.0.7.7

Troubleshooting

This section describes how to troubleshoot BPDU PW issues.

Scenarios/Problems
Solution

How to verify whether or not the BPDU PW status is in the UP.

Use the show mpls l2transport vc command:

Router# show mpls l2transport vc 210

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------

VFI 210 VFI 10.144.144.144 210 UP

How to verify whether or not a port-channel BPDU PW pseudoport is added to the MST tree.

Use the show spanning-tree mst command:

Router# show spanning-tree mst

##### MST0 vlans mapped: 1-4094
Bridge address 001a.3029.d400 priority 32768 (32768 sysid 0)
Root address 0026.527c.5300 priority 24577 (24576 sysid 1)
port Gi5/3 path cost 200019
Regional Root this switch
Operational hello time 2, forward delay 15, max age 20, txholdcount 6
Configured hello time 2, forward delay 15, max age 20, max hops 20
 
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------
-------------
Gi1/19 Desg FWD 20000 128.19 P2p
Gi1/20 Desg FWD 20000 128.20 P2p
Gi5/3 Root FWD 200000 128.1027 P2p Bound(STP)
Gi6/3 Altn BLK 200000 128.1283 P2p Bound(STP)
Gi8/0/3 Desg FWD 20000 128.1796 P2p
Gi8/0/5 Desg FWD 20000 128.1798 P2p Bound(STP)
Gi8/0/7 Desg FWD 20000 128.1800 P2p
 

This example shows the detailed output:

Router# show spanning-tree mst detail
##### MST0 vlans mapped: 1-4094
Bridge address 001a.3029.d400 priority 32768 (32768 sysid 0)
Root address 0026.527c.5300 priority 24577 (24576 sysid 1)
port Gi5/3 path cost 200019
Regional Root this switch
Operational hello time 2, forward delay 15, max age 20, txholdcount 6
Configured hello time 2, forward delay 15, max age 20, max hops 20
 
GigabitEthernet1/19 of MST0 is designated forwarding
Port info port id 128.19 priority 128 cost 20000
Designated root address 0026.527c.5300 priority 24577 cost 200019
Design. regional root address 001a.3029.d400 priority 32768 cost 0
Designated bridge address 001a.3029.d400 priority 32768 port id 128.19
Timers: message expires in 0 sec, forward delay 0, forward transitions 1
Bpdus sent 140561, received 0
 
.................................................
 

Full-Mesh Configuration Example

In a full-mesh configuration, each PE router creates a multipoint-to-multipoint forwarding relationship with all other PE routers in the VPLS domain using a VFI. An Ethernet or VLAN packet received from the customer network can be forwarded to one or more local interfaces and or emulated VCs in the VPLS domain. To avoid broadcasted packets looping around in the network, no packet received from an emulated VC can be forwarded to any emulated VC of the VPLS domain on a PE router. That is, the Layer 2 split horizon should always be enabled as the default in a full-mesh network. Figure 6-6 shows the configuration example.

Figure 6-6 VPLS Configuration Example

 

Configuration on PE 1

This shows the creation of the virtual switch instances (VSIs) and associated VCs.

l2 vfi PE1-VPLS-A manual
vpn id 100
neighbor 2.2.2.2 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls
!
interface Loopback 0
ip address 1.1.1.1 255.255.255.255
 

This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).

interface FastEthernet0/0
switchport
switchport mode dot1qtunnel
switchport access vlan 100
!
 

Here the attachment circuit (VLAN) is associated with the VSI.

interface vlan 100
no ip address
xconnect vfi PE1-VPLS-A
!
 

Enabling the Layer 2 VLAN instance.

vlan 100
state active
 

Configuration on PE 2

This shows the creation of the virtual switch instances (VSIs) and associated VCs.

l2 vfi PE2-VPLS-A manual
vpn id 100
neighbor 1.1.1.1 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls
!
interface Loopback 0
ip address 2.2.2.2 255.255.255.255
 

This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).

interface FastEthernet0/0
switchport
switchport mode dot1qtunnel
switchport access vlan 100
!
 

Here the attachment circuit (VLAN) is associated with the VSI.

interface vlan 100
no ip address
xconnect vfi PE2-VPLS-A
!
 

Enabling the Layer 2 VLAN instance.

vlan 100
state active
 

Configuration on PE 3

This shows the creation of the virtual switch instances (VSIs) and associated VCs.

l2 vfi PE3-VPLS-A manual
vpn id 100
neighbor 1.1.1.1 encapsulation mpls
neighbor 2.2.2.2 encapsulation mpls
!
interface Loopback 0
ip address 3.3.3.3 255.255.255.255
 

This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).

interface FastEthernet0/1
switchport
switchport mode dot1qtunnel
switchport access vlan 100
!
 

Here the attachment circuit (VLAN) is associated with the VSI.

interface vlan 100
no ip address
xconnect vfi PE3-VPLS-A.
!
 

Enabling the Layer 2 VLAN instance.

vlan 100
state active
 

 

The show mpls l2 vc command provides information on the status of the VC.

VPLS1# show mpls l2 vc
 
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
Vi1 VFI 22.22.22.22 100 DOWN
Vi1 VFI 22.22.22.22 200 UP
Vi1 VFI 33.33.33.33 100 UP
Vi1 VFI 44.44.44.44 100 UP
Vi1 VFI 44.44.44.44 200 UP
 
 

The show vfi command provides information on the VFI.

 
PE-1# show vfi PE1-VPLS-A
VFI name: VPLSA, state: up
VPN ID: 100
Local attachment circuits:
Vlan100
Neighbors connected via pseudowires:
2.2.2.2 3.3.3.3
 

The show mpls 12transport vc command provides information about the virtual circuits.

osr12# show mpls l2 vc detail
Local interface: VFI vfi17 up
Destination address: 1.3.1.1, VC ID: 17, VC status: up
Output interface: PO3/4, imposed label stack {18}
Create time: 3d15h, last status change time: 1d03h
Signaling protocol: LDP, peer 1.3.1.1:0 up
MPLS VC labels: local 18, remote 18
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 0, send 0
byte totals: receive 0, send 0
packet drops: receive 0, send 0

H-VPLS with MPLS Edge Configuration Example

The Hierarchical VPLS model comprises hub and spoke and full-mesh networks. In a full-mesh configuration, each PE router creates a multipoint-to-multipoint forwarding relationship with all other PE routers in the VPLS domain using VFIs.

In the hub and spoke configuration, a PE router can operate in a non-split-horizon mode that allows inter-VC connectivity without the requirement to add a Layer 2 port in the VLAN.

In the example below, the VLANs on CE1, CE2, CE3, and CE4 (in red color) connect through a full-mesh network. The VLANs on CE2, CE5, and CE6 connect through a hub and spoke network. CE2 is directly attached to the PE2 hub and CE6 is directly attached to the PE1 hub. CE4 and CE5 both are connected to the PE3 hub through the spoke uPE. Figure 6-7 shows the configuration example.

Figure 6-7 H-VPLS Configuration

 

Configuration on PE1

This shows the creation of the virtual switch instances (VSIs) and associated VCs. Note that the VCs in green require the no-split-horizon keyword. The no-split-horizon command disables the default Layer 2 split horizon in the data path.

l2 vfi Internet manual
vpn id 100
neighbor 120.0.0.3 encapsulation mpls no-split-horizon
neighbor 162.0.0.2 encapsulation mpls no-split-horizon
 
l2 vfi PE1-VPLS-A manual
vpn id 200
neighbor 120.0.0.3 encapsulation mpls
neighbor 162.0.0.2 encapsulation mpls
 
interface Loopback 0
ip address 20.0.0.1 255.255.255.255
 

This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).

interface GigEthernet1/1
switchport
switchport mode trunk
switchport trunk encap dot1q
switchport trunk allow vlan 1001,1002-1005
 

Here the attachment circuit (VLAN) is associated with the VFI.

interface vlan 1001
xconnect vfi Internet
 
interface FastEthernet2/1
switchport
switchport mode trunk
switchport trunk encap dot1q
switchport trunk allow vlan 211,1002-1005
 
interface vlan 211
xconnect vfi PE1-VPLS-A
 

Configuration on PE2

This shows the creation of the VFIs and associated VCs.

l2 vfi Internet manual
vpn id 100
neighbor 20.0.0.1 encapsulation mpls
 
l2 vfi PE2-VPLS-A manual
vpn id 200
neighbor 120.0.0.3 encapsulation mpls
neighbor 20.0.0.1 encapsulation mpls
 
interface Loopback 0
ip address 162.0.0.2 255.255.255.255
 

This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).

interface GigEthernet2/1
switchport
switchport mode trunk
switchport trunk encap dot1q
switchport trunk allow vlan 211,1001,1002-1005
 

Here the attachment circuit (VLAN) is associated with the VFI.

interface vlan 1001
xconnect vfi Internet
 
interface vlan 211
xconnect vfi PE2-VPLS-A
 
Configuration on PE3
 

This shows the creation of the VFIs and associated VCs.

l2 vfi Internet manual
vpn id 100
neighbor 20.0.0.1 encapsulation mpls
neighbor 162.0.0.2 encapsulation mpls
neighbor 30.0.0.1 encapsulation mpls no-split horizon
 
l2 vfi PE3-VPLS-A manual
vpn id 200
neighbor 162.0.0.2 encapsulation mpls
neighbor 20.0.0.1 encapsulation mpls
neighbor 30.0.0.1 200 encapsulation mpls no-split horizon
 
interface Loopback 0
ip address 120.0.0.3 255.255.255.255
 

This configures the CE device interface.

interface GigEthernet6/1
switchport
switchport mode trunk
switchport trunk encap dot1q
switchport trunk allow vlan 211
 

This configures the attachment circuits.

interface vlan 1001
xconnect vfi Internet
 
interface vlan 211
xconnect vfi PE3-VPLS-A
 

Usually EoMPLS is configured on the uPE device. You can use port-based or VLAN-based EoMPLS. This configures port-based EoMPLS on the uPE (the uPE connects to CE4).

interface GigEthernet 1/1
xconnect 120.0.0.3 100 encapsulation mpls
 

This configures VLAN-based EoMPLS on the uPE. (the uPE connects to CE4).

interface GigEthernet 1/1.1
encapsulation dot1Q 100
xconnect 120.0.0.3 100 encapsulation mpls
 

MAC Limit Per VLAN

VPLS provides the ability to limit the maximum number of MAC entries per VLAN to avoid exhausting resources. To enable the MAC limit feature, use the mac-address-table limit command; see the Cisco 7600 Series Cisco IOS Software Command Reference Guide, 12.2SR.

Traffic Engineering for Transport Tunnel

MPLS traffic engineering software enables an MPLS backbone to replicate and expand upon the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks. See

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_c/swprt3/xcftagov.htm#1022001.

Load Balancing

Load balancing describes a functionality in a router that distributes packets across multiple links. For information on load balancing, see

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094820.shtml.

Configuring Dot1q Transparency for EoMPLS

The Dot1q Transparency for EoMPLS feature allows a service provider to modify the MPLS EXP bits for core-based QoS policies while leaving any VPLS customer 802.1p bits unchanged.

When applying a service policy to an EoMPLS configured VLAN interface that sets the MPLS EXP bits, the set effects both the Interior Gateway Protocol (IGP) label and the VC label. If the customer traffic includes an 802.1q label with associated 802.1p bits, the 802.1p bits are rewritten on the egress PE based on the received VC EXP bits. If the policy sets the MPLS EXP bits to a different value from the received 802.1p bits, the rewriting on the egress PE results in a modification of the customer's 802.1p bits.

The Dot1q Transparency for EoMPLS feature provides the option for the VLAN-applied policy to affect only the IGP label (for core QoS) and leaves the VC label EXP bits equal to the 802.1p bits. On the egress PE, the 802.1p bits are still rewritten based on the received VC EXP bits, however, because the EXP bits now match the ingress 802.1p bits, a VPLS customer's 802.1p bits do not change.

Restrictions

The following restrictions apply to the Dot1q Transparency for EoMPLS feature:

  • Global configuration applies to all virtual forwarding instance (VFI) and switched virtual interface (SVI) EoMPLS VCs configured on the Cisco 7600 series routers.
  • Interoperability requires applying the Dot1q Transparency for EoMPLS feature to all participating PE routers.

SUMMARY STEPS

1. enable

2. configure terminal

3. platform vfi dot1q-transparency

4. interface vlan

5. no ip address

6. xconnect peer-router-id vcid encapsulation mpls

7. service-policy output

DETAILED STEPS

 

Command or Action
Purpose

Step 1

enable

 

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

platform vfi dot1q-transparency

 

Router(config)# platform vfi dot1q-transparency

Sets the EXP value in the remote VC label with the DBUS CoS value.

Step 4

interface vlan vlanid

 

Router(config)# interface vlan 566

Creates a unique VLAN ID number.

Step 5

no ip address ip-address mask [secondary]
 
Router(config)# no ip address

Disables IP processing.

Step 6

xconnect peer-router-id vcid encapsulation mpls
 
Router(config-subif)# xconnect 10.0.0.1 123 encapsulation mpls

Binds the attachment circuit to a pseudowire VC. The syntax for this command is the same as for all other Layer 2 transports.

Step 7

Router(config-if)# service-policy output policy-name
 
Router(config-if)# service-policy output policy-name ip

Attaches a traffic policy to an interface.

This is an example of configuring the Dot1q Transparency feature.

platform vfi dot1q-transparency
!
l2 vfi customer-A manual
vpn id 200
neighbor 1.0.10.1 encapsulation mpls
neighbor 1.0.11.1 encapsulation mpls
neighbor 1.0.111.1 encapsulation mpls
!
class-map match-all any
match any
!
policy-map mpls-set-exp-1
class any
set mpls experimental imposition 1
!
interface Vlan200
no ip address
xconnect vfi customer-A
service-policy input mpls-set-exp-1
 

Use the show cwan vfi dot1q-transparent command to verify the VLAN is in the up state.

Router# show cwan vfi dot1q-transparency
VFI dot1q transparency is enabled
Router#

Verification

You can use the following command on the RP or on the line card. Use the ‘|’ output modifier to find the interface you are interested in:

PE1#show mpls l2 vc 29999 det

Local interface: VFI 300 VFI up

Interworking type is Ethernet

Destination address: 13.13.13.13, VC ID: 29999, VC status: up Output interface: Tu0, imposed label stack {26 17} Preferred path: Tunnel0, active Default path: ready Next hop: point2point Create time: 05:43:17, last status change time: 04:18:37 Signaling protocol: LDP, peer 13.13.13.13:0 up Targeted Hello: 10.10.10.10(LDP Id) -> 13.13.13.13, LDP is UP Status TLV support (local/remote) : enabled/supported LDP route watch : enabled Label/status state machine : established, LruRru Last local dataplane status rcvd: No fault Last local SSS circuit status rcvd: No fault Last local SSS circuit status sent: No fault Last local LDP TLV status sent: No fault Last remote LDP TLV status rcvd: No fault Last remote LDP ADJ status rcvd: No fault MPLS VC labels: local 17, remote 17 Group ID: local 0, remote 0

MTU: local 1500, remote 1500

Remote interface description:

Sequencing: receive disabled, send disabled Control Word: On (configured: autosense) VC statistics:

transit packet totals: receive 100668489, send 774258179 transit byte totals: receive 6845457798, send 55718191727 transit packet drops: receive 0, seq error 0, send 0

You can use the following show command to check adjacencies on an ES+ linecard from the RP.

PE1-dfc7#show plat atom ether-vc vlan 300 AToM Ether VC Index(3): segtype(25) seghandle(0x27BC5354)
Disposition : flags(17) vlanid(300) local_vc_label(17)
ForwardingTable: oper(6) flags(0x0) vlan(300) dest_index(0xB83)
Imposition: flags(0x71) egress_idx(0x5) ifnum(74)
tx_tvc(0x4B04) rvclbl[0](17) rigplbl[1](285) label[2](0)
label[3](0) ltl(0xB83) mac(0008.7c62.a800) qos_info(0x0)
Current Destination Index (0xB83)
Platform Data:
loc_lbl acif_num fw_idx cword eg_ifnum ckt_idx vlan ac_hdl vc_hash
17 0 0x5 0x3 74 0x4 300 0x27BC5354 0x3
Platform Index(0x2D19ABC0) is_sw(1) is_vfi(1) vlan(300) pseudo_port_offset(4) tx_tvc(0x4B04)
Statistics : Packets Bytes Drop Pkts Drop Bytes ID
Disposition: 15440 1049920 0 0 0
Imposition : 355628 25605216 0 0 0
Egress Vlan LTL Table vlan(300) ltl(0xE) ppe(3)
feature_cmn_enable(Yes) ft_enable(Yes) ft_bits(VPLS) split_horizon(1), num_labels(1)
tunnel_vc(Yes) same_npu(No) control_word(Yes) vc_type4(No) routed_mode_iw(No)
PolicyId(0x0) Flow_id(0x0) stat_id(0x9E1B4) fat_pw:(No)
XlifID(0xFFFF) tunnel_index(2) Tunnel(5)
Label1(0x11) exp3(0) exp2(0) exp1(0) exp0(0)
Label2(0x0) exp7(0) exp6(0) exp5(0) exp4(0)
Label3(0x0) poe_mask(0x0) poch_enabled(Yes)
mac_hi(0x87C62) mac_low(0xA800)
poch_slot(0xE), poch_number(0x1)
-----------------------------------------
TE Label Table for tunnel:(2):
num_lbls:(4) label1:(33) ttl1:(255), eos1:(0)
label2:(26) ttl2:(255), eos2:(0)
slot:(13), ltl_base:(502), mac:0015.2b19.a540
-----------------------------------------
-- Tunnel State --
same_slot(Yes) same_npu(Yes) prot_slot(Yes)
bkup_slot(Yes) backup_active(No) local(Yes)
ifnum(74) ppe(3) bkup_ifnum(37), bkup_ppe(3) prot_ifnum(74) prot_ppe(3)
------------------------------
Disposition MPLS Table at Label:(17):
vlan:(300) vc_type4:(0), control_word:(1), l2_fwd_permit(0)
imp_ltl_base:(0x75) imp_ltl_slot:(14) imp_ltl_off:(14)
routed_mode_iw:(0) dmac: 0000.0000.0000 fat_pw_enabled:(No)
tunnel_index:(2) stat_id:(647603) split_horizon:(0x1)
fat-pw:(0) fat-pw-internal:(0)
-----------------------------------------
Egress Vlan LTL Table vlan(300) ltl(0xE) ppe(3)
feature_cmn_enable(Yes) ft_enable(Yes) ft_bits(VPLS) split_horizon(1), num_labels(1)
tunnel_vc(Yes) same_npu(No) control_word(Yes) vc_type4(No) routed_mode_iw(No)
PolicyId(0x0) Flow_id(0x0) stat_id(0x9E1B4) fat_pw:(No)
XlifID(0xFFFF) tunnel_index(2) Tunnel(5)
Label1(0x11) exp3(0) exp2(0) exp1(0) exp0(0)
Label2(0x0) exp7(0) exp6(0) exp5(0) exp4(0)
Label3(0x0) poe_mask(0x0) poch_enabled(Yes)
mac_hi(0x87C62) mac_low(0xA800)
poch_slot(0xE), poch_number(0x1)
-----------------------------------------
TE Label Table for tunnel:(2):
num_lbls:(4) label1:(33) ttl1:(255), eos1:(0)
label2:(26) ttl2:(255), eos2:(0)
slot:(13), ltl_base:(502), mac:0015.2b19.a540
-----------------------------------------
-- Tunnel State --
same_slot(Yes) same_npu(Yes) prot_slot(Yes)
bkup_slot(Yes) backup_active(No) local(Yes)
ifnum(74) ppe(3) bkup_ifnum(37), bkup_ppe(3) prot_ifnum(74) prot_ppe(3)
------------------------------
Disposition MPLS Table at Label:(17):
vlan:(300) vc_type4:(0), control_word:(1), l2_fwd_permit(0)
imp_ltl_base:(0x75) imp_ltl_slot:(14) imp_ltl_off:(14)
routed_mode_iw:(0) dmac: 0000.0000.0000 fat_pw_enabled:(No)
tunnel_index:(2) stat_id:(647603) split_horizon:(0x1)
fat-pw:(0) fat-pw-internal:(0)
-----------------------------------------
Egress Vlan LTL Table vlan(300) ltl(0xE) ppe(3)
feature_cmn_enable(Yes) ft_enable(Yes) ft_bits(VPLS) split_horizon(1), num_labels(1)
tunnel_vc(Yes) same_npu(No) control_word(Yes) vc_type4(No) routed_mode_iw(No)
PolicyId(0x0) Flow_id(0x0) stat_id(0x9E1B4) fat_pw:(No)
XlifID(0xFFFF) tunnel_index(2) Tunnel(5)
Label1(0x11) exp3(0) exp2(0) exp1(0) exp0(0)
Label2(0x0) exp7(0) exp6(0) exp5(0) exp4(0)
Label3(0x0) poe_mask(0x0) poch_enabled(Yes)
mac_hi(0x87C62) mac_low(0xA800)
poch_slot(0xE), poch_number(0x1)
-----------------------------------------
TE Label Table for tunnel:(2):
num_lbls:(4) label1:(33) ttl1:(255), eos1:(0)
label2:(26) ttl2:(255), eos2:(0)
slot:(13), ltl_base:(502), mac:0015.2b19.a540
-----------------------------------------
-- Tunnel State --
same_slot(Yes) same_npu(Yes) prot_slot(Yes)
bkup_slot(Yes) backup_active(No) local(Yes)
ifnum(74) ppe(3) bkup_ifnum(37), bkup_ppe(3) prot_ifnum(74) prot_ppe(3)
------------------------------
Disposition MPLS Table at Label:(17):
vlan:(300) vc_type4:(0), control_word:(1), l2_fwd_permit(0)
imp_ltl_base:(0x75) imp_ltl_slot:(14) imp_ltl_off:(14)
routed_mode_iw:(0) dmac: 0000.0000.0000 fat_pw_enabled:(No)
tunnel_index:(2) stat_id:(647603) split_horizon:(0x1)
fat-pw:(0) fat-pw-internal:(0)
-----------------------------------------
Egress Vlan LTL Table vlan(300) ltl(0xE) ppe(3)
feature_cmn_enable(Yes) ft_enable(Yes) ft_bits(VPLS) split_horizon(1), num_labels(1)
tunnel_vc(Yes) same_npu(No) control_word(Yes) vc_type4(No) routed_mode_iw(No)
PolicyId(0x0) Flow_id(0x0) stat_id(0x9E1B4) fat_pw:(No)
XlifID(0xFFFF) tunnel_index(2) Tunnel(5)
Label1(0x11) exp3(0) exp2(0) exp1(0) exp0(0)
Label2(0x0) exp7(0) exp6(0) exp5(0) exp4(0)
Label3(0x0) poe_mask(0x0) poch_enabled(Yes)
mac_hi(0x87C62) mac_low(0xA800)
poch_slot(0xE), poch_number(0x1)
-----------------------------------------
TE Label Table for tunnel:(2):
num_lbls:(4) label1:(33) ttl1:(255), eos1:(0)
label2:(26) ttl2:(255), eos2:(0)
slot:(13), ltl_base:(502), mac:0015.2b19.a540
-----------------------------------------
-- Tunnel State --
same_slot(Yes) same_npu(Yes) prot_slot(Yes)
bkup_slot(Yes) backup_active(No) local(Yes)
ifnum(74) ppe(3) bkup_ifnum(37), bkup_ppe(3) prot_ifnum(74) prot_ppe(3)
------------------------------
Disposition MPLS Table at Label:(17):
vlan:(300) vc_type4:(0), control_word:(1), l2_fwd_permit(0)
imp_ltl_base:(0x75) imp_ltl_slot:(14) imp_ltl_off:(14)
routed_mode_iw:(0) dmac: 0000.0000.0000 fat_pw_enabled:(No)
tunnel_index:(2) stat_id:(647603) split_horizon:(0x1)
fat-pw:(0) fat-pw-internal:(0)
-----------------------------------------
VC Summary: vlan(300) VC count(1)
 
Router#show mls cef adjacency entry 213058 module 2
 
Index: 213058 smac: a100.0000.0006, dmac: 0003.6c41.d800
mtu: 1518, vlan: 1014, dindex: 0x0, l3rw_vld: 1
packets: 0, bytes: 0
 

You can use the following show command from a DFC card to see the TTFIB entry (if present).

Router-dfc2# show platform npc vpls disp-table np 0 label 18
Disposition MPLS Table at Label:(18):
vlan:(0) vc_type4:(0), control_word:(0), l2_fwd_permit(0)
imp_ltl_base:(0x0) imp_ltl_slot:(0) imp_ltl_off:(0)
routed_mode_iw:(0) dmac: 0000.0000.0000 fat_pw_enabled:(No)
tunnel_index:(0) stat_id:(0) split_horizon:(0x0)
fat-pw:(0) fat-pw-internal:(1)
-----------------------------------------
Router-dfc2#

Troubleshooting

This section describes how to troubleshoot common EoMPLS and AToMPLS issues.

Scenarios/Problems
Solution

How do I display information about AToM VCs and static pseudowires that have been enabled to route Layer 2 packets on a router?

Use the show mpls l2transport vc command. This example shows the information that is provided when an AToM static pseudowire is provisioned and the show mpls l2transport vc detail command is used to check the configuration. The Signaling protocol field specifies Manual because a directed control protocol such as Label Distribution Protocol (LDP) cannot be used to exchange parameters on static pseudowires. The remote interface description field seen for nonstatic pseudowire configurations is not displayed because remote information is exchanged using signaling between the PE routers and this is not done on static pseudowires:

Router# show mpls l2transport vc detail

Local interface: Et1/0 up, line protocol up, Ethernet up

Destination address: 10.1.1.2, VC ID: 100, VC status: up

Output interface: Et2/0, imposed label stack {10003 150}

Preferred path: not configured

Default path: active

Next hop: 10.0.0.2

Create time: 00:18:57, last status change time: 00:16:10

Signaling protocol: Manual

MPLS VC labels: local 100, remote 150

Group ID: local 0, remote 0

MTU: local 1500, remote 1500

Remote interface description:

Sequencing: receive disabled, send disabled

VC statistics:

packet totals: receive 219, send 220

byte totals: receive 20896, send 26694

packet drops: receive 0, send 0

How do I display the contents of the MPLS LFIB?

Use the show mpls forwarding-table command. This is a sample output of the command:

Router# show mpls forwarding-table

Local Outgoing Prefix Bytes label Outgoing Next Hop

Label Label or VC or Tunnel Id switched interface

26 No Label 10.253.0.0/16 0 Et4/0/0 10.27.32.4

28 1/33 10.15.0.0/16 0 AT0/0.1 point2point

29 Pop Label 10.91.0.0/16 0 Hs5/0 point2point

1/36 10.91.0.0/16 0 AT0/0.1 point2point

30 32 10.250.0.97/32 0 Et4/0/2 10.92.0.7

32 10.250.0.97/32 0 Hs5/0 point2point

34 26 10.77.0.0/24 0 Et4/0/2 10.92.0.7

26 10.77.0.0/24 0 Hs5/0 point2point

35 No Label[T] 10.100.100.101/32 0 Tu301 point2point

36 Pop Label 10.1.0.0/16 0 Hs5/0 point2point

1/37 10.1.0.0/16 0 AT0/0.1 point2point

[T] Forwarding through a TSP tunnel.

View additional labeling info with the 'detail' option

 

This is a sample output of the show mpls forwarding-table command when the IPv6 Provider Edge Router over MPLS feature is configured to allow IPv6 traffic to be transported across an IPv4 MPLS backbone. The labels are aggregated because there are several prefixes for one local label, and the prefix column contains "IPv6" instead of a target prefix.

Router# show mpls forwarding-table

Local Outgoing Prefix Bytes label Outgoing Next Hop

Label Label or VC or Tunnel Id switched interface

16 Aggregate IPv6 0

17 Aggregate IPv6 0

18 Aggregate IPv6 0

19 Pop Label 192.168.99.64/30 0 Se0/0 point2point

20 Pop Label 192.168.99.70/32 0 Se0/0 point2point

21 Pop Label 192.168.99.200/32 0 Se0/0 point2point

22 Aggregate IPv6 5424

23 Aggregate IPv6 3576

24 Aggregate IPv6

 

This is a sample output of the show mpls forwarding-table command when you specify the detail keyword. If the MPLS EXP level is used as a selection criterion for packet forwarding, a bundle adjacency exp (vcd) field is included in the display. This field includes the EXP value and the corresponding virtual circuit descriptor (VCD) in parentheses. The line in the output that reads "No output feature configured" indicates that the MPLS egress NetFlow accounting feature is not enabled on the outgoing interface for this prefix.

Router# show mpls forwarding-table detail

Local Outgoing Prefix Bytes label Outgoing Next Hop

label label or VC or Tunnel Id switched interface

16 Pop label 10.0.0.6/32 0 AT1/0.1 point2point

Bundle adjacency exp(vcd)

0(1) 1(1) 2(1) 3(1) 4(1) 5(1) 6(1) 7(1)

MAC/Encaps=12/12, MTU=4474, label Stack{}

00010000AAAA030000008847

No output feature configured

17 18 10.0.0.9/32 0 AT1/0.1 point2point

Bundle adjacency exp(vcd)

0(1) 1(1) 2(1) 3(1) 4(1) 5(1) 6(1) 7(1)

MAC/Encaps=12/16, MTU=4470, label Stack{18}

00010000AAAA030000008847 00012000

No output feature configured

18 19 10.0.0.10/32 0 AT1/0.1 point2point

Bundle adjacency exp(vcd)

0(1) 1(1) 2(1) 3(1) 4(1) 5(1) 6(1) 7(1)

MAC/Encaps=12/16, MTU=4470, label Stack{19}

00010000AAAA030000008847 00013000

No output feature configured

19 17 10.0.0.0/8 0 AT1/0.1 point2point

Bundle adjacency exp(vcd)

0(1) 1(1) 2(1) 3(1) 4(1) 5(1) 6(1) 7(1)

MAC/Encaps=12/16, MTU=4470, label Stack{17}

00010000AAAA030000008847 00011000

No output feature configured

20 20 10.0.0.0/8 0 AT1/0.1 point2point

Bundle adjacency exp(vcd)

0(1) 1(1) 2(1) 3(1) 4(1) 5(1) 6(1) 7(1)

MAC/Encaps=12/16, MTU=4470, label Stack{20}

00010000AAAA030000008847 00014000

No output feature configured

21 Pop label 10.0.0.0/24 0 AT1/0.1 point2point

Bundle adjacency exp(vcd)

0(1) 1(1) 2(1) 3(1) 4(1) 5(1) 6(1) 7(1)

MAC/Encaps=12/12, MTU=4474, label Stack{}

00010000AAAA030000008847

No output feature configured

22 Pop label 10.0.0.4/32 0 Et2/3 10.0.0.4

MAC/Encaps=14/14, MTU=1504, label Stack{}

000427AD10430005DDFE043B8847

No output feature configured

 

How do I check the MPLS entries in the MLS-hardware Layer 3 switching table for a specific label?

Use the show mls cef mpls command. This is a sample output of the command when you specify the label keyword:

PE1-sp# show mls cef mpls labels 60

Codes: + - Push label, - - Pop Label * - Swap Label, E - exp1

Index Local Label Out i/f

Label Op

224 60 20 PO9/2/0, 0000.0950.ffff

How do I know the adjacency-entry information for the specified index?

Use the show mls cef adjacency entry command. This is a sample output of the command:

PE1-sp# show mls cef adjacency entry 458752 detail

Index: 458752 smac: 0013.1abf.3300, dmac: 0000.0950.ffff

mtu: 4488, vlan: 1041, dindex: 0x0, l3rw_vld: 1

format: MPLS, flags: 0x208408

label0: 0, exp: 0, ovr: 0

label1: 0, exp: 0, ovr: 0

label2: 20, exp: 0, ovr: 0

op: REPLACE_LABEL2

packets: 0, bytes: 0

How do I check the SSM switch settings?

Use the show ssm switch command. This is a sample output of the command:

PE1# show ssm switch id 45101

Switch-ID 45101 State: Open

Segment-ID: 294992 Type: AToM[17]

Switch-ID: 45101

Physical intf: Remote

Allocated By: This CPU

Locked By: SIP [1]

Class: SSS

State: Active

Class: ADJ

State: Active

 

Segment-ID: 45109 Type: Vlan[3]

Switch-ID: 45101

Physical intf: Local

Allocated By: This CPU

Locked By: SIP [1]

Class: SSS

State: Active

AC Switching Context: Gi8/1/0.131

SSS Info : Switch Handle 0x86000024 Ckt 0x54BD7190

Interworking 1 Encap Len 4 Boardencap Len 0 MTU 0

AC Encap [4 bytes]

8100 0083

Class: ADJ

State: Active

AC Adjacency context:

adjacency = 0x52D0A8C0 [complete] RAW GigabitEthernet8/1/0.131:131

AC Encap [4 bytes]

8100 0083

How do I know information about the xconnect attachment circuits and pseudowires?

Use the show xconnect interface command. This is a sample output of the command:

PE1# show xconnect interface GigabitEthernet8/1/0.131

Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State

UP=Up DN=Down AD=Admin Down IA=Inactive

SB=Standby RV=Recovering NH=No Hardware

 

XC ST Segment 1 S1 Segment 2 S2

------------------------{}------------------------

UP ac Gi8/1/0.131:131(Eth VLAN) UP mpls 12.205.2.2:131 UP

How do I debug a problem related to the xconnect configuration?

Use the debug xconnect command. This example shows output from the debug xconnect command for an xconnect session on an Ethernet interface:

Router# debug xconnect

00:01:16: XC AUTH [Et2/1, 5]: Event: start xconnect authorization, state changed from IDLE

to AUTHORIZING

00:01:16: XC AUTH [Et2/1, 5]: Event: found xconnect authorization, state changed from

AUTHORIZING to DONE

00:01:16: XC AUTH [Et2/1, 5]: Event: free xconnect authorization request, state changed

from DONE to END

How do I debug the Segment Switching Manager (SSM) for switched Layer 2 segments?

Use the debug ssm cm command. This example shows the events that occur on the CM and SM when an AToM VC is provisioned and then unprovisioned:

Router# debug ssm cm events

SSM Connection Manager events debugging is on

Router# debug ssm sm events

SSM Segment Manager events debugging is on

Router# configure terminal

Router(config)# interface ethernet1/0

Router(config-if)# xconnect 10.55.55.2 101 pw-class mpls

16:57:34: SSM CM: provision switch event, switch id 86040

16:57:34: SSM CM: [Ethernet] provision first segment, id 12313

16:57:34: SSM CM: CM FSM: state Idle - event Provision segment

16:57:34: SSM CM: [SSS:Ethernet:12313] provision segment 1

16:57:34: SSM SM: [SSS:Ethernet:12313] event Provison segment

16:57:34: SSM CM: [SSS:Ethernet] shQ request send ready event

16:57:34: SSM CM: SM msg event send ready event

16:57:34: SSM SM: [SSS:Ethernet:12313] segment ready

16:57:34: SSM SM: [SSS:Ethernet:12313] event Found segment data

16:57:34: SSM CM: Query AToM to Ethernet switching, enabled

16:57:34: SSM CM: [AToM] provision second segment, id 16410

16:57:34: SSM CM: CM FSM: state Down - event Provision segment

16:57:34: SSM CM: [SSS:AToM:16410] provision segment 2

16:57:34: SSM SM: [SSS:AToM:16410] event Provison segment

16:57:34: SSM CM: [AToM] send client event 6, id 16410

16:57:34: label_oce_get_label_bundle: flags 14 label 19

16:57:34: SSM CM: [SSS:AToM] shQ request send ready event

16:57:34: SSM CM: SM msg event send ready event

16:57:34: SSM SM: [SSS:AToM:16410] segment ready

16:57:34: SSM SM: [SSS:AToM:16410] event Found segment data

16:57:34: SSM SM: [SSS:AToM:16410] event Bind segment

16:57:34: SSM SM: [SSS:Ethernet:12313] event Bind segment

16:57:34: SSM CM: [AToM] send client event 3, id 16410

 

Router# configure terminal

Router(config)# interface e1/0

Router(config-if)# no xconnect

16:57:26: SSM CM: [Ethernet] unprovision segment, id 16387

16:57:26: SSM CM: CM FSM: state Open - event Free segment

16:57:26: SSM CM: [SSS:Ethernet:16387] unprovision segment 1

16:57:26: SSM SM: [SSS:Ethernet:16387] event Unprovison segment

16:57:26: SSM CM: [SSS:Ethernet] shQ request send unprovision complete event

16:57:26: SSM CM: [SSS:AToM:86036] unbind segment 2

16:57:26: SSM SM: [SSS:AToM:86036] event Unbind segment

16:57:26: SSM CM: SM msg event send unprovision complete event

16:57:26: SSM SM: [SSS:Ethernet:16387] free segment class

16:57:26: SSM SM: [SSS:Ethernet:16387] free segment

16:57:26: SSM SM: [SSS:Ethernet:16387] event Free segment

16:57:26: SSM SM: last segment class freed

16:57:26: SSM CM: unprovision switch event, switch id 12290

16:57:26: SSM CM: [SSS:AToM] shQ request send unready event

16:57:26: SSM CM: SM msg event send unready event

16:57:26: SSM SM: [SSS:AToM:86036] event Unbind segment

16:57:26: SSM CM: [AToM] unprovision segment, id 86036

16:57:26: SSM CM: CM FSM: state Down - event Free segment

16:57:26: SSM CM: [SSS:AToM:86036] unprovision segment 2

16:57:26: SSM SM: [SSS:AToM:86036] event Unprovison segment

16:57:26: SSM CM: [SSS:AToM] shQ request send unprovision complete event

16:57:26: SSM CM: SM msg event send unprovision complete event

16:57:26: SSM SM: [SSS:AToM:86036] free segment class

16:57:26: SSM SM: [SSS:AToM:86036] free segment

16:57:26: SSM SM: [SSS:AToM:86036] event Free segment

16:57:26: SSM SM: last segment class freed

How do I display information about the status of the AToM virtual circuits (VCs)?

Use the debug mpls l2transport command. This is a sample output of MPLS Pseudowire Status Signaling messages from the debug mpls l2transport vc status event and debug mpls l2transport vc status fsm commands:

Router# debug mpls l2transport vc status event

Router# debug mpls l2transport vc status fsm

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: Receive SSS STATUS(UP)

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: AC status UP

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: S:Evt local up, LndRru->LnuRru

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: S:Evt local ready, LnuRru->LruRru

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: S:Act send label(UP)

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: Send label(UP)

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: Local AC : UP

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: Dataplane: no fault

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: Overall : no fault

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: Remote label is ready

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: S:Evt remote ready in LruRru

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: S:Evt remote up in LruRru

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: S:Evt dataplane clear fault in LruRru

*Feb 26 14:03:42.543: AToM MGR [10.9.9.9, 100]: S:Evt dataplane clear fault in LruRru

*Feb 26 14:03:42.551: AToM MGR [10.9.9.9, 100]: S:Evt dataplane clear fault in LruRru

The status codes in the messages, such as S: and LruRru, indicate the status of the local and remote routers. The following list translates the status codes:

L—local router

R—remote router

r or n—ready (r) or not ready (n)

u or d— up (u) or down (d) status

The output also includes these values:

D—Dataplane

S—Local shutdown

When I ping from CE1 to CE2, it is failing with MTU 1200 or above.

To troubleshoot this issue, do the following:

  • Run show interface command in CE1, CE2, PE1, and PE2 to check where the packets are dropping.
  • Run show mpls l2transport vc vcid detail command to check the imposition and disposition packet count in PE1 and PE2.
  • Assuming packets are dropping in PE1 imposition direction, check the MTU negotiated between the peers (PE1 and PE2) by running show mpls l2transport vc vcid detail command.
  • If MTU negotiated is 1200, it is the problem. Otherwise, check the core-facing interface MTU. If core-facing interface MTU is around 1200, the packets from CE cannot be sent towards the core, and line card drops the packets.

MPLS-TP Support for Ethernet Access Circuits

The Multiprotocol Label Switching-Transport Profile (MPLS-TP) support for Ethernet Access Circuits feature enables a service provider to merge features and capabilities of Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH) networks and MPLS/Ethernet technologies. MPLS-TP replaces the circuit switching with packet switching while retaining these characteristics of SONET/SDH networks:

  • Support in-band Operation, Administration, and Maintenance (OAM).
  • Support fast failure detection using Bidirectional Forwarding Detection (BFD).
  • Static provisioning of circuits.

The MPLS-TP feature provides standards-based transport technologies. Service providers can use a single unified interface for point-and-click provisioning of wavelengths and MPLS-TP label switch paths.


Note For more information about this feature, see http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_transport_profile.html.


Restrictions for MPLS-TP Support for Ethernet Access Circuits

The following restrictions apply to MPLS-TP support for Ethernet Access Circuits feature on ES+ line card:

  • MPLS-TP interface on endpoints is supported only on ES+ Line card.
  • You can configure MPLS-TP mid-points interface on any line card.
  • Scalable Ethernet over MPLS (EoMPLS, xConnect under EVC) is supported.
  • Policy Feature Card (PFC) based EoMPLS and SVI based EoMPLS (xConnect under VLAN) are not supported for MPLS-TP.
  • Virtual Private LAN Services (VPLS) over MPLS-TP is not supported.
  • MPLS-TP with dynamic pseudowire (PW) is not supported; only the static PWs are supported.
  • A maximum of 2000 PW OAM packets are supported at an instance of time for MPLS-TP feature.
  • Equal Cost Multi-Path (ECMP) is not supported for MPLS-TP.
  • Penultimate Hop Popping (PHP) is not supported for MPLS-TP.
  • Different BFD timers for active and standby Label Switched Paths (LSPs) is not supported.
  • Tunnel hierarchy (nested tunnels) is not supported.
  • Only the revertive mode is supported.
  • The maximum sessions supported with different timer profile combination is 255 per ES+ line card.
  • MPLS-TP is only supported with BFD Hardware Offload.
  • Asymmetric BFD slow timers are not supported.
  • BFD Timer profiles supported for MPLS-TP are 10 ms and 50 ms.
  • IP-less provisioning is not supported on MPLS-TP links.
  • QoS is not supported on MPLS-TP tunnel interface.
  • The line cards supported for EVC based Xconnect are:

ES+

SIP400

SIP600

ESM20

Table 6-1 lists the MPLS-TP BFD Session profile per Network Processor.

Table 6-1 MPLS-TP BFD Session profile per Network Processor

 

BFD Tx/Rx Timer (ms)
Number of BFD Sessions
Number of MPLS-TP Tunnels

10

100

50

50

250

125


Note For more restriction information, see BFD Restrictions.


BFD Over VCCV Control Channel, Support for Ethernet AC

Bidirectional Forwarding Detection (BFD) over Virtual Circuit Connectivity Verification (VCCV) is a mechanism to operate and manage pseudowires for fault detection and diagnostics. BFD is a protocol that detects faults in the bidirectional path between two forwarding engines. In pseudowires (PW), BFD uses VCCV for detecting data plane failures. VCCV provides a control channel that is associated with a pseudowire and the corresponding operations and management functions.

MPLS pseudowires can dynamically signal or statically configure virtual circuit (VC) labels. VCCV control channel (CC) types define possible control channels that VCCV can support and the connection verification (CV) type indicates the types of CV packets and protocols that can be sent on the specified control channel. In dynamically signalled pseudowires, the CC and CV types are also signalled. In statically configured pseudowires, the CC and CV types must be configured on both the ends of the pseudowire.

The BFD over VCCV modes are supported on the following pseudowires:

  • Static pseudowire with attachment circuit signaling
  • Static pseudowire without attachment circuit signaling
  • Dynamic pseudowire without attachment circuit signaling

Restrictions for BFD Over VCCV Control Channel on ES+ Line Card

The following restrictions apply to the BFD over VCCV feature:

  • The access (CE) facing line card, on which Xconnect is configured, must be an ES+ line card.
  • Pseudowires must be transported over MPLS-TP. MPLS-TP is only supported on ES+ line cards. For more information on restrictions that apply to MPLS-TP support, see Restrictions for MPLS-TP Support for Ethernet Access Circuits.
  • Only BFD over VCCV Type-1 without Internet Protocol (IP) / User Datagram Protocol (UDP) is supported. In VCCV Type-1, traffic follows the same path as pseudowire data traffic and VCCV Type-1 can be used only for MPLS pseudowires with the control word.
  • L2TPv3 is not supported.
  • Configure the BFD over VCCV feature only if the core facing interface is the ES+ line card.
  • Pseudowire redundancy is not supported.
  • Up to 1200 pseudowires can be enabled for BFD over VCCV.
  • When BFD over VCCV is enabled on the pseudowire, switched virtual interface (SVI) based ethernet over multi protocol label switching (EoMPLS) is not supported.
  • BFD over VCCV sessions are supported only on single-segment pseudowires between provider edge routers (PEs).
  • BFD over VCCV sessions between terminating PE routers (T-PEs) and switching PE routers (S-PEs) are not supported.
  • BFD over VCCV sessions are supported only on multi-segment pseudowires between terminating PE routers (T-PEs).

Configuration Steps

Complete the following steps to configure BFD over VCCV for static and dynamic pseudowires.

SUMMARY STEPS


Step 1 enable

Step 2 configure terminal

Step 3 bfd-template single-hop bfd-template-name

Step 4 interval min-tx msec min-rx msec multiplier number

Step 5 exit

Step 6 pseudowire-class pseudowire-class-name

Step 7 encapsulation mpls

Step 8 protocol none

Step 9 preferred-path {interface tunnel tunnel-number | peer {ip-address | host-name}} [disable-fallback]

Step 10 exit

Step 11 interface gigabitethernet slot/port

Step 12 service instance id ethernet

Step 13 encapsulation dot1q vlan-id

Step 14 xconnect destination vc-id pseudowire-class pseudowire-class-name

Step 15 mpls control-word

Step 16 mpls label local-pseudowire-label remote-pseudowire-label

Step 17 exit

Step 18 pseudowire-class pseudowire-class-name

Step 19 vccv bfd template bfd-template-name

Step 20 vccv bfd status signaling

Step 21 exit

DETAILED STEPS

 

Command
Purpose

Step 1

enable

 

Router> enable

Enables privileged EXEC mode.

  • Enter your password when prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

bfd-template single-hop bfd-template-name

 

Router(config)#bfd-template single-hop bfd_name

Specifies the BFD template.

Step 4

interval min-tx msec min-rx msec multiplier number

 

Router(config-bfd)#interval min-tx 500 min-rx 500 multiplier 3

Specifies the following BFD VCCV parameters:

  • min-tx : Minimum transmission interval in milliseconds, that the local system uses when transmitting BFD control packets. The valid range is 50-999.
  • min-rx : Minimum receiving interval in milliseconds, between received control packets that this system is capable of supporting. The valid range is 50-999.
  • multiplier : The negotiated transmit interval, multiplied by this value, provides the detection time for the transmitting system in asynchronous mode.

Step 5

exit

 

Router(config-bfd)#exit

Exits the BFD template configuration mode.

Step 6

pseudowire-class pseudowire-class-name

 

Router(config)#pseudowire-class BFD

Specifies the pseudowire class.

Step 7

encapsulation mpls

 

Router(config-pw-class)#encapsulation mpls

Specifies the encapsulation method.

Step 8

protocol none

 

Router(config-pw-class)#protocol none

Disables the configured protocol.

Step 9

preferred-path {interface tunnel tunnel-number | peer {ip-address | host-name}} [disable-fallback]

 

Router(config-pw-class)# preferred-path interface tunnel 1 disable-fallback

Specifies the path that the traffic uses, either Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) tunnel or destination IP address and Domain Name Server (DNS) name.

Step 10

exit

 

Router(config-pw-class)#exit

Exits the pseudowire class configuration mode.

Step 11

interface gigabitethernet slot/port

or

interface tengigabitethernet slot/port

 

Router(config)#interface gigabitethernet 4/1

Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:

  • slot/port—Specifies the location of the interface.

Step 12

service instance id ethernet

 

Router(config-if)#service instance 9 ethernet

Configures an ethernet service instance on an interface.

Step 13

encapsulation dot1q vlan-id

 

Router(config-if-srv)#encapsulation dot1q 9

Enables IEEE 802.1Q encapsulation for the traffic on the specified interface in the VLAN.

Step 14

xconnect destination vc-id pseudowire-class pseudowire-class-name

 

Router(config-if-srv)#xconnect 1.1.1.1 9 encapsulation mpls manual pw-class tp-pw

Binds an Ethernet, 802.1q VLAN, or Frame Relay attachment circuit to a Layer 2 Tunnel Protocol Version 3 (L2TPv3) pseudowire for xconnect service and enters the xconnect configuration mode.

Step 15

mpls control-word

 

Router(config-if-srv)#mpls control-word

Enables the Multiprotocol Label Switching (MPLS) control word in an Any Transport over MPLS (AToM) static pseudowire connection.

Step 16

mpls label local-pseudowire-label remote-pseudowire-label

 

Router(config-if-srv)#mpls label 100 150

Enables the MPLS label in an AToM static pseudowire connection.

Step 17

exit

 

Router(config-if-srv)#exit

Exits the service instance configuration mode.

Step 18

pseudowire-class pseudowire-class-name

 

Router(config)#pseudowire-class BFD

Specifies the pseudowire class.

Step 19

vccv bfd template bfd-template-name

 

Router(config-pw-class)#vccv bfd template bfd_temp_name

Applies the configured BFD interval timers to BFD VCCV pseudowire class.

Step 20

vccv bfd status signaling

 

Router(config-pw-class)#vccv bfd status signaling

Enables status signaling for BFD VCCV.

Step 21

exit

 

Router(config-if-srv)#exit

Exits the configuration mode.


Note If you apply or remove a QoS service policy on the ATM PVC, the configured BFD VCCV sessions are also renegotiated and a minimal drop in data traffic occurs.


Example

This example shows how to configure BFD over VCCV:

Router>enable
Router#configure terminal
Router(config)#bfd-template single-hop bfd_name
Router(config-bfd)#interval min-tx 500 min-rx 500 multiplier 3
Router(config-bfd)#exit
Router(config)#pseudowire-class BFD
Router(config-pw-class)#encapsulation mpls
Router(config-pw-class)#protocol none
Router(config-pw-class)#preferred-path interface tunnel 1 disable-fallback
Router(config-pw-class)#exit
Router(config)#interface gigabitethernet 4/1
Router(config-if)#service instance 9 ethernet
Router(config-if-srv)#encapsulation dot1q 9
Router(config-if-srv)#xconnect 1.1.1.1 9 encapsulation mpls manual pw-class tp-pw
Router(config-if-srv)#mpls control-word
Router(config-if-srv)#mpls label 100 150
Router(config-if-srv)#exit
Router(config)#pseudowire-class BFD
Router(config-pw-class)#vccv bfd template bfd_temp_name
Router(config-pw-class)#vccv bfd status signaling
Router(config-pw-class)#exit

Verifying BFD VCCV Configuration

Use the show mpls l2 vc command to verify the BFD VCCV configuration.

RouterA# show mpls l2transport vc detail
Local interface: Gi7/4 up, line protocol up, Eth VLAN 2 up
Destination address: 4.4.4.4, VC ID: 101, VC status: up
Output interface: Tp1, imposed label stack {200 80001}
Preferred path: Tunnel-tp1, active
Default path:
Next hop: point2point
Create time: 00:17:41, last status change time: 00:15:12
Signaling protocol: Manual
Status TLV support (local/remote) : enabled/N/A
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: No fault
Last local SSS circuit status rcvd: No fault
Last local SSS circuit status sent: No fault
Last local LDP TLV status sent: None
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 80001, remote 80001
PWID: 4096
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Sequencing: receive disabled, send disabled
Control Word: On (configured: autosense)
VCCV BFD protection active
BFD Template - BFD
CC Type - 1
CV Type - fault detection and status signaling without IP/UDP headers
SSO Descriptor: 4.4.4.4/101, local label: 80001
SSM segment/switch IDs: 8194/4097 (used), PWID: 4096
VC statistics:
transit packet totals: receive 0, send 0
transit byte totals: receive 0, send 0
transit packet drops: receive 0, seq error 0, send 0

 

Alternatively, you could also use the show bfd neighbors command from the destination router to verify the configuration.

RouterB# show bfd neighbors mpls-pw 22.1.1.1 vcid 1 detail
NeighAddr LD/RD RH/RS State Int
22.1.1.1 :1 1/1 Up Up N/A
Session state is UP and not using echo function.
OurAddr: 0.0.0.0
Local Diag: 0, Demand mode: 0, Poll bit: 0

MinTxInt: 500000, MinRxInt: 500000, Multiplier: 3

Received MinRxInt: 500000, Received Multiplier: 3
Holddown (hits): 1372(2), Hello (hits): 500(4051)
Rx Count: 3200, Rx Interval (ms) min/max/avg: 1/488/91 last: 128 ms ago
Tx Count: 3203, Tx Interval (ms) min/max/avg: 40/472/91 last: 128 ms ago
Elapsed time watermarks: 0 0 (last: 0)
Registered protocols: Xconnect
Uptime: 00:04:49
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 1
Multiplier: 3 - Length: 24
My Discr.: 1 - Your Discr.: 1
Min tx interval: 500000 - Min rx interval: 500000

Min Echo interval: 0

Debugging the BFD CCV

Use these debug commands to troubleshoot the BFD VCCV configuration.

Command
Purpose

debug condition xconnect peer ipaddress vcid vcid

Allows conditional filtering of debug messages based on VC ID.

debug mpls l2 vc vccv events

Debugs AToM VCCV events.

debug mpls l2 vc vccv bfd events

Enables the debug event messages during the creation of a BFD session. This command enables debug event messages when BFD sends the data plane fault notification to L2VPN and also when L2VPN sends the attachment circuit signaling status to BFD.