Cisco Nexus 7000 Series NX-OS MPLS Configuration Guide
Configuring Layer 2 VPN Pseudowire Redundancy
Downloads: This chapterpdf (PDF - 524.0KB) The complete bookPDF (PDF - 7.58MB) | The complete bookePub (ePub - 1.96MB) | The complete bookMobi (Mobi - 2.83MB) | Feedback

Table of Contents

Configuring Layer 2 VPN Pseudowire Redundancy

Finding Feature Information

Information About Layer 2 VPN Pseudowire Redundancy

Licensing Requirements for Layer 2 VPN Pseudowire Redundancy

Configuring Layer 2 VPN Pseudowire Redundancy

Configuring a Pseudowire (Optional)

Configuring a Layer 2 VPN XConnect Context

Verifying the Layer 2 VPN Pseudowire Configuration

Configuration Examples for Layer 2 Pseudowire Redundancy

Additional References for Layer 2 VPN Pseudowire Redundancy

Related Documents

Feature History for Layer 2 VPN Pseudowire Redundancy

Configuring Layer 2 VPN Pseudowire Redundancy

This chapter describes how to configure the Layer 2 Virtual Private Network (VPN) Pseudowires Redundancy feature for detecting a failure in the network and rerouting the Layer 2 service to another endpoint that can continue to provide the service.

This chapter includes the following sections:

Finding Feature Information

Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the “New and Changed Information” chapter or the Feature History table below.

Information About Layer 2 VPN Pseudowire Redundancy

When connectivity between end-to-end provider edge (PE) devices fails, L2VPN pseudowire redundancy can select an alternate path to the directed Label Distribution Protocol ( LDP) session and the user data can take over. However, there are some parts of the network where this rerouting mechanism does not protect against interruptions in service. The figure below shows those parts of the network that are vulnerable to an interruption in service.

Figure 32-1 Points of Potential Failure in a Layer 2 VPN Network

 

The L2VPN Pseudowire Redundancy feature ensures that the customer edge (CE) device, CE2, in the figure above can always maintain network connectivity, even if one or all the failures in the figure occur. When you configure L2VPN pseudowire redundancy, you configure the network with redundant pseudowires (PWs) and redundant network elements.

The figures below show how to set up redundant PWs and Attachment Circuits (ACs) to maintain connectivity.

Figure 32-2 L2VPN Network with Redundant PWs and Attachment Circuits

 

Figure 32-3 L2VPN Network with Redundant PWs, Attachment Circuits, and CE Devices

 

 

Figure 32-4 L2VPN Network with Redundant PWs, Attachment Circuits, CE Devices, and PE Devices

 

Licensing Requirements for Layer 2 VPN Pseudowire Redundancy

The following table shows the licensing requirements for this feature:

 

Product
License Requirement

Cisco NX-OS

Layer 2 MVPNs require an MPLS license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide .

Configuring Layer 2 VPN Pseudowire Redundancy

This section includes the following topics:

Configuring a Pseudowire (Optional)

SUMMARY STEPS

1. configure terminal

2. port-profile type pseudowire profile-name

3. encapsulation mpls

4. state enabled

5. end

6. [ no ] interface pseudowire pw-id

7. inherit port-profile profile-name

8. neighbor peer-ip-address vc-id

9. (Optional) copy running-config start-up config

DETAILED STEPS

 

Command
Purpose

Step 1

configure terminal

 

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2

port-profile type pseudowire profile-name

 

switch(config)# port-profile type pseudowire TestSet

switch(config-if-prof)#

Enters interface port-profile configuration mode and configures a port profile.

Step 3

encapsulation mpls

 

switch(config-if-prof)# encapsulation mpls

Specifies MPLS encapsulation for this profile.

Step 4

state enable

 

switch(config-if-prof)# state enable

Enables the profile.

Step 5

end

 

switch(config-if-prof)# end

switch(config)

Returns to privileged EXEC mode.

Step 6

[ no ] interface pseudowire pw-id

 

switch(config)# interface pseudowire 12

switch(config-if-pseudowire)#

Enters interface pseudowire configuration mode and configures a static pseudowire logical interface.

  • The pw-id argument is a unique per-interface identifier for this pseudowire. The range is from 1 to 200000. The range for a static pseudowire is from 1 to 8192.

Note You can use the no form of this command to delete the pseudowire interface and the associated configuration.

Step 7

inherit port-profile profile-name

 

switch(config-if-pseudowire)# inherit port-profile TestSet

Applies a port profile to this interface.

Step 8

neighbor peer-ip-address vc-id

 

switch(config-if-pseudowire)# neighbor 10.2.2.2 100

Configures a emulated virtual circuit for this interface.

  • The combination of the peer-ip-address and vc-id arguments must be unique on a device.
  • The peer IP address is the address of the provider edge (PE) peer.
  • The vc-id argument is an identifier for the virtual circuit between devices. The valid range is from 1 to 4294967295.

Step 9

copy running-config startup-config

 

switch(config-if-pseudowire)# copy running-config startup-config

(Optional) Saves this configuration change.

Configuring a Layer 2 VPN XConnect Context

You can perform this task to add a Layer 2 VPN Attachment Circuit (AC) to associate a backup pseudowire (PW) to the AC.

BEFORE YOU BEGIN

  • Ensure that you have configured the AC (Ethernet Flow Point, pseudowire, Ethernet VLAN) for the Layer 2 VPN services.

Restrictions

  • There can only be two groups, with a maximum of four members (one as the active and three as backup) in each group, for redundancy.
  • If the group name is not specified, only two members can be configured under the Layer 2 VPN XConnect context.

SUMMARY STEPS

1. configure terminal

2. [ no ] interface ethernet slot / port

3. no shutdown

4. l2vpn xconnect context context-name

5. [ no ] member interface-type slot / port [ service-instance service-instance-id ] [ group group-name ] [ priority number ]

6. [ no ] member pseudowire pw-id [ group name ] [ priority number ]

7. [ no ] member pseudowire pw-id [ peer-addr vc-id { encapsulation mpls | port-profile profile-name }] [ group name ] [ priority number ]

8. redundancy delay enable-delay { disable-delay | never } group name

9. (Optional) copy running-config start-up config

DETAILED STEPS

 

Command
Purpose

Step 1

configure terminal

 

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2

interface ethernet slot / port

 

switch(config)# interface ethernet 2/1

switch(config-if)#

Enters interface configuration mode.

Make sure that the subinterface on the adjoining CE device is on the same VLAN as this PE device.

Note You can use the no form of this command to delete the interface and the associated configuration.

Step 3

no shutdown

 

switch(config-if)# no shutdown

Brings the port administratively up.

Step 4

[ no ] l2vpn xconnect context context-name

 

switch(config-if)# l2vpn xconnect context redundancytest

switch(config-xconnect)#

Enters Xconnect configuration mode and establishes a Layer 2 VPN (L2VPN) XConnect context for identifying the two members in a Virtual Private Wire Service (VPWS), multisegment pseudowire, or local connect service.

  • The context-name argument is a unique per-interface identifier for this context. The maximum range is 100 alphanumeric, case-sensitive characters.

Note You can use the no form of this command to delete the context and the associated configuration.

Step 5

[ no ] member i nterface-type slot / port [ service-instance service-instance-id ] [ group group-name ] [ priority number ]

 

switch(config-xconnect)# member ethernet 2/1 service-instance 1 group access-side

Adds an active Ethernet AC, with or without an Ethernet Flow Point (EFP), to the XConnect context.

  • The service-instance-id argument is a unique per-interface identifier for the EFP. The valid range is from 1 to 4000. The range might be restricted due to resource constraints.
  • (Optional) The group group-name keyword and argument combination specifies to which of the redundant groups the member belongs. This configuration is required if the member is backed up by one or more other group members in order to identify to which redundant group each member belongs.
  • (Optional) The priority number keyword and argument combination specifies the priority of the backup pseudowire in instances where multiple backup pseudowires exist. The range is from 1 to 10, with 1 being the highest priority. The default is 0 and is higher than 1.
  • You can use the no form of this command to delete the specified member configuration.

Step 6

[ no ] member pseudowire pw-id [ group group-name ] [ priority number ]

 

switch(config-xconnect)# member pseudowire 2 group access-side priority 1

 

Adds an active pseudowire to the XConnect context.

  • The pw-id argument is a unique per-interface identifier for this pseudowire. The range is from 1 to 200000. The range for a static pseudowire is from 1 to 8192.
  • (Optional) The group group-name keyword and argument combination specifies to which of the redundant groups the member belongs. This configuration is required if the member is backed up by one or more other group members in order to identify to which redundant group each member belongs.
  • (Optional) The priority number keyword and argument combination specifies the priority of the backup pseudowire in instances where multiple backup pseudowires exist. The range is from 1 to 10, with 1 being the highest priority. The default is 0 and is higher than 1.
  • You can use the no form of this command to delete the specified member configuration.

Step 7

[ no ] member pseudowire pw-id [ peer-addr vc-id { encapsulation mpls | port-profile profile-name }] [ group name ] [ priority number ]

 

switch(config-xconnect)# member pseudowire 3 port-profile TestSet group core priority 1

(Optional) Creates a backup pseudowire in the XConnect context. This pseudowire configuration is not be displayed in the running configuration and it is not persistent across stateless start ups.

  • The pw-id argument is a unique per-interface identifier for this pseudowire. The range is from 1 to 200000. The range for a static pseudowire is from 1 to 8192.
  • (Optional) The peer-address and vc-id arguments configure a emulated virtual circuit for this pseudowire.

The combination of the peer-ip-address and vc-id arguments must be unique on a device.

The peer IP address is the address of the provider edge (PE) peer.

The vc-id argument is an identifier for the virtual circuit between devices. The valid range is from 1 to 4294967295.

  • (Optional) The encapsulation mpls keywords specify MPLS encapsulation for this interface.
  • (Optional) The port-profile and profile-name keyword and argument combination specifies that an already-configured pseudowire port profile is to be used for this interface.
  • (Optional) The group group-name keyword and argument combination specifies to which of the redundant groups the member belongs. This configuration is required if the member is backed up by one or more other group members in order to identify to which redundant group each member belongs.
  • (Optional) The priority number keyword and argument combination specifies the priority of the backup pseudowire in instances where multiple backup pseudowires exist. The range is from 1 to 10, with 1 being the highest priority. The default is 0 and is higher than 1.

Note You can use the no form of this command to delete the specified member configuration.

Step 8

copy running-config startup-config

 

switch(config-xconnect)# copy running-config startup-config

(Optional) Saves this configuration change.

Verifying the Layer 2 VPN Pseudowire Configuration

To verify pseudowire redundancy configuration information, perform one of the following tasks:

Command
Purpose

show l2vpn atom vc

Displays information about the A ny Transport over MPLS ( AToM) virtual circuit.

show l2vpn service xconnect all

Displays status information about the specified XConnect service.

Configuration Examples for Layer 2 Pseudowire Redundancy

The following example shows an Ethernet attachment circuit XConnect and a backup pseudowire:

interface Ethernet2/1
no shutdown
l2vpn xconnect context test
member pseudowire1 group core
member 9.9.9.3 200 encapsulation mpls group core priority 2
member Ethernet2/1
 

The following example shows an Ethernet VLAN attachment circuit XConnect with a service instance and a backup pseudowire:

interface Ethernet2/1
no shutdown
service instance 100 ethernet
encapsulation dot1q 100
no shutdown
l2vpn xconnect context test
member pseudowire1 group core
member 9.9.9.3 200 encapsulation mpls group core priority 2
member Ethernet2/1 service-instance 100
 

The following example shows an Ethernet VLAN attachment circuit XConnect with a subinterface and a backup pseudowire:

interface Ethernet2/1.100
no shutdown
encapsulation dot1q 100
l2vpn xconnect context test
member pseudowire1 group core
member 9.9.9.3 200 encapsulation mpls group core priority 2
member Ethernet2/1.100
 

Additional References for Layer 2 VPN Pseudowire Redundancy

For additional information related to configuring ACs for VPLS, see the following sections:

Related Documents

Related Topic
Document Title

Interface commands

Cisco Nexus 7000 Series NX-OS Interfaces Command Reference

MPLS commands

Cisco Nexus 7000 Series NX-OS MPLS Command Reference

Feature History for Layer 2 VPN Pseudowire Redundancy

Table 32-1 lists the release history for this feature.

 

Table 32-1 Feature History for Pseudowire Logical Interfaces

Feature Name
Releases
Feature Information

Layer 2 VPN Pseudowire Redundancy

6.2(2)

This feature enables you to set up your network to detect a failure in the network and reroute the Layer 2 service to another endpoint that can continue to provide service.

The following commands were introduced or modified: encapsulation , inherit port-profile , interface pseudowire , l2vpn xconnect context , member , neighbor , port-profile , show l2vpn atom vc , show l2vpn service xconnect.