Cisco Nexus 7000 Series NX-OS MPLS Configuration Guide
Configuring Layer 2 VPN Pseudowire Redundancy
Downloads: This chapterpdf (PDF - 532.0KB) The complete bookPDF (PDF - 13.46MB) | Feedback

Configuring Layer 2 VPN Pseudowire Redundancy

Table Of Contents

Configuring Layer 2 VPN Pseudowire Redundancy

Information About Layer 2 VPN Pseudowire Redundancy

Licensing Requirements for Layer 2 VPN Pseudowire Redundancy

Guidelines and Limitations for Layer 2 VPN Pseudowire Redundancy

Configuring Layer 2 VPN Pseudowire Redundancy

Configuring a Pseudowire (Optional)

Configuring a Layer 2 VPN XConnect Context

Verifying the Layer 2 VPN Pseudowire Configuration

Configuration Examples for Layer 2 Pseudowire Redundancy

Additional References for Layer 2 VPN Pseudowire Redundancy

Related Documents

Feature History for Layer 2 VPN Pseudowire Redundancy


Configuring Layer 2 VPN Pseudowire Redundancy


This chapter describes how to configure the Layer 2 Virtual Private Network (VPN) Pseudowires Redundancy feature for detecting a failure in the network and rerouting the Layer 2 service to another endpoint that can continue to provide the service.

This chapter includes the following sections:

Information About Layer 2 VPN Pseudowire Redundancy

Licensing Requirements for Layer 2 VPN Pseudowire Redundancy

Guidelines and Limitations for Layer 2 VPN Pseudowire Redundancy

Configuring Layer 2 VPN Pseudowire Redundancy

Verifying the Layer 2 VPN Pseudowire Configuration

Configuration Examples for Layer 2 Pseudowire Redundancy

Additional References for Layer 2 VPN Pseudowire Redundancy

Feature History for Layer 2 VPN Pseudowire Redundancy

Information About Layer 2 VPN Pseudowire Redundancy

Layer 2 VPNs (L2VPNs) can provide pseudowire resiliency through their routing protocols. When connectivity between end-to-end provider edge (PE) devices fails, L2VPN pseudowire redundancy can selects an alternate path to the directed Label Distribution Protocol (LDP) session and the user data can take over. However, there are some parts of the network where this rerouting mechanism does not protect against interruptions in service. The figure below shows those parts of the network that are vulnerable to an interruption in service.

Figure 30-1 Points of Potential Failure in a Layer 2 VPN Network

The L2VPN Pseudowire Redundancy feature ensures that the Customer Edge (CE) device, CE2, in the figure above can always maintain network connectivity, even if one or all the failures in the figure occur. When you configure L2VPN pseudowire redundancy, you configure the network with redundant pseudowires (PWs) and redundant network elements.

The figures below show how to set up redundant PWs and radicand Attachment Circuits (ACs) to maintain connectivity.

Figure 30-2 L2VPN Network with Redundant PWs and Attachment Circuits

Figure 30-3 L2VPN Network with Redundant PWs, Attachment Circuits, and CE Devices

Figure 30-4 L2VPN Network with Redundant PWs, Attachment Circuits, CE Devices, and PE Devices

Licensing Requirements for Layer 2 VPN Pseudowire Redundancy

The following table shows the licensing requirements for this feature:

Product
License Requirement

Cisco NX-OS

Layer 2 MVPNs require an MPLS license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.


Guidelines and Limitations for Layer 2 VPN Pseudowire Redundancy

This section includes the following topics:

Configuring a Pseudowire (Optional)

Configuring a Layer 2 VPN XConnect Context

Configuring Layer 2 VPN Pseudowire Redundancy

This section includes the following topics:

Configuring a Pseudowire (Optional)

Configuring a Layer 2 VPN XConnect Context

Configuring a Pseudowire (Optional)

SUMMARY STEPS

1. configure terminal

2. port-profile type pseudowire profile-name

3. encapsulation mpls

4. state enabled

5. end

6. [no] interface pseudowire pw-id

7. inherit port-profile profile-name

8. neighbor peer-ip-address vc-id

9. (Optional) copy running-config start-up config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

port-profile type pseudowire profile-name

Example:

switch(config)# port-profile type pseudowire TestSet

switch(config-if-prof)#

Enters interface port-profile configuration mode and configures a port profile.

Step 3 

encapsulation mpls

Example:

switch(config-if-prof)# encapsulation mpls

Specifies MPLS encapsulation for this profile.

Step 4 

state enable

Example:

switch(config-if-prof)# show feature

Enables the profile.

Step 5 

end

Example:

switch(config-if-prof)# end

switch(config)

Returns to privileged EXEC mode.

Step 6 

[no] interface pseudowire pw-id

Example:

switch(config)# interface pseudowire 12

switch(config-if-pseudowire)#

Enters interface pseudowire configuration mode and configures a static pseudowire logical interface.

The pw-id argument is a unique per-interface identifier for this pseudowire. The range is from 1 to 200000. The range for a static pseudowire is from 1 to 8192.

Note You can use the no form of this command to delete the pseudowire interface and the associated configuration.

Step 7 

inherit port-profile profile-name

Example:

switch(config-if-pseudowire)# inherit port-profile TestSet

Applies a port profile to this interface.

Step 8 

neighbor peer-ip-address vc-id

Example:

switch(config-if-pseudowire)# neighbor 10.2.2.2 100

Configures a emulated virtual circuit for this interface.

The combination of the peer-ip-address and vc-id arguments must be unique on a device.

The peer IP address is the address of the provider edge (PE) peer.

The vc-id argument is an identifier for the virtual circuit between devices. The valid range is from 1 to 4294967295.

Step 9 

copy running-config startup-config

Example:

switch(config-if-pseudowire)# copy running-config startup-config

(Optional) Saves this configuration change.

Configuring a Layer 2 VPN XConnect Context

You can perform this task to add a Layer 2 VPN Attachment Circuit (AC) to associate a backup pseudowire (PW) to the AC.

BEFORE YOU BEGIN

Ensure that you have configured the AC (Ethernet flow point, pseudowire, Ethernet VLAN) for the Layer 2 VPN services.

Restrictions

There can only be two groups, with a maximum of four members (one as the active and three as backup) in each group, for redundancy.

If the group name is not specified, only two members can be configured under the Layer 2 VPN XConnect context.

SUMMARY STEPS

1. configure terminal

2. [no] interface ethernet slot/port

3. no shutdown

4. l2vpn xconnect context context-name

5. [no] member interface-type slot/port [service-instance service-instance-id] [group group-name] [priority number]

6. [no] member pseudowire pw-id [group name] [priority number]

7. [no] member pseudowire pw-id [peer-addr vc-id {encapsulation mpls | port-profile profile-name}] [group name] [priority number]

8. redundancy delay enable-delay {disable-delay | never} group name

9. (Optional) copy running-config start-up config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2 

interface ethernet slot/port

Example:

switch(config)# interface ethernet 2/1

switch(config-if)#

Enters interface configuration mode.

Make sure that the subinterface on the adjoining CE device is on the same VLAN as this PE device.

Note You can use the no form of this command to delete the interface and the associated configuration.

Step 3 

no shutdown

Example:

switch(config-if)# no shutdown

Brings the port administratively up.

Step 4 

[no] l2vpn xconnect context context-name

Example:

switch(config-if)# l2vpn xconnect context redundancytest

switch(config-xconnect)#

Enters Xconnect configuration mode and establishes a Layer 2 VPN (L2VPN) XConnect context for identifying the two members in a VPWS, multi-segment pseudowire, or local connect service.

The context-name argument is a unique per-interface identifier for this context. The maximum range is 100 alphanumeric, case-sensitive characters.

Note You can use the no form of this command to delete the context and the associated configuration.

Step 5 

[no] member interface-type slot/port [service-instance service-instance-id] [group group-name] [priority number]

Example:

switch(config-xconnect)# member ethernet 2/1 service-instance 1 group access-side

Adds an active Ethernet AC, with or without an Ethernet Flow Point (EFP), to the XConnect context.

The service-instance-id argument is a unique per-interface identifier for the EFP. The valid range is from 1 to 4000. The range might be restricted due to resource constraints.

(Optional) The group keyword specifies which of redundant groups the member belongs. This must be configured if the XConnect member is backed up by one or more other group members in order to identify to which redundant group each member belongs.

(Optional) The priority number keyword and argument combination specifies the priority of the backup pseudowire in instances where multiple backup pseudowires exist. The range is from 1 to 10, with 1 being the highest priority. The default is 0 and is higher than 1.

You can use the no form of this command to delete the specified member configuration.

Step 6 

[no] member pseudowire pw-id [group name] [priority number]

Example:

switch(config-xconnect)# member pseudowire 2 group access-side priority 1

Adds an active pseudowire to the XConnect context.

The pw-id argument is a unique per-interface identifier for this pseudowire. The range is from 1 to 200000. The range for a static pseudowire is from 1 to 8192.

(Optional) The group keyword specifies which of redundant groups the member belongs. This must be configured if the XConnect member is backed up by one or more other group members in order to identify to which redundant group each member belongs.

(Optional) The priority number keyword and argument combination specifies the priority of the backup pseudowire in instances where multiple backup pseudowires exist. The range is from 1 to 10, with 1 being the highest priority. The default is 0 and is higher than 1.

You can use the no form of this command to delete the specified member configuration.

Step 7 

[no] member pseudowire pw-id [peer-addr vc-id {encapsulation mpls | port-profile profile-name}] [group name] [priority number]

Example:

switch(config-xconnect)# member pseudowire 3 port-profile TestSet group core priority 1

(Optional) Creates a backup pseudowire in the XConnect context. This pseudowire configuration will not be displayed in the running configuration nor will it be persistent across stateless start ups.

The pw-id argument is a unique per-interface identifier for this pseudowire. The range is from 1 to 200000. The range for a static pseudowire is from 1 to 8192.

(Optional) The peer-address and vc-id arguments configure a emulated virtual circuit for this pseudowire. If you do not configure

The combination of the peer-ip-address and vc-id arguments must be unique on a device.

The peer IP address is the address of the provider edge (PE) peer.

The vc-id argument is an identifier for the virtual circuit between devices. The valid range is from 1 to 4294967295.

(Optional) The encapsulation mpls keywords specify MPLS encapsulation for this interface.

(Optional) The port-profile and profile-name keyword and argument combination specifies that an already-configured pseudowire port profile is to be used for this interface.

(Optional) The group keyword specifies which of two possible redundant groups the member belongs to. This must be configured if the XConnect member is backed up by one or more other members in order to identify to which redundant group each member belongs.

(Optional) The priority number keyword and argument combination specifies the priority of the backup pseudowire in instances where multiple backup pseudowires exist. The range is from 1 to 10, with 1 being the highest priority. The default is 0 and is higher than 1.

Note You can use the no form of this command to delete the specified member configuration.

Step 8 

copy running-config startup-config

Example:

switch(config-xconnect)# copy running-config startup-config

(Optional) Saves this configuration change.

Verifying the Layer 2 VPN Pseudowire Configuration

To verify pseudowire redundancy configuration information, perform one of the following tasks:

Command
Purpose

show l2vpn atom vc

Displays information about the Any Transport over MPLS (AToM) virtual circuit.

show l2vpn service xconnect all

Displays status information about the specified XConnect service.


Configuration Examples for Layer 2 Pseudowire Redundancy

The following example shows an Ethernet attachment circuit xconnect and a backup pseudowire:

interface Ethernet2/1
  no shutdown
l2vpn xconnect context test
  member pseudowire1 group core
  member 9.9.9.3 200 encapsulation mpls group core priority 2
  member Ethernet2/1
 
   

The following example shows an Ethernet VLAN attachment circuit xconnect with service instance and a backup pseudowire:

interface Ethernet2/1
  no shutdown
  service instance 100 ethernet
    encapsulation dot1q 100
    no shutdown
l2vpn xconnect context test
  member pseudowire1 group core
  member 9.9.9.3 200 encapsulation mpls group core priority 2
  member Ethernet2/1 service-instance 100
 
   

The following example shows an Ethernet VLAN attachment circuit xconnect with subinterface and a backup pseudowire:

interface Ethernet2/1.100
  no shutdown
  encapsulation dot1q 100
l2vpn xconnect context test
  member pseudowire1 group core
  member 9.9.9.3 200 encapsulation mpls group core priority 2
  member Ethernet2/1.100
 
   

Additional References for Layer 2 VPN Pseudowire Redundancy

For additional information related to configuring ACs for VPLS, see the following sections:

Related Documents

Related Documents

Related Topic
Document Title

Interface commands

Cisco Nexus 7000 Series NX-OS Interfaces Command Reference

MPLS commands

Cisco Nexus 7000 Series NX-OS MPLS Command Reference


Feature History for Layer 2 VPN Pseudowire Redundancy

Table 30-1 lists the release history for this feature.

Table 30-1 Feature History for Pseudowire Logical Interfaces

Feature Name
Releases
Feature Information

Layer 2 VPN Pseudowire Redundancy

6.2(2)

This feature enables you to set up your network to detect a failure in the network and reroute the Layer 2 service to another endpoint that can continue to provide service.

The following commands were introduced or modified: encapsulation, inherit port-profile, interface pseudowire, l2vpn xconnect context, member, neighbor, port-profile, show l2vpn atom vc, show l2vpn service xconnect.