Configuring VPLS between Cat9500 and ISR4K
Available Languages
Contents
Introduction
VPLS is a Layer 2 extension technology which most customers use with ISP's and over borrowed/leased services with 3rd party vendors. The usage of VPLS extends beyond the scope of this configuration guide. This is a basic configuration guide on trying to help customers configure L2VPN between the existing ISR4K platforms and the new Cat9500 switches.
Prerequisites
You should be aware of basic L2VPN concepts and configuring pseudowire-templates for configuring L2 VFI contexts
Requirements
ISR4K Router (Any ISR4400/ISR4300), Cat9500 Switch and two devices being used as CE devices
Components Used
ISR4451-X
C9500-40X-A
CISCO1921
CISCO2911
Configure
The configuration tells the usage of the VPLS context and the VC types/details supported
Network Diagram
Configurations
On CE1 and CE2 :
CE1#sh run Building configuration... Current configuration : 105 bytes ! interface GigabitEthernet0/0 no ip address duplex auto speed auto ! interface GigabitEthernet0/0.100 encapsulation dot1Q 100 ip address 101.101.101.2 255.255.255.0 ! |
CE2#sh run Building configuration... Current configuration : 1718 bytes ! interface GigabitEthernet0/1 no ip address duplex auto speed auto ! interface GigabitEthernet0/1.100 encapsulation dot1Q 100 ip address 101.101.101.1 255.255.255.0 ! |
On PE1 and PE2 :
PE1#sh run Building configuration... Current configuration : 5049 bytes ! pseudowire-class VPLS100 encapsulation mpls no control-word ! l2 vfi 100 manual vpn id 100 bridge-domain 100 mtu 9180 neighbor 3.3.3.3 pw-class VPLS100 ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface GigabitEthernet0/0/0 mtu 9180 no ip address negotiation auto service instance 100 ethernet encapsulation dot1q 100 rewrite ingress tag pop 1 symmetric bridge-domain 100 ! ! interface GigabitEthernet0/0/2 ip address 30.30.30.1 255.255.255.0 negotiation auto mpls ip ! ip route 3.3.3.3 255.255.255.255 30.30.30.2 ! mpls ldp router-id Loopback0 force ! |
PE2#sh run Building configuration... Current configuration : 10722 bytes ! ip routing ! pseudowire-class VPLS100 encapsulation mpls no control-word ! l2 vfi 100 manual vpn id 100 neighbor 2.2.2.2 pw-class VPLS100 ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface TenGigabitEthernet2/0/1 no switchport ip address 30.30.30.2 255.255.255.0 mpls ip ! interface TenGigabitEthernet2/0/2 switchport trunk allowed vlan 100 switchport mode trunk ! interface Vlan100 no ip address xconnect vfi 100 ! ip route 2.2.2.2 255.255.255.255 30.30.30.1 ! mpls ldp router-id Loopback0 force ! |
Note : On the ISR4K and ASR1000 devices which run on EFP(Ethernet Flow Point) Service Instances, ensure we configure the "rewrite ingress tag pop 1 symmetric" command under the respective SI (Service Instance) where we want to extend the subnet/broadcast-domain, so that the ISR4K/ASR1k would be able to receive the tagged (802.1Q Vlan Tag) packets being sent over from the CE end.
Verify
The Cat9500 platforms support internetworking with "ethernet" so far under VPLS. So first check the VC type is ethernet (Which is default) :
PE1#show mpls l2transport binding
Destination Address: 3.3.3.3,VC ID: 100
Local Label: 19
Cbit: 0, VC Type: Ethernet, GroupID: n/a
MTU: 9180, Interface Desc: n/a
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2]
Remote Label: 17
Cbit: 0, VC Type: Ethernet, GroupID: 0
MTU: 9180, Interface Desc: n/a
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2]
PE2#show mpls l2transport binding
Destination Address: 2.2.2.2,VC ID: 100
Local Label: 17
Cbit: 0, VC Type: Ethernet, GroupID: n/a
MTU: 9180, Interface Desc: n/a
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2]
Remote Label: 19
Cbit: 0, VC Type: Ethernet, GroupID: 0
MTU: 9180, Interface Desc: n/a
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2]
Now the rest of the commands would be similar to the way you verify L2VPN VC. But it is important to understand that the Cat9500 has system mtu, hence you wont be able to modify the individual interface MTU values facing the LAN side. Hence you would need to explicitly configure "mtu <>" under the l2 vfi context on the ISR4K platform so that the MTU values get negotiated based on the system mtu configured on the Cat9500 switch :
PE2 :
PE2#show system mtu Global Ethernet MTU is 9180 bytes.
PE1 :
PE1#show mpls l2transport vc detail
Local interface: VFI 100 vfi up
Interworking type is Ethernet
Destination address: 3.3.3.3, VC ID: 100, VC status: up
Output interface: Gi0/0/2, imposed label stack {17}
Preferred path: not configured
Default path: active
Next hop: 30.30.30.2
Create time: 00:02:10, last status change time: 00:02:10
Last label FSM state change time: 00:02:10
Signaling protocol: LDP, peer 3.3.3.3:0 up
Targeted Hello: 2.2.2.2(LDP Id) -> 3.3.3.3, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 19, remote 17
Group ID: local n/a, remote 0
MTU: local 9180, remote 9180
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: Off
SSO Descriptor: 3.3.3.3/100, local label: 19
Dataplane:
SSM segment/switch IDs: 8387/4289 (used), PWID: 4
VC statistics:
transit packet totals: receive 0, send 0
transit byte totals: receive 0, send 0
transit packet drops: receive 0, seq error 0, send 0
PE2 :
PE2#show mpls l2transport vc detail
Local interface: VFI 100 vfi up
Interworking type is Ethernet
Destination address: 2.2.2.2, VC ID: 100, VC status: up
Output interface: Te2/0/1, imposed label stack {19}
Preferred path: not configured
Default path: active
Next hop: 30.30.30.1
Create time: 01:02:03, last status change time: 00:03:09
Last label FSM state change time: 00:03:09
Signaling protocol: LDP, peer 2.2.2.2:0 up
Targeted Hello: 3.3.3.3(LDP Id) -> 2.2.2.2, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 17, remote 19
Group ID: local n/a, remote 0
MTU: local 9180, remote 9180
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: Off
SSO Descriptor: 2.2.2.2/100, local label: 17
Dataplane:
SSM segment/switch IDs: 12297/8194 (used), PWID: 1
VC statistics:
transit packet totals: receive 0, send 0
transit byte totals: receive 0, send 0
transit packet drops: receive 0, seq error 0, send 0
Now when we try to initiate pings from CE1 to CE2 :
CE1#ping 101.101.101.1 source 101.101.101.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 101.101.101.1, timeout is 2 seconds: Packet sent with a source address of 101.101.101.2 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Then when we check the VC statistics to ensure the packets are going via VPLS :
PE1 :
PE1#show mpls l2transport vc detail | sec statistics
VC statistics:
transit packet totals: receive 5, send 5
transit byte totals: receive 660, send 660
transit packet drops: receive 0, seq error 0, send 0
PE2 :
PE2#show mpls l2transport vc detail | sec statistics
VC statistics:
transit packet totals: receive 5, send 5
transit byte totals: receive 680, send 680
transit packet drops: receive 0, seq error 0, send 0
Troubleshoot
This document was meant to highlight the compatibility issues while configuring a VPLS VC between the ISR/ASR routers and the Cat9500 swtiches acting as the PE nodes, so presently no troubleshooting steps.
Feedback