FlexWAN and Enhanced FlexWAN Modules Installation and Configuration Guide
Configuring Multiprotocol Label Switching on FlexWAN and Enhanced FlexWAN Modules
Download this chapter
Configuring Multiprotocol Label Switching on FlexWAN and Enhanced FlexWAN ModulesConfiguring Multiprotocol Label Switching on FlexWAN and Enhanced FlexWAN Modules
Download the complete book
FlexWAN and Enhanced FlexWAN Modules Installation and Configuration Guide (Full Book PDF)FlexWAN and Enhanced FlexWAN Modules Installation and Configuration Guide (Full Book PDF) (PDF - 9 MB)
 Feedback

Table Of Contents

Configuring Multiprotocol Label Switching on FlexWAN and Enhanced FlexWAN Modules

Configuring MPLS

Understanding MPLS

MPLS Support on FlexWAN and Enhanced FlexWAN Modules

Supported Features

MPLS Guidelines and Restrictions

MPLS Restrictions

Additional Documentation on Configuring MPLS

MPLS Over RBE

MPLS Over RBE Restrictions and Usage Guidelines

Configuring MPLS Over RBE

Verifying the MPLS over RBE Configuration

MPLS over RBE Sample Configuration

MPLS-VPN over RBE Sample Configuration

Configuring MPLS VPNs

MPLS VPNs on FlexWAN and Enhanced FlexWAN

MPLS VPN Guidelines and Restrictions

MPLS VPN Memory Requirements and Recommendations

MPLS Per-Label Load-Balancing

Configuring VRF-Lite (Multi-VRF CE)

Introducing VRF-Lite

VRF-Lite Segmentation Method

VRF Interfaces

Packet-Forwarding Process

VRF-Lite Configuration Guidelines

VRF-Lite Feature Support Summary

Configuring VRF Tables

Configuring a VPN Routing Process Between the CE and PE Routers

Configuring a CE-to-PE Routing Process Using OSPF

Configuring a CE-to-PE Routing Process Using BGP

Sample VRF-Lite Configuration

Any Transport over MPLS

Benefits of AToM

AToM Transport of Layer 2 Packets

Configuring the Pseudowire Class

Pseudowire Class Examples

AToM Load-Balancing

Load-Balancing Guidelines

Lowest Use Mode Limitations

Configuring Any Transport over MPLS

Prerequisites

Compatibility with Previous Releases of AToM

Configuration Guidelines for Any Transport over MPLS

Ethernet over MPLS

Ethernet over MPLS Configuration Guidelines

Ethernet over MPLS VLAN Mode Configuration Guidelines

Ethernet over MPLS Port Mode Configuration Guidelines

Ethernet over MPLS (Sup720, Sup32, RSP720)

Cisco Supervisor Engine 2-Based EoMPLS

Configuring EoMPLS VLAN Mode for Supervisor Engine 2 or FlexWAN-Based System

Verifying the Configuration

Configuring EoMPLS Port Mode for Supervisor Engine 2 or FlexWAN-Based System

Verifying the Configuration

HDLC Over MPLS

HDLC Over MPLS Configuration Guidelines

Configuring HDLC over MPLS

Command Sequence Summary

Detailed Steps

PPP over MPLS

PPP over MPLS Restrictions

Configuring PPP over MPLS

Command Sequence Summary

Detailed Steps

ATM AAL5 over MPLS VC Mode

ATM AAL5 over MPLS Configuration Guidelines

Configuring ATM AAL5 over MPLS VC Mode

Verifying the Configuration

Troubleshooting Tips

ATM Cell Relay over MPLS

ATM Cell Relay over MPLS Configuration Guidelines

ATM Cell Relay over MPLS in VC Mode

Configuring ATM Cell Relay over MPLS in VC Mode

Verifying ATM Cell Relay VC Mode

Troubleshooting Tips

ATM Cell Relay over MPLS in VP Mode

Supported Modules

ATM Cell Relay VP Mode Configuration Guidelines

Configuring ATM Cell Relay over MPLS in VP Mode

ATM Cell Relay VP Mode Configuration Example

Verifying ATM Cell Relay VP Mode

ATM Packed Cell Relay over MPLS in VP Mode

ATM Packed Cell Relay in VP Mode Configuration Guidelines

Configuring ATM Packed Cell Relay over MPLS in VP Mode

Configuration Example

Frame Relay over MPLS

Supported Modules

Frame Relay over MPLS Configuration Guidelines

Configuring Frame Relay over MPLS with DLCI-to-DLCI Connections

Verifying the Configuration

Layer 2 Local Switching

Layer 2 Local Switching-ATM to ATM

Supported Modules

Restrictions

Configuring ATM VC to VC Local Switching with AAL5 Encapsulation

Configuring ATM VC to VC Local Switching Using AAL0 Encapsulation

Configuring ATM VP to VP Local Switching with AAL0 Encapsulation

Configuring Frame Relay DLCI Local Switching

Verifying the Configuration

Troubleshooting Tips

Enabling Other PE Devices to Transport Frame Relay Packets

Local Management Interface and Frame Relay over MPLS


Configuring Multiprotocol Label Switching on FlexWAN and Enhanced FlexWAN Modules

This chapter describes how to configure Multiprotocol Label Switching (MPLS) and Any Transport over Multiprotocol Label Switching (AToM) on the FlexWAN and enhanced FlexWAN modules.

Note Cisco IOS Release 12.2SRA and later releases do not support the FlexWAN module or Supervisor Engine 2. These releases support the Enhanced FlexWAN module and the Sup720 and Sup32. In addition, note that Cisco IOS Release 12.2SRB introduced support for the Route Switch Processor 720 (RSP720).

This chapter contains the following sections:

Configuring MPLS

MPLS Over RBE

Configuring MPLS VPNs

Configuring VRF-Lite (Multi-VRF CE)

Any Transport over MPLS

Configuring Any Transport over MPLS

Ethernet over MPLS

HDLC Over MPLS

PPP over MPLS

ATM AAL5 over MPLS VC Mode

ATM Cell Relay over MPLS

ATM Cell Relay over MPLS in VC Mode

ATM Cell Relay over MPLS in VP Mode

ATM Packed Cell Relay over MPLS in VP Mode

Frame Relay over MPLS

Layer 2 Local Switching

Configuring MPLS

These sections describe MPLS and provides configuration information:

Understanding MPLS

MPLS Support on FlexWAN and Enhanced FlexWAN Modules

Supported Features

MPLS Guidelines and Restrictions

Additional Documentation on Configuring MPLS

Understanding MPLS

MPLS uses label switching to forward packets over various link-level technologies such as Packet-over-SONET, Frame Relay, and ATM. Labels are assigned to packets based on groupings or forwarding equivalence classes (FECs). Packets belonging to the same FEC get similar treatment. The label is added between the Layer 2 and the Layer 3 header (in a packet environment) or in the virtual path identifier/virtual channel identifier (VPI/VCI) field (in ATM networks).

In an MPLS network, the edge router performs a label lookup of the incoming label, swaps the incoming label with an outgoing label, and sends the packet to the next hop. Labels are imposed on packets only at the ingress edge of the MPLS network and are removed at the egress edge. The core network reads the labels, applies the appropriate services, and forwards the packets based on the labels.

Figure 2-1 shows an MPLS network of a service provider that connects two sites of a customer network.

Figure 2-1 MPLS Network

For additional information on MPLS, see the following URL:

http://www.cisco.com/en/US/docs/ios/12_2/switch/configuration/guide/xcftagov_ps1835_TSD_Products_Configuration_Guide_Chapter.html

MPLS Support on FlexWAN and Enhanced FlexWAN Modules

The following Cisco 7600 modules support MPLS:

MPLS is supported on both the FlexWAN module (WS-X6182-2PA) and Enhanced FlexWAN (WS-X6582-2PA) module.

MPLS is supported on all Supervisor Engines (Sup720, Sup32, and Sup2) and the Route Switch Processor 720 (RSP720). Unless noted otherwise, the configuration guidelines and instructions in this chapter are the same for all modules.

Sup32 support was introduced in Cisco IOS Release 12.2(18)SXF, and RSP720 support was introduced in Release 12.2SRB.

The FlexWAN module and the Sup2 are no longer supported in Cisco IOS Release 12.2SRA and later releases. In addition, the Sup32 does not support the FlexWAN module.

With a Route Switch Processor 720, Supervisor Engine 720, or Supervisor Engine 32, the Policy Feature Card performs all MPLS forwarding for IP to MPLS, MPLS to MPLS, and MPLS to IP paths.

With a Supervisor Engine 2, label lookup and label operations are performed on the FlexWAN or Enhanced FlexWAN module.

All MPLS QoS features are handled locally by the FlexWAN or Enhanced FlexWAN module.

The Enhanced FlexWAN module supports MPLS over MLPPP encapsulation for the port adapters shown in Table 3-1.

Supported Features

The following MPLS features are supported:

Note Features in the Cisco IOS 12.2SX releases that are also supported in the Cisco IOS 12.2 mainline, 12.2T, and 12.2S releases are documented in the corresponding publications for those releases. When applicable, this section refers to those publications for platform-independent features supported in the Cisco IOS 12.2SX releases. The Cisco IOS 12.2S releases do not support software images for Cisco 7600 series routers, and the Cisco IOS 12.2S publications do not list support for the Cisco 7600 series routers.

Any Transport over MPLS (AToM). Transports Layer 2 packets over an MPLS backbone. See the"Any Transport over MPLS" section.

MPLS Traceroute. Adds the ability to originate Traceroute from a router in an MPLS enabled network. See:

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_ldp_te_lsp_vccv_ps6922_TSD_Products_Configuration_Guide_Chapter.html

Multi-VRF for CE Routers (VRF-Lite). The VRF-Lite feature enables a service provider to support multiple VRFs, where IP addresses can be overlapped among the customer networks. See:

http://www.cisco.com/en/US/products/hw/routers/ps259/prod_bulletin09186a00800921d7.html

Note VRF-Lite supports the following features: IPv4 forwarding between VRF interfaces, IPv4 ACLs, and IPv4 HSRP. IPv4 multicast is not supported.

MPLS Label Distribution Protocol (LDP). MPLS label distribution protocol (LDP), as standardized by the Internet Engineering Task Force (IETF) and as enabled by Cisco IOS software, allows the construction of highly scalable and flexible IP Virtual Private Networks (VPNs) that support multiple levels of services. See:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/ftldp41.html

MPLS Virtual Private Networks (VPNs). This feature allows you to deploy scalable IPv4 Layer 3 VPN backbone services over a Cisco IOS network. See:

http://www.cisco.com/en/US/docs/ios/12_0st/12_0st21/feature/guide/fs_vpn.html

MPLS VPN Carrier Supporting Carrier (CSC). This feature enables one MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network. See:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftcsc8.html

MPLS VPN—Carrier Supporting Carrier—IPv4 BGP Label Distribution. This feature enables you to configure your carrier supporting carrier network to enable Border Gateway Protocol (BGP) to transport routes and MPLS labels between the backbone carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers. See:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftcscl13.html

MPLS VPN—Inter-autonomous System Support. This feature allows an MPLS VPN to span service providers and autonomous systems. See:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsias24.html

MPLS VPN—Inter-AS—IPv4 BGP Label Distribution. This feature enables you to set up a Virtual Private Network (VPN) service provider network so that the autonomous system boundary routers (ASBRs) exchange IPv4 routes with MPLS labels of the provider edge (PE) routers. See:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftiasl13.html

Hot Standby Router Protocol (HSRP) Support for MPLS Virtual Private Networks (VPNs). This feature ensures that the HSRP virtual IP address is added to the correct IP routing table and not to the default routing table. See:

https://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dt_hsmp.html

Note HRSP support is not applicable if only WAN interfaces (FlexWAN, Enhanced FlexWAN) are used.

OSPF Sham-Link: OSPF Sham-Link Support for MPLS VPN. This feature allows you to use a sham-link to connect Virtual Private Network (VPN) client sites that run the Open Shortest Path First (OSPF) protocol and share back door OSPF links in an MPLS VPN configuration. See:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ospfshmk.html

BGP Multipath Load-Sharing for eBGP and iBGP. This feature allows you to configure multipath load-balancing with both external BGP (eBGP) and internal BGP (iBGP) paths in Border Gateway Protocol (BGP) networks that are configured to use MPLS Virtual Private Networks (VPNs).

Any Transport over MPLS (AToM): Ethernet over MPLS: Port Mode (EoMPLS). See the "Configuring EoMPLS Port Mode for Supervisor Engine 2 or FlexWAN-Based System" section.

Any Transport over MPLS (AToM): ATM AAL5 over MPLS (AAL5oMPLS). See the "ATM AAL5 over MPLS Configuration Guidelines" section.

Any Transport over MPLS (AToM): ATM Cell Relay over MPLS: VP Mode. See the "Configuring ATM VP to VP Local Switching with AAL0 Encapsulation" section.

Any Transport over MPLS (AToM): Ethernet over MPLS (EoMPLS). See the "Ethernet over MPLS" section.

Any Transport over MPLS (AToM): Frame Relay over MPLS (FRoMPLS). See the "Frame Relay over MPLS" section.

Any Transport over MPLS (AToM): PPP over MPLS (PPPoMPLS). This feature enables the transport of PPP protocol data units (PDUs) across an MPLS backbone. See:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/atom.html

Any Transport over MPLS (AToM): Single Cell Relay - VC Mode (CRoMPLS). See the "ATM Cell Relay over MPLS" section.

ATM PVC Bundle Enhancement - MPLS-EXP Based PVC Selection. This feature allows you to select a PVC in an ATM-PVC bundle based on the MPLS-EXP value of the packet. See:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftMPLS.html

Frame Relay PVC Bundles with MPLS QoS (EXP bit) Support. This feature enables the mapping of EXP bits to a bundle member.

IPv6 Switching: Provider Edge Router over MPLS (6PE). This feature provides a method of sending IPv6 packets originating from an IPv6 Edge router across an MPLS network backbone running an IPv4 control plane, without making changes to the software on the MPLS P routers. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ipv6_vgf.htm

MPLS Class of Service (CoS). This feature enables network administrators to provide differentiated types of service across an MPLS network. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/cos.htm

MPLS Class of Service (CoS) Enhancements. This feature allows the service provider to set the MPLS experimental field instead of overwriting the value in the customer's IP precedence field. The IP header remains available for the customer's use; the IP packet's CoS is not changed as the packet travels through the multiprotocol label switching (MPLS) network. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/mct1214t.htm

MPLS DiffServ Tunnel Mode Support. Allows Service Providers to apply QoS criteria using MPLS EXP without impacting their customers' QoS DSCP or IP Precedence marking. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftdtmode.htm

MPLS LDP - MIB Notifications. This feature provides SNMP traps for critical MPLS LDP events.

MPLS over ATM: Virtual Circuit (VC) Merge support. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/ftlsc.htm

MPLS Quality of Service (QoS) Enhancements. MPLS quality of service enhancements allow service providers to classify packets according to their type, input interface, and other factors by setting (marking) each packet within the MPLS experimental field without changing the IP precedence/DSCP field.

For example, service providers can classify packets with or without considering the rate of the packets that PE1 receives. If the rate is a consideration, the service provider marks in-rate packets differently from out-of-rate packets. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st14/mct1214t.htm

MPLS Support on Dynamic Packet Transport (DPT). Dynamic Packet Transport (DPT) offers the reliability and restorability typically associated with SONET/SDH transport, without adding unnecessary overhead to IP traffic. DPT uses dual counter-rotating fiber rings that can concurrently transport data and control traffic. DPT uses the Spatial Reuse Protocol (SRP), which is the media-independent Media Access Control (MAC) layer protocol, for addressing packets, stripping packets, controlling bandwidth, and controlling message propagation on the packets. See:

http://www.cisco.com/warp/public/cc/techno/wnty/dpty/tech/dptm_wp.htm

MPLS VPN - MIB Notifications. This feature provides SNMP traps for critical MPLS VPN events. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftvpnm13.htm

MPLS VPN - OSPF PE-CE Support. Setting a separate router ID for each interface or subinterface on a provider edge (PE) router attached to multiple customer edge (CE) routers within a VPN provides increased flexibility through Open Shortest Path First (OSPF) when routers exchange routing information among sites.

MPLS VPN ID. Multiple VPNs can be configured in a router. You can use VPN name (a unique ASCII string) to reference a specific VPN configured in the router. Alternately, you can use a VPN ID to identify a particular VPN in the router. The VPN ID follows a standard specification (RFC 2685).To ensure that the VPN has a consistent VPN ID, assign the same VPN ID to all the routers in the service provider network that service that VPN. See:

MPLS VPN support for EIGRP between Provider Edge (PE) and Customer Edge (CE). Allows service providers to configure EIGRP between PE and CE in an MPLS VPN network. See:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/fteipece.html

Multi-protocol BGP (MP-BGP) MPLS VPN. An MPLS VPN consists of a set of sites that are interconnected by means of an MPLS provider core network. At each site, there are one or more CEs, which attach to one or more PEs. PEs use the Border Gateway Protocol-Multiprotocol (MP-BGP) to dynamically communicate with each other. See:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/vpnsc/mpls/2_0/prov_gd/pgmpls1.htm

Multicast-VPN: Multicast Support for MPLS VPN. The Multicast-VPN feature provides support for Multicast traffic in an MPLS VPN cloud. Because MPLS VPNs only support unicast traffic connectivity, deploying Multicast VPN in conjunction with MPLS VPN allows service providers to offer both unicast and multicast connectivity to their MPLS VPN customers. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftmltvpn.htm

OSPF Support for Forwarding Adjacencies over MPLS Traffic Engineered Tunnels. Allows OSPF to create a forwarding path across an MPLS Traffic Engineered tunnel. See:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/prod_release_notes_list.html

Set MPLS EXP Transmit within MQC Police Command. Adds support for set-mpls-exp-transmit in a policy map. See:

http://www.cisco.com/en/US/docs/ios/12_1/12_1e/release/notes/7x_121e.html

MPLS Traffic Engineering-DiffServ Aware (DS-TE). DiffServ-aware Traffic Engineering extends MPLS traffic engineering to enable you to perform constraint-based routing of guaranteed traffic. This satisfies a more restrictive bandwidth constraint than that satisfied by CBR for regular traffic. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/fsdserv3.htm

MPLS Traffic Engineering Forwarding Adjacency. The MPLS TE Forwarding Adjacency feature allows a network administrator to handle a traffic engineering, label-switched path (LSP) tunnel as a link in an Interior Gateway Protocol (IGP) network based on the Shortest Path First (SPF) algorithm. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/fstefa_3.
htm

OSPF Forwarding Adjacency. This feature adds Open Shortest Path First (OSPF) support to the MPLS TE Forwarding Adjacency feature, which allows a network administrator to handle a traffic engineering, label-switched path (LSP) tunnel as a link in an Interior Gateway Protocol (IGP) network based on the shortest path first (SPF) algorithm. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/ospffa.htm

MPLS Traffic Engineering (TE)-Interarea Tunnel. The MPLS TE Interarea Tunnels feature allows you to establish MPLS TE tunnels that span multiple Interior Gateway Protocol (IGP) areas and levels, removing the restriction that had required the tunnel head-end and tail-end routers both be in the same area. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s18/fsiarea3.
htm

MPLS Traffic Engineering (TE): Link and Node Protection, with RSVP Hellos Support. Fast ReRoute (FRR) is a mechanism for protecting MPLS Traffic Engineering (TE) label-switched paths (LSPs) from link and node failures by locally repairing the LSPs at the point of failure, allowing data to continue to flow on them while their headend routers attempt to establish new end-to-end LSPs to replace them. See:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/
fsfrr24.htm

MPLS Guidelines and Restrictions

Follow these guidelines and restrictions when configuring MPLS on the FlexWAN and Enhanced FlexWAN modules.

Note Cisco IOS Release 12.2SRA and later releases do not support the Supervisor Engine 2 or the FlexWAN module. In addition, Cisco IOS Release 12.2SRB introduced the Route Switch Processor 720 (RSP720).

The Supervisor Engine 32 does not support the FlexWAN module (WS-X6182-2PA).

MPLS Restrictions

The following MPLS limitations apply:

MPLS Traffic Engineering is not supported over MLPPP encapsulation.

The Supervisor Engine 720, Supervisor Engine 32, and RSP720 support MPLS Provider router (P) functionality.

With Supervisor Engine 2, MPLS provider router (P) functionality is not supported on Ethernet interfaces that also support Layer 2 switching. The only way to support P functionality on these interfaces is to create a trunk from a Gigabit Ethernet interface on, for example, a WS-6516-GBIC module to an interface on the OSM-4GE-WAN module that is configured to allow P switching. The interface on the WS-6516-GBIC module should be placed in trunking mode, and appropriate subinterfaces should be created on the OSM-4GE-WAN module interface.

Note Fast Ethernet port adapters are supported with the Enhanced FlexWAN module in Cisco IOS Release 12(2)SXE and later releases.

With the Supervisor Engine 2, load-sharing is supported on PE paths only and not on the P device.

The default EXP handling method is the MPLS Differentiated (DiffServ) short-pipe mode.

Additional Documentation on Configuring MPLS

For documentation on configuring MPLS, refer to the Multiprotocol Label Switching on Cisco Routers feature module at the following URLs:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/mpls4t.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_c/swprt3/xcftagov.
htm#1021991

MPLS Over RBE

This section provides information about how to configure MPLS on ATM subinterfaces that are configured for routed bridged encapsulation (RBE).

MPLS over RBE enables an RBE interface to accept and process MPLS type packets apart from plain IP. Without this feature, MPLS traffic would be dropped by the RBE interface because it does not recognize MPLS labels.

You can also configure MPLS-VPN on an RBE interface. An example of such a configuration is shown in the "MPLS-VPN over RBE Sample Configuration" section.

MPLS label imposition and disposition processing is performed by the Enhanced FlexWAN module.

MPLS Over RBE Restrictions and Usage Guidelines

MPLS over RBE has the following restrictions and limitations:

Supported in Cisco IOS Release 12.2SRA and later releases on the Enhanced FlexWAN module.

Supported with the RSP720, Sup720, and Sup32.

Supported on ATM port adapters that support RBE. See the "ATM Port Adapters Supported for RBE" section.

MPLS must be enabled at the platform level and on each interface that supports MPLS traffic.

To enable MPLS on the router, use the mpls ip command in global configuration mode.

Use the mpls ip command in interface configuration mode to enable MPLS on an interface.

Label distribution protocol (LDP) must be manually enabled on each of the interfaces in the RBE path (mpls label protocol ldp).

All RBE restrictions and usage guidelines apply. See the "RBE Restrictions and Usage Guidelines" section for details.

All MPLS restrictions apply. See the "MPLS Guidelines and Restrictions" section.

Configuring MPLS Over RBE

To configure routed bridged encapsulation (RBE) on an ATM subinterface and enable MPLS on the interface, perform the following steps. See the sections that follow for information about how to verify the configuration and for an example configuration.

Note Review the information in the "MPLS Over RBE Restrictions and Usage Guidelines" section and perform any necessary prerequisite steps.

 
Command or Action
Purpose

Step 1 

Router# configure terminal

Enters global configuration mode.

Step 2 

Router(config)# interface atm slot/subslot/port.subinterface point-to-point

Creates the specified multipoint subinterface on the given port and enters subinterface configuration mode.

Step 3 

Router(config-subif)# atm route-bridge ip

Enables ATM RFC 1483 half-bridging (RBE bridging).

Note You can enter the atm route-bridge ip command either before or after you create the PVC.

 

Note The atm route-bridge ip command, like other subinterface configuration commands, is not automatically removed when you delete a subinterface. If you want to remove a subinterface and re-create it without RBE, be sure to manually remove the RBE configuration, using the no atm route-bridge ip command.

Step 4 

Router(config-subif)# mpls ip

Enables MPLS on the RBE interface.

Step 5 

Router(config-subif)# mpls label protocol ldp

Selects the Label Distribution Protocol (LDP) as the distribution protocol for MPLS labels.

Step 6 

Router(config-subif)# ip address address mask [secondary]

Assigns the specified IP address and subnet mask to this subinterface. This IP address should be on the same subnet as the remote bridged network (the Ethernet network).

Step 7 

Router(config-subif)# pvc [name] vpi/vci

Configures a new ATM PVC by assigning its VPI/VCI numbers and enters ATM VC configuration mode.

name—(Optional) An arbitrary string that identifies this PVC.

vpi—Specifies the VPI ID. The valid range is 0 to 255.

vci—Specifies the VCI ID. The valid range is 1 to 65535. Values 1 to 31 are reserved and should not be used, except for 5 for the QSAAL PVC and 16 for the ILMI PVC.

 

Note When using the pvc command, remember that the vpi/vci combination forms a unique identifier for the interface and all of its subinterfaces. If you specify a vpi/vci combination that has been used on another subinterface, the Cisco IOS software assumes that you want to modify that PVC's configuration and automatically switches to its parent subinterface.

Step 8 

Router(config-if-atm-vc)# encapsulation aal5snap

Configures the ATM adaptation layer (AAL) and encapsulation type. The only supported encapsulation for an RBE PVC is aal5snap.

Step 9 

Router(config-if-atm-vc)# end

Exits ATM VC configuration mode and returns to privileged EXEC mode.

Verifying the MPLS over RBE Configuration

The following commands are available to check the status of your MPLS over RBE configuration:

show mpls interfaces

show mpls ip binding

show mpls for

show mpls for detail

show mpls ldp bindings

show mpls ldp bindings detail

show mpls ldp discovery

show adjacency detail

show arp

Following is an example of the command output for the show mpls interfaces command: 

Router# show mpls interfaces 

Interface       IP      Tunnel   BGP  Static  Operational

ATM4/1/1.200    Yes     No       No    No      Yes

Following is an example of the command output for the show mpls ip binding command: 

Router# show mpls ip binding 

10.34.0.0/8 

      in label:     20        

      out label:    26        lsr: 10.155.0.55:0    

      out vc label: 1/80      lsr: 10.203.0.7:2      ATM1/0.8

                    Active    ingress 3 hops (vcd 49) 

10.45.0.0/8 

      in label:     25        

      in vc label:  1/36      lsr: 10.203.0.7:2      ATM1/0.8

                    Active    egress (vcd 55) 

      out label:    imp-null  lsr: 10.155.0.55:0     inuse

10.66.0.66/32 

      in label:     26        

      in vc label:  1/39      lsr: 10.203.0.7:2      ATM1/0.8

                    Active    egress (vcd 58) 

      out label:    16        lsr: 10.155.0.55:0     inuse

10.133.0.33/32 

      in label:     23        

      out label:    22        lsr: 10.155.0.55:0    

      out vc label: 1/83      lsr: 10.203.0.7:2      ATM1/0.8

                    Active    ingress 3 hops (vcd 52) 

10.144.0.44/32 

      in label:     61        

      out label:    27        lsr: 10.155.0.55:0     inuse

10.150.88.0/16 

      in label:     28        

      in vc label:  1/40      lsr: 10.203.0.7:2      ATM1/0.8

                    Active    egress (vcd 59) 

      out label:    imp-null  lsr: 10.155.0.55:0     inuse

10.166.47.0/16 

      in label:     33        

      in vc label:  1/46      lsr: 10.203.0.7:2      ATM1/0.8

                    Active    egress (vcd 65) 

      out label:    imp-null  lsr: 10.155.0.55:0     inuse

10.194.44.0/24 

      in label:     24        

      in vc label:  1/37      lsr: 10.203.0.7:2      ATM1/0.8

                    Active    egress (vcd 56) 

      out label:    imp-null  lsr: 10.155.0.55:0     inuse

Following is an example of the command output for the show mpls for command: 

Router# show mpls for 

Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop    

Label  Label or VC   or Tunnel Id      Switched      interface              

17     No Label      12.0.0.0/8        0             AT2/0/0.10000  point2point 

18     16            70.0.0.0/8        0             AT2/0/0.2  122.0.0.1   

19     Pop Label     13.13.13.13/32    0             PO7/1/0    point2point 

20     explicit-n    11.11.11.11/32    0             AT2/0/0.2  122.0.0.1   

21     Pop Label     131.0.0.0/8       0             PO7/1/0    point2point 

22     18            14.14.14.14/32    1188300       PO7/1/0    point2point

Following is an example of the command output for the show mpls ldp bindings detail command: 

Router# show mpls ldp bindings detail 

  lib entry: 5.0.0.0/16, rev 31, chkpt: none

        local binding:  label: imp-null (owner LDP)

          Advertised to:

          13.13.13.13:0          11.11.11.11:0          

        remote binding: lsr: 13.13.13.13:0, label: imp-null

  lib entry: 11.0.0.0/8, rev 32, chkpt: none

        local binding:  label: 16 (owner LDP)

          Advertised to:

          13.13.13.13:0          11.11.11.11:0          

  lib entry: 11.11.11.11/32, rev 33, chkpt: none

        local binding:  label: 20 (owner LDP)

          Advertised to:

          13.13.13.13:0          11.11.11.11:0          

        remote binding: lsr: 11.11.11.11:0, label: exp-null

        remote binding: lsr: 13.13.13.13:0, label: 21

  lib entry: 12.0.0.0/8, rev 34, chkpt: none

        local binding:  label: 17 (owner LDP)

          Advertised to:

          13.13.13.13:0          11.11.11.11:0          

  lib entry: 12.12.12.12/32, rev 35, chkpt: none

        local binding:  label: imp-null (owner LDP)

          Advertised to:

          13.13.13.13:0          11.11.11.11:0          

        remote binding: lsr: 11.11.11.11:0, label: 18

        remote binding: lsr: 13.13.13.13:0, label: 19

  lib entry: 13.13.13.13/32, rev 36, chkpt: none

        local binding:  label: 19 (owner LDP)

          Advertised to:

          13.13.13.13:0          11.11.11.11:0          

        remote binding: lsr: 11.11.11.11:0, label: 20

        remote binding: lsr: 13.13.13.13:0, label: imp-null

  lib entry: 14.14.14.14/32, rev 37, chkpt: none

        local binding:  label: 22 (owner LDP)

          Advertised to:

          13.13.13.13:0          11.11.11.11:0          

        remote binding: lsr: 11.11.11.11:0, label: 22

        remote binding: lsr: 13.13.13.13:0, label: 18

  lib entry: 15.0.0.0/8, rev 46, chkpt: none

        remote binding: lsr: 11.11.11.11:0, label: exp-null

  lib entry: 17.0.0.0/8, rev 47, chkpt: none

        remote binding: lsr: 11.11.11.11:0, label: exp-null

  lib entry: 50.0.0.0/8, rev 38, chkpt: none

        local binding:  label: imp-null (owner LDP)

          Advertised to:

          13.13.13.13:0          11.11.11.11:0

    [additional command output truncated]

Following is an example of the command output for the show mpls ldp discovery command: 

Router# show mpls ldp discovery 

 Local LDP Identifier:

    12.12.12.12:0

    Discovery Sources:

    Interfaces:

        POS7/1/0 (ldp): xmit/recv

            LDP Id: 13.13.13.13:0

        ATM2/0/0.2 (ldp): xmit/recv

            LDP Id: 11.11.11.11:0

Following is an example of the command output for the show adjacency detail command: 

Router# show adjacency detail 

Protocol Interface                 Address

IP       EOBC0/0                   127.0.0.51(4)

                                   0 packets, 0 bytes

                                   epoch 0

                                   sourced in sev-epoch 538

                                   Encap length 14

                                   0000150000000000150000000800

                                   ARP

IP       POS7/1/0                  point2point(10)

                                   1000 packets, 104000 bytes

                                   epoch 0

                                   sourced in sev-epoch 538

                                   Encap length 4

                                   0F000800

                                   P2P-ADJ

TAG      POS7/1/0                  point2point(4)

                                   0 packets, 0 bytes

                                   epoch 0

                                   sourced in sev-epoch 538

                                   Encap length 4

                                   0F008847

                                   P2P-ADJ

IP       ATM2/0/0.2                122.0.0.1(14)

                                   1000 packets, 108000 bytes

                                   epoch 0

                                   sourced in sev-epoch 538

                                   Encap length 28

                                   00010000AAAA030080C20007000000D0

                                   04F75C0000D004B86C000800

                                   ARP

TAG      ATM2/0/0.2                122.0.0.1(3)

                                   0 packets, 0 bytes

                                   epoch 0

                                   sourced in sev-epoch 538

                                   Encap length 28

                                   00010000AAAA030080C20007000000D0

                                   04F75C0000D004B86C008847

                                   P2P-ADJ

MPLS over RBE Sample Configuration

Following is a sample configuration for two MPLS provider edge routers (PE1 and PE2) that are connected to an RFC 1483 device (such as a DSLAM).

PE1 Configuration 

interface gig1/1

interface gig1/1.100

 encapsulation dot1Q 100

 ip address 10.0.0.1 255.0.0.0

 mpls ip

 mpls label protocol ldp

PE2 Configuration 

interface atm3/1/0.100 

 ip address 10.0.0.2 255.0.0.0

 mpls ip

 mpls label protocol ldp

 atm route-bridge ip

 pvc 100/101

RFC 1483 Device Configuration 

interface gig1/1

 switchport

 switchport trunk encapsulation dot1q

 switchport mode trunk

interface atm3/0/0.1 multipoint

 pvc 100/101

 bridge-domain 100 dot1q

MPLS-VPN over RBE Sample Configuration

The following sample configuration shows MPLS-VPN configured over an RBE interface. CPE1 is connected to an RFC 1483 device, which is connected to PE1 (a Cisco 7600 router). PE1 is connected to P1 (another Cisco 7600 router) in the MPLS network. On the other side, P1 is connected to PE2 (a Cisco 7600 router), which connects to CPE2.

The Cisco 7600 series routers at the edges of the MPLS network are configured as follows:

PE1 connects to the RFC 1483 device and a router (P1) in the MPLS network. The RBE interface (ATM3/0/0.2) is configured for MPLS-VPN and is configured as a VRF.

PE2 connects to P1 and CPE2.

PE1:
PE2: 
ip vrf vpn2 

 rd 200:1 

 route-target import 200:1 

 route-target export 200:1

 mpls ip 

 mpls label protocol ldp

interface lo0  

 ip address 11.11.11.11 255.255.255.255

 no shut 

interface atm3/0/0.2 point 

 ip address 20.0.0.2 255.0.0.0

 ip vrf forwarding vpn2

 ip ospf mtu-ignore

 atm route-bridge ip 

 pvc 10/100

interface p4/0/0  

 ip address 21.0.0.1 255.0.0.0

  mpls ip 

  mpls label protocol ldp 

  clock source internal 

router OSPF 20

 redistribute connected subnets

 auto-cost reference-bandwidth 1000

 network 21.0.0.0 0.255.255.255 area 0

 network 11.11.11.11 0.0.0.0 area 0

router BGP 200

 no synchronization 

 no bgp default ipv4-unicast 

 neighbor 17.17.17.17 remote-as 200 

 neighbor 17.17.17.17 update-source Loopback0

 address-family vpnv4

  bgp scan-time import 5 

  neighbor 17.17.17.17 activate  

  neighbor 17.17.17.17 send-community extended

 address-family ipv4 vrf vpn2

  bgp dampening 30 

  no auto-summary 

  neighbor 20.0.0.2 remote-as 300 

  neighbor 20.0.0.2 advertisement-interval 5 

  neighbor 20.0.0.2 activate 

  neighbor 20.0.0.2 as-override

  timers bgp 10 30

ip vrf vpn2 

 rd 200:1 

 route-target import 200:1 

 route-target export 200:1

 mpls ip 

 mpls label protocol ldp

interface lo0  

 ip address 13.13.13.13 255.255.255.255

 no shut 

interface POS4/0/0

 ip address 23.0.0.1 255.0.0.0

 ip vrf forwarding vpn2

 clock source internal 

interface p4/0/0  

 ip address 22.0.0.2 255.0.0.0

 mpls ip 

 mpls label protocol ldp 

 clock source internal 

router OSPF 20

 redistribute connected subnets

 auto-cost reference-bandwidth 1000

 network 22.0.0.0 0.255.255.255 area 0

 network 13.13.13.13 0.0.0.0 area 0

router BGP 200

 no synchronization 

 no bgp default ipv4-unicast 

 neighbor 11.11.11.11 remote-as 200 

 neighbor 11.11.11.11 update-source Loopback0 

 address-family vpnv4

  bgp scan-time import 5 

  neighbor 11.11.11.11 activate  

  neighbor 11.11.11.11 send-community extended 

 address-family ipv4 vrf vpn2

  bgp dampening 30 

  no auto-summary 

  neighbor 23.0.0.2 remote-as 350 

  neighbor 23.0.0.2 advertisement-interval 5 

  neighbor 23.0.0.2 activate  

  neighbor 23.0.0.2 as-override  

  timers bgp 10 30

Following is the configuration for the RFC 1483 device and Cisco 7600 router (P1) in the MPLS network.

The RFC 1483 device is connected to PE1 and CPE1.

P1 is connected to PE1 and PE2.

RFC 1483 Device:
P1 Router: 
interface GigabitEthernet1/2

 no ip address

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk allowed vlan 100

 switchport mode trunk

interface atm3/0/0

 pvc 10/100

 bridge-domain 100

interface lo0  

 ip address 12.12.12.12 255.255.255.255

 no shut 

interface p4/0/0  

 ip address 21.0.0.2 255.0.0.0

 mpls ip 

 mpls label protocol ldp 

 clock source internal

interface p4/0/0  

 ip address 22.0.0.1 255.0.0.0

 mpls ip 

 mpls label protocol ldp 

 clock source internal

router OSPF 20

 redistribute connected subnets

 auto-cost reference-bandwidth 1000

 network 21.0.0.0 0.255.255.255 area 0

 network 22.0.0.0 0.255.255.255 area 0

 network 12.12.12.12 0.0.0.0 area 0

Following is the configuration for the CPE devices at the customer sites.

CPE1 is connected to the RFC 1483 device.

CPE2 is connected to PE2 at the edge of the MPLS network.

CPE1:
CPE2: 
interface Ethernet0/0/1.1

 encapsulation dot1Q 100

 ip address 20.0.0.1 255.0.0.0

 ip ospf mtu-ignore

interface loopback1

 ip address 10.10.10.10 255.255.255.255

router ospf 20 

 network 10.0.0.0 0.0.0.0 area 0

router BGP 300

 no synchronization 

 no auto-summary 

 redistribute connected  

 redistribute ospf 20 match internal external 1 external 2

 neighbor 20.0.0.2 remote-as 200 

 neighbor 20.0.0.2 advertisement-interval 5 

 timers bgp 10 30

interface POS4/0/0

 ip address 23.0.0.2 255.0.0.0

interface loopback1

 ip address 14.14.14.14 255.255.255.255

router ospf 20 

 network 14.14.14.14 0.0.0.0 area 0

router BGP 350

 no synchronization 

 no auto-summary 

 redistribute connected  

 redistribute ospf 20 match internal external 1 external 2 

 neighbor 23.0.0.1 remote-as 200 

 neighbor 23.0.0.1 advertisement-interval 5 

 timers bgp 10 30

Configuring MPLS VPNs

These sections describe how to configure MPLS VPNs:

MPLS VPNs on FlexWAN and Enhanced FlexWAN

MPLS VPN Guidelines and Restrictions

MPLS VPN Memory Requirements and Recommendations

MPLS Per-Label Load-Balancing

For information on configuring MPLS VPN, see the MPLS Virtual Private Networks feature module at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t7/vpn_en.htm

MPLS VPNs on FlexWAN and Enhanced FlexWAN

With the Supervisor Engine 2, the ingress FlexWAN or Enhanced FlexWAN module receives packets, performs a MFIB lookup and directs the packet to the Supervisor Engine 2. The Supervisor Engine 2 directs the packet to the egress FlexWAN or Enhanced FlexWAN module, which imposes the VPN label (and an optional IGP tunnel label).

With a Route Switch Processor 720, Supervisor Engine 720, or Supervisor Engine 32, the ingress FlexWAN or Enhanced FlexWAN module receives packets and forwards them to the RSP or the Sup, which performs the necessary VPN lookup and imposes the VPN label (and an optional IGP tunnel label). The RSP or Sup sends the MPLS packet to the egress FlexWAN or Enhanced FlexWAN module, which sends out the MPLS frame.

MPLS VPN Guidelines and Restrictions

The following MPLS VPN limitations apply:

The RSP720, Sup720, and Sup32 support load-sharing. The Sup2 supports load-sharing on PE in ip2tag and tag2ip paths; load-balancing in tag2tag paths is not supported without a unique configuration (see the "MPLS Per-Label Load-Balancing" section).

The RSP720, Sup720, and Sup32 support MTU checking and fragmentation. The Sup2 does not.

A total of 1024 VRFs per chassis is supported.

MPLS VPN Memory Requirements and Recommendations

When a Cisco 7600 series router functions as a PE router in an MPLS VPN environment, the memory requirements that are listed in Table 2-1 apply:

Table 2-1 MPLS VPN Memory Requirements and Recommendations 

MSFC2 Memory Configuration
Maximum Number of Internet Routes, eBGP sessions, and VPNv4 routes

MSFC2 with 512 MB

100,000 Internet routes, 750 eBGP sessions, and 100,000 VPNv4 routes

Supervisor Engine 2 Memory Configuration

Maximum Number of Internet Routes, eBGP sessions, and VPNv4 routes

Supervisor Engine 2 with 256 MB

100,000 Internet routes, 750 eBGP sessions, and 175,000 VPNv4 routes

Supervisor Engine 720 Memory Configuration

Maximum Number of Internet Routes, eBGP sessions, and VPNv4 routes

Supervisor Engine 720 with PFC3BXL with 1 GB

1,000,000 Internet routes, 1200 eBGP sessions, and 500,000 VPNv4 routes

Route Switch Processor 720 Memory Configuration

Maximum Number of Internet Routes, eBGP sessions, and VPNv4 routes

Route Switch Processor 720 with PFC3CXL with 2 GB

1,000,000 Internet routes, 1200 eBGP sessions, and 500,000 VPNv4 routes

FlexWAN Memory Configuration

Maximum Number of Internet Routes, eBGP sessions, and VPNv4 routes

FlexWAN with 2 x 128 MB

100,000 Internet routes, 750 eBGP sessions, and 75,000 VPNv4 routes

Enhanced FlexWAN with 2 x 512 MB

1,000,000 Internet routes, 750 eBGP sessions, and 500,000 VPNv4 routes


If the number of Internet routes, eBGP sessions, and VPNv4 routes exceeds those listed in Table 2-1, upgrade to the next memory option. If you have a FlexWAN module installed in the system, the number of Internet routes, eBGP sessions, and VPNv4 routes in the configuration file must not exceed the requirement listed in the table for FlexWAN.

MPLS Per-Label Load-Balancing

Note MPLS per-label load-balancing is supported with the Cisco Supervisor Engine 2.

When the Cisco 7600 router is configured as a P router, you can ensure traffic is distributed among equal cost paths by using the mpls load-balance per-label command to enable or disable the load-balancing for tag-to-tag traffic.

When enabled, MPLS per-label load-balancing ensures that traffic is balanced based on the incoming labels (per prefix) among MPLS interfaces. Each MPLS interface supports an equal number of incoming labels. 

mpls load-balance per-label

[no] mpls load-balance per-label

The default is disabled.

Use the no form of the command to return to the default setting.

This example shows how to enable load-balancing for tag-to-tag traffic: 

Router(config)# mpls load-balance per-label

Note The mpls load-balance per-label command is only available with the Supervisor Engine 2.
Note that Cisco IOS Release 12.2SR and later releases do not support the Supervisor Engine 2.

You can use the show mpls ttfib command to view the incoming label (indicated by an asterisk*) that is included in the load-balancer. The following shows the output of the show mpls ttfib command: 

Router# show mpls ttfib 

Local  Outgoing    Packets Tag          LTL   Dest.   Destination    Outgoing 

Tag    Tag or VC   Switched             Index Vlanid  Mac Address    Interface

4116   21          0                    0xE0  1020    0000.0400.0000 PO4/1/0*

       34          0                    0x132 1019    00d0.040d.380a Serial6/1/0

       45          0                    0xE3  4031    0000.0430.0000 PO4/0/0

4117   16	         0                    0x132 1019    00d0.040d.380a Serial6/1/0*

       17          0                    0xE0  1020    0000.0400.0000 PO4/1/0

       18          0                    0xE3  4031    0000.0430.0000 PO4/0/0

4118   21          0                    0xE0  1020    0000.0400.0000 PO4/1/0*

       56          0                    0xE3  4031    0000.0430.0000 PO4/0/0

4119   35          0                    0xE3  4031    0000.0430.0000 PO4/0/0*

       47          0                    0xE0  1020    0000.0400.0000 PO4/1/0

Note The RSP720, Sup720, and Sup32 handle MPLS labeled packets without commands. If the packet has three labels or less and the underlying packet is IPv4, the RSP or Sup uses the source and destination IPv4 address. If the underlying packet is not IPv4 or it has more than three labels, the RSP or Sup parses down as deep as the fifth or lowest label and uses that label for hashing.

Configuring VRF-Lite (Multi-VRF CE)

This section includes these topics:

Introducing VRF-Lite

VRF-Lite Configuration Guidelines

VRF-Lite Feature Support Summary

Configuring VRF Tables

Configuring a VPN Routing Process Between the CE and PE Routers

Sample VRF-Lite Configuration

Introducing VRF-Lite

The VRF-Lite feature enables multiple customers to share a single customer edge (CE) router. A CE router running VRF-Lite (also called a Multi-VRF CE) uses independent Virtual Routing and Forwarding (VRF) tables to keep routing information separate for each customer. You can use VRF tables to separate customer routing information into logical segments.

Note VRF-Lite provides a subset of the full functionality of a provider edge (PE) router. A CE router running VRF-Lite (a Multi-VRF CE) differs from a standard PE router because there is no label exchange, no Label Distribution protocol (LDP) adjacency, and no labeled packet flow between the PE and CE routers.

VRF tables are often mentioned in conjunction with Virtual Private Networks (VPNs), which are commonly used in the following scenarios:

Multi-Protocol Label Switching (MPLS) VPNs provide a secure way for a group of sites to share a common routing table. A single router can run multiple VRFs and therefore offer physical connectivity to multiple customers while keeping them logically separated from each other. This is also referred to as logical segmentation.

IPsec VPNs focus on encrypting IP traffic so that multiple hosts or networks can communicate in a secure fashion over any IP network. In the case of a telecommuter seeking access to the corporate network, where communication is over the Internet, the remote end (a client PC or a router) establishes an IPsec VPN tunnel to the central site. This type of VPN does not typically use VRFs.

Note You can use VRF tables with MPLS VPNs or simply as part of the VRF-Lite feature (that is, you can use the VRF-Lite feature to configure VRF tables on the router and not use MPLS at all). Throughout this chapter, the term VPNs refers to the logical segmentation of routing information.

VRF-Lite Segmentation Method

While having multiple VRF tables in the same router is important, this logical segmentation must also be carried across a common link. Where MPLS VPNs use MPLS labels to keep this logical segmentation in place, VRF-Lite uses a locally significant label that is dependent on the link layer used. Separation is accomplished by means of logical interfaces through Layer 2 (for Ethernet, 802.1Q tags; for Frame Relay, data-link connection identifiers [DLCIs]; and for ATM, PVCs).

Because VRF-Lite enables a CE to maintain multiple independent routing tables or VRFs, the feature can be used to extend the privacy and security of an MPLS VPN beyond a PE router. For example, (depending on its size) a campus network with PE and provider (P) routers in the core could use Multi-VRF CE routers at the distribution layer to extend the VRF tables to the point where the VLANs are terminated. See the "Sample VRF-Lite Configuration" section for a sample configuration of this type.

Although VRF-Lite is typically used with MPLS VPNs, it can also be used in a back-to-back or hop-by-hop fashion. In this case, no PE router is required.

VRF Interfaces

By default, an interface belongs to the global routing table. To add an interface to a VRF table, you must configure the interface for VRF as described in the "Configuring VRF Tables" section.

VRF-Lite is a Layer 3 feature; therefore, only Layer 3 interfaces can be added to a VRF table. The following types of Layer 3 interfaces support VRFs:

Switched Virtual Interface (SVI) (also called a VLAN interface)

Subinterface

Layer 3 interface

Logical interface (for example, a tunnel interface)

Note An interface can belong to only one VRF table at a time. All interfaces that are configured as part of the same VRF table are also part of the same routing domain.

Packet-Forwarding Process

The following steps describe the packet-forwarding process to transmit a packet from the left VPN10 cloud to the right VPN10 cloud in the sample network shown in Figure 2-2. The figure shows Ethernet 802.1Q trunk links between the CE and PE routers; however, any type of links could be used (for example, Frame Relay or ATM).

1. When CE1 receives a packet from the customer network VPN10, it determines which VRF table is associated with the CE ingress interface. CE1 performs a routing lookup in the VRF table to determine which interface to send the packet to. From the lookup, CE1 determines that the destination is reachable through PE1 and so it forwards the packet on the interface that faces PE1.

Note The link between CE1 and PE1 is an 802.1Q Ethernet trunk that is configured to carry traffic for two VLANs. Each VLAN has a separate VRF table (VRF10 for VLAN10 and VRF20 for VLAN20). To allow forwarding over the trunk, the SVI for each VLAN must be tied to the appropriate VRF table.

On PE1, VLAN10 must also be configured and associated with VRF10, which is the VRF table that contains information about VLAN10 interfaces and routes.

2. When the packet arrives at PE1, its VLAN tag identifies the VLAN that the packet belongs to and the VRF table associated with the VLAN. PE1 performs a route lookup in the VRF table and when a route is found, it adds corresponding MPLS labels to the packet and sends the packet to the MPLS core.

3. When the egress PE router (PE2) receives a packet from the MPLS core, it uses the packet label to identify the correct VPN routing table and strips off the label. Because the SVI used to carry the packet is mapped to the appropriate VRF table, the packet is forwarded to the next adjacent router (CE2).

The link between PE2 and CE2 is also an 802.1Q trunk that is configured to carry traffic for two VLANs. Because VLAN IDs have local significance only, the IDs used on this side of the MPLS core might be different than the IDs used between CE1 and PE1.

4. When CE2 receives a packet from PE2, it performs a route lookup in the VRF table associated with the ingress interface (the VLAN interface or SVI). If a route is found, CE2 forwards the packet out to the customer network (VPN10).

Figure 2-2 Cisco 7600 Series Routers Acting as Multi-VRF CEs

All of the routers shown in Figure 2-2 can be Cisco 7600 series routers, but only the CE routers have VRF-Lite configured on them; thus, these devices function as Multi-VRF CEs. Because VRF-Lite is a Layer 3 feature, each interface in a VRF must be a Layer 3 interface.

The links between the PE and CE routers do not carry MPLS labels. The links are configured as 802.1Q trunks. In addition:

You can use VRF-Lite in a network topology in which the CE1-to-CE2 network path transports data traffic using a point-to-point connection, without requiring an MPLS core network. This is sometimes referred to as a back-to-back or hop-by-hop configuration.

A customer VPN can be attached to both a CE router and a PE router.

VRF-Lite Configuration Guidelines

Consider the following guidelines as you configure VRF-Lite in your network:

General Considerations

By default, all interfaces are part of the global routing table and no VRF tables exist on the router.

VRF-Lite is supported on PFC3A systems; however, MPLS VPN requires PFC3B or greater.

Multiple customers can share a router configured with VRF-Lite because the router maintains individual VRF tables for each customer.

Because customers use different VRF tables, overlapping IP addresses are allowed. This means that the same IP address can be used in different VPNs.

VRF-Lite allows multiple customers to share the same physical link between the PE and CE routers. When Ethernet is used, trunk ports with multiple VLANs separate packets among customers. Configure a separate VLAN for each customer on the link between the PE and CE routers.

VRF-Lite does not make use of MPLS label exchange, LDP adjacency, and MPLS labeled packets.

For the PE router, there is no difference in having multiple customers connected through multiple physical CE routers or a single CE router configured with VRF-Lite.

VRF-Lite was introduced in Cisco IOS Release 12.2(4)T. It is supported on the Sup720 and Sup2 (in Cisco IOS Release 12.2(17d)SXB and later releases), the Sup32 (in Release 12.2(18)SXF and later), and the RSP720 (in Release 12.2SRB and later releases).

Cisco IOS Release 12.2(18)SXE and later releases support multicast on interfaces configured for VRF-Lite.

Interface Considerations

Only Layer 3 interfaces, switched virtual interfaces (SVIs), subinterfaces, or logical interfaces (such as tunnel interfaces) can be assigned to a VRF table. Any combination of these interface types can be associated with a single VRF table.

An interface can belong to only one VRF table at a time. This means that multiple customers cannot share the same interface.

By default, all interfaces are part of the global routing table. To add an interface to a VRF table, follow the instructions in the "Configuring VRF Tables" section.

Each interface configured for VRF-Lite must have an IP address assigned to it. When an interface is configured for VRF-Lite, traffic cannot be bridged to a next-hop router.

With a Sup2, all interfaces that use VRF-Lite must be located on an Optical Services Module (OSM). (In Cisco IOS Release 12.2SRA and later releases, the Sup2 is no longer supported.)

Scalability and Performance

A Cisco 7600 series router can support up to 511 or 1,024 VRF tables, depending on the line card configuration. The total number of routes supported is limited by the size of the Ternary Content Addressable Memory (TCAM). For details, see the "MPLS VPN Guidelines and Restrictions" section in the "Configuring Multiprotocol Label Switching on the PFC" chapter of the Cisco 7600 Series Router Cisco IOS Software Configuration Guide at the following URL:

/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/pfc3mpls.html#wp1047631

On interfaces configured for VRF-Lite, forwarding is done in the hardware.

The Layer 3 TCAM resources are shared among all VRF tables. To ensure that any one VRF table has sufficient TCAM space, use the mls cef maximum route command. For details, see the Release Notes for the Cisco 7600 Series Router for your software release.

Routing Protocols

You can use most routing protocols, as well as static routes, between the CE and PE routers or between the CE and CE routers (in a back-to-back configuration). For example, you can use Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Procotol (EIGRP), and Routing Information Protocol (RIPv1, RIPv2). However, we recommend using external BGP (eBGP) for these reasons:

BGP does not require multiple routing protocol instances to communicate with multiple CE routers.

BGP is designed for passing routing information between systems run by different administrations.

BGP makes it easy to pass route attributes to the CE router.

Use the capability vrf-lite subcommand (under the router ospf command) when configuring OSPF as the routing protocol between the PE and CE routers.

Interior Gateway Routing Protocol (IGRP) and Intermediate System-to-Intermediate System (IS-IS) are not VRF-aware.

In Cisco IOS Release 12.2(18)SXE and later releases, you can configure more than 28 OSPF processes.

VRF-Lite Feature Support Summary

Table 2-2 lists the Cisco IOS features that are VRF-aware.

Table 2-2 VRF-Lite Feature Support in Cisco IOS Software 

Feature Category and Name
Cisco IOS Release Introduced
Traffic Forwarding
 

IPv4 Unicast Forwarding

12.2(17d)SXB

IPv4 Multicast Forwarding

12.2(18)SXE

IP Directed Broadcasts

12.2(18)SXE

Routing Protocols
 

Static Routes

12.2(17d)SXB

RIPv1 and RIPv2

12.2(17d)SXB

EIGRP

12.2(18)SXD

eBGP

12.2(17d)SXB

OSPF

12.2(17d)SXB

Management Operations
 

Telnet

12.2(17d)SXB

Ping IPv4

12.2(17d)SXB

Traceroute

12.2(17d)SXB

TFTP
(Trivial File Transfer Protocol)

12.2(18)SXD5,
12.2(18)SXE4 and later

FTP
(File Transfer Protocol)

12.2(18)SXD5,
12.2(18)SXE4 and later

Supplementary
 

Standard ACLs (Access Control Lists)

12.2(18)SXD

Extended ACLs

12.2(18)SXD

DHCP Relay (within VRF)
(Dynamic Host Configuration Protocol)

12.2(17d)SXB

HSRP (Hot Standby Routing Protocol)

12.2(17d)SXB

Static ARP entries
(Address Resolution Protocol)

12.2(17d)SXB

VRRP
(Virtual Router Redundancy Protocol)

12.2(17d)SXB


Configuring VRF Tables

You configure VRF tables for VRF-Lite in the same way that you configure VPN routing and forwarding tables (VRF tables) in an MPLS VPN environment. For additional details on configuring VRF tables, see the "Configuring MPLS Virtual Private Networks" section in the Cisco IOS Switching Services Configuration Guide, Release 12.2 at this URL:

/en/US/docs/ios/12_2/switch/configuration/guide/xcftagc.html#63744

To configure a VRF table, complete the following tasks:

1. Create a VRF instance.

2. Associate the interface with the VRF table.

3. Configure the routing protocols between the CE and PE router (or between the CE and CE router in a hop-by-hop scenario) and associate them with the corresponding VRF table.

Tip If a PE router is present in the topology, you must configure VRF tables (and routing processes) on both the CE and PE routers. The VRF and routing configurations must be identical on the interfaces connecting the CE and PE routers. The PE router configuration for core-facing interfaces is different in order to accommodate label switching.

To configure one or more VRF tables, perform the following steps on both the CE and PE routers. For complete syntax and usage information for the commands, see the Cisco IOS Switching Services Command Reference , Release 12.2.

 
Command
Description

Step 1  

Router# configure terminal

Enters global configuration mode.

Step 2  

Router(config)# ip vrf vrf-name

Enables VRF and enters VRF configuration mode.

Step 3  

Router(config-vrf)# rd 
route-distinguisher

Creates a VRF table by specifying a route distinguisher. Enter either an AS number and an arbitrary number (xxx:y) or an IP address and an arbitrary number (A.B.C.D:y).

Step 4  

Router(config-vrf)# route-target 
{export | import | both} 
route-target-ext-community

Creates a list of import, export, or import and export route target communities for the specified VRF table. Enter either an AS number and an arbitrary number (xxx:y) or an IP address and an arbitrary number (A.B.C.D:y).

Note This command is effective only if BGP is running.

Step 5  

Router(config-vrf)# interface 
interface-id

Enters interface configuration mode and specifies the Layer 3 interface to add to a VRF table.

Step 6  

Router(config-if)# ip vrf forwarding 
vrf-name

Adds the Layer 3 interface to the specified VRF table.

Step 7  

Router(config-if)# ip address address 
mask

Assigns an IP address and subnet mask to the interface.

Step 8  

Router(config-if)# end

Returns to privileged EXEC mode.

Step 9  

Router# show ip vrf [brief | detail | 
interfaces] [vrf-name]

Verifies the configuration. Displays information about the configured VRF tables.

Step 10  

Router# copy running-config 
startup-config

(Optional) Saves changes to the startup configuration file.

Use the no ip vrf forwarding interface configuration command to remove an interface from a VRF table. Use the no ip vrf vrf-name global configuration command to delete a VRF table and remove its interfaces from the VRF configuration.

Note When a VRF table is deleted, the system removes the IP addresses of interfaces that belong to the table. This is also true when you issue the ip vrf forwarding or no ip vrf forwarding command on an individual interface.

Configuring a VPN Routing Process Between the CE and PE Routers

Routing within the VPN can be configured with any supported routing protocol or with static routing. The following examples are for CE-to-PE routing; however, these examples can also be used for a back-to-back or hop-by-hop configuration.

Configuring a CE-to-PE Routing Process Using OSPF

The following configuration is for Open Shortest Path First (OSPF), but the process is the same for other routing protocols. To configure CE-to-PE communication using OSPF, follow these steps:

Note For OSPF and Routing Information Protocol (RIP), each VRF table requires its own routing process. This means that when you use OSPF or RIP, you must perform these steps for each VRF table on the router.

 
Command
Description

Step 1 

Router# configure terminal

Enters global configuration mode.

Step 2 

Router(config)# router ospf process-id vrf vrf-name

Enables OSPF routing, specifies a VRF table, and enters router configuration mode.

Step 3 

Router(config-router)# log-adjacency-changes

(Optional) Logs changes in the adjacency state. This is the default state.

Step 4 

Router(config-router)# redistribute bgp autonomous-system-number subnets

(Optional) Configures the router to redistribute information from the BGP network to the OSPF network.

Step 5 

Router(config-router)# network network-number area area-id

Defines a network address and mask on which OSPF runs and the area ID for that network address.

Step 6 

Router(config-router)# end

Returns to privileged EXEC mode.

Step 7 

Router# show ip ospf process-id

Verifies the configuration of the OSPF network.

Step 8 

Router# copy running-config startup-config

(Optional) Saves your changes to the startup configuration file.

Use the no router ospf process-id vrf vrf-name global configuration command to disassociate the VPN forwarding table from the OSPF routing process.

Configuring a CE-to-PE Routing Process Using BGP

To configure a CE-to-PE routing process using Border Gateway Protocol (BGP), follow these steps:

Note Because BGP and Enhanced Interior Gateway Routing Protocol (EIGRP) make use of address families, you need to configure only one routing process between the CE and PE routers (not a separate process for each VRF table).

 
Command
Description

Step 1 

Router# configure terminal

Enters global configuration mode.

Step 2 

Router(config)# router bgp autonomous-system-number

Configures the BGP routing process with the AS number passed to other BGP routers and enters router configuration mode.

Step 3 

Router(config-router)# network network-number mask network-mask

Specifies a network and mask to announce using BGP.

Step 4 

Router(config-router)# address-family ipv4 vrf vrf-name

Defines BGP parameters for CE-to-PE routing sessions and enters VRF address-family mode.

Step 5 

Router(config-router-af)# neighbor address remote-as as-number

Defines a BGP session between the CE and PE routers.

Step 6 

Router(config-router-af)# neighbor address activate

Activates the advertisement of the IPv4 address family.

Step 7 

Router(config-router-af)# end

Returns to privileged EXEC mode.

Step 8 

Router# show ip bgp [ipv4] [neighbors]

Verifies the BGP configuration.

Step 9 

Router# copy running-config startup-config

(Optional) Saves your settings in the startup configuration file.

Use the no router bgp autonomous-system-number global configuration command to delete the BGP routing process. Use the command with keywords to delete routing characteristics.

Sample VRF-Lite Configuration

VRF-Lite is useful when you need to separate a small number of groups that span a large network or an MPLS VPN-based WAN. It allows you to keep the segmentation of VPNs and virtual routing domains (VRF tables) in place without having to implement a full PE node.

This sample configuration describes a possible use of VRF-Lite in an enterprise environment (see Figure 2-3). In this scenario, the traffic flow is as follows:

1. The client PC belongs to the user group Finance and is connected to an access switch.

2. The client PC connects to the access switch through a port that resides in VLAN 10.

3. VLAN 10 is transported over an 802.1Q trunk to CE1.

4. On CE1, the ip vrf forwarding Finance command is used to associate the SVIs for VLAN 10 and VLAN 110 with VPN Finance.

5. The CE1-to-PE1 connection is an 802.1Q trunk that is used to carry VLAN 110 traffic.

6. On PE1, VLAN 110 is associated with VPN Finance.

7. To allow CE1 to advertise its networks and learn about other IP subnets belonging to VRF Finance, CE1 must be configured to use a dynamic routing protocol. The same is true for PE1.

8. If VRF Finance is also configured as an address family in BGP, the route information is propogated to all sites that are configured to receive information from this VRF table.

Figure 2-3 Example of Network Topology Using VRF-Lite

Users belonging to the same VPN can be distributed across multiple switches. Figure 2-3 shows that clients belonging to the Finance VPN are connected to Switch 1 (SW1) and Switch 3 (SW3). At the distribution layer, all VLANs that host Finance clients must be mapped to the VRF Finance. To map Finance VLANs to the VRF Finance, you must configure the ip vrf forwarding Finance command on the SVIs for these VLANs.

Although Engineering clients are connected to the same access and distribution layer, separation of Finance and Engineering can be guaranteed because:

VLANs separate the traffic from users in the access layer.

VRF tables assure that traffic is not routed between VLAN interfaces from Finance and Engineering.

Furthermore, VPN Finance can be extended across the MPLS core to other sites, where the same PE and CE routers and access layer topology are used. VPN Finance will then also be available to users from the Finance department in the other site.

Any Transport over MPLS

Any Transport over MPLS (AToM) transports Layer 2 packets over a Multiprotocol Label Switching (MPLS) backbone. AToM uses a directed Label Distribution Protocol (LDP) session between edge routers for setting up and maintaining connections. Forwarding occurs through the use of a two-label stack, switching between the edge routers.

The external label (tunnel label) routes the packet over the MPLS backbone to the egress Provider Edge (PE) router at the ingress PE. The VC label is a demuxing label that determines the connection at the tunnel endpoint (the particular egress interface on the egress PE as well as the VPI/VCI value for the AAL5 PDU, the DLCI value for Frame Relay PDU, or the VLAN identifier for an Ethernet frame).

AToM supports the following like-to-like transport types, which are described in the sections that follow:

Ethernet over MPLS (VLAN mode and port mode)

Note The Sup720, Sup32, and RSP720 support both hardware-based EoMPLS and CWAN-based (OSM, FlexWAN, and SIP) EoMPLS.

PPP and HDLC over MPLS

ATM AAL5 over MPLS

ATM Cell Relay over MPLS

Frame Relay over MPLS

Note In releases earlier than Cisco IOS Release 12.2SRA, with a Sup720, MPLS core-facing cards were required to be CWAN cards (enhanced OSMs, FlexWAN and Enhanced FlexWAN modules, and Shared Port Adapter [SPA] Interface Processors [SIPs]). To determine if the card supports a specific AToM technology, see the AToM configurations in this chapter, in the Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide.
In Cisco IOS Release 12.2SRA and later, this requirement no longer applies. Any type of line card can be used as a core-facing card.

Benefits of AToM

The following list explains some of the benefits of enabling Layer 2 packets to be sent in the MPLS network:

The AToM product set accommodates many types of Layer 2 packets, including Ethernet and Frame Relay, across multiple Cisco router platforms, including Cisco 7600 series routers. AToM enables the service provider to transport all types of traffic over the backbone and accommodate all types of customers.

AToM adheres to the standards developed for transporting Layer 2 packets over MPLS. (See the "Ethernet over MPLS" section for the specific standards that AToM follows.) This benefits the service provider who wants to incorporate industry-standard methodologies in the network. Other Layer 2 solutions are proprietary, which can limit the service provider's ability to expand the network and can force the service provider to use only one vendor's equipment.

Upgrading to AToM is transparent to the customer. Because the service provider network is separate from the customer network, the service provider can upgrade to AToM without disruption of service to the customer. The customers assume that they are using a traditional Layer 2 backbone.

AToM Transport of Layer 2 Packets

AToM encapsulates Layer 2 frames at the ingress PE and sends them to a corresponding PE at the other end of a pseudowire, which is a connection between the two PE routers. The egress PE removes the encapsulation and sends out the Layer 2 frame.

The successful transmission of the Layer 2 frames between PE routers is due to the configuration of the PE routers. You set up the connection (a pseudowire) between the routers. Then specify the following information on each PE router:

The type of Layer 2 data that will be transported across the pseudowire, such as Ethernet, Frame Relay, or ATM

The IP address of the loopback interface of the peer PE router, which enables the PE routers to communicate

A VC ID that uniquely identifies the pseudowire

The following example shows the basic configuration steps on a PE router that enable the transport of Layer 2 packets. Each transport type (EoMPLS, ATMoMPLS, FRoMPLS) has slightly different steps.

Step 1 Defines the interface or subinterface on the PE router. 

Router# interface interface-type interface-number

Step 2 Specifies the encapsulation type for the interface, such as dot1q. 

Router(config-if)# encapsulation encapsulation-type

Step 3 Does the following:

Makes a connection to the peer PE router by specifying the LDP router ID of the peer PE router.

Identifies a unique identifier that is shared between the two PE routers. The vcid is a 32-bit identifier.

The combination of peer router ID and VC ID must be a unique combination on the router. Two circuits cannot use the same combination.

Specifies the tunneling method used to encapsulate data in the pseudowire. For AToM, the tunneling method used to encapsulate data is mpls. 

Router(config-if)# xconnect peer-router-id vcid encapsulation mpls

Note Instead of including encapsulation mpls in the xconnect command, you can set up a pseudowire class to specify the tunneling method and other characteristics (see the next section, "Configuring the Pseudowire Class").

In earlier releases (that do not support the xconnect command), you can use the mpls l2transport route destination vc-id command to set the encapsulation type for the pseudowire.

Configuring the Pseudowire Class

The successful transmission of the Layer 2 frames between PE routers is due to the configuration of the PE routers. You set up the connection, called a pseudowire, between the routers.

Note In simple configurations, you do not need to specify a pseudowire class. Instead, you can specify the tunneling method as part of the cross-connect command.

Use the pseudowire-class name command to create a pseudowire class template that defines the characteristics of an AToM tunneling method. Then, apply those tunneling characteristics to an attachment circuit by specifying the pseudowire class as part of the xconnect command (for example, xconnect peer-router-id vcid pw-class name).

A pseudowire class specifies the following characteristics of a tunneling method:

Encapsulation type

Control protocol

Payload-specific options

Pseudowire Class Examples

In a CE1---PE1---P----PE2----CE2 topology, you can configure Pseudowire class as: 

pseudowire-class  <name>

encapsulation  mpls/l2tpv3

The optional configurations with pseudowire class are: 

control-word    Include control-word in pseudowire packets

encapsulation   Data encapsulation method

interworking    Interworking options for pseudowire

preferred-path  Preferred path

protocol        Signaling protocol to use

sequencing      Sequencing options for pseudowire

status          Pseudowire status capabilities

switching       Switching TLV on/off for pseudowire

vccv            Pseudowire VCCV capabilities

To configure the preferred path using Tunnel interface, use the following configurations: 

Pseudowire-class name

Encapsulation mpls

Preferred-path interface Tunnel <tunnel number> (OR) preferred-path peer <host name>

The pseudowire class configured in the previous example can be used with cross-connect on PE routers as: 

interface <intf-name>

xconnect <peer ip address> <vcid> pw-class name

The following example shows an AToM static pseudowire configuration for PE 1:

pseudowire-class <name> 

no ip address

xconnect   <peer ip address> <vcid>  encapsulation mpls manual pw-class name

mpls label 100 150

end

The following example shows an AToM static pseudowire configuration for PE2: 

interface <intf-name>

no ip address

xconnect <peer ip address > <vcid>  encapsulation mpls manual pw-class name

mpls label 150 100

end

You must specify the encapsulation mpls command as part of the pseudowire class or as part of the xconnect command for the AToM VCs to work properly.

After you specify the encapsulation mpls command, you cannot remove it using the no encapsulation mpls command.

To remove the command, you must delete the pseudowire with the no pseudowire-class command. To change the type of encapsulation, remove the pseudowire with the no pseudowire-class command and reestablish the pseudowire and specify the new encapsulation type.

 
Command or Action
Purpose

Step 1 

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

Router# configure terminal

Enters global configuration mode.

Step 3 

Router(config)# pseudowire-class name

Establishes a pseudowire class with the name you specify and enters pseudowire class configuration mode.

Step 4 

Router(config-pw)# encapsulation mpls

Specifies MPLS as the tunneling encapsulation for the pseudowire.

Step 5 

Router(config-pw)# exit

Exits pseudowire class configuration mode.

The following command applies the tunneling characteristics in a pseudowire class (vp-cell-relay) to the pseudowire identified by the VC ID of 123: 

Router(config-if)# xconnect 10.0.0.1 123 pw-class vp-cell-relay

AToM Load-Balancing

Load-balancing allows a router to take advantage of multiple best paths to a given destination. By default most AToM modes (except Ethernet over MPLS on an RSP or SUP) use a similar load-balancing mechanism to determine the tunnel label for the core facing interface: the router distributes AToM VCs across all available paths, irrespective of each link's load. The router hashes the VC label into an index value that is used to select a tunnel label. The selected tunnel label is placed on the top of the label stack of a particular VC.

The Cisco 7600 series router provides another way to load-balance by selecting the path with the lowest use across all available paths based on the following order:

Different ports on the same packet processor complex

Different interfaces on a chosen port on the same packet processor complex

Load-Balancing Guidelines

To enable lowest use mode, enter configuration commands (one command per line) and press Ctrl-Z after each command. 

PE-7600B# configure terminal 

PE-7600B(config)# mpls load-balance per-l2transport-circuit

Disable lowest use mode by entering configuration commands (one command per line) and pressing Ctrl-Z after each command. 

PE-7600B# configure terminal 

PE-7600B(config)# no mpls load-balance per-l2transport-circuit

Display the current load-balancing mode using the show cwan atom load-balance-mode command. 

PE-7600B# show cwan atom load-balance-mode

Current load balancing mode : per-l2transport-circuit

Note When the lowest use load-balancing mode is enabled on a system that is already up, it only affects newer AToM VCs. Existing AToM VCs are not affected. To apply the lowest use load-balancing mode to all the existing VCs, you can flap the VCs.

Note The command mpls load-balance per-l2transport-circuit is supported only on Sup2.

Lowest Use Mode Limitations

If the interfaces facing the MPLS core are a mix of WAN and LAN interfaces, then the AToM VCs remain active as long as there is a minimum of one usable WAN interface. However, this is not a recommended setup and the AToM VC may be dropping disposition packets that arrive on the LAN interface.

If you ignore the warning message that indicates this type of configuration, you risk losing disposition packets because the AToM VC may not be fully functioning.

Configuring Any Transport over MPLS

This section describes the following topics, which apply to AToM for all transport types:

Prerequisites

Compatibility with Previous Releases of AToM

Configuration Guidelines for Any Transport over MPLS

Instructions for configuring AToM for each transport type are provided in the following sections:

Ethernet over MPLS

HDLC Over MPLS

PPP over MPLS

ATM AAL5 over MPLS VC Mode

ATM Cell Relay over MPLS

ATM Cell Relay over MPLS in VC Mode

ATM Cell Relay over MPLS in VP Mode

ATM Packed Cell Relay over MPLS in VP Mode

Frame Relay over MPLS

Layer 2 Local Switching

Prerequisites

Before configuring AToM, ensure that the network is configured as follows:

Configure IP routing in the core so that the PE routers can reach each other via IP.

Configure MPLS in the core so that a label switched path (LSP) exists between the PE routers.

Compatibility with Previous Releases of AToM

In previous releases of AToM, the command used to configure AToM circuits was mpls l2transport route destination vc-id. This command has been replaced with the xconnect peer-router-id vcid encapsulation mpls command. (Note that some of the configuration procedures and command examples in this chapter show the mpls l2transport route command.)

Configuration Guidelines for Any Transport over MPLS

The following general configuration guidelines apply to all transport types under AToM. If applicable, additional configuration guidelines and restrictions for a particular transport type are included in the section that describes how to configure AToM for that transport type.

Sequencing—AToM does not detect out-of-order packets.

Address format—Configure the LDP router ID on all PE routers to be a loopback address with a /32 mask. Otherwise, some configurations might not properly function.

Fragmentation and ReassemblyEnsure that the maximum transmission unit (MTU) of all intermediate links between endpoints is sufficient to carry the largest Layer 2 packet received.

Control word—You cannot use CLI to enable or disable control word. Control word is mandatory for Frame Relay over MPLS and ATM AAL5 over MPLS. Control word is optional for ATM cell relay over MPLS; however, because there is no CLI option at this time, it is not imposed and is not expected to be present in the disposition packets.

Pseudowire encapsulation type—For AToM to work properly, you must specify MPLS as the encapsulation type for the pseudowire connection between the PE routers. You do this by including the encapsulation mpls command as part of the xconnect command used to configure the pseudowire connection. You can also include the encapsulation mpls command as part of a pseudowire class that is included in the xconnect command. (See the "Configuring the Pseudowire Class" section for information about pseudowire class.)

Note Some releases do not support the xconnect and encapsulation mpls commands. In those releases, you must use the mpls l2transport route command to set the encapsulation type for the pseudowire.

Ethernet over MPLS

Ethernet over MPLS works by encapsulating Ethernet PDUs in MPLS packets and forwarding them across the MPLS network. Each PDU is transported as a single packet. There are various ways to configure Ethernet over MPLS:

VLAN mode—transports Ethernet traffic from a source 802.1Q VLAN to a destination 802.1Q VLAN through a single VC over an MPLS network.

Port mode—allows all traffic on a port to share a single VC across an MPLS network.

Ethernet over MPLS Configuration Guidelines

The following guidelines apply to the Ethernet over MPLS feature:

Fragmentation and Reassembly—Follow these maximum transmission unit (MTU) guidelines:

Ensure that the MTU size of all intermediate links between endpoints is sufficient to carry the largest Layer 2 packet received.

For VLAN-based EoMPLS, the MTU size on the VLAN subinterface must be greater than 1500 (the default) if a larger MTU size is specified on the physical interface.

Packet FormatEoMPLS supports VLAN packets that conform to the IEEE 802.1Q standard. The 802.1Q specification establishes a standard method for inserting VLAN membership information into Ethernet frames.

Private VLANsEoMPLS is not supported with private VLANs.

Layer 2 ConnectionsObserve these guidelines when using Layer 2 connections for EoMPLS:

You cannot have a direct Layer 2 connection between PEs with software-based (that is, FlexWAN-based, Enhanced FlexWAN-based, or OSM-based) Ethernet over MPLS.

You cannot have more than one Layer 2 connection between routers if those routers are configured to transport Ethernet VLAN packets over the MPLS backbone. Adding a second Layer 2 connection causes the spanning tree state to constantly toggle if you disable spanning tree on the peer router.

Ethernet over MPLS and Trunks—The following restrictions apply to using trunks with Ethernet over MPLS. For more information, see the Cisco 7600 series router software documentation.

Spanning Tree—To support Ethernet spanning tree bridge protocol data units (BPDUs) across an EoMPLS cloud, you must disable the supervisor engine spanning tree for the Ethernet over MPLS VLAN. This ensures that the EoMPLS VLANs are carried only on the trunk to the customer switch. Otherwise, the BPDUs are directed to the supervisor engine or route switch processor and not to the EoMPLS cloud.

Native VLAN—The native VLAN of a trunk must not be configured as an Ethernet over MPLS VLAN.

L2 Protocol TunnelingWith the Sup720, Sup32, or RSP720, the user configures which protocols (for example, CDP, VTP, BPDUs) are tunneled across the MPLS cloud and which ones are terminated locally. This functionality is supported in the software switching path.

ISL encapsulation is not supported for the interface that receives EoMPLS packets.

Unique VLANs are required across interfaces. You cannot use the same VLAN ID on different interfaces.

EoMPLS tunnel destination route in routing and CEF table must be configured with a /32 bit-mask address to insure proper of MPLS forwarding between PE routers. This is a generic restriction for all AToM transports.

802.1Q in 802.1Q over EoMPLS is supported if the outgoing interface that connects to the MPLS network is a port on a Layer 2 card.

With the Sup720, Sup32, or RSP720, shaping of EoMPLS traffic is not supported if the egress interface that connects to the MPLS network is on a Layer 2 card.

With the Sup720, Sup32, or RSP720, EoMPLS does not perform a Layer-2 lookup to determine if the destination MAC address resides on the local or remote segment and does not perform any Layer-2 address learning (as traditional LAN bridging does). This functionality (local switching or hair pinning) is available only when using FlexWAN-based modules as uplinks.

Ethernet over MPLS VLAN Mode Configuration Guidelines

When configuring Ethernet over MPLS in VLAN mode, follow these guidelines:

The AToM control word is supported. However, if the peer PE does not support a control word, the control word is disabled. This negotiation is done by LDP label binding.

Ethernet packets with hardware level cyclic redundancy check (CRC) errors, framing errors, and runt packets are discarded on input.

Ethernet over MPLS Port Mode Configuration Guidelines

When configuring Ethernet over MPLS in port mode, follow these guidelines:

The AToM control word is supported. However, if the peer PE does not support a control word, the control word is disabled. This negotiation is done by LDP label binding.

Ethernet packets with hardware level cyclic redundancy check (CRC) errors, framing errors, and runt packets are discarded on input.

Port mode and Ethernet VLAN mode are mutually exclusive. If you enable a main interface for port-to-port transport, you cannot also enter commands on a subinterface.

Ethernet over MPLS (Sup720, Sup32, RSP720)

The Sup720, Sup32, and RSP720 can receive MPLS Layer 2 traffic, impose labels, and switch the frames into the MPLS core without using a FlexWAN or Enhanced FlexWAN module.

You can also use the Sup720, Sup32, and RSP720 with a FlexWAN or Enhanced FlexWAN module that faces the core of MPLS network. In this case, you can use either the configuration on the FlexWAN or Enhanced FlexWAN module or the configuration on the supervisor engine or RSP720.

Note Although Cisco does not recommend it, both EoMPLS configurations (on the FlexWAN or Enhanced FlexWAN module and on the supervisor engine or RSP720) can be enabled at the same time. If both configurations are enabled, uplinks to the MPLS core must use the interfaces defined in the FlexWAN or Enhanced FlexWAN configuration. Otherwise, EoMPLS connections defined in the FlexWAN or Enhanced FlexWAN configuration are not active, and the router drops EoMPLS packets destined for those connections if the packets arrive on non-WAN interfaces.

Note You can configure an OSM to face the MPLS network core. For details, see this URL:
http://www.cisco.com/en/US/docs/routers/7600/install_config/12.2SX_OSM_config/mpls.html

Cisco Supervisor Engine 2-Based EoMPLS

You must equip a Sup2-based system with a FlexWAN module that faces the core of MPLS network.

Note In Cisco IOS Release 12.2SRA and later releases, the Supervisor Engine 2 and FlexWAN module are no longer supported on Cisco 7600 series routers.

Configuring EoMPLS VLAN Mode for Supervisor Engine 2 or FlexWAN-Based System

To configure MPLS to transport Layer 2 VLAN packets between two endpoints in a FlexWAN-based system, perform the following steps on the provider edge (PE) routers.

When OSPF is used as the IGP, all loopback addresses on PE routers must be configured with 32-bit masks to ensure proper operation of MPLS forwarding between PE routers.

 
Command
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2 

Router# configure terminal

Enters global configuration mode.

Step 3 

Router(config-vlan)# vlan {vlan-id | vlan-range}

Enter VLAN ID or range of VLAN IDs.

Step 4 

Router(config)# interface gigabitEthernet

Specifies the Layer 2 interface.

Step 5 

Router(config-if)# switchport

Configures the port for switching.

Step 6 

Router(config-if)# switchport trunk encapsulation dot1

Sets the trunk characteristics when the interface is in trunking mode.

Step 7 

Router(config-if)# switchport trunk allowed vlan range

Changes the allowed list for the specified VLANs.

Step 8 

Router(config-if)# switchport mode trunk

Specifies a trunking VLAN Layer 2 interface.

Step 9 

Router(config-if)# exit

Exits interface configuration mode.

Step 10 

Router (config)# interface vlan vlanid

Creates a unique VLAN ID number.

Step 11 

Router(config-if)# mpls l2transport route destination vc-id

Specifies the VC to use to transport Layer 2 VLAN packets.

The argument destination specifies the loopback address of the remote router.

The argument vc-id is a value you supply. It must be unique for each VC. The VC ID is used to connect the endpoints of the VC.

The following configuration shows a mode trunk configuration.

CE1 Configuration 

!

interface FastEthernet1/0/0

no ip address

no ip mroute-cache

negotiation auto

no cdp enable

no shut

!

interface FastEthernet1/0/0.1

encapsulation dot1Q 2

ip address 180.8.0.1 255.255.0.0

no cdp enable

no shut

!

interface FastEthernet1/0/0.2

encapsulation dot1Q 3

ip address 180.9.0.1 255.255.0.0

no cdp enable

no shut

!

CE2 Configuration 

!!

interface FastEthernet4/0/0

no ip address

no ip directed-broadcast

negotiation auto

no cdp enable

no shut

!

interface FastEthernet4/0/0.1

encapsulation dot1Q 2

ip address 180.8.0.2 255.255.0.0

no ip directed-broadcast

no cdp enable

no shut

!

interface FastEthernet4/0/0.2

encapsulation dot1Q 3

ip address 180.9.0.2 255.255.0.0

no ip directed-broadcast

no cdp enable

no shut

!

PE1 Configuration 

!!

vlan 2-3

!

mpls ldp router-id Loopback0 force

!

interface FastEthernet1/0

no ip address

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2-3

switchport mode trunk

no shut

!

interface Vlan2

no ip address

no ip mroute-cache

mpls l2transport route 11.11.11.11 2 

no shut

!

interface Vlan3

no ip address

no ip mroute-cache

mpls l2transport route 11.11.11.11 3 

no shut

!

interface Loopback0

ip address 13.13.13.13 255.255.255.255

!

PE2 Configuration 

!

vlan 2-3

!

mpls ldp router-id Loopback0 force

!

interface FastEthernet1/1

no ip address

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2-3

switchport mode trunk

no shut

!

interface Vlan2

no ip address

no ip mroute-cache

mpls l2transport route 13.13.13.13 2 

no shut

!

interface Vlan3

no ip address

no ip mroute-cache

mpls l2transport route 13.13.13.13 3 

no shut

!

 interface Loopback0

ipaddress 11.11.11.11 255.255.255.255

!

Note The IP address is configured on subinterfaces of the CE devices.

CE1 Configuration 

!

interface POS1/0/0

no ip address

no ip mroute-cache

negotiation auto

no cdp enable

no shut

!

interface POS1/0/1

encapsulation dot1Q 2

ip address 180.8.0.1 255.255.0.0

no cdp enable

no shut

!

interface POS1/0/2

encapsulation dot1Q 3

ip address 180.9.0.1 255.255.0.0

no cdp enable

no shut

!

CE2 Configuration 

!

interface POS4/0/0

no ip address

no ip directed-broadcast

negotiation auto

tag-switching ip

no cdp enable

no shut

!

interface POS4/0/1

encapsulation dot1Q 2

ip address 180.8.0.2 255.255.0.0

no ip directed-broadcast

no cdp enable

no shut

!

interface POS4/0/2

encapsulation dot1Q 3

ip address 180.9.0.2 255.255.0.0

no ip directed-broadcast

no cdp enable

no shut

!

PE1 Configuration (Supervisor Engine 2) 

!

vlan 2-3

!

interface POS1/1/0

no ip address

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2-3

switchport mode trunk

no shut

!

interface Vlan2

no ip address

no ip mroute-cache

mpls l2transport route 11.11.11.11 2

no shut

!

interface Vlan3

no ip address

no ip mroute-cache

mpls l2transport route 11.11.11.11 3

no shut

!

PE2 Configuration (Supervisor Engine 720) 

!

vtp mode transparent

!

interface POS7/1/0

no ip address

no shut

!

interface POS7/1/1

encapsulation dot1Q 2

xconnect 13.13.13.13 2 encapsulation mpls

no shut

!

interface POS7/1/2

encapsulation dot1Q 3

xconnect 13.13.13.13 3 encapsulation mpls

no shut

!

Verifying the Configuration

To verify and display the configuration of Layer 2 VLAN transport over MPLS tunnels, perform the following steps:

Step 1 To display a brief summary of IP status and configuration for all interfaces, issue the show vlan brief command. If the interface can provide two-way communication, the Protocol field is marked "up." If the interface hardware is usable, the Status field is marked "up." 

Router# show vlan brief 

osr1#sh vlan brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------

1    default                          active    

2    VLAN0002                         active    

3    VLAN0003                         active    

1002 fddi-default                     act/unsup 

1003 token-ring-default               act/unsup 

1004 fddinet-default                  act/unsup 

1005 trnet-default                    act/unsup

Step 2 To make sure the PE router endpoints have discovered each other, issue the show mpls ldp discovery command. When an PE router receives an LDP Hello message from another PE router, it considers that router and the specified label space to be "discovered." 

Router# show mpls ldp discovery 

osr1#show mpls ldp discovery

 Local LDP Identifier:

    13.13.13.13:0

    Discovery Sources:

    Interfaces:

        POS6/1/0 (ldp): xmit/recv

            LDP Id: 12.12.12.12:0

    Targeted Hellos:

        13.13.13.13 -> 11.11.11.11 (ldp): active/passive, xmit/recv

            LDP Id: 11.11.11.11:0

Step 3 To make sure the label distribution session has been established, issue the show mpls ldp neighbor command. The third line of the output shows that the state of the LDP session is operational and shows that messages are being sent and received. 

Router# show mpls ldp neighbor 

osr1#show mpls ldp neighbor

    Peer LDP Ident: 12.12.12.12:0; Local LDP Ident 13.13.13.13:0

        TCP connection: 12.12.12.12.646 - 13.13.13.13.11010

        State: Oper; Msgs sent/rcvd: 1649/1640; Downstream

        Up time: 23:42:45

        LDP discovery sources:

          POS6/1/0, Src IP addr: 34.0.0.2

        Addresses bound to peer LDP Ident:

          23.2.1.14       37.0.0.2        12.12.12.12     34.0.0.2        

          99.0.0.1        

    Peer LDP Ident: 11.11.11.11:0; Local LDP Ident 13.13.13.13:0

        TCP connection: 11.11.11.11.646 - 13.13.13.13.11013

        State: Oper; Msgs sent/rcvd: 1650/1653; Downstream

        Up time: 23:42:29

        LDP discovery sources:

          Targeted Hello 13.13.13.13 -> 11.11.11.11, active, passive

        Addresses bound to peer LDP Ident:

          11.11.11.11     37.0.0.1        23.2.1.13

Step 4 To make sure the label forwarding table is built correctly, issue the show mpls forwarding-table command. The output shows the following data:

Local tag—Label assigned by this router.

Outgoing tag or VC—Label assigned by next hop.

Prefix or Tunnel Id—Address or tunnel to which packets with this label are going.

Bytes tag switched— Number of bytes switched out with this incoming label.

Outgoing interface—Interface through which packets with this label are sent.

Next Hop—IP address of neighbor that assigned the outgoing label. 

Router# show mpls forwarding-table 

osr1#show mpls forwarding-table

Local  Outgoing    Prefix              Bytes tag  Outgoing   Next Hop    

tag    tag or VC   or Tunnel Id        switched   interface              

16     Untagged    223.255.254.254/32   \

                                     0          Gi2/1      23.2.0.1     

20     Untagged    l2ckt(2)          133093     Vl2        point2point  

21     Untagged    l2ckt(3)          185497     Vl3        point2point  

24     Pop tag     37.0.0.0/8        0          POS6/1/0 34.0.0.2     

25     17          11.11.11.11/32    0          POS6/1/0 34.0.0.2     

26     Pop tag     12.12.12.12/32    0          POS6/1/0 34.0.0.2     

osr1#

Step 5 To view the state of the currently routed VCs issue the show mpls l2transport vc command. 

Router# show mpls l2transport vc

osr1#show mpls l2transport vc

Local intf     Local circuit        Dest address    VC ID      Status    

-------------  -------------------- --------------- ---------- ----------

Vl2            Eth VLAN 2           11.11.11.11     2          UP        

Vl3            Eth VLAN 3           11.11.11.11     3          UP

Step 6 Add the keyword detail to see detailed information about each VC. 

Router# show mpls l2transport vc detail

osr1#show mpls l2transport vc detail

Local interface: Vl2 up, line protocol up, Eth VLAN 2 up

  Destination address: 11.11.11.11, VC ID: 2, VC status: up

    Tunnel label: 17, next hop 34.0.0.2

    Output interface: POS6/1/0, imposed label stack {17 18}

  Create time: 01:24:44, last status change time: 00:10:55

  Signaling protocol: LDP, peer 11.11.11.11:0 up

    MPLS VC labels: local 20, remote 18

    Group ID: local 71, remote 89

    MTU: local 1500, remote 1500

    Remote interface description: 

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 1009, send 1019

    byte totals:   receive 133093, send 138089

    packet drops:  receive 0, send 0

Local interface: Vl3 up, line protocol up, Eth VLAN 3 up

  Destination address: 11.11.11.11, VC ID: 3, VC status: up

    Tunnel label: 17, next hop 34.0.0.2

    Output interface: POS6/1/0, imposed label stack {17 19}

  Create time: 01:24:38, last status change time: 00:10:55

  Signaling protocol: LDP, peer 11.11.11.11:0 up

    MPLS VC labels: local 21, remote 19

    Group ID: local 72, remote 90

    MTU: local 1500, remote 1500

    Remote interface description: 

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 1406, send 1414

    byte totals:   receive 185497, send 191917

    packet drops:  receive 0, send 0

Configuring EoMPLS Port Mode for Supervisor Engine 2 or FlexWAN-Based System

To support 802.1Q-in-802.1Q traffic and native Ethernet traffic over EoMPLS in a FlexWAN-based system, configure port-based EoMPLS by performing these steps. Be sure to review the guidelines in the Configuring EoMPLS Port Mode for Supervisor Engine 2 or FlexWAN-Based System.

 
Command
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2 

Router# configure terminal

Enters global configuration mode.

Step 3 

Router(config-vlan)# vlan {vlan-id | vlan-range}

Enters VLAN ID or range.

Step 4  

Router(config-vlan)vlan dot1q tag native

Enables dot1q tagging for all VLANs in a trunk.

Step 5 

Router(config)# interface gigabitEthernet

Specifies the Layer 2 interface.

Step 6 

Router(config-if)# switchport

Configures the port for switching.

Step 7 

Router(config-if)# switchport mode dot1qtunnel

Sets the trunking mode to tunneling.

Step 8 

Router(config-if)# switchport access vlan vlan_id

Configures the port to accept traffic from the specified VLAN.

Step 9 

Router(config-if)# exit

Exits interface configuration mode.

Step 10 

Router (config)# interface vlan vlanid

Creates a unique VLAN ID number.

Step 11 

Router(config-if)# mpls l2transport route destination vc-id

Specifies the VC to use to transport the Layer 2 VLAN packets.

The argument destination specifies the loopback address of the remote router.

The argument vc-id is a value you supply. It must be unique for each VC. The VC ID is used to connect the endpoints of the VC.

The following example shows a port mode access configuration for untagged packets. It requires configuring the IP addresses on the main interface of the CE devices.

CE1 Configuration 

!

interface POS1/0/0

ip address 180.8.0.1 255.255.0.0

no ip mroute-cache

negotiation auto

no cdp enable

no shut

!

CE 2 Configuration 

!

interface POS4/0/0

ip address 180.8.0.2 255.255.0.0

no ip directed-broadcast

negotiation auto

tag-switching ip

no cdp enable

no shut

!

PE1 Configuration 

!

vlan 2

!

interface POS1/4/0

no ip address

switchport

switchport access vlan 2

switchport mode access

no shut

!

interface Vlan2

no ip address

no ip mroute-cache

mpls l2transport route 11.11.11.11 2 

no shut

!

PE2 Configuration 

!

vlan 2

!

interface POS7/0/0

no ip address

switchport

switchport access vlan 2

switchport mode access

no shut

!

interface Vlan2

no ip address

no ip mroute-cache

mpls l2transport route 13.13.13.13 2 

no shut

!

The following configuration shows a port mode dot1Q-tunneling configuration. You must configure subinterfaces on the CE devices for this configuration. There is a specific access VLAN for the packets.

CE1 Configuration 

!

interface POS1/0/0

no ip address

no ip mroute-cache

negotiation auto

no cdp enable

no shut

!

interface POS1/0/1

encapsulation dot1Q 2

ip address 180.8.0.1 255.255.0.0

no cdp enable

no shut

!

interface POS1/0/2

encapsulation dot1Q 3

ip address 180.9.0.1 255.255.0.0

no cdp enable

no shut

!

CE2 Configuration 

!

interface POS4/0/0

no ip address

no ip directed-broadcast

negotiation auto

tag-switching ip

no cdp enable

no shut

!

interface POS4/0/1

encapsulation dot1Q 2

ip address 180.8.0.2 255.255.0.0

no ip directed-broadcast

no cdp enable

no shut

!

interface POS4/0/2

encapsulation dot1Q 3

ip address 180.9.0.2 255.255.0.0

no ip directed-broadcast

no cdp enable

no shut

!

PE1 Configuration

Note This configuration requires VLAN dot1q tag native. 

!

vlan 2

!

vlan dot1q tag native

!

interface POS1/0/1

no ip address

switchport

switchport access vlan 2

switchport trunk encapsulation dot1q

switchport mode dot1q-tunnel

no cdp enable

spanning-tree bpdufilter enable

no shut

!

interface Vlan2

no ip address

no ip mroute-cache

mpls l2transport route 11.11.11.11 2 

no shut

!

PE2 Configuration

Note This configuration requires VLAN dot1q tag native. 

!

vlan 2

!

vlan dot1q tag native

!

interface POS7/1/0

no ip address

switchport

switchport access vlan 2

switchport trunk encapsulation dot1q

switchport mode dot1q-tunnel

no cdp enable

spanning-tree bpdufilter enable

no shut

!

interface Vlan2

no ip address

no ip mroute-cache

mpls l2transport route 13.13.13.13 2 

no shut

!

For information on configuring EoMPLS port mode with a Sup720, see the following URL. The same procedure also applies for the RSP720.

http://www.cisco.com/en/US/docs/routers/7600/install_config/12.2SX_OSM_config/mpls.html

Note When the underlying port of the VLAN is an access port or .1q in .1q tunnel, you must use a FlexWAN module to access the MPLS core similar to the Supervisor Engine 2 configurations in the example below.

The following example shows both Sup720 and Sup2 configurations. It also provides two configurations for the CE devices: one in which the IP address is configured on the main interface and another in which the IP address is configured on the subinterface.

CE1 Configuration (main interface) 

!

interface POS1/0/0

ip address 180.8.0.1 255.255.0.0

no ip mroute-cache

negotiation auto

no cdp enable

no shut

!

CE1 Configuration (subinterface) 

!

interface POS1/0/0

no ip address

no ip mroute-cache

negotiation auto

no cdp enable

no shut

!

interface POS1/0/1

encapsulation dot1Q 2

ip address 180.8.0.1 255.255.0.0

no cdp enable

no shut

!

interface POS1/0/2

encapsulation dot1Q 3

ip address 180.9.0.1 255.255.0.0

no cdp enable

no shut

!

!

CE2 Configuration (main interface) 

!

interface POS4/0/0

ip address 180.8.0.2 255.255.0.0

no ip directed-broadcast

negotiation auto

tag-switching ip

no cdp enable

no shut

!

CE2 Configuration (subinterface) 

!

interface POS4/0/0

no ip address

no ip directed-broadcast

negotiation auto

tag-switching ip

no cdp enable

no shut

!

interface POS4/0/1

encapsulation dot1Q 2

ip address 180.8.0.2 255.255.0.0

no ip directed-broadcast

no cdp enable

no shut

!

interface POS4/0/2

encapsulation dot1Q 3

ip address 180.9.0.2 255.255.0.0

no ip directed-broadcast

no cdp enable

no shut

!

PE1 Configuration (Supervisor Engine 2) 

!

vlan 2

!

interface POS1/1/0

 no ip address

 switchport

 switchport access vlan 2

 switchport trunk encapsulation dot1q

 switchport mode dot1q-tunnel

 no cdp enable

 spanning-tree bpdufilter enable

 no shut

!

interface Vlan2

 no ip address

 no ip mroute-cache

 mpls l2transport route 11.11.11.11 2 

 no shut

!

PE2 Configuration (Supervisor Engine 720) 

!

interface GigabitEthernet7/4

no ip address

xconnect 13.13.13.13 2 encapsulation mpls

no shut

!

Verifying the Configuration

To verify and display the configuration of Layer 2 VLAN transport over MPLS tunnels, perform the following steps:

Step 1 To display a brief summary of IP status and configuration for all interfaces, issue the show vlan brief command. If the interface can provide two-way communication, the Protocol field is marked "up." If the interface hardware is usable, the Status field is marked "up." 

Router# show vlan brief 

osr1#sh vlan brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    

2    VLAN0002                         active    Gi1/4

1002 fddi-default                     act/unsup 

1003 token-ring-default               act/unsup 

1004 fddinet-default                  act/unsup 

1005 trnet-default                    act/unsup

Step 2 To make sure the PE router endpoints have discovered each other, issue the show mpls ldp discovery command. When an PE router receives an LDP Hello message from another PE router, it considers that router and the specified label space to be "discovered." 

Router# show mpls ldp discovery 

osr1#show mpls ldp discovery

 Local LDP Identifier:

    13.13.13.13:0

    Discovery Sources:

    Interfaces:

        POS6/1/0 (ldp): xmit/recv

            LDP Id: 12.12.12.12:0

    Targeted Hellos:

        13.13.13.13 -> 11.11.11.11 (ldp): active/passive, xmit/recv

            LDP Id: 11.11.11.11:0

Step 3 To make sure the label distribution session has been established, issue the show mpls ldp neighbor command. The third line of the output shows that the state of the LDP session is operational and shows that messages are being sent and received. 

Router# show mpls ldp neighbor 

osr1#show mpls ldp neighbor

    Peer LDP Ident: 12.12.12.12:0; Local LDP Ident 13.13.13.13:0

        TCP connection: 12.12.12.12.646 - 13.13.13.13.11010

        State: Oper; Msgs sent/rcvd: 1715/1706; Downstream

        Up time: 1d00h

        LDP discovery sources:

          POS6/1/0, Src IP addr: 34.0.0.2

        Addresses bound to peer LDP Ident:

          23.2.1.14       37.0.0.2        12.12.12.12     34.0.0.2        

          99.0.0.1        

    Peer LDP Ident: 11.11.11.11:0; Local LDP Ident 13.13.13.13:0

        TCP connection: 11.11.11.11.646 - 13.13.13.13.11013

        State: Oper; Msgs sent/rcvd: 1724/1730; Downstream

        Up time: 1d00h

        LDP discovery sources:

          Targeted Hello 13.13.13.13 -> 11.11.11.11, active, passive

        Addresses bound to peer LDP Ident:

          11.11.11.11     37.0.0.1        23.2.1.13

Step 4 To make sure the label forwarding table is built correctly, issue the show mpls forwarding-table command. The output shows the following data:

Local tag—Label assigned by this router.

Outgoing tag or VC—Label assigned by next hop.

Prefix or Tunnel Id—Address or tunnel to which packets with this label are going.

Bytes tag switched— Number of bytes switched out with this incoming label.

Outgoing interface—Interface through which packets with this label are sent.

Next Hop—IP address of neighbor that assigned the outgoing label. 

Router# show mpls forwarding-table 

osr1#show mpls forwarding-table

Local  Outgoing    Prefix              Bytes tag  Outgoing   Next Hop    

tag    tag or VC   or Tunnel Id        switched   interface              

16     Untagged    223.255.254.254/32   \

                                     0          POS2/1/1 23.2.0.1     

20     Untagged    l2ckt(2)          55146580   Vl2        point2point  

24     Pop tag     37.0.0.0/8        0          POS6/1/0 34.0.0.2     

25     17          11.11.11.11/32    0          POS6/1/0 34.0.0.2     

26     Pop tag     12.12.12.12/32    0          POS6/1/0 34.0.0.2

Step 5 To view the state of the currently routed VCs issue the show mpls l2transport vc command. 

Router# show mpls l2transport vc

osr1#show mpls l2transport vc

Local intf     Local circuit        Dest address    VC ID      Status    

-------------  -------------------- --------------- ---------- ----------

Vl2            Eth VLAN 2           11.11.11.11     2          UP        

osr3#show mpls l2transport vc

Local intf     Local circuit        Dest address    VC ID      Status    

-------------  -------------------- --------------- ---------- ----------

Gi7/4          Ethernet             13.13.13.13     2          UP

Step 6 Add the keyword detail to see detailed information about each VC. 

Router# show mpls l2transport vc detail

osr1#show mpls l2transport vc detail

Local interface: Vl2 up, line protocol up, Eth VLAN 2 up

  Destination address: 11.11.11.11, VC ID: 2, VC status: up

    Tunnel label: 17, next hop 34.0.0.2

    Output interface: POS6/1/0, imposed label stack {17 18}

  Create time: 00:15:13, last status change time: 00:11:46

  Signaling protocol: LDP, peer 11.11.11.11:0 up

    MPLS VC labels: local 20, remote 18

    Group ID: local 71, remote 0

    MTU: local 1500, remote 1500

    Remote interface description: 

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 407857, send 407684

    byte totals:   receive 53827205, send 55444697

    packet drops:  receive 0, send 0

HDLC Over MPLS

High-level Data Link Control (HDLC) over MPLS encapsulates HDLC protocol data units (PDUs) in MPLS packets and forwards them across the MPLS network. The PE routers do not participate in any protocol negotiation or authentication.

HDLC Over MPLS Configuration Guidelines

The following configuration guidelines apply to the HDLC over MPLS feature:

Synchronous interfaces—The connections between the CE and PE routers on both ends of the backbone must have similar link layer characteristics. The connections between the CE and PE routers must both be synchronous.

Interface configuration—You must configure HDLC over MPLS on router interfaces only. You cannot configure HDLC over MPLS on subinterfaces.

Configuring HDLC over MPLS

With HDLC over MPLS, the whole HDLC packet is transported. The ingress PE router removes only the HDLC flags and frame check sequence (FCS) bits. The contents of the packet are not used or changed.

Command Sequence Summary

The command sequence summary for configuring HDLC over MPLS is as follows:

1. enable

2. configure terminal

3. interface serial slot/port

4. encapsulation encapsulation-type

5. xconnect peer-router-id vcid encapsulation mpls

Detailed Steps

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface serialslot/port

Example:

Router(config)# interface POS6/0/0

Specifies a serial interface and enters interface configuration mode. You must configure HDLC over MPLS on router interfaces only. You cannot configure HDLC over MPLS on subinterfaces.

Step 4 

encapsulation encapsulation-type

Example:

Router(config-if)# encapsulation hdlc

Sets the encapsulation type.

Step 5 

xconnect peer-router-id vcid encapsulation mpls

Example:

Router(config-fr-pw-switching)# xconnect 10.0.0.1 123 encapsulation mpls

Creates the VC to transport the Layer 2 packets.

This example shows an HDLC over MPLS configuration and verification: 

PE1# show running interface pos1/8/0

Building configuration...

Current configuration : 137 bytes

!

interface POS1/8/0

 mtu 5000

 no ip address

 mls qos trust dscp

 clock source internal

 xconnect 33.33.33.33 101 encapsulation mpls

end

PE1# show mpls l2 vc 101

Local intf     Local circuit        Dest address    VC ID      Status

-------------  -------------------- --------------- ---------- ----------

PO1/8/0 				HDLC                 33.33.33.33     101        UP

PE1#

PE1# show mpls l2 vc 101 detail

Local interface: PO1/8/0 up, line protocol up, HDLC up

  Destination address: 33.33.33.33, VC ID: 101, VC status: up

    Tunnel label: imp-null, next hop point2point

    Output interface: PO4/4.1, imposed label stack {1396}

  Create time: 00:17:49, last status change time: 00:03:33

  Signaling protocol: LDP, peer 33.33.33.33:0 up

    MPLS VC labels: local 25, remote 1396

    Group ID: local 0, remote 0

    MTU: local 5000, remote 5000

    Remote interface description:

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 1011, send 1010

    byte totals:   receive 104898, send 104562

    packet drops:  receive 0, send 0

PE1# show mpls for | inc PO1/8

25     Untagged    l2ckt(101)        114705     PO1/8/0 	point2point

PE1#

PE2# show running interface pos8/1/0

Building configuration...

Current configuration : 137 bytes

!

interface POS8/1/0

 mtu 5000

 no ip address

 mls qos trust dscp

 clock source internal

 xconnect 11.11.11.11 101 encapsulation mpls

end

PE2# show mpls l2 vc 101

Local intf     Local circuit        Dest address    VC ID      Status

-------------  -------------------- --------------- ---------- ----------

PO8/1/0 				HDLC                 11.11.11.11     101        UP

PE2#sh mpls l2 vc 101 detail

Local interface: PO8/1/0 up, line protocol up, HDLC up

  Destination address: 11.11.11.11, VC ID: 101, VC status: up

    Tunnel label: imp-null, next hop point2point

    Output interface: PO8/4.1, imposed label stack {25}

  Create time: 00:12:37, last status change time: 00:06:19

  Signaling protocol: LDP, peer 11.11.11.11:0 up

    MPLS VC labels: local 1396, remote 25

    Group ID: local 0, remote 0

    MTU: local 5000, remote 5000

    Remote interface description:

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 1028, send 1028

    byte totals:   receive 105960, send 105940

    packet drops:  receive 0, send 0

PE2# show mpls for | inc PO8/1/0

1396   Untagged    l2ckt(101)        114634     PO8/1      point2point

PE2#

CE1# show running interface pos3/0/0

Building configuration...

Current configuration : 127 bytes

!

interface POS3/0/0

 ip address 130.0.0.1 255.0.0.0

 no ip directed-broadcast

 no ip mroute-cache

 clock source internal

end

CE2# show running interface pos3/0/0

Building configuration...

Current configuration : 123 bytes

!

interface POS3/0/0

 mtu 5000

 ip address 130.0.0.2 255.0.0.0

 no ip directed-broadcast

 crc 16

 clock source internal

end

CE1# ping

Protocol [ip]:

Target IP address: 130.0.0.2

Repeat count [5]: 1000

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 1000, 100-byte ICMP Echos to 130.0.0.2, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/1/4 ms

Note Keepalives are end to end—from CE to CE.

PPP over MPLS

PPP over MPLS (PPPoMPLS) encapsulates PPP protocol data units (PDUs) in MPLS packets and forwards them across the MPLS network.

Note For PPP over MPLS, all PPP negotiations are end to end—from CE to CE. The provider edge routers (PEs) do not participate in the PPP negotiations or authentication.

PPP over MPLS Restrictions

The following restrictions pertain to the PPP over MPLS feature:

Zero hops on a PE router—Zero hops on one router is not supported. However, you can have back-to-back PE routers.

Synchronous interfaces—The connections between the CE and PE routers on both ends of the backbone must have similar link-layer characteristics. The connections between the CE and PE routers must be synchronous.

Multilink PPP—Multilink PPP (MLPPP) is not supported. You cannot configure a PPPoMPLS VC on a MLPPP interface on the PE router.

Note Although Multilink PPP over MPLS is not supported, it can be emulated. To achieve this, each member link of the MLPPP bundle on a CE router requires a corresponding PPPoMPLS tunnel on the PE router. For example, if an MLPPP bundle has three member links, you must configure three PPPoMPLS tunnels on each PE router with each tunnel corresponding to a member link.

Configuring PPP over MPLS

With PPP over MPLS, the ingress PE router removes the flags, address, control field, and the frame check sequence (FCS).

Command Sequence Summary

The command sequence summary for configuring PPP over MPLS is as follows:

1. enable

2. configure terminal

3. interface serial slot/port

4. encapsulation encapsulation-type

5. xconnect peer-router-id vcid encapsulation mpls

Detailed Steps

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface serial slot/port

Example:

Router(config)# interface POS6/0/0

Specifies a serial interface and enters interface configuration mode. You must configure PPP over MPLS on router interfaces only. You cannot configure PPP over MPLS on subinterfaces.

Step 4 

encapsulation encapsulation-type

Example:

Router(config-if)# encapsulation ppp

Specifies PPP encapsulation.

Step 5 

xconnect peer-router-id vcid encapsulation mpls

Example:

Router(config-if)# xconnect 10.0.0.1 123 encapsulation mpls

Creates the VC to transport the Layer 2 packets.

This example shows configuration verification: 

PE1# show run int pos1/8/0

Building configuration...

Current configuration : 156 bytes

!

interface POS1/8/0

 mtu 5000

 no ip address

 encapsulation ppp

 mls qos trust dscp

 clock source internal

 xconnect 33.33.33.33 101 encapsulation mpls

end

PE2# show run int pos8/1/0

Building configuration...

Current configuration : 156 bytes

!

interface POS8/1/0

 mtu 5000

 no ip address

 encapsulation ppp

 mls qos trust dscp

 clock source internal

 xconnect 11.11.11.11 101 encapsulation mpls

end

This example show how to verify the configuration: 

PE1#

PE1# show mpls l2 vc 101

Local intf     Local circuit        Dest address    VC ID      Status    

-------------  -------------------- --------------- ---------- ----------

PO1/8/0 PPP                  33.33.33.33     101        UP        

PE1#

PE2# show mpls l2 vc 101

Local intf     Local circuit        Dest address    VC ID      Status    

-------------  -------------------- --------------- ---------- ----------

PO8/1/0 PPP                  11.11.11.11     101        UP        

PE2#

PE1# show mpls l2 vc 101 detail

Local interface: PO1/8/0 up, line protocol up, PPP up

  Destination address: 33.33.33.33, VC ID: 101, VC status: up

    Tunnel label: imp-null, next hop point2point

    Output interface: PO4/4.1, imposed label stack {2530}

  Create time: 00:02:02, last status change time: 00:01:16

  Signaling protocol: LDP, peer 33.33.33.33:0 up

    MPLS VC labels: local 413, remote 2530

    Group ID: local 0, remote 0

    MTU: local 5000, remote 5000

    Remote interface description: 

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 19, send 18

    byte totals:   receive 1394, send 1058

    packet drops:  receive 0, send 0

PE2# show mpls l2 vc 101 detail

Local interface: PO8/1/0 up, line protocol up, PPP up

  Destination address: 11.11.11.11, VC ID: 101, VC status: up

    Tunnel label: imp-null, next hop point2point

    Output interface: PO8/4.1, imposed label stack {413}

  Create time: 00:01:49, last status change time: 00:01:15

  Signaling protocol: LDP, peer 11.11.11.11:0 up

    MPLS VC labels: local 2530, remote 413

    Group ID: local 0, remote 0

    MTU: local 5000, remote 5000

    Remote interface description: 

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 19, send 19

    byte totals:   receive 1074, send 1069

    packet drops:  receive 0, send 0

Note Keepalives are end to end—from CE to CE.

ATM AAL5 over MPLS VC Mode

ATM AAL5 over MPLS encapsulates ATM AAL5 SDUs in MPLS packets and forwards them across the MPLS network. Each ATM AAL5 SDU is transported as a single packet.

ATM AAL5 over MPLS Configuration Guidelines

As you configure the ATM AAL5 over MPLS feature, observe the following guideline:

Fragmentation and Reassembly—Ensure that the maximum transmission unit (MTU) of all intermediate links between endpoints is sufficient to carry the largest Layer 2 packet received.

Configuring ATM AAL5 over MPLS VC Mode

You can enable the MPLS backbone network to accept AAL5 PDUs by configuring the provider edge (PE) routers at the both ends of the MPLS backbone. To transport AAL5 PDUs over MPLS, set up a virtual circuit from the ingress PE router to the egress PE router. This virtual circuit transports the AAL5 PDUs from one PE router to the other.

 
Command or Action
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2 

Router# configure terminal

Enters global configuration mode.

Step 3 

Router(config)# interface atmslot/port

Specifies an ATM interface.

Step 4 

Router(config-if)# pvc vpi/vci l2transport

Assigns a virtual path identifier (VPI) and virtual circuit identifier (VCI). The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC.

You can configure ATM AAL5 on PVCs only.

Step 5 

Router(config-if)# encapsulation aal5

Specifies ATM AAL5 encapsulation for the PVC. Make sure you specify the same encapsulation type on the PE and CE routers.

Step 6  

Router(config-atm-vc)# mpls l2transport route 
destination vc-id

Creates the VC to transport the Layer 2 packets.

Note You can configure VCs under point-to-point and multipoint subinterfaces and all main interfaces.

Note You can configure multiple VCs with mixed encapsulation on FlexWAN or Enhanced FlexWAN modules under a multipoint subinterface or main interface with an Enhanced ATM Port Adapter (ATM PA).

The following example shows an AAL5 over MPLS configuration.

PE1
PE2 
mpls label protocol ldp

mpls ldp router-id Loopback 0 force

!

interface Loopback0

 ip address 131.131.131.131 255.255.255.255

interface ATM9/1.502 point-to-point

 mls qos trust dscp

 pvc 4/42 l2transport

  encapsulation aal5

  mpls l2transport route 123.123.123.123 502 

 !

mpls label protocol ldp

mpls ldp router-id Loopback 0 force

!

interface Loopback0

 ip address 123.123.123.123 255.255.255.255

!

interface ATM9/1.502 point-to-point

 description hi-there! 

 mls qos trust dscp

 pvc 4/42 l2transport

  encapsulation aal5

  mpls l2transport route 131.131.131.131 502 

 !

Verifying the Configuration

The show running-config command displays the contents of the currently running configuration file or the configuration for a specific interface (example is for PE1 above). 

Router# show running-config interface ATM9/1.502

Building configuration...

Current configuration : 155 bytes

!

interface ATM9/1.502 point-to-point

 mls qos trust dscp

 pvc 4/42 l2transport

  encapsulation aal5

  mpls l2transport route 123.123.123.123 502 

 ! !

end

The following show mpls 12transport vc command shows that the interface is configured for AAL5 over MPLS: 

Router# show mpls l2transport vc vcid 502 detail 

Local interface: AT9/1.502 up, line protocol up, ATM AAL5 4/42 up

  Destination address: 123.123.123.123, VC ID: 502, VC status: up

    Tunnel label: 25, next hop point2point

    Output interface: PO4/1, imposed label stack {25 20}

  Create time: 1d02h, last status change time: 00:33:28

  Signaling protocol: LDP, peer 123.123.123.123:0 up

    MPLS VC labels: local 19, remote 20

    Group ID: local 82, remote 80

    MTU: local 4470, remote 4470

    Remote interface description: hi-there! 

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 1554872, send 1558795

    byte totals:   receive 2280634366, send 2281764774

    packet drops:  receive 0, send 0

The show atm pvc command shows all ATM permanent virtual connections (PVCs) and traffic information. 

c31#

Router# show atm pvc 4/42

ATM9/1.502: VCD: 2, VPI: 4, VCI: 42

UBR, PeakRate: 599040

AAL5 over MPLS, etype:0x1C, Flags: 0xC3F, VCmode: 0x0

InPkts: 1573889, OutPkts: 1569951, InBytes: 2297940310, OutBytes: 2296823212

InPRoc: 0, OutPRoc: 0

InFast: 0, OutFast: 0, InAS: 1573889, OutAS: 1569951

InPktDrops: 0,  OutPktDrops: 0

InByteDrops: 0, OutByteDrops: 0

OAM cells received: 0

F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0

F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0

OAM cells sent: 0

F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0

F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0

OAM cell drops: 0

Status: UP

The show atm vc command displays all ATM permanent virtual circuits (PVCs) and switched virtual circuits (SVCs) and traffic information. 

Router# show atm vc 2

ATM9/1.502: VCD: 2, VPI: 4, VCI: 42

UBR, PeakRate: 599040

AAL5 over MPLS, etype:0x1C, Flags: 0xC3F, VCmode: 0x0

InPkts: 1573896, OutPkts: 1569957, InBytes: 2297940836, OutBytes: 2296823668

InPRoc: 0, OutPRoc: 0

InFast: 0, OutFast: 0, InAS: 1573896, OutAS: 1569957

InPktDrops: 0,  OutPktDrops: 0

InByteDrops: 0, OutByteDrops: 0

OAM cells received: 0

OAM cells sent: 0

Status: UP

Troubleshooting Tips

The debug acircuit, debug mpls l2transport ipc, debug cwan atom, and debug mpls l2transport vc commands help in troubleshooting.

ATM Cell Relay over MPLS

ATM cell relay over MPLS encapsulates ATM cells in MPLS packets and forwards them across the MPLS network. This functionality allows cells to be carried across the MPLS network, regardless of the adaptation layer that is used underneath. ATM cell relay over MPLS is more versatile than ATM AAL5 over MPLS, which carries only AAL5 frames.

Two types of ATM cell relay over MPLS are supported:

Single cell relay—Transports a single ATM cell in an MPLS packet.

Packed cell relay—Transports multiple concatenated ATM cells in a single MPLS packet.

You can configure the following types of ATM cell relay over MPLS service:

ATM Cell Relay over MPLS in VC Mode

ATM Cell Relay over MPLS in VP Mode

ATM Packed Cell Relay over MPLS in VP Mode

ATM Cell Relay over MPLS Configuration Guidelines

The following configuration guidelines apply to all types of ATM cell relay over MPLS:

Control wordThe use of the control word is not supported.

Fragmentation and Reassembly—Ensure that the maximum transmission unit (MTU) of all intermediate links between endpoints is sufficient to carry the largest Layer 2 packet received.

Idle cells are dropped in both VC mode cell relay and VP mode cell relay.

ATM Cell Relay over MPLS in VC Mode

ATM cell relay over MPLS in VC mode allows cells from a virtual circuit (VC) on an ATM interface to be transported over the MPLS backbone to a VC on an egress ATM interface.

The following configuration guideline applies to ATM cell relay over MPLS in VC mode:

For ATM single cell relay over MPLS, if one end of the VC is on an ATM port adapter (PA) interface, then the VPIs/VCIs on both sides of the MPLS cloud must match.

Note If the VPIs/VCIs on both sides of the MPLS cloud do not match, a VC comes up but does not switch traffic.

Configuring ATM Cell Relay over MPLS in VC Mode

Perform the following steps to configure ATM cell relay over MPLS in VC mode.

 
Command or Action
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

Router(config)# configure terminal

Enters global configuration mode.

Step 3 

Router(config)# interface atmslot/port

Specifies an ATM interface.

Step 4 

Router(config-if)# pvc vpi/vci l2transport

Assigns a virtual path identifier (VPI) and virtual circuit identifier (VCI). The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC.

Step 5  

Router(config-if)# encapsulation aal0

For ATM cell relay, this command specifies raw cell encapsulation for the interface.

Step 6  

Router(config-atm-vc)# mpls l2transport route 
destination vc-id

Creates the VC to transport the Layer 2 packets.

Note You can configure VCs under point-to-point or multipoint subinterfaces and all main interfaces.

Note On an ATM port adapter (ATM PA), you can configure multiple VCs with mixed encapsulation under a multipoint subinterface or main interface.

Note If each of the PE routers has an OC-12 ATM OSM interface, the path identifiers/virtual channel identifiers (VPIs/VCIs) do not need to match.

If one of the PE routers at one end of the VC has a FlexWAN or Enhanced FlexWAN with an ATM port adapter, then the VPIs/VCIs at both ends of the VC must match.

Note In releases where mpls l2transport route command is not supported, use xconnect peer-router-id vcid encapsulation mpls command.

The following example shows an ATM cell relay over MPLS configuration.

PE1
PE2 
mpls label protocol ldp

mpls ldp router-id Loopback 0 force 

!

interface Loopback0

 ip address 131.131.131.131 255.255.255.255

!

interface ATM9/1.501 point-to-point

 mls qos trust dscp

 pvc 4/41 l2transport

  encapsulation aal0

  mpls l2transport route 123.123.123.123 501 

mpls label protocol ldp

mpls ldp router-id Loopback 0 force 

!

interface Loopback0

 ip address 123.123.123.123 255.255.255.255

!

interface ATM9/1.501 point-to-point

 mls qos trust dscp

 pvc 4/41 l2transport

  encapsulation aal0

  mpls l2transport route 131.131.131.131 501 

 !

Verifying ATM Cell Relay VC Mode

The show running-config command displays the contents of the currently running configuration file or the configuration for a specific interface (this is for PE1 in the previous example). 

c31# show running-config interface ATM9/1.501 

Building configuration...

Current configuration : 155 bytes

!

interface ATM9/1.501 point-to-point

 mls qos trust dscp

 pvc 4/41 l2transport

  encapsulation aal0

  mpls l2transport route 123.123.123.123 501 

 !

end

The show mpls 12transport command shows that the interface is configured for VC-mode cell relay. 

c31# show mpls l2transport vc vcid 501 detail 

Local interface: AT9/1.501 up, line protocol up, ATM VCC CELL 4/41 up

  Destination address: 123.123.123.123, VC ID: 501, VC status: up

    Tunnel label: 25, next hop point2point

    Output interface: PO4/1, imposed label stack {25 19}

  Create time: 1d01h, last status change time: 00:15:55

  Signaling protocol: LDP, peer 123.123.123.123:0 up

    MPLS VC labels: local 18, remote 19

    Group ID: local 82, remote 80

    MTU: local n/a, remote n/a

    Remote interface description: 

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 48755771, send 48895612

    byte totals:   receive 2535300092, send 2542571824

    packet drops:  receive 0, send 0

The show atm pvc command shows traffic information for all ATM permanent virtual connections (PVCs). 

c31# show atm pvc 4/41 

ATM9/1.501: VCD: 1, VPI: 4, VCI: 41

UBR, PeakRate: 599040

AAL0-Cell Relay over MPLS, etype:0x1B, Flags: 0xC3E, VCmode: 0x0

InBytes: 2567612684, OutBytes: 2560342200

Status: UP

The show atm vc command shows traffic information for all ATM permanent virtual circuits (PVCs) and switched virtual circuits (SVCs). 

c31# show atm vc 1 

ATM9/1.501: VCD: 1, VPI: 4, VCI: 41

UBR, PeakRate: 599040

AAL0-Cell Relay over MPLS, etype:0x1B, Flags: 0xC3E, VCmode: 0x0

InBytes: 2567615492, OutBytes: 2560345424

Status: UP

Troubleshooting Tips

The debug acircuit, debug mpls l2transport ipc, debug cwan atom, and debug mpls l2transport vc commands help in troubleshooting.

ATM Cell Relay over MPLS in VP Mode

ATM cell relay over MPLS in VP mode allows cells coming into a predefined permanent virtual path (PVP) on an ATM interface to be transported over the MPLS backbone to a predefined PVP on an egress ATM interface. VP mode can be used to send single cells or packed cells over the MPLS backbone. See the "Configuring ATM Packed Cell Relay over MPLS in VP Mode" section for information on using VP mode for packed cell relay.

Supported Modules

ATM cell relay over MPLS in VP mode is supported on all ATM port adapters:

PA-A6-OC3
PA-A6-T3
PA-A6-E3

PA-A3-OC3
PA-A3-T3
PA-A3-E3

PA-A3-8T1 IMA
PA-A3-8E1 IMA

ATM Cell Relay VP Mode Configuration Guidelines

When configuring ATM cell relay over MPLS in VP mode, observe the following guidelines:

Supported in Cisco IOS Release 12.2SRA and later (on Enhanced FlexWAN only).

You do not need to enter the encapsulation aal0 command in VP mode.

One ATM interface can accommodate multiple types of ATM connections. VP cell relay, VC cell relay, and ATM AAL5 over MPLS can coexist on one ATM interface.

If a VPI is configured for VP cell relay, you cannot configure a PVC using the same VPI.

Each VP is associated with one unique emulated VC ID. The AToM emulated VC type is ATM VP cell transport.

If one end of the emulated VC is on an ATM port adapter (PA) interface, then the VPIs/VCIs on both sides of the MPLS cloud must match.

Note If the VPIs/VCIs on both sides of the MPLS cloud do not match, an emulated VC comes up but does not switch traffic.

VP trunking (mapping multiple VPs to one emulated VC label) is currently not supported. Instead, each VP is mapped to one emulated VC.

The AToM control word is supported. However, if a peer PE does not support the control word, it is disabled. This negotiation is done by LDP label binding.

In VP mode (and VC mode), idle cells are dropped.

Configuring ATM Cell Relay over MPLS in VP Mode

To configure ATM cell relay over MPLS in VP mode, perform the following procedure:

Note The commands in the following procedure include only those arguments and keywords required to configure the feature.

 
Command or Action
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

Router(config)# configure terminal

Enters global configuration mode.

Step 3  

Router(config)# interface atmslot/port

Selects an interface on the ATM port adapter and enters interface configuration mode.

Step 4  

Router(config-if)# no ip address ip-address mask

(Optional) Removes the IP address that is assigned to this interface (if one has been configured).

Step 5  

Router(config-if)# atm pvp vpi l2transport

Specifies that cells coming into the interface on this PVP are to be transported across the MPLS network. The command also enters L2transport PVP configuration submode (which is for Layer 2 transport only, not for regular PVPs).

vpi is the ATM virtual path identifier of the PVP. The valid range is from 0 through 255.

l2transport indicates that the PVP is switched and not terminated.

Step 6  

Router(cfg-if-atm-l2trans-pvp)# xconnect 
peer-router-id vcid {encapsulation mpls | 
pseudowire-class name}
Example:

Router(cfg-if-atm-l2trans-pvp)# xconnect 10.0.0.1 123 pw-class vp-cell-relay

Configures a pseudowire for transporting the ATM cells across the MPLS network.

peer-router-id is the IP address of the remote PE peer router.

vcid is a 32-bit identifier to assign to the pseudowire. The same vcid must be used for both ends of the pseudowire.

encapsulation mpls sets MPLS for tunneling mode.

pseudowire-class name specifies a pseudowire class that includes the encapsulation mpls command.

Note The peer-router-id and vcid combination must be unique on the router.

Step 7  

Router(cfg-if-atm-l2trans-pvp)# end

Exits interface configuration mode and returns to privileged EXEC mode.

ATM Cell Relay VP Mode Configuration Example

The following example transports single ATM cells over a virtual path: 

Router# pseudowire-class vp-cell-relay 

encapsulation mpls 

int atm 5/0 

atm pvp 1 l2transport 

xconnect 10.0.0.1 123 pw-class vp-cell-relay

Verifying ATM Cell Relay VP Mode

The following show atm vp command shows that the interface is configured for VP mode cell relay: 

Router# show atm vp 1 

ATM5/0  VPI: 1, Cell Relay, PeakRate: 149760, CesRate: 0, DataVCs: 1, CesVCs: 0, Status: 

ACTIVE

VCD    VCI   Type   InPkts   OutPkts   AAL/Encap     Status

6      3     PVC    0        0         F4 OAM        ACTIVE  

7      4     PVC    0        0         F4 OAM        ACTIVE  

TotalInPkts: 0, TotalOutPkts: 0, TotalInFast: 0, TotalOutFast: 0,

TotalBroadcasts: 0 TotalInPktDrops: 0, TotalOutPktDrops: 0

ATM Packed Cell Relay over MPLS in VP Mode

ATM packed cell relay over MPLS allows multiple concatenated ATM cells to be inserted into an MPLS packet. The packed cell relay feature is more efficient than single cell relay because each ATM cell is 52 bytes and each AToM packet is at least 64 bytes (and single cell relay inserts one ATM cell in each MPLS packet).

Note This feature is supported in Cisco IOS Release 12.2SRB and later. Cisco IOS Release 12.2SRA and earlier releases do not support the packed cell relay feature in VP mode.

At a high level, the configuration of packed cell relay consists of the following steps:

1. You specify the amount of time a PE router can wait for cells to be packed into an MPLS packet. You can set up three timers by default with different amounts of time attributed to each timer.

2. You enable packed cell relay, specify how many cells should be packed into each MPLS packet, and choose which timer to use during the cell packing process.

ATM Packed Cell Relay in VP Mode Configuration Guidelines

Only cells from the same VC, VP, or port can be packed into one MPLS packet. Cells from different connections cannot be concatenated into the same MPLS packet.

When you change, enable, or disable the cell-packing attributes, the ATM VC, VP, or port and the MPLS emulated VC are reestablished.

If a PE router does not support packed cell relay, the PE router sends only one cell per MPLS packet.

The number of packed cells does not need to match between the PE routers. The two PE routers agree on the lower of the two values. For example, if PE1 is allowed to pack 10 cells in each MPLS packet and PE2 is allowed to pack 20 cells in each MPLS packet, the two PE routers would agree to send no more than 10 cells in each packet.

If the number of cells packed by the peer PE router exceeds the limit, the packet is dropped.

Configuring ATM Packed Cell Relay over MPLS in VP Mode

To configure ATM packed cell relay over MPLS in VP mode, perform the following procedure:

Note The commands in the following procedure include only those arguments and keywords required to configure the feature.

 
Command or Action
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

Router(config)# configure terminal

Enters global configuration mode.

Step 3  

Router(config)# interface atmslot/port

Selects an interface on the ATM port adapter and enters interface configuration mode.

Step 4 

Router(config-if)# shutdown

Shuts down the interface.

Step 5 

Router(config-if)# atm mcpt-timers [timer1-timeout timer2-timeout timer3-timeout]

Example:

Router(config-if)# atm mcpt-timers 100 200 250

Configures the timeout values for the cell-packing timers, which specify how long the PE router can wait for cells to be packed into an MPLS packet. If the timer expires before the maximum number of cells are packed into an AToM packet, the packet is sent anyway.

You can configure up to three timers. For each timer, specify the maximum cell-packing timeout (MCPT). You can specify the timeout value as number of microseconds or use the default. The default and range of acceptable timeout values depends on the ATM link speed. You specify which timer to use in the cell-packing command (Step 9).

The respective default values for timer1, timer2, and timer3 on PA-A3 port adapters are:

OC-3: 30, 60, and 90 microseconds

T3: 100, 200, and 300 microseconds

E3: 130, 260, and 390 microseconds

The respective range of values for PA-A3 port adapters are:

OC-3: 10 to 4095 microseconds

T3: 30 to 4095 microseconds

E3: 40 to 4095 microseconds

Step 6 

Router(config-if)# no shutdown

Enables the interface.

Step 7 

Router(config-if)# atm pvp vpi l2transport

Specifies that cells coming into the interface on this PVP are to be transported across the MPLS network. The command also enters L2transport PVP configuration submode (which is for Layer 2 transport only, not for regular PVPs).

vpi is the ATM virtual path identifier of the PVP. The valid range is from 0 through 255.

l2transport indicates that the PVP is switched and not terminated.

Step 8 

Router(cfg-if-atm-l2trans-pvp)# xconnect peer-router-id vcid {encapsulation mpls | pseudowire-class name}

Example:

Router(cfg-if-atm-l2trans-pvp)# xconnect 10.0.0.1 123 encapsulation mpls

Configures a pseudowire for transporting the ATM cells across the MPLS network.

peer-router-id is the IP address of the remote PE peer router.

vcid is a 32-bit identifier to assign to the pseudowire. The same vcid must be used for both ends of the pseudowire.

encapsulation mpls sets MPLS for tunneling mode.

pseudowire-class name specifies a pseudowire class that includes the encapsulation mpls command.

Note The peer-router-id and vcid combination must be unique on the router.

Step 9 

Router(cfg-if-atm-l2trans-pvp)# cell-packing [cells] [mcpt-timer timer]

Example:

Router(cfg-if-atm-l2trans-pvp)# cell-packing 10 mcpt-timer 1

Enables cell packing and specifies the cell-packing parameters.

cells specifies the maximum number of cells to be packed into an MPLS packet. The range is from 2 to the MTU of the interface divided by 52. The default is MTU/52.

mcpt-timer timer specifies which timer to use. The default is timer 1.

Configuration Example

The following example shows cell packing enabled on an interface set up for VP mode. The cell-packing command specifies that 10 ATM cells be packed into each MPLS packet. The command also specifies that the second maximum cell-packing timeout (MCPT) timer be used. 

Router> enable 

Router# configure terminal 

Router(config)# interface atm1/0 

Router(config-if)# shutdown 

Router(config-if)# atm mcpt-timers 1000 800 500 

Router(config-if)# no shutdown 

Router(config-if)# atm pvp 100 l2transport 

Router(config-if-atm-l2trans-pvp)# xconnect 10.0.0.1 234 encapsulation mpls 

Router(config-if-atm-l2trans-pvp)# cell-packing 10 mcpt-timer 2

Frame Relay over MPLS

Frame Relay over MPLS encapsulates Frame Relay protocol data units (PDUs) in MPLS packets and forwards them across the MPLS network.

Supported Modules

FRoMPLS is supported on any FlexWAN port adapter that supports Frame Relay encapsulation on the media type.

Frame Relay over MPLS Configuration Guidelines

The Frame Relay over MPLS feature has the following configuration guidelines:

Port-based mode (many-to-one)—All DLCIs coming in on a given interface/port are mapped to one MPLS LSP. This mode is not supported.

FRF.12 is not supported on the PE-CE link.

LFI/MLPPP over FR DLCI that is transported over MPLS LSPs is not supported.

Mapping the DE bit on to MPLS EXP based on configured EXP value is not supported.

Configuring Frame Relay over MPLS with DLCI-to-DLCI Connections

Perform this task to configure Frame Relay over MPLS with DLCI-to-DLCI connections.

 
Command or Action
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2 

Router(config)# configure terminal

Enters global configuration mode.

Step 3 

Router(config)# frame-relay switching

Enables permanent virtual circuit (PVC) switching on a Frame Relay device.

Step 4 

Router(config)# interface serialslot/port

Specifies a serial interface.

Step 5  

Router(config-if)# encapsulation 
frame-relay [cisco | ietf]

Specifies Frame Relay encapsulation for the interface. You can specify different types of encapsulations. You can set one interface to Cisco encapsulation and the other interface to IETF encapsulation.

Step 6 

Router(config-if)# frame-relay intf-type dce

Specifies that the interface is a DCE switch. You can also specify the interface to support NNI and DTE connections.

Step 7 

Router(config)# connect connection-name interface dlci l2transport

Defines connections between Frame Relay PVCs. Using the l2transport keyword specifies that the PVC will not be a locally switched PVC, but will be tunneled over the backbone network.

The connection-name argument is a text string that you provide.

The interface argument is the interface on which a PVC connection will be defined.

The dlci argument is the DLCI number of the PVC that will be connected.

Step 8 

Router(config-if)# xconnect peer-router-id vcid encapsulation mpls

Creates the VC to transport the Layer 2 packets. In a DLCI-to DLCI connection type, Frame Relay over MPLS uses the xconnect command in connect submode.

The following example shows a Frame Relay over MPLS with DLCI-to-DLCI configuration.

PE1
PE2 
frame-relay switching

mpls label protocol ldp

mpls ldp router-id Loopback0 force

tag-switching id

!

interface Loopback0

 ip address 13.13.13.13 255.255.255.255

!

interface POS1/1/0

 mtu 5000

 no ip address

 encapsulation frame-relay IETF

mls qos trust dscp

 clock source internal

 frame-relay lmi-type ansi

 frame-relay intf-type dce

!

! P router facing interface POS4/1

!

interface POS4/0/1

 mtu 5000

 ip address 32.0.0.1 255.0.0.0

 mpls label protocol ldp

 tag-switching ip

 mls qos trust dscp

 clock source internal

!

router ospf 100

 log-adjacency-changes

 passive-interface POS1/1

 network 13.13.13.13 0.0.0.0 area 100

 network 32.0.0.0 0.255.255.255 area 100

!

connect atom_1 POS1/1/0 16 l2transport

 xconnect 11.11.11.11 100 encapsulation mpls

frame-relay switching

mpls label protocol ldp

mpls ldp router-id Loopback0 force

tag-switching id

!

interface Loopback0

 ip address 11.11.11.11 255.255.255.255

!

interface POS7/0/1

 mtu 5000

 no ip address

 encapsulation frame-relay IETF

mls qos trust dscp

 clock source internal

 frame-relay lmi-type ansi

 frame-relay intf-type dce

!

! P router facing interface POS8/0/2

!

interface POS8/2

 mtu 5000

 ip address 35.0.0.1 255.0.0.0

 mpls label protocol ldp

 tag-switching ip

 mls qos trust dscp

 clock source internal

!

router ospf 100

 log-adjacency-changes

 passive-interface POS7/1

 network 11.11.11.11 0.0.0.0 area 100

 network 35.0.0.0 0.255.255.255 area 100

!

connect atom_1 POS7/0/1 17 l2transport

 xconnect 13.13.13.13 100 encapsulation mpls

Verifying the Configuration

Note It is not necessary for the DLCI of interface POS1/1 and the DLCI of interface POS7/1 to match. The DLCIs can be two separate DLCIs that you connect using the connect command.

Use the show mpls l2transport vc command to verify the configuration. 

PE1# sh mpls l2 vc 100 detail

Local interface: PO1/1/0 up, line protocol up, FR DLCI 16 up

  Destination address: 11.11.11.11, VC ID: 100, VC status: up

    Tunnel label: 17, next hop point2point

    Output interface: PO4/0/1, imposed label stack {17 1009}

  Create time: 00:09:28, last status change time: 00:01:17

  Signaling protocol: LDP, peer 11.11.11.11:0 up

    MPLS VC labels: local 1009, remote 1009

    Group ID: local 0, remote 0

    MTU: local 5000, remote 5000

    Remote interface description: 

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 60, send 62

    byte totals:   receive 8870, send 9648

    packet drops:  receive 0, send 0

PE2# sh mpls l2 vc 100 detail

Local interface: PO7/0/1 up, line protocol up, FR DLCI 16 up

  Destination address: 13.13.13.13, VC ID: 100, VC status: up

    Tunnel label: 18, next hop point2point

    Output interface: PO8/2, imposed label stack {18 1009}

  Create time: 00:03:32, last status change time: 00:01:54

  Signaling protocol: LDP, peer 13.13.13.13:0 up

    MPLS VC labels: local 1009, remote 1009

    Group ID: local 0, remote 0

    MTU: local 5000, remote 5000

    Remote interface description: 

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 4, send 4

    byte totals:   receive 1416, send 1388

    packet drops:  receive 0, send 0

PE1# sh frame-relay pvc 16

PVC Statistics for interface POS1/1/0 (Frame Relay DCE)

DLCI = 16, DLCI USAGE = SWITCHED(tag tunnel), PVC STATUS = ACTIVE, INTERFACE = POS1/1

  input pkts 68            output pkts 66           in bytes 11500     

  out bytes 10688          dropped pkts 0           in pkts dropped 0         

  out pkts dropped 0                out bytes dropped 0         

  in FECN pkts 0           in BECN pkts 0           out FECN pkts 0         

  out BECN pkts 0          in DE pkts 0             out DE pkts 0         

  out bcast pkts 0         out bcast bytes 0         

  switched pkts 0         

  Detailed packet drop counters:

  no out intf 0            out intf down 0          no out PVC 0         

  in PVC down 0            out PVC down 0           pkt too big 0         

  shaping Q full 0         pkt above DE 0           policing drop 0         

  pvc create time 00:16:28, last time pvc status changed 00:09:34

PE2# sh frame-relay pvc 16 

PVC Statistics for interface POS7/0/1 (Frame Relay DCE)

DLCI = 16, DLCI USAGE = SWITCHED(tag tunnel), PVC STATUS = ACTIVE, INTERFACE = POS7/1

  input pkts 27            output pkts 28           in bytes 5676      

  out bytes 6110           dropped pkts 0           in pkts dropped 0         

  out pkts dropped 0                out bytes dropped 0         

  in FECN pkts 0           in BECN pkts 0           out FECN pkts 0         

  out BECN pkts 0          in DE pkts 0             out DE pkts 0         

  out bcast pkts 0         out bcast bytes 0         

  switched pkts 0         

  Detailed packet drop counters:

  no out intf 0            out intf down 0          no out PVC 0         

  in PVC down 0            out PVC down 0           pkt too big 0         

  shaping Q full 0         pkt above DE 0           policing drop 0         

  pvc create time 00:10:50, last time pvc status changed 00:10:21

Layer 2 Local Switching

Local switching allows you to switch Layer 2 data between two interfaces of the same type (ATM-to-ATM or Frame Relay-to-Frame Relay) or different types of interfaces (Frame Relay-to-ATM or ATM-to-Ethernet) on the same router. The interfaces can be on the same line card or on two different line cards.

This section explains how to perform Layer 2 local switching-ATM- to-ATM and Frame Relay DCLI local switching; it includes the following procedures:

Layer 2 Local Switching-ATM to ATM

Configuring Frame Relay DLCI Local Switching

Enabling Other PE Devices to Transport Frame Relay Packets

Layer 2 Local Switching-ATM to ATM

Layer 2 Local Switching-ATM to ATM provides Layer 2 switching capability. It allows you to switch traffic coming from a customer's ATM VC/VP to a Session Terminating Service Provider ATM VC/VP. Layer 2 Local Switching-ATM to ATM has three modes:

ATM VC to VC local switching with AAL5 encapsulation

ATM VC to VC local switching with AAL0 Encapsulation (Cell Relay mode)

ATM VP to VP local switching with AAL0 Encapsulation

Supported Modules

Layer 2 Local Switching-ATM to ATM is supported only on FlexWAN and Enhanced FlexWAN modules with the port adapters shown in Table 2-3.

Table 2-3 Layer 2 Local Switching-ATM to ATM Supported Port Adapters

ATM VC to VC Local Switching with AAL5 Encapsulation
ATM VC to VC Local Switching with AAL0 Encapsulation
ATM VP to VP Local Switching with AAL0 Encapsulation

PA-A3-OC3

PA-A3-OC3

PA-A3-OC3

PA-A3-E3

PA-A3-E3

PA-A3-E3

PA-A3-T3

PA-A3-T3

PA-A3-T3

PA-A6-OC3

PA-A6-OC3

PA-A6-OC3

PA-A6-E3

PA-A6-E3

PA-A6-E3

PA-A6-T3

PA-A6-T3

PA-A6-T3


Restrictions

ATM local switching

Supported with Route Switch Processor 720, Supervisor Engine 720, and Supervisor Engine 32 in Cisco Release 12.2SR and later releases.

Supported with Supervisor Engine 720 and Supervisor Engine 2 in releases earlier than 12.2SR.

ATM VC to VC local switching with AAL5 encapsulation

Does not support QoS.

ATM VC to VC local switching with AAL0 Encapsulation (Cell Relay mode)

Does not support QoS.

Each ATM cell is transported as a single packet; cell packing is not supported.

Configurable on permanent virtual circuits (PVCs) only.

Both ends of the connection require the same VPI/VCI. If the VPI/VCI is not same, the connection comes up but the packet does not switch.

ATM VP to VP local switching with AAL0 Encapsulation

Does not support QoS.

Each ATM cell is transported as a single packet; cell packing is not supported

Configurable on permanent virtual pipes (PVPs) only.

Each ATM cell is transported as a single packet; cell packing is not supported.

Both ends of the connection require the same VPI/VCI. If the VPI/VCI is not same, the connection comes up but the packet does not switch.

VC to VC local switching is supported from 12.2(18)SXE, and VP to VP local switching from 12.2SRA.

Configuring ATM VC to VC Local Switching with AAL5 Encapsulation

Perform the following steps to configure ATM VC to VC local switching.

 
Command or Action
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

Router(config)# configure terminal

Enters global configuration mode.

Step 3 

Router(config)# interface atmslot/port

Specifies an ATM interface.

Step 4 

Router(config-if)# pvc vpi/vci l2transport

Assigns a virtual path identifier (VPI) and virtual circuit identifier (VCI). The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC.

You can configure ATM AAL5 on PVCs only.

Step 5 

Router(config-if)# encapsulation aal5

Specifies ATM AAL5 encapsulation for the PVC.

Step 6  

Router(config)# connect connection-name atm 
slot/port-1 [vpi/vci] atm slot/port-2 [vpi/vci]

Connects the ATM interfaces.

The following example shows ATM VC to VC local switching with AAL5 Encapsulation. 

int ATM2/0/0

  pvc 100/100 l2transport

    encapsulation aal5

int ATM2/1/0

  pvc 105/105 l2transport

    encapsulation aal5

connect vc2vc ATM2/0/0 100/100 ATM2/1/0 105/105

Verifying ATM VC to VC Local Switching with AAL5 Encapsulation

The show atm pvc command displays all ATM permanent virtual connections (PVCs) and traffic information. 

router# show atm pvc 100/100

ATM2/0/0: VCD: 44, VPI: 100, VCI: 100

UBR, PeakRate: 149760

AAL5 L2transport, etype:0x1C, Flags: 0xC3F, VCmode: 0x0

InPkts: 0, OutPkts: 0, InBytes: 0, OutBytes: 0

InPRoc: 0, OutPRoc: 0, Broadcasts: 0

InFast: 0, OutFast: 0, InAS: 0, OutAS: 0

InPktDrops: 0,  OutPktDrops: 0

InByteDrops: 0, OutByteDrops: 0

CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0

Out CLP=1 Pkts: 0

OAM cells received: 0

F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0

F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0

OAM cells sent: 0

F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0

F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0

OAM cell drops: 0

Status: UP

router# show atm pvc 105/105

ATM2/1/0: VCD: 46, VPI: 100, VCI: 100

UBR, PeakRate: 149760

AAL5 L2transport, etype:0x1C, Flags: 0xC3F, VCmode: 0x0

InPkts: 0, OutPkts: 0, InBytes: 0, OutBytes: 0

InPRoc: 0, OutPRoc: 0, Broadcasts: 0

InFast: 0, OutFast: 0, InAS: 0, OutAS: 0

InPktDrops: 0,  OutPktDrops: 0

InByteDrops: 0, OutByteDrops: 0

CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0

Out CLP=1 Pkts: 0

OAM cells received: 0

F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0

F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0

OAM cells sent: 0

F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0

F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0

OAM cell drops: 0

Status: UP

Use the show connection all command to see all configured connections. 

router# show connection all

ID   Name               Segment 1            Segment 2           

State      

========================================================================

36   vc2vc             ATM2/0/0 100/100     ATM2/1/0 105/105     UP

Configuring ATM VC to VC Local Switching Using AAL0 Encapsulation

Perform the following steps to configure ATM VC to VC local switching using AAL0 encapsulation.

 
Command or Action
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2 

Router(config)# configure terminal

Enters global configuration mode.

Step 3 

Router(config)# interface atmslot/port

Specifies an ATM interface.

Step 4 

Router(config)# pvc vpi/vci l2transport

Assigns a virtual path identifier (VPI) and virtual circuit identifier (VCI). The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC.

Step 5 

Router(config-if)#encapsulation aal0

Specifies ATM AAL0 encapsulation for the PVC.

Step 6  

Router(config)# connect connection-name atm 
slot/port-1 [vpi/vci] atm slot/port-2 [vpi/vci]

Connects the ATM interfaces.

The following example shows ATM VC to VC local switching with AAL0 encapsulation. 

int ATM2/0/0

  pvc 100/100 l2transport

    encapsulation aal0

int ATM2/1/0

  pvc 100/100 l2transport

    encapsulation aal0

connect vc2vc ATM2/0/0 100/100 ATM2/1/0 100/100

Verifying ATM VC to VC Local Switching with AAL0 Encapsulation

The show atm pvc command displays all ATM permanent virtual connections (PVCs) and traffic information. 

router# show atm pvc 100/100

ATM2/0/0: VCD: 44, VPI: 100, VCI: 100

UBR, PeakRate: 149760

AAL5 L2transport, etype:0x1C, Flags: 0xC3F, VCmode: 0x0

InPkts: 0, OutPkts: 0, InBytes: 0, OutBytes: 0

InPRoc: 0, OutPRoc: 0, Broadcasts: 0

InFast: 0, OutFast: 0, InAS: 0, OutAS: 0

InPktDrops: 0,  OutPktDrops: 0

InByteDrops: 0, OutByteDrops: 0

CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0

Out CLP=1 Pkts: 0

OAM cells received: 0

F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0

F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0

OAM cells sent: 0

F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0

F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0

OAM cell drops: 0

Status: UP

router# show atm pvc 100/100

ATM2/1/0: VCD: 46, VPI: 100, VCI: 100

UBR, PeakRate: 149760

AAL5 L2transport, etype:0x1C, Flags: 0xC3F, VCmode: 0x0

InPkts: 0, OutPkts: 0, InBytes: 0, OutBytes: 0

InPRoc: 0, OutPRoc: 0, Broadcasts: 0

InFast: 0, OutFast: 0, InAS: 0, OutAS: 0

InPktDrops: 0,  OutPktDrops: 0

InByteDrops: 0, OutByteDrops: 0

CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors: 0

Out CLP=1 Pkts: 0

OAM cells received: 0

F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0

F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0

OAM cells sent: 0

F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0

F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0

OAM cell drops: 0

Status: UP

Use the show connection all command to see all configured connections. 

router# show connection all

ID   Name               Segment 1            Segment 2           

State      

========================================================================

36   vc2vc             ATM2/0/0 100/100     ATM2/1/0 105/105     UP

Configuring ATM VP to VP Local Switching with AAL0 Encapsulation

Perform the following steps to configure ATM VP to VP local switching with AAL0 encapsulation.

 
Command or Action
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

Router(config)# configure terminal

Enters global configuration mode.

Step 3 

Router(config)# interface atmslot/port

Specifies an ATM interface.

Step 4  

Router(config-if)# atm pvp vpi l2transport

Specifies that the PVP is dedicated to transporting ATM cells. The l2transport keyword indicates that the PVP is for cell relay. Once you enter this command, you enter l2transport PVP submode. This submode is for Layer 2 transport only; it is not for regular PVPs.

Step 5  

Router(config)# connect connection-name atm 
slot/port-1 [vpi/vci] atm slot/port-2 [vpi/vci]

Connects the ATM interfaces.

The following example shows ATM VP to VP local switching. 

int ATM2/0/0

  atm pvp 100 l2transport

int ATM2/1/0

  atm pvp 100 l2transport

connect vp2vp ATM2/0/0 100 ATM2/1/0 100

Verifying ATM VP to VP Local Switching

The following show atm vp command shows that the interface is configured for VP mode cell relay: 

router# show connection all

ID   Name               Segment 1            Segment 2           

State      

========================================================================

36   vp2vp             ATM2/0/0 100         ATM2/1/0 100         UP       

BRAS# show atm vp 100

ATM2/0/0 VPI: 100, Cell Relay,

ATM2/0/0  VPI: 100, PeakRate: 0, CesRate: 0, DataVCs: 0, CesVCs: 0, Status: ACTIVE

 VCD    VCI   Type   InPkts   OutPkts   AAL/Encap     Status

 45     3     PVC    0        0         F4 OAM        ACTIVE  46     4     PVC    0        
0         F4 OAM        ACTIVE 

TotalInPkts: 0, TotalOutPkts: 0, TotalInFast: 0, TotalOutFast: 0, TotalBroadcasts: 0

TotalInPktDrops: 0, TotalOutPktDrops: 0

ATM2/1/0 VPI: 100, Cell Relay,

ATM2/1/0  VPI: 100, PeakRate: 0, CesRate: 0, DataVCs: 0, CesVCs: 0, Status: ACTIVE

 VCD    VCI   Type   InPkts   OutPkts   AAL/Encap     Status

 47     3     PVC    0        0         F4 OAM        ACTIVE  48     4     PVC    0        
0         F4 OAM        ACTIVE 

TotalInPkts: 0, TotalOutPkts: 0, TotalInFast: 0, TotalOutFast: 0, TotalBroadcasts: 0

TotalInPktDrops: 0, TotalOutPktDrops: 0

Configuring Frame Relay DLCI Local Switching

Frame Relay DLCI local switching connects a DLCI on one interface to another DLCI on a different interface in the same Cisco 7600 series router. Perform this task to set up Frame Relay DLCI local switching.

Note To connect two Frame Relay DLCIs to each other, perform the steps below on both DLCIs.

Note The frame-relay route command is no longer supported for this configuration. Use the connect command instead.

 
Command or Action
Purpose

Step 1 

Router# enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

Router(config)# configure terminal

Enters global configuration mode.

Step 3 

Router(config)# frame-relay switching

Enable permanent virtual switching (PVC) switching on a Frame Relay DCE device or a Network-to-Network Interface (NNI).

Step 4 

Router(config)# interface serialslot/port

Specifies a serial interface.

Step 5  

Router(config-if)# encapsulation 
frame-relay [cisco | ietf]

Specifies Frame Relay encapsulation for the interface. You can specify different types of encapsulations. You can set one interface to Cisco encapsulation and the other interface to IETF encapsulation.

Step 6 

Router(config-if)# frame-relay intf-type dce

Specifies that the interface is a DCE switch. You can also specify the interface to support NNI and DTE connections.

Step 7 

Router(config)# connect connection-name interface_1 dlci_1 interface_2 dlci_2

Defines connections between Frame Relay PVCs.

The connection-name argument is a text string that you provide.

The interface argument is the interface on which a PVC connection will be defined.

The dlci argument is the DLCI number of the PVC that will be connected.

The following configuration provides an example of Frame Relay DLCI local switching on the same router (osr4) between a DLCI on interface pos4/1 to a DLCI on interface pos4/2 (OSR1 and OSR3 are CEs).

Note It is not necessary for the DLCI of interface POS4/1 and the DLCI of interface POS4/2 to match. The DLCIs can be two separate DLCIs that you connect using the connect command.

Configuration on OSR1: 

!

interface POS4/1/0

 mtu 9000

 no ip address

 encapsulation frame-relay

!

interface POS4/1/0.1 point-to-point

 ip address 11.11.1.1 255.255.255.0

 frame-relay interface-dlci 16   

!

Configuration on OSR4: 

!

frame-relay switching

!

interface POS4/1/1

 mtu 9000

 no ip address

 encapsulation frame-relay

 clock source internal

 frame-relay intf-type dce

!

interface POS4/1/2

 mtu 9000

 no ip address

 encapsulation frame-relay

 clock source internal

 frame-relay intf-type dce

!

connect test1 POS4/1/1 16 POS4/1/2 16

!

Configuration on OSR3: 

!

interface POS8/0/2

 mtu 9000

 no ip address

 encapsulation frame-relay

!

interface POS8/0/2.1 point-to-point

 ip address 11.11.1.2 255.255.255.0

 frame-relay interface-dlci 16   

!

Verifying the Configuration

Use the ping command to verify basic connectivity. 

osr1# ping

Protocol [ip]: 

Target IP address: 11.11.1.2

Repeat count [5]: 100

Datagram size [100]: 

Timeout in seconds [2]: 

Extended commands [n]: 

Sweep range of sizes [n]: 

Type escape sequence to abort.

Sending 100, 100-byte ICMP Echos to 11.11.1.2, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (100/100), round-trip min/avg/max = 1/1/4 ms

osr1#

Use the show frame pvc command to view statistics for all virtual circuit (VC) components. 

osr4# show frame pvc 16       

PVC Statistics for interface POS4/1/1 (Frame Relay DCE)

DLCI = 16, DLCI USAGE = SWITCHED(fr), PVC STATUS = ACTIVE, INTERFACE = POS4/1

  input pkts 100           output pkts 100          in bytes 10400     

  out bytes 10400          dropped pkts 0           in pkts dropped 0         

  out pkts dropped 0                out bytes dropped 0         

  in FECN pkts 0           in BECN pkts 0           out FECN pkts 0         

  out BECN pkts 0          in DE pkts 0             out DE pkts 0         

  out bcast pkts 0         out bcast bytes 0         

  switched pkts 0         

  Detailed packet drop counters:

  no out intf 0            out intf down 0          no out PVC 0         

  in PVC down 0            out PVC down 0           pkt too big 0         

  shaping Q full 0         pkt above DE 0           policing drop 0         

  pvc create time 02:11:44, last time pvc status changed 02:04:23

PVC Statistics for interface POS4/1/2 (Frame Relay DCE)

DLCI = 16, DLCI USAGE = SWITCHED(fr), PVC STATUS = ACTIVE, INTERFACE = POS4/2

  input pkts 100           output pkts 100          in bytes 10400     

  out bytes 10400          dropped pkts 0           in pkts dropped 0         

  out pkts dropped 0                out bytes dropped 0         

  in FECN pkts 0           in BECN pkts 0           out FECN pkts 0         

  out BECN pkts 0          in DE pkts 0             out DE pkts 0         

  out bcast pkts 0         out bcast bytes 0         

  switched pkts 0         

  Detailed packet drop counters:

  no out intf 0            out intf down 0          no out PVC 0         

  in PVC down 0            out PVC down 0           pkt too big 0         

  shaping Q full 0         pkt above DE 0           policing drop 0         

  pvc create time 02:11:45, last time pvc status changed 02:07:30

osr4#

Use the show connect all command to see the connections. 

osr4#sh connect all

ID   Name               Segment 1            Segment 2           State       

========================================================================

1    test1             POS4/1/1 16            POS4/1/2 16            UP

Troubleshooting Tips

The following commands are helpful when troubleshooting:

debug frame-relay event

debug acircuit

debug mpls l2transport ipc

debug cwan atom

debug mpls l2transport vc

Enabling Other PE Devices to Transport Frame Relay Packets

You can configure an interface as a data terminal equipment (DTE) device or a data circuit-terminating equipment (DCE) switch, or as a switch connected to a switch with network-to-network interface (NNI) connections. Use the following command in interface configuration mode:

frame-relay intf-type [dce | dte | nni]

The keywords are explained in the following table:

Keyword
Description

dce

Enables the router or access server to function as a switch connected to a router.

dte

Enables the router or access server to function as a DTE device. DTE is the default.

nni

Enables the router or access server to function as a switch connected to a switch.


Local Management Interface and Frame Relay over MPLS

Local Management Interface (LMI) is a protocol that communicates status information about permanent virtual circuits (PVCs). When a PVC is added, deleted, or changed, the LMI notifies the endpoint of the status change. LMI also provides a polling mechanism that verifies that a link is up.

Note LMI is operational only when you enable keepalives on the interfaces (keepalive packets keep the interface active).

How LMI Works

To determine the PVC status, LMI checks that a PVC is available from the reporting device to the Frame Relay end-user device. If a PVC is available, LMI reports that the status is "Active," which means that all interfaces, line protocols, and core segments are operational between the reporting device and the Frame Relay end-user device. If any component is not available, the LMI reports a status of "Inactive."

Note Only the DCE and NNI interface types can report LMI status.

Figure 2-4 is a sample topology that shows how LMI works.

Figure 2-4 Sample Topology

NoteCE1 and PE1 and PE2 and CE2 are Frame Relay LMI peers.

CE1 and CE2 can be Frame Relay switches or end-user devices.

Each Frame Relay PVC is composed of multiple segments.

The DLCI value is local to each segment and is changed as traffic is switched from segment to segment. Two Frame Relay PVC segments exist; one is between PE1 and CE1 and the other is between PE2 and CE2.

DLCI-to-DLCI Connections

If you have DLCI-to-DLCI connections, LMI runs locally on the Frame Relay ports between the PE and CE devices.

CE1 sends an active status to PE1 if the PVC for CE1 is available. If CE1 is a switch, LMI checks that the PVC is available from CE1 to the user device attached to CE1.

PE1 sends an active status to CE1 if the following conditions are met:

A PVC for PE1 is available.

PE1 has received an MPLS label from the remote PE router.

An MPLS tunnel label exists between PE1 and the remote PE.

CE2 reports an Active status to PE2. If CE2 is a switch, LMI checks that the PVC is available from PE1 to the end-user device attached to CE2.

For DTE/DCE configurations, the following LMI behavior exists:

The Frame Relay device accessing the network (DTE) does the polling. The network device (DCE) responds to the LMI polls. Therefore, if a problem exists on the DTE side, the DCE is not aware of the problem, because it does not poll.

For More Information About LMI

For information about LMI, including configuration instructions, see the Configuring Frame Relay, Configuring the LMI document, at the following URL:

http://www.cisco.com/en/US/docs/ios/12_2/wan/configuration/guide/wcffrely_ps1835_TSD_Products_Configuration_Guide_Chapter.html