Table Of Contents

Configuring L2 Virtual Private Networks

Feature History for L2VPN

Supported L2VPN Transport Types

Prerequisites for L2VPN: AToM

Supported Line Cards

Restrictions for L2VPN

Standards and RFCs

MIBs

NSF and SSO—L2VPN

Checkpointing AToM Information

Checkpointing Troubleshooting Tips

Prerequisites for NSF/SSO - L2VPN

Neighbor Routers in the MPLS HA Environment

Stateful Switchover

Nonstop Forwarding for Routing Protocols

Restrictions for NSF/SSO - L2VPN

Configuring NSF/SSO - L2VPN

Configuration Examples of NSF/SSO—Layer 2 VPN

L2VPN Local Switching—HDLC/PPP

Prerequisites of L2VPN Local Switching—HDLC/PPP

Restrictions of L2VPN Local Switching—HDLC/PPP

PPP Like-to-Like Local Switching

HDLC Like-to-Like Local Switching

Configuration Tasks and Examples

Configuration Tasks for L2VPN

Setting Up the Pseudowire—AToM Circuit

Configuring ATM AAL5 SDU Support over MPLS

Verifying ATM AAL5 SDU Support over MPLS

Configuring ATM-to-ATM PVC Local Switching

Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS

Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS on PVCs

Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS in VC Class Configuration Mode

Configuring Ethernet over MPLS

Ethernet over MPLS Restrictions

Configuring Ethernet over MPLS in VLAN Mode

Configuring Ethernet over MPLS in Port Mode

IEEE 802.1Q Tunneling for AToM—QinQ

Prerequisites for IEEE 802.1Q Tunneling (QinQ) for AToM

Restrictions for IEEE 802.1Q Tunneling (QinQ) for AToM

Ethernet VLAN Q-in-Q AToM

Configuration Examples

Verifying QinQ AToM

Remote Ethernet Port Shutdown

Restrictions for Configuring Remote Ethernet Port Shutdown

Configuring Remote Ethernet Port Shutdown

Configuring Ethernet over MPLS with VLAN ID Rewrite

Configuring Frame Relay over MPLS

Configuring Frame Relay over MPLS with DLCI-to-DLCI Connections

Configuring Frame Relay over MPLS with Port-to-Port Connections

Enabling Other PE Devices to Transport Frame Relay Packets

Configuring Frame Relay-to-Frame Relay Local Switching

Configuring Frame Relay for Local Switching

Configuring Frame Relay Same-Port Switching

Verifying Layer 2 Local Switching for Frame Relay

Configuring QoS Features

Configuring HDLC and PPP over MPLS

Restrictions for HDLC over MPLS

Restrictions for PPP over MPLS

Configuring HDLC over MPLS or PPP over MPLS

Estimating the Size of Packets Traveling Through the Core Network

Estimating Packet Size—Example

Changing the MTU Size on P and PE Routers

Setting Experimental Bits with AToM

Configuring QoS Features

Monitoring and Maintaining L2VPN

Configuration Example—Frame Relay over MPLS

Any Transport over MPLS—Tunnel Selection

Configuration Example—Any Transport over MPLS: Tunnel Selection

Configuring L2 Virtual Private Networks

---

To improve profitability, service providers (SPs) introduce new services to reduce operational expenditures. To reduce the number of managed networks, use network convergence, a multiphase transition of the network. This affects both the core and edge/aggregation side. The technology is predominantly Multiprotocol Label Switching (MPLS) based core networks. However, IP cores are the service of choice in a number of large SPs. Both the IP and the MPLS cores carry multiservice traffic. The edges of the network is constructed with network elements providing a single network element for convergence between Layer 2 and Layer 3 services.

The following Layer 2 virtual private network (L2VPN) solutions enable existing or emerging Layer 2 transport technology to interwork through converged MPLS or IP core networks.

•Virtual Private Wire Services (VPWS)—A point-to-point service consisting of individual point-to-point connections cross-connected to native interfaces.

•Virtual Private LAN Services (VPLS)—A service consisting of a set of point-to-multipoint connections.

L2VPN features are of the VPWS type and are designed for the benefit of the carriers. L2VPN features allow for a transparent use of network resources, and a way of reducing the number of networks that need managing.

Cisco nonstop forwarding (NSF) with stateful switchover (SSO) is effective at increasing availability of network services. Cisco NSF with SSO provides continuous packet forwarding, even during a network processor hardware or software failure. In a redundant system, the secondary processor recovers control plane service during a critical failure in the primary processor. SSO synchronizes network state information between the primary and the secondary processor."

Any Transport over MPLS (AToM) uses NSF, SSO, and Graceful Restart to allow a route processor (RP) to recover from a disruption in control plane service without losing the MPLS forwarding state. In Cisco IOS Release 12.2(33) SB, the L2VPN features support NSF/SSO. See the "NSF and SSO—L2VPN" section.

Cisco 10000 series routers also support the following two L2VPN technology solutions:

•Local Switching (LS)—The ordered duple <AC, AC>. This is the point-to-point interconnection of two attachment circuits within a Cisco 10000 series router chassis. Also, two attachment circuits (ACs) can be of:

–The same type—Creating a like-to-like LS connection.

–A distinct type—Creating an any-to-any LS connection.

•AToM—The ordered triple <AC, PW, AC>. This is the point-to-point interconnection of two attachment circuits in separate Cisco 10000 series router chassis through a pseudowire (MPLS). Also, two ACs can be of the same type in which case a like-to-like AToM connection exists. Or, two ACs can be of a distinct type, in which case an any-to-any AToM connection exists.

Using the Label Distribution Protocol (LDP), an AToM circuit session is identified by a unique VC (virtual circuit) between two PE routers. When a Layer 2 frame is received by the imposition PE router, it is encapsulated in an MPLS packet with a VC label, IGP label, and possibly other labels. When the MPLS packet reaches the disposition PE router, the packet is converted back into its Layer 2 encapsulation.

AToM encapsulates Layer 2 frames at the ingress (or imposition) provider edge (PE) router, and sends them to a corresponding PE router at the other end of the connection. The corresponding router is the egress (or disposition) PE router, and it removes the encapsulation and sends out the Layer 2 frame.

The successful transmission of the Layer 2 frames between PE routers is due to the configuration of the PE routers. You set up the connection, called a pseudowire, between the routers. An AToM circuit is one type of pseudowire connection.

Benefits of Enabling Layer 2 Packets to Send in an MPLS Network

Some of the benefits of enabling Layer 2 packets to be sent in the MPLS network include:

•The AToM product set accommodates many types of Layer 2 packets, including Ethernet and Frame Relay, across multiple Cisco router platforms. This enables the service provider to transport all types of traffic over the backbone and accommodate all types of customers.

•AToM adheres to the standards developed for transporting Layer 2 packets over MPLS. (See the "Standards and RFCs" section for the specific standards that AToM follows.) This benefits the service provider who wants to incorporate industry-standard methodologies in the network. Other Layer 2 solutions are proprietary, which can limit the service provider's ability to expand the network and can force the service provider to use only one vendor's equipment.

•Upgrading to AToM is transparent to the customer. Because the service provider network is separate from the customer network, the service provider can upgrade to AToM without disruption of service to the customer. The customers assume that they are using a traditional Layer 2 backbone.

A control word (also referred to as a shim header) can be added at the imposition router and, if so, this control word is removed at the disposition router.

Cisco 10000 series router supports up to 8000 attachment circuits (ACs). An AToM circuit use one AC and a LS circuit use two ACs. Therefore, Cisco 10000 series router supports 8000 AToM connections or 4000 LS connections or any combination of both AToM and LS connections that sums up to 8000 ACs. Also, Tunnel selection allows you to specify the path that AToM traffic uses. See the "Any Transport over MPLS—Tunnel Selection" section.

This chapter contains the following topics:

•Feature History for L2VPN

•Supported L2VPN Transport Types

•Prerequisites for L2VPN: AToM

•Restrictions for L2VPN

•Standards and RFCs

•MIBs

•NSF and SSO—L2VPN

•L2VPN Local Switching—HDLC/PPP

•Configuration Tasks for L2VPN

•Monitoring and Maintaining L2VPN

•Configuration Example—Frame Relay over MPLS

•Any Transport over MPLS—Tunnel Selection

Feature History for L2VPN

Cisco IOS Release	Description	Required PRE
12.2(28)SB	This feature was introduced on the Cisco 10000 series router.	PRE2
12.2(31)SB2	Support was added for the PRE3.	PRE3
12.2(31)SB2	Ethernet to VLAN over AToM (Bridged) functionality was added.	PRE2/PRE3
12.2(33)SB	The following L2VPN features were added on the Cisco 10000 series router: •IEEE 802.1Q Tunneling (QinQ) for AToM •NSF/SSO - Any Transport over MPLS (AToM) •Any Transport over MPLS (AToM): Remote Ethernet Port Shutdown •Any Transport over MPLS: Tunnel Selection •L2VPN Local Switching - HDLC/PPP •Ethernet/VLAN to ATM AAL5 Interworking •Ethernet VLAN to Frame Relay Interworking	PRE2/PRE3/PRE4

Supported L2VPN Transport Types

In Cisco IOS Release 12.2(28)SB, the Cisco 10000 series router supports the following AToM transport types:

•ATM AAL5 SDU support over MPLS

•Ethernet over MPLS

–VLAN mode

–Port mode

•Frame Relay over MPLS

–DLCI-to-DLCI connections

–Port-to-port connections

•HDLC over MPLS

•PPP over MPLS

---

Note Functionally, both HDLC over MPLS and Frame Relay port-to-port connections are the same.

---

Prerequisites for L2VPN: AToM

Before configuring L2VPN, ensure that the network is configured as follows:

•Configure IP routing in the core so that the PE routers can reach each other using IP.

•Configure the label distribution protocol to be Label Distribution Protocol (LDP).

•Configure label-switched paths (LSPs) between the PE routers. To enable dynamic MPLS labeling on all paths between the imposition and disposition PE routers, use the mpls ip command.

•Configure a loopback interface for originating and terminating Layer 2 traffic. Make sure the PE routers can access the other router's loopback interface. Note that the loopback interface is not needed in all cases. For example, tunnel selection does not need a loopback interface when AToM is directly mapped to a TE tunnel.

---

Note For L2VPN: LS, it is not necessary to configure:

—The label distribution protocol to be Label Distribution Protocol (LDP).

—Label-switched paths (LSPs) between the PE routers using the mpls ip command.

---

Supported Line Cards

Table 17-1 lists line cards supported by the Cisco 10000 series router.

Table 17-1 Cisco 10000 Series Line Cards that Support L2VPN

Transport Type	Supported Line Cards
ATM AAL5 SDU support over MPLS	4-port OC-3/STM-1 ATM 8-port E3/DS3 ATM 1-port OC-12 ATM
Ethernet over MPLS: VLAN mode Port mode	8-port Fast Ethernet Half-Height 1-port Gigabit Ethernet Half-Height 1-port Gigabit Ethernet SIP-600 SPA-1X10GE-L-V2 (10GE) SPA-2X1GE-V2 (2 port GE) SPA-5X1GE-V2 (5 port GE)
Frame Relay over MPLS: DLCI-to-DLCI connections Port-to-port connections HDLC over MPLS PPP over MPLS	24-port Channelized E1/T1 1-port Channelized OC-12/STM-4 4-port Channelized OC-3/STM-1 4-port Channelized T3 6-port Channelized T3 8-port Unchannelized E3/T3 6-port OC-3/STM1 Packet over SONET 1-port OC-12 Packet over SONET 1-port OC-48/STM-16 Packet over SONET

Restrictions for L2VPN

The L2VPN feature has the following restrictions:

•Address format: Configure the LDP router ID on all PE routers to be a loopback address with a /32 mask. Otherwise, some configurations might not function properly.

•The size of maximum transmission unit (MTU) must be the same at both ends of the circuit. To avoid fragmentation of the packets along the way, ensure that the size of MTU at both end of the circuit is smaller than the size of MTU in the core.

•The following L2VPN features are not supported:

–ATM cell switching of any kind

–ATM AAL5 PDU mode

–Fragmentation and reassembly, as defined in "PWE3 Fragmentation and Reassembly," draft-ietf-pwe3-fragmentation-05.txt, February 2004

–Sequence number support in the control word

–Tunnel stitching

–Pseudowire termination

Standards and RFCs

L2VPN conforms to the industry standards and RFCs listed in Table 17-2.

Table 17-2 Standards and RFCs Supported by L2VPN

Standard or RFC	Title
draft-martini-l2circuit-trans-mpls-08.txt	Transport of Layer 2 Frames over MPLS
draft-martini-l2circuit-encap-mpls-04.txt	Encapsulation Methods for Transport of Layer 2 Frames over MPLS
RFC 3032	MPLS Label Stack Encoding
RFC 3036	LDP Specification

MIBs

Table 17-3 lists the MIBs that L2VPN supports.

Table 17-3 MIBs Supported by L2VPN 

Transport Type	MIB
ATM AAL5 SDU support over MPLS	MPLS LDP MIB (MPLS-LDP-MIB.my) ATM MIB (ATM-MIB.my) CISCO AAL5 MIB (CISCO-AAL5-MIB.my) Cisco Enterprise ATM Extension MIB (CISCO-ATM-EXT-MIB.my) Supplemental ATM Management Objects (CISCO-IETF-ATM2-PVCTRAP-MIB.my) Interfaces MIB (IF-MIB.my)
Ethernet over MPLS: VLAN mode Port mode	CISCO-ETHERLIKE-CAPABILITIES.my Ethernet MIB (ETHERLIKE-MIB.my) Interfaces MIB (IF-MIB.my) MPLS LDP MIB (MPLS-LDP-MIB.my)
Frame Relay over MPLS: DLCI-to-DLCI connections Port-to-port connections	Cisco Frame Relay MIB (CISCO-FRAME-RELAY-MIB.my) Interfaces MIB (IF-MIB.my) MPLS LDP MIB (MPLS-LDP-MIB.my)
HDLC over MPLS PPP over MPLS	MPLS LDP MIB (MPLS-LDP-MIB.my) Interface MIB (IF-MIB.my)

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator at:

http://tools.cisco.com/go/mibs

NSF and SSO—L2VPN

L2VPN NSF improves the availability of a service provider's network that uses AToM to provide Layer 2 VPN services to its customers. High availability (HA) provides the ability to detect failures and manage them with minimal disruption to the service being provided. L2VPN NSF is achieved by SSO and NSF mechanisms. A standby RP provides control-plane redundancy. The control plane state and data plane provisioning information for the attachment circuits (ACs) and AToM pseudowires (PWs) are checkpointed to the standby RP to provide NSF for AToM L2VPNs.

Checkpointing AToM Information

Checkpointing is a function that copies state information from the active RP to the backup RP, thereby ensuring that the backup RP has the latest information. If the active RP fails, the backup RP can take over.

For the L2VPN NSF feature, the checkpointing function copies the active RP's information bindings to the backup RP. The active RP sends updates to the backup RP when information is modified.

To display checkpointing data, issue the show acircuit checkpoint command on the active and backup RPs. The active and backup RPs have identical copies of the information.

Checkpointing Troubleshooting Tips

To help troubleshoot checkpointing errors, enter the following commands:

•debug acircuit checkpoint command—To enable checkpointing debug messages for ACs.

•debug mpls l2transport checkpoint command—To enable checkpointing debug messages for AToM.

•show acircuit checkpoint command—To display the AC checkpoint information.

•show mpls l2transport checkpoint command—To display if checkpointing is allowed, the quantity of AToM VCs that were bulk-synced (on the active RP), and the quantity of AToM VCs that have checkpoint data (on the standby RP).

•show mpls l2transport vc detail command—To display details of VC checkpointed information.

The NSF/SSO - L2VPN feature is described in the following topics:

•Prerequisites for NSF/SSO - L2VPN

•Restrictions for NSF/SSO - L2VPN

•Configuring NSF/SSO - L2VPN

•Configuration Examples of NSF/SSO—Layer 2 VPN

Prerequisites for NSF/SSO - L2VPN

This section lists the following prerequisites for the feature:

•Neighbor Routers in the MPLS HA Environment

•Stateful Switchover

•Nonstop Forwarding for Routing Protocols

Neighbor Routers in the MPLS HA Environment

Cisco 10000 routers must be used as the neighboring device.

Stateful Switchover

For information on this topic, see the Stateful Switchover section in the NSF/SSO: Any Transport over MPLS and Graceful Restart document at:

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsatomha.html#wp1098167

Nonstop Forwarding for Routing Protocols

For information on this topic, see the Nonstop Forwarding for Routing Protocols section in the NSF/SSO: Any Transport over MPLS and Graceful Restart document at:

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsatomha.html#wp1098561

Restrictions for NSF/SSO - L2VPN

For information on this topic, see the Restrictions for AToM NSF section in the NSF/SSO: Any Transport over MPLS and Graceful Restart document at:

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsatomha.html#wp1068923

Configuring NSF/SSO - L2VPN

For information on this topic, see the How to Configure AToM NSF section in the NSF/SSO: Any Transport over MPLS and Graceful Restart document at:

http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsatomha.html#wp1112888

Configuration Examples of NSF/SSO—Layer 2 VPN

Example 17-1 illustrates how to configure AToM NSF on two PE routers:

Example 17-1 Ethernet to VLAN Interworking with AToM NSF

PE1

PE2

ip cef ! redundancy mode sso ! mpls ldp graceful-restart mpls ip mpls label protocol ldp mpls ldp router-id Loopback0 force mpls ldp advertise-tags ! pseudowire-class atom-eth encapsulation mpls interworking ethernet ! interface Loopback0 ip address 10.8.8.8 255.255.255.255 ! interface FastEthernet1/1/0 xconnect 10.9.9.9 123 encap mpls pw-class atom_eth interface POS6/1/0 ip address 10.1.1.1 255.255.255.0 mpls ip mpls label protocol ldp clock source internal crc 32 ! interface Loopback0 ip address 10.8.8.8 255.255.255.255 no shutdown ! router ospf 10 nsf ietf network 10.8.8.8 0.0.0.0 area 0 network 19.1.1.1 0.0.0.0 area 0

ip cef ! redundancy mode sso ! mpls ldp graceful-restart mpls ip mpls label protocol ldp mpls ldp router-id Loopback0 force mpls ldp advertise-tags ! pseudowire-class atom-eth encapsulation mpls interworking eth ! interface Loopback0 ip address 10.9.9.9 255.255.255.255 ! interface FastEthernet3/0/0 ip route-cache cef ! interface FastEthernet3/0/0.3 encapsulation dot1Q 10 xconnect 10.8.8.8 123 encap mpls pw-class atom_eth interface POS1/0/0 ip address 10.1.1.2 255.255.255.0 mpls ip mpls label protocol ldp clock source internal crc 32 ! interface Loopback0 ip address 10.9.9.9 255.255.255.255 ! router ospf 10 nsf ietf network 10.9.9.9 0.0.0.0 area 0 network 10.1.1.2 0.0.0.0 area 0

---

Note NSF must be enabled for routing protocols. You can use either the cisco or ietf option. Example 17-1 has the ietf option because it is a standard option, whereas cisco is proprietary option.

---

L2VPN Local Switching—HDLC/PPP

The L2VPN Local Switching - HDLC/PPP feature enables service providers to support different encapsulations over HDLC local switched circuits that function as back-to-back circuits. The provisioned HDLC Local Switched circuits can also be backed by using PWRED.

Prerequisites of L2VPN Local Switching—HDLC/PPP

In Cisco IOS Release 12.2(33)SB, the L2VPN Local Switching - HDLC/PPP, you must ensure that interfaces must be HDLC encapsulated on the PE router. The CE routers can choose any HDLC-based encapsulation, including Frame Relay and PPP.

Restrictions of L2VPN Local Switching—HDLC/PPP

In Cisco IOS Release 12.2(33)SB, the L2VPN Local Switching - HDLC/PPP feature has the following restrictions:

•On the PE HDLC interface, the IP address cannot be configured because it conflicts with the connect command.

•Interworking is not supported on HDLC/PPP interfaces.

•Only same-speed interfaces should be connected, to avoid arbitrary packet drops due to a higher speed interface overrunning a lower speed one.

•For some HDLC/PPP applications which are sensitive to time delay, the PE may introduce some network delay, enough to prevent the HDLC/PPP link from coming up because of a protocol timeout (an ISDN Q921 link).

PPP Like-to-Like Local Switching

Some applications, such as transport of compressed voice between the two CEs, require a setup of an end-to-end PPP session between two CE routers that are connected to the same PE router. In such cases, HDLC pass-through mechanism is proposed and the interworking scenario is simplified to PPP transport for like-to-like services. PPP local switching functionality on the PE router provides simple HDLC connectivity between two end-users found on different CE routers as shown in Figure 17-1.

Figure 17-1 PPP Local Switching

The interfaces are HDLC encapsulated on the PE router. The CE routers may use PPP-based encapsulation.

Frames manipulated by the PE router preserve the PPP header as described in RFC-1661.

HDLC Like-to-Like Local Switching

Like PPP, HDLC sessions can be forwarded between two CE routers connected to the same PE router. The microcode implements a HDLC pass-through mechanism for the HDLC traffic. As the service provided is equivalent to a back-to-back serial connection between the two CE routers, the connection should be between same-speed interfaces with the matched Maximum Transmission Unit (MTU) configuration. There are no QoS requirements on the PE router since one interface cannot overrun another.

The interfaces are HDLC encapsulated on the PE router. CE routers may use any HDLC-based encapsulation, including Frame Relay.

Configuration Tasks and Examples

You can configure the L2VPN Local Switching - HDLC/PPP feature on a PE router using the following steps:

1. config t

2. interface serial slot/subslot/port:channel-id

3. encapsulation hdlc

4. interface serial slot/subslot/port:channel-id

5. encapsulation hdlc

6. connect connection-name interface interface

The following example shows you how to configure the L2VPN Local Switching - HDLC/PPP feature on the PE router:

config t

interface serial 3/0/20:0

 encapsulation hdlc

interface serial 4/0/11:9

 encapsulation hdlc

 connect hdlcls serial3/0/20:0 serial4/0/11:9

---

Note Because the default encapsulation of a serial interface is HDLC, the encapsulation command is optional. However, when you configure the CE router, you must specify the encapsulation command because of the difference in configuration.

---

You can configure PPP on the CE router using the following steps:

1. config t

2. interface serial slot/subslot/port:channel-id

3. encapsulation ppp

You can configure HDLC on the CE router using the following steps:

1. config t

2. interface serial slot/subslot/port:channel-id

3. encapsulation hdlc

Configuration Tasks for L2VPN

To configure L2VPN, you have to configure the following L2VPN features:

•Setting Up the Pseudowire—AToM Circuit

•Configuring ATM AAL5 SDU Support over MPLS

•Configuring ATM-to-ATM PVC Local Switching

•Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS

•Configuring Ethernet over MPLS

•IEEE 802.1Q Tunneling for AToM—QinQ

•Remote Ethernet Port Shutdown

•Configuring Frame Relay over MPLS

•Configuring Frame Relay-to-Frame Relay Local Switching

•Configuring HDLC and PPP over MPLS

•Estimating the Size of Packets Traveling Through the Core Network

•Setting Experimental Bits with AToM

•Configuring QoS Features

Setting Up the Pseudowire—AToM Circuit

The successful transmission of the Layer 2 frames between PE routers is due to the configuration of a connection called a pseudowire between the routers. You specify the following information on each PE router:

•The type of Layer 2 data to be transported across the pseudowire, such as Ethernet, Frame Relay, or ATM

•The IP address of the loopback interface of the peer PE router, which enables the PE routers to communicate

•A unique combination of peer PE IP address and VC ID that identifies the pseudowire

To set up a pseudowire connection or AToM circuit between two PE routers, enter the following commands beginning in global configuration mode:

	Command	Purpose
Step 1	Router(config)# pseudowire-class name	(Optional) Establishes a pseudowire class with a name that you specify and specifies the tunneling encapsulation. It is not necessary to specify a pseudowire class if you specify the tunneling method as part of the xconnect command. The pseudowire-class configuration group specifies the characteristics of the tunneling mechanism, including: •Encapsulation type •Control protocol •Payload-specific options
Step 2	Router(config)# interface interface-type interface-number	Defines the interface or subinterface on the PE router.
Step 3	Router(config-if)# encapsulation encapsulation-type	Specifies the encapsulation type for the interface, such as dot1q.
Step 4	Router(config-if)# xconnect peer-router-id vcid encapsulation mpls	Makes a connection to the peer PE router by specifying the LDP router ID of the peer PE router. Identifies a unique identifier that is shared between the two PE routers. The vcid is a 32-bit identifier. Note The combination of the peer-router-id and the VC ID must be a unique combination on the router. Two circuits cannot use the same combination of peer-router-id and VC ID. Specifies the tunneling method used to encapsulate data in the pseudowire. For AToM, the tunneling method used to encapsulate data is mpls.

Example 17-2 shows a sample configuration for the ATM AAL5 SDU over MPLS transport. The PVC on 0/100 is configured for AAL5 transport.

Example 17-2 ATM AAL5 SDU Support over MPLS

interface ATM4/0

    pvc 0/100 l2transport

        encapsulation aal5

        xconnect 13.13.13.13 100 encapsulation mpls

Configuring ATM AAL5 SDU Support over MPLS

ATM AAL5 SDU support over MPLS encapsulates ATM AAL5 service data units (SDUs) in MPLS packets and forwards them across the MPLS network. Each ATM AAL5 SDU is transported as one packet.

To configure ATM AAL5 SDU support over MPLS, enter the following commands beginning in global configuration mode:

	Command	Purpose
Step 1	Router(config)# interface type slot/port	Specifies the interface by type, slot, and port number, and enters interface configuration mode.
Step 2	Router(config-if)# pvc [name] vpi/vci l2transport	Creates or assigns a name to an ATM PVC. The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC. Enters L2transport VC configuration mode.
Step 3	Router(config-if-atm-l2trans-pvc)# encapsulation aal5	Specifies ATM AAL5 encapsulation for the PVC. Make sure you specify the same encapsulation type on the PE and CE routers.
Step 4	Router(config-if-atm-l2trans-pvc)# xconnect peer-router-id vcid encapsulation mpls	Binds the attachment circuit to a pseudowire VC.

Example 17-3 shows how to enable ATM AAL5 SDU support over MPLS on an ATM PVC.

Example 17-3 ATM AAL5 SDU Support over MPLS on an ATM PVC

interface atm1/0

pvc 1/200 l2transport

encapsulation aal5

xconnect 13.13.13.13 100 encapsulation mpls

Verifying ATM AAL5 SDU Support over MPLS

To verify that ATM AAL5 SDU support over MPLS is configured on a PVC, issue the show mpls l2transport vc command. Example 17-4 shows sample output for this command.

Example 17-4 show mpls l2transport vc Command Output

Router# show mpls l2transport vc

Local intf   Local circuit          Dest address      VC ID      Status

---------    -------------          ------------      -----      ------

ATM1/0       ATM AAL5 1/100         4.4.4.4           100        UP

Configuring ATM-to-ATM PVC Local Switching

The following ATM line cards are supported for Cisco 10000 series routers:

•4-port OC-3/STM-1

•8-port E3/DS3

•1-port OC-12

To configure ATM-to-ATM PVC local switching, enter the following commands, beginning in global configuration mode:

	Command	Purpose
Step 1	Router(config)# interface atm slot/port	Specifies an ATM interface and enters interface configuration mode.
Step 2	Router(config-if)# pvc vpi/vci l2transport	Assigns a virtual path identifier (VPI) and virtual channel identifier (VCI). The l2transport keyword indicates that the permanent virtual circuit (PVC) is a switched PVC instead of a terminated PVC.
Step 3	Router(cfg-if-atm-l2trans-pvc)# encapsulation layer-type	Specifies the encapsulation type for the PVCs, AAL5 is the only layer type supported. Repeat Steps 1, 2, and 3 for another ATM PVC on the same router.
Step 4	Router(config)# connect connection-name interface pvc interface pvc	Creates a local connection between the two specified PVCs.

Example 17-5 shows how to enable ATM AAL5 SDU mode Layer 2 local switching.

Example 17-5 Enabling ATM AAL5 SDU Mode Layer 2 Local Switching

interface atm 1/0/0

   pvc 0/100 l2transport

     encapsulation aal5

interface atm 2/0/0

   pvc 0/50 l2transport

     encapsulation aal5

connect conn1 atm 1/0/0 0/100 atm 2/0/0 0/50

Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS

If a PE router does not support the transport of Operation, Administration, and Maintenance (OAM) cells across an LSP, you can use OAM cell emulation to locally terminate or loop back the OAM cells. You configure OAM cell emulation on both PE routers, which emulates a VC by forming two unidirectional LSPs. You use the oam-ac emulation-enable and oam-pvc manage commands on both PE routers to enable OAM cell emulation.

After you enable OAM cell emulation on a router, you can configure and manage the ATM VC in the same manner as you would a terminated VC. A VC that is configured with OAM cell emulation can send loopback cells at configured intervals toward the local CE router.

The endpoint can be either of the following:

•End-to-end loopback, which sends OAM cells to the local CE router.

•Segment loopback, which responds to OAM cells to a device along the path between the PE and CE routers.

The OAM cells include the following:

•Alarm indication signal (AIS)

•Remote defect indication (RDI)

These cells identify and report defects along a VC. When a physical link or interface failure occurs, intermediate nodes insert OAM AIS cells into all the downstream devices affected by the failure. When a router receives an AIS cell, it marks the ATM VC down and sends an RDI cell to let the remote end know about the failure.

---

Note For AAL5 SDU support over MPLS, you can configure the oam-pvc manage command only after you issue the oam-ac emulation-enable command.

---

You can configure OAM cell emulation for ATM AAL5 SDU support over MPLS in the following ways:

•Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS on PVCs

•Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS in VC Class Configuration Mode

Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS on PVCs

To configure OAM cell emulation for ATM AAL5 SDU support over MPLS on a PVC, enter the following commands beginning in global configuration mode:

	Command	Purpose
Step 1	Router(config)# interface type slot/port	Specifies the interface by type, slot, and port number, and enters interface configuration mode.
Step 2	Router(config-if)# pvc [name] vpi/vci l2transport	Creates or assigns a name to an ATM PVC. The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC. Enters L2 Transport VC configuration mode.
Step 3	Router(config-if-atm-l2trans-pvc)# encapsulation aal5	Specifies ATM AAL5 encapsulation for the PVC. Make sure you specify the same encapsulation type on the PE and CE routers.
Step 4	Router(config-if-atm-l2trans-pvc)# xconnect peer-router-id vcid encapsulation mpls	Binds the attachment circuit to a pseudowire VC.
Step 5	Router(config-if-atm-l2trans-pvc)# oam-ac emulation-enable [ais-rate]	Enables OAM cell emulation for AAL5 over MPLS. The ais-rate variable lets you specify the rate at which AIS cells are sent. The range is 0 to 60 seconds. The default is 1 second, which means that one AIS cell is sent every second.
Step 6	Router(config-if-atm-l2trans-pvc)# oam-pvc manage [frequency]	Enables the PVC to generate end-to-end OAM loopback cells that verify connectivity on the virtual circuit. The optional frequency variable is the interval between transmission of loopback cells and ranges from 0 to 600 seconds. The default value is 10 seconds.

Example 17-6 shows how to enable OAM cell emulation on an ATM PVC.

Example 17-6 OAM Cell Emulation on an ATM PVC

interface ATM 1/0/0

pvc 1/200 l2transport

encapsulation aal5

xconnect 13.13.13.13 100 encapsulation mpls 

oam-ac emulation-enable

oam-pvc manage

Example 17-7 shows how to set the rate at which an AIS cell is sent to every 30 seconds.

Example 17-7 Setting the AIS Send Rate in OAM Cell Emulation on an ATM PVC

interface ATM 1/0/0

pvc 1/200 l2transport

encapsulation aal5

xconnect 13.13.13.13 100 encapsulation mpls 

oam-ac emulation-enable 30

oam-pvc manage

Verifying OAM Cell Emulation on an ATM PVC

In Example 17-8, the show atm pvc command shows that OAM cell emulation is enabled on the ATM PVC.

Example 17-8 show atm pvc Command Output

Router# show atm pvc 5/500

ATM4/1/0.200: VCD: 6, VPI: 5, VCI: 500                    

UBR, PeakRate: 1                                         

AAL5-LLC/SNAP, etype:0x0, Flags: 0x34000C20, VCmode: 0x0 

OAM Cell Emulation: enabled, F5 End2end AIS Xmit frequency: 1 second(s) 

OAM frequency: 0 second(s), OAM retry frequency: 1 second(s)

OAM up retry count: 3, OAM down retry count: 5

OAM Loopback status: OAM Disabled

OAM VC state: Not ManagedVerified

ILMI VC state: Not Managed

InPkts: 564, OutPkts: 560, InBytes: 19792, OutBytes: 19680

InPRoc: 0, OutPRoc: 0

InFast: 4, OutFast: 0, InAS: 560, OutAS: 560

InPktDrops: 0, OutPktDrops: 0

CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0

Out CLP=1 Pkts: 0

OAM cells received: 26

F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 26

OAM cells sent: 77

F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutAIS: 77, F5 OutRDI: 0 

OAM cell drops: 0

Status: UP

Configuring OAM Cell Emulation for ATM AAL5 SDU Support over MPLS in VC Class Configuration Mode

The following steps explain how to configure OAM cell emulation as part of a VC class. You can then apply the VC class to an interface, a subinterface, or a VC. When you configure OAM cell emulation in VC class configuration mode and then apply the VC class to an interface, the settings in the VC class apply to all the VCs on the interface, unless you specify a different OAM cell emulation value at a lower level, such as the subinterface or VC level.

For example, you can create a VC class that specifies OAM cell emulation and sets the rate of AIS cells to every 30 seconds. You can apply the VC class to an interface. Then, for one PVC, you can enable OAM cell emulation and set the rate of AIS cells to every 15 seconds. All the PVCs on the interface use the cell rate of 30 seconds, except for the one PVC that was set to 15 seconds.

To enable OAM cell emulation as part of a VC class and apply it to an interface, enter the following commands beginning in global configuration mode:

	Command	Purpose
Step 1	Router(config)# vc-class atm name	Creates a VC class and enters VC class configuration mode.
Step 2	Router(config-vc-class)# encapsulation layer-type	Configures the ATM adaptation layer (AAL) and encapsulation type.
Step 3	Router(config-vc-class)# oam-ac emulation-enable [ais-rate]	Enables OAM cell emulation for AAL5 over MPLS. The ais-rate variable lets you specify the rate at which AIS cells are sent. The range is 0 to 60 seconds. The default is 1 second, which means that one AIS cell is sent every second.
Step 4	Router(config-vc-class)# oam-pvc manage [frequency]	Enables the PVC to generate end-to-end OAM loopback cells that verify connectivity on the virtual circuit. The optional frequency variable is the interval between transmission of loopback cells and ranges from 0 to 600 seconds. The default value is 10 seconds.
Step 5	Router(config-vc-class)# exit	Returns to global configuration mode.
Step 6	Router(config)# interface type slot/port	Specifies the interface by type, slot, and port number, and enters interface configuration mode.
Step 7	Router(config-if)# class-int vc-class-name	Applies a VC class to the ATM main interface or subinterface. Note You can also apply a VC class to a PVC.
Step 8	Router(config-if)# pvc [name] vpi/vci l2transport	Creates or assigns a name to an ATM PVC. The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC. Enters L2 Transport VC configuration mode.
Step 9	Router(config-if-atm-l2trans-pvc)# xconnect peer-router-id vcid encapsulation mpls	Binds the attachment circuit to a pseudowire VC.

Example 17-9 configures OAM cell emulation for ATM AAL5 SDU support over MPLS in VC class configuration mode. The VC class is then applied to an interface.

Example 17-9 OAM Cell Emulation for ATM AAL5 SDU Support over MPLS in VC Class Configuration Mode—VC Class Applied to an Interface

vc-class atm oamclass

encapsulation aal5

oam-ac emulation-enable 30

oam-pvc manage

interface atm1/0

class-int oamclass

pvc 1/200 l2transport

xconnect 13.13.13.13 100 encapsulation mpls

Example 17-10 shows how to configure OAM cell emulation for ATM AAL5 over MPLS in VC class configuration mode. The VC class is then applied to a PVC.

Example 17-10 OAM Cell Emulation for ATM AAL5 SDU Support over MPLS in VC Class Configuration Mode—VC Class Applied to a PVC

vc-class atm oamclass

encapsulation aal5

oam-ac emulation-enable 30

oam-pvc manage

interface atm1/0

pvc 1/200 l2transport

class-vc oamclass

xconnect 13.13.13.13 100 encapsulation mpls

Example 17-11 shows how to configure OAM cell emulation for ATM AAL5 over MPLS in VC class configuration mode. The VC class is then applied to an interface. One PVC is configured with OAM cell emulation at an AIS rate of 10. That PVC uses the AIS rate of 10 instead of 30.

Example 17-11 OAM Cell Emulation for ATM AAL5 SDU Support over MPLS in VC Class Configuration Mode—VC Class Applied to an Interface

vc-class atm oamclass

encapsulation aal5

oam-ac emulation-enable 30

oam-pvc manage

interface atm1/0

class-int oamclass

pvc 1/200 l2transport

oam-ac emulation-enable 10

xconnect 13.13.13.13 100 encapsulation mpls

Configuring Ethernet over MPLS

Ethernet over MPLS works by encapsulating Ethernet protocol data units (PDUs) in MPLS packets and forwarding them across the MPLS network. Each PDU is transported as a single packet. Several methods exists for configuring Ethernet over MPLS:

•VLAN mode—Transports Ethernet traffic from a source 802.1Q VLAN to a destination 802.1Q VLAN over a core MPLS network.

•Port mode—Allows a frame coming into an interface to be packed into an MPLS packet and transported over the MPLS backbone to an egress interface. The entire Ethernet frame is transported without the preamble or FCS as a single packet.

•VLAN ID Rewrite—Enables you to use VLAN interfaces with different VLAN IDs at both ends of the tunnel.

You can configure Ethernet over MPLS in the following ways:

•Configuring Ethernet over MPLS in VLAN Mode

•Configuring Ethernet over MPLS in Port Mode

•Configuring Ethernet over MPLS with VLAN ID Rewrite

Ethernet over MPLS Restrictions

The following restrictions pertain to the Ethernet over MPLS transport:

•Packet format: Ethernet over MPLS supports VLAN packets that conform to the IEEE 802.1Q standard. The 802.1Q specification establishes a standard method for inserting VLAN membership information into Ethernet frames. The Inter-Switch Link (ISL) protocol is not supported between the PE and customer edge (CE) routers.

•When the first Ethernet over MPLS in VLAN mode circuit is configured, the controller (the entire port) is automatically placed in promiscuous mode. The promiscuous mode is removed only when the last Ethernet over MPLS in VLAN mode circuit associated with that controller is removed.

•The AToM control word is supported. However, if the peer PE router does not support a control word, the control word is disabled. This negotiation is done by LDP label binding.

•Ethernet packets with hardware-level cyclic redundancy check (CRC) errors, framing errors, and runt packets are discarded on input.

Configuring Ethernet over MPLS in VLAN Mode

A virtual LAN (VLAN) is a switched network that is logically segmented by functions, project teams, or applications regardless of the physical location of users. Ethernet over MPLS allows you to connect two VLAN networks that are in different locations. You configure the PE routers at each end of the MPLS backbone and add a point-to-point virtual circuit (VC). Only the two PE routers at the ingress and egress points of the MPLS backbone know about the VCs dedicated to transporting Layer 2 VLAN traffic. All other routers do not have table entries for those VCs.

For Ethernet over MPLS in VLAN mode, it is possible for VPN circuits to coexist with pseudowire circuits. Because the port is in promiscuous mode, the frames are filtered by the VLAN ID.

---

Note