Ethernet for Layer 2 VPNs
introduces you to Layer 2 features and standards, and describes how you can
configure L2VPN features.
Gigabit Ethernet (including 10-Gigabit and 100-Gigabit) architecture and
features deliver network scalability and performance, while enabling service
providers to offer high-density, high-bandwidth networking solutions designed
to interconnect the router with other systems in POPs, including core and edge
routers and Layer 2 and Layer 3 switches.
Layer 2 Virtual Private Networks
A Layer 2 Virtual
Private Network (VPN) emulates a physical sub-network in an IP or MPLS network,
by creating private connections between two points. Building a L2VPN network
requires coordination between the service provider and customer. The service
provider establishes Layer 2 connectivity. The customer builds a network by
using the data link resources obtained from the service provider. In a L2VPN
service, the service provider does not require information about the customer's
network topology and other information. This helps maintain customer privacy,
while using the service provider resources to establish the network.
The service provider
requires Provider Edge (PE) routers with the following capabilities:
- Encapsulation of L2 protocol
data units (PDU) into Layer 3 (L3) packets.
- Interconnection of
any-to-any L2 transports.
- Support for MPLS tunneling
- Process databases that
include all information related to circuits and their connections.
introduces Layer 2 Virtual Private Networks (VPNs) and the corresponding
Gigabit Ethernet services.
Layer 2 VPNs on Gigabit Ethernet Interfaces
A L2VPN network
enables service providers (SPs) to provide L2 services to geographically
disparate customer sites. Typically, a SP uses an access network to connect the
customer to the core network. This access network may use a mixture of L2
technologies, such as Ethernet and Frame Relay. The connection between the
customer site and the nearby SP edge router is known as an attachment circuit
(AC). Traffic from the customer travels over this link to the edge of the SP
core network. The traffic then tunnels through a pseudowire over the SP core
network to another edge router. The edge router sends the traffic down another
AC to the customer's remote site.
The L2VPN feature
enables the connection between different types of L2 attachment circuits and
pseudowires, allowing users to implement different types of end-to-end
Cisco IOS XR software
supports a point-to-point end-to-end service, where two Ethernet circuits are
connected together. An L2VPN Ethernet port can operate in one of two modes:
- Port Mode—In this mode, all
packets reaching the port are sent over the pseudowire, regardless of any VLAN
tags that are present on the packets. In VLAN mode, the configuration is
performed under the l2transport configuration mode.
- VLAN Mode—Each VLAN on a CE
(customer edge) or access network to PE (provider edge) link can be configured
as a separate L2VPN connection (using either VC type 4 or VC type 5). To
configure L2VPN on VLANs, see
Ethernet Model chapter in this manual. In VLAN mode, the configuration
is performed under the individual sub-interface.
Switching can take
place in the following ways:
- AC-to-PW—Traffic reaching the
PE is tunneled over a PW (pseudowire) (and conversely, traffic arriving over
the PW is sent out over the AC). This is the most common scenario.
- Local switching—Traffic
arriving on one AC is immediately sent out of another AC without passing
through a pseudowire.
If your network
requires that packets are transported transparently, you may need to modify the
packet’s destination MAC (Media Access Control) address at the edge of the
Service Provider (SP) network. This prevents the packet from being consumed by
the devices in the SP network.
You can use the
command to display AC and pseudowire information.
Ethernet Interfaces for Layer 2 Transport
This section describes how you can configure Gigabit ethernet
interfaces for Layer 2 transport.
/* Enter the interface configuration mode */
Router(config)# interface TenGigE 0/0/0/10
/* Configure the ethertype for the 802.1q encapsulation (optional) */
/* For VLANs, the default ethertype is 0x8100. In this example, we configure a value of 0x9100.
/* The other assignable value is 0x9200 */
/* When ethertype is configured on a physical interface, it is applied to all sub-interfaces created on this interface */
Router(config-if)# dot1q tunneling ethertype 0x9100
/* Configure Layer 2 transport on the interface, and commit your configuration */
Router(config-if)# no shutdown
interface TenGigE 0/0/0/10
dot1q tunneling ethertype 0x9100
Verify that the 10-Gigabit Ethernet interface is up and
router# show interfaces TenGigE 0/0/0/10
TenGigE0/0/0/10 is up, line protocol is up
Interface state transitions: 1
Hardware is TenGigE, address is 0011.1aac.a05a (bia 0011.1aac.a05a)
Layer 1 Transport Mode is LAN
Layer 2 Transport Mode
MTU 1514 bytes, BW 10000000 Kbit (Max: 10000000 Kbit)
reliability 255/255, txload 0/255, rxload 0/255
Full-duplex, 10000Mb/s, link type is force-up
output flow control is off, input flow control is off
Carrier delay (up) is 10 msec
loopback not set,