Configuring Multiprotocol Label Switching on the Optical Services Modules
This chapter describes how to configure Multiprotocol Label Switching (MPLS) and Any Transport over Multiprotocol Label Switching (AToM) on the Optical Services Modules (OSMs).
This chapter consists of these sections:
•
Configuring MPLS
•
Configuring MPLS QoS
•
Configuring MPLS VPN
•
Configuring MPLS VPN QoS
•
Any Transport over MPLS
•
Ethernet over MPLS
•
How to Configure QoS with AToM
•
HQoS for EoMPLS Virtual Circuits
•
AToM Load Balancing
•
Virtual Private LAN Services on the Optical Services Modules
Configuring MPLS
These sections describe MPLS and provides configuration information:
•
Understanding MPLS
•
MPLS Support on OSMs
•
Supported Features
•
MPLS Limitations and Restrictions
•
Configuring MPLS
Understanding MPLS
MPLS uses label switching to forward packets over various link-level technologies such as Packet-over-SONET, Frame Relay, ATM, and Ethernet. Labels are assigned to packets based on groupings or forwarding equivalence classes (FECs). Packets belonging to the same FEC get similar treatment. The label is added between the Layer 2 and the Layer 3 header (in a packet environment) or in the virtual path identifier/virtual channel identifier (VPI/VCI) field (in ATM networks).
In an MPLS network, the edge router performs a label lookup of the incoming label, swaps the incoming label with an outgoing label, and sends the packet to the next hop. Labels are imposed on packets only at the ingress edge of the MPLS network and are removed at the egress edge. The core network reads the labels, applies the appropriate services, and forwards the packets based on the labels.
MPLS Support on OSMs
MPLS is supported on the following Cisco 7600 series OSMs:
•
OC-3 POS:
–
OSM-4OC3-POS-SI+
–
OSM-8OC3-POS-SI+, SL+
•
OC-12 POS:
–
OSM-2OC12-POS-MM+, SI+, SL+
–
OSM-4OC12-POS-MM+, SI+, SL+
•
OC-12 ATM:
–
OSM-2OC12-ATM-MM+
–
OSM-2OC12-ATM-SI+
•
OC-48 POS:
–
OSM-1OC48-POS-SS+, SI+, SL+
–
OSM-2OC48/1DPT-SS, SI, SL
•
Gigabit Ethernet
–
OSM-2+4GE-WAN+
•
WS-X6582-2PA Enhanced FlexWAN
Supported Features
The following features are supported with SUP720-3BXL and SUP720-3CXL supervisor engines:
Note
Features in the Cisco IOS 12.2SR releases that are also supported in the Cisco IOS 12.2 mainline, 12.2T and 12.2S releases are documented in the corresponding publications for those releases. When applicable, this section refers to those publications for platform-independent features supported in the Cisco IOS 12.2SR releases. The Cisco IOS 12.2S releases do not support software images for the Cisco 7600 series routers, and the Cisco IOS 12.2S publications do not list support for the Cisco 7600 series routers.
•
Multi-VRF for CE Routers (VRF Lite)—VRF-lite is a feature that enables a service provider to support two or more VPNs, where IP addresses can be overlapped among the VPNs. See http://www.cisco.com/en/US/products/hw/routers/ps259/prod_bulletin09186a00800921d7.html.
Note
Multi-VRF for CE Routers (VRF Lite) is supported with the following features: IPv4 forwarding between VRFs interfaces, IPv4 ACLs, and IPv4 HSRP. Starting with Cisco IOS Release 12.2(18)SXE, Multi-VRF for CE Routers (VRF Lite) is supported with IPv4 multicast..
Note
Multi-VRF for CE Routers (VRF Lite) is also supported with the Supervisor Engine 720 with PFC3A.
•
MPLS Label Distribution Protocol (LDP)—MPLS label distribution protocol (LDP), as standardized by the Internet Engineering Task Force (IETF) and as enabled by Cisco IOS software, allows the construction of highly scalable and flexible IP Virtual Private Networks (VPNs) that support multiple levels of services. See http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fs2sldp.html.
•
Multiprotocol Label Switching (MPLS) on Cisco Routers—This feature provides basic MPLS support for imposing and removing labels on IP packets at label edge routers (LERs) and switching labels at label switch routers (LSR). See http://www.cisco.com/en/US/docs/ios/12_0st/12_0st21/feature/guide/fs_rtr.html.
•
MPLS Traffic Engineering-DiffServ Aware (DS-TE)—This feature provides extensions made to Multiprotocol Label Switching Traffic Engineering (MPLS TE) to make it DiffServ aware, allowing constraint-based routing of guaranteed traffic. See http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsdserv3.html.
•
MPLS Traffic Engineering Forwarding Adjacency—This feature allows a network administrator to handle a traffic engineering, label-switched path (LSP) tunnel as a link in an Interior Gateway Protocol (IGP) network based on the Shortest Path First (SPF) algorithm. For information on forwarding adjacency with Intermediate System-to-Intermediate System (IS-IS) routing, see http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fstefa_3.html.
For information on forwarding adjacency with Open Shortest Path First (OSPF) routing, see http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/ospffa.html.
•
MPLS Traffic Engineering (TE) Interarea Tunnels—This feature allows the router to establish MPLS TE tunnels that span multiple Interior Gateway Protocol (IGP) areas and levels, removing the restriction that had required the tunnel head-end and tail-end routers to be in the same area. See http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsiarea3.html.
•
MPLS Virtual Private Networks (VPNs)—This feature allows you to deploy scalable IPv4 Layer 3 VPN backbone services over a Cisco IOS network. See http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fs_vpn.htm.
•
MPLS VPN Carrier Supporting Carrier (CSC)—The feature enables one MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network. See http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftcsc8.html.
•
MPLS VPN—Carrier Supporting Carrier—IPv4 BGP Label Distribution—This feature enables you to configure your carrier supporting carrier network to enable Border Gateway Protocol (BGP) to transport routes and Multiprotocol Label Switching (MPLS) labels between the backbone carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers. See http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftcscl13.html.
•
MPLS VPN—Interautonomous System Support—This feature allows an MPLS VPN to span service providers and autonomous systems. See http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsias24.html.
•
MPLS VPN—Inter-AS—IPv4 BGP Label Distribution: This feature enables you to set up a Virtual Private Network (VPN) service provider network so that the autonomous system boundary routers (ASBRs) exchange IPv4 routes with Multiprotocol Label Switching (MPLS) labels of the provider edge (PE) routers.See http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftiasl13.html.
•
Hot Standby Router Protocol (HSRP) Support for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs)—This feature ensures that the HSRP virtual IP address is added to the correct IP routing table and not to the default routing table. See http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dt_hsmp.html.
•
OSPF Sham Link: OSPF Sham-Link Support for MPLS VPN—This feature allows you to use a sham-link to connect Virtual Private Network (VPN) client sites that run the Open Shortest Path First (OSPF) protocol and share backdoor OSPF links in a Multiprotocol Label Switching (MPLS) VPN configuration. See http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ospfshmk.html.
•
BGP Multipath Load Sharing for eBGP and iBGP—This feature allows you to configure multipath load balancing with both external BGP (eBGP) and internal BGP (iBGP) paths in Border Gateway Protocol (BGP) networks that are configured to use Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). See http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fseibmpl.html.
•
Any Transport over MPLS (AToM). Transports Layer 2 packets over a Multiprotocol Label Switching (MPLS) backbone. See the "Any Transport over MPLS" section.
MPLS Limitations and Restrictions
The following platform-specific limitations and restrictions apply to the MPLS support on the OSM modules:
•
MPLS Limitations
•
MPLS Traffic Engineering with Fast ReRoute (FRR) protection—this feature is not yet supported.
MPLS Limitations
The following MPLS limitations apply:
•
MTU checking and fragmentation is not supported on the OSMs except that checking is supported on the OSM-2+4GE-WAN+ on the receive path.
Note
For information on other limitations and restrictions, see "MPLS VPN Limitations and Restrictions" section, "Ethernet over MPLS Restrictions" section, and "Restrictions for VPLS" section.
Configuring MPLS
For information on configuring MPLS, refer to the Multiprotocol Label Switching on Cisco Routers feature module at the following URLs:
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/mpls4t.html
http://www.cisco.com/en/US/docs/ios/12_2/switch/configuration/guide/xcftagov_ps1835_TSD_Products_Configuration_Guide_Chapter.html
Configuring MPLS QoS
This section provides configuration information for MPLS QoS.
Supported MPLS QoS Features
The OSMs support the following MPLS QoS features:
•
OSM QoS features using MPLS EXP classification. See "Configuring QoS on the OSMs" section.
•
MPLS EXP policing and marking done by PFC3BXL when the OSMs are used with a SUP720-3BXL. For PFC3BXL policing and marking, refer to http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/qos.html.
Note
For AToM QoS features, see "How to Configure QoS with AToM" section.
Configuring MPLS VPN
These sections describe how to configure MPLS VPN:
•
MPLS VPN Support on OSMs
•
MPLS VPN Limitations and Restrictions
•
MPLS VPN Memory Requirements and Recommendations
•
MPLS Per-Label Load Balancing
MPLS VPN Support on OSMs
MPLS VPN is supported on the following OSMs:
•
OC-3 POS:
–
OSM-4OC3-POS-SI+
–
OSM-8OC3-POS-SI+, SL+
•
OC-12 POS:
–
OSM-2OC12-POS-MM+, SI+, SL+
–
OSM-4OC12-POS-MM+, SI+, SL+
•
OC-12 ATM:
–
OSM-2OC12-ATM-MM+
–
OSM-2OC12-ATM-SI+
•
OC-48 POS:
–
OSM-1OC48-POS-SS+, SI+, SL+
–
OSM-2OC48/1DPT-SS, SI, SL
•
Gigabit Ethernet:
–
OSM-2+4GE-WAN+
•
WS-X6582-2PA Enhanced FlexWAN
MPLS VPN Limitations and Restrictions
The following MPLS VPN limitations apply:
•
With SUP720-3BXL- or SUP720-3CXL-based systems, load sharing is supported.
•
With SUP720-3BXL- or SUP720-3CXL-based systems, MTU checking and fragmentation is supported.
•
For SUP720-3BXL- or SUP720-3CXL-based systems, a total of 1000 VRFs per chassis are supported with enhanced OSMs; using a non-enhanced OSM causes the system to default to 511 VRFs.
•
With SUP720-3BXL- or SUP720-3CXL-based systems, MPLS Provider (P) functionality is supported.
MPLS VPN Memory Requirements and Recommendations
When a Cisco 7600 series router functions as a PE router in an MPLS VPN environment, the memory requirements that are listed in Table 9-1apply:
Table 9-1 MPLS VPN Memory Requirements and Recommendations
MSFC2 Memory Configuration
|
Maximum Number of Internet Routes, eBGP sessions, and VPNv4 routes
|
MSFC2 with 512 MB |
100,000 Internet routes, 750 eBGP sessions, and 100,000 VPNv4 routes |
|
Maximum Number of Internet Routes, eBGP sessions, and VPNv4 routes |
OSM with 256 MB |
100,000 Internet routes, 750 eBGP sessions, and 175,000 VPNv4 routes |
Enhanced FlexWAN Memory Configuration
|
Maximum Number of Internet Routes, eBGP sessions, and VPNv4 routes |
Enhanced FlexWAN with 2x128 MB |
100,000 Internet routes, 750 eBGP sessions, and 100, 000 VPNv4 routes |
If the number of Internet routes, eBGP sessions, and VPNv4 routes exceed those listed in Table 9-1, upgrade to the next memory option. If you have an Enhanced FlexWAN module installed in the system, the number of Internet routes, eBGP sessions, and VPNv4 routes in the configuration file must not exceed the requirement listed in the table for FlexWAN.
MPLS Per-Label Load Balancing
The Supervisor Engine 720 handles MPLS labeled packets without commands. If the packet has three labels or less and the underlying packet is IPv4 then the Supervisor Engine 720 uses the source and destination IPv4 address. If the underlying packet is not IPv4 or more then three labels are present, then the Supervisor Engine 720 parses down as deep as the fifth or lowest label and uses it for hashing.
For information on configuring MPLS VPN, refer to the MPLS Virtual Private Networks feature module at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t7/vpn_en.htm.
Configuring MPLS VPN QoS
The OSMs support the following MPLS VPN QoS features:
•
OSM QoS features using MPLS EXP classification. See "Configuring QoS on the OSMs" section.
•
MPLS EXP policing and marking done by PFC3BXL when the OSMs are used with a SUP720-3BXL. For PFC3BXL policing and marking, refer to http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/qos.html.
The following restrictions apply to the support for MPLS VPN QoS on the OSMs:
•
PFC2 QoS features are not supported with MPLS VPN.
•
MPLS VPN QoS is supported on the VPN interfaces only.
Match IP precedence and SET IP precedence and MPLS Experimental values are supported on the input interface only.
Configuration Example
The following example shows how to configure QoS on an MPLS VPN:
Router# configure terminal
Router(config)# class-map match-any vpn-class
Router(config-cmap)# match ip precedence 3
Router(config-cmap)# exit
Router(config)# policy-map VPN-MARKING
Router(config-pmap)# class vpn-class
Router(config-pmap-c)# set ip precedence 5
Router(config-pmap-c)# set mpls exp 5
Router(config-pmap-c)# ^Z
Router# configure terminal
Router(config)# interface ge-WAN 5/4
Router(config-if)# service-policy input VPN-MARKING
Router# show running-config interface g5/4
Building configuration...
Current configuration :175 bytes
ip address 194.3.1.3 255.255.255.0
service-policy input VPN-MARKING
Router#
Any Transport over MPLS
Any Transport over MPLS (AToM) transports Layer 2 packets over a Multiprotocol Label Switching (MPLS) backbone. AToM uses a directed Label Distribution Protocol (LDP) session between edge routers for setting up and maintaining connections. Forwarding occurs through the use of two level labels, switching between the edge routers. The external label (tunnel label) routes the packet over the MPLS backbone to the egress Provider Edge (PE) at the ingress PE. The VC label is a demuxing label that determines the connection at the tunnel endpoint (the particular egress interface on the egress PE as well as the VPI/VCI value for the AAL5 PDU, the DLCI value for Frame Relay PDU, or the VLAN identifier for an Ethernet frame).
AToM supports the following like-to-like transport types for Supervisor Engine 720-based systems:
•
Ethernet over MPLS (VLAN mode and port mode)
Note
Supervisor Engine 720-based systems support both hardware-based WAN as well as OSM- or Enhanced FlexWAN-based WAN.
Note
Supervisor Engine 720-based systems require that the core-facing cards must be WAN cards (enhanced OSMs, Enhanced FlexWAN modules, and Shared Port Adapter [SPA] Interface Processors [SIPs]). This applies to Ethernet over MPLS.
Also, the specific MPLS core-facing line card may not be supported for a specific AToM technology; view specific AToM configurations in this chapter, in the FlexWAN and Enhanced FlexWAN Modules Configuration Guide, and in the Cisco 7600 Series Router SIP, SSC, and SPA Software Configuration Guide for more details.
Restrictions for Any Transport over MPLS
The following general restrictions pertain to all transport types under AToM:
•
Sequencing: AToM does not support detecting of out-of-order packets.
•
Address format: Configure the LDP router ID on all PE routers to be a loopback address with a /32 mask. Otherwise, some configurations might not properly function.
•
Fragmentation and Reassembly: Ensure that the maximum transmission unit (MTU) of all intermediate links between endpoints is sufficient to carry the largest Layer 2 packet received.
•
Control word: You cannot use CLI to enable or disable control word.
Ethernet over MPLS Restrictions
The following restrictions pertain to the Ethernet over MPLS feature:
•
Fragmentation and Reassembly: Ensure that the maximum transmission unit (MTU) of all intermediate links between endpoints is sufficient to carry the largest Layer 2 packet received.
•
Packet Format: EoMPLS supports VLAN packets that conform to the IEEE's 802.1Q standard. The 802.1Q specification establishes a standard method for inserting VLAN membership information into Ethernet frames.
•
Preserving 802.1 P bits and IP precedence bits: If QoS is disabled globally, both the 802.1p and IP precedence bits are preserved. When the QoS is enabled on a Layer 2 port, either 802.1q P bits or IP precedence bits can be preserved with the trusted configuration. However, by default the unpreserved bits are overwritten by the value of preserved bits. For instance, if you preserve the P bits, the IP precedence bits are overwritten with the value of the P bits. PFC3BXL provides a new command that allows you to trust the P bits while preserving the IP precedence bits. To preserve the IP precedence bits, use the no mls qos rewrite ip dscp command.
Note
The no mls qos rewrite ip dscp command is not compatible with the MPLS and MPLS VPN features. See http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/qos.html.
•
Private VLANs: EoMPLS is not supported with private VLANs.
•
Layer 2 Connections: The following restrictions apply to using Layer 2 connection with Ethernet over MPLS:
–
You cannot have a direct Layer 2 connection between PEs with Ethernet over MPLS.
–
You cannot have more than one Layer 2 connection between routers if those routers are configured to transport Ethernet VLAN packets over the MPLS backbone. Adding a second Layer 2 connection causes the spanning tree state to constantly toggle if you disable spanning tree on the peer router.
•
Ethernet over MPLS and Trunks: The following restrictions apply to using trunks with Ethernet over MPLS. For more information, see theCisco 7600 Series Router software documentation.
–
Spanning Tree: To support Ethernet spanning tree bridge protocol data units (BPDUs) across an EoMPLS cloud, you must disable the supervisor engine spanning tree for the Ethernet over MPLS VLAN. This ensures that the EoMPLS VLANs are carried only on the trunk to the customer switch. Otherwise, the BPDUs are directed to the supervisor engine and not to the EoMPLS cloud.
–
Native VLAN: The native VLAN of a trunk must not be configured as an EoMPLS VLAN.
•
Layer 2 Protocol Tunneling: With PFC3BXL-based systems, there is a configuration choice for user to decide which specific protocols (for example, CDP, VTP, BPDUs). get tunneled across the MPLS cloud and which ones terminate locally. This is supported in software switching path.
•
ISL encapsulation is not supported for the interface that receives EoMPLS packets.
•
Unique VLANs are required across interfaces. You cannot use the same VLAN ID on different interfaces.
•
EoMPLS tunnel destination route in routing and CEF table must be with a /32 mask to insure that there is an LSP from PE to PE.
•
For a particular EoMPLS connection, both the ingress EoMPLS interface on the ingress PE and the egress EoMPLS interface on the egress PE have to be sub-interfaces with dot1Q encapsulation or neither is a sub-interface.
•
802.1Q in 802.1Q over EoMPLS is supported if outgoing interface connecting to MPLS network is a port on an Layer 2 card.
•
Shaping of EoMPLS traffic is not supported if egress interface connecting to MPLS network is Layer 2 card.
•
EoMPLS based on PFC3BXL does not perform any Layer 2 look up to determine if the destination MAC address resides on the local or remote segment and does not perform any Layer 2 address learning (as traditional LAN bridging does). This functionality (local switching or hair pinning) is available only when using OSM/FlexWAN-based modules as uplinks.
Information About Any Transport over MPLS
To configure AToM, you must understand the following concepts:
•
How AToM Transports Layer 2 Packets
•
Compatibility with Previous Releases of AToM
•
Benefits of AToM
How AToM Transports Layer 2 Packets
AToM encapsulates Layer 2 frames at the ingress PE and sends them to a corresponding PE at the other end of a pseudowire, which is a connection between the two PE routers. The egress PE removes the encapsulation and sends out the Layer 2 frame.
The successful transmission of the Layer 2 frames between PE routers is due to the configuration of the PE routers. You set up the connection, called a pseudowire, between the routers. You specify the following information on each PE router:
•
The type of Layer 2 data that will be transported across the pseudowire, such as Ethernet, Frame Relay, or ATM
•
The IP address of the loopback interface of the peer PE router, which enables the PE routers to communicate
•
A VC ID that uniquely identifies the pseudowire
The following example shows the basic configuration steps on a PE router that enable the transport of Layer 2 packets.
First define the interface or subinterface on the PE router.
Router# interface interface-type interface-number
Then specify the encapsulation type for the interface, such as dot1q.
Router(config-if)# encapsulation encapsulation-type
The last step does the following:
•
Makes a connection to the peer PE router by specifying the LDP router ID of the peer PE router.
•
Identifies a unique identifier that is shared between the two PE routers. The vcid is a 32-bit identifier.
The combination of the peer-router-id and the VC ID must be a unique combination on the router. Two circuits cannot use the same combination of peer-router-id and VC ID.
•
Specifies the tunneling method used to encapsulate data in the pseudowire. For AToM, the tunneling method used to encapsulate data is mpls.
Router(config-if)# xconnect peer-router-id vcid encapsulation mpls
Compatibility with Previous Releases of AToM
In previous releases of AToM, the command used to configure AToM circuits was mpls l2 transport route. This command has been replaced with the xconnect command. You can use the xconnect command to configure EoMPLS circuits.
Benefits of AToM
The following list explains some of the benefits of enabling Layer 2 packets to be sent in the MPLS network:
•
The AToM product set accommodates many types of Layer 2 packets, including Ethernet and Frame Relay, across multiple Cisco router platforms, including the Cisco 7600 series routers. This enables the service provider to transport all types of traffic over the backbone and accommodate all types of customers.
•
AToM adheres to the standards developed for transporting Layer 2 packets over MPLS. (See the "Ethernet over MPLS" section for the specific standards that AToM follows.) This benefits the service provider who wants to incorporate industry-standard methodologies in the network. Other Layer 2 solutions are proprietary, which can limit the service provider's ability to expand the network and can force the service provider to use only one vendor's equipment.
•
Upgrading to AToM is transparent to the customer. Because the service provider network is separate from the customer network, the service provider can upgrade to AToM without disruption of service to the customer. The customers assume that they are using a traditional Layer 2 backbone.
Prerequisites
Before configuring AToM, ensure that the network is configured as follows:
•
Configure IP routing in the core so that the PE routers can reach each other via IP.
•
Configure MPLS in the core so that a label switched path (LSP) exists between the PE routers.
AToM and QoS
MPLS AToM uses the three experimental bits in a label to determine the queue of packets. You statically set the experimental bits in both the VC label and the LSP tunnel label, because the LSP tunnel label might be removed at the penultimate router. See "How to Configure QoS with AToM" section and "HQoS for EoMPLS Virtual Circuits" section for more information.
Ethernet over MPLS
Ethernet over MPLS works by encapsulating Ethernet PDUs in MPLS packets and forwarding them across the MPLS network. Each PDU is transported as a single packet. There are two ways to configure Ethernet over MPLS:
•
VLAN mode—transports Ethernet traffic from a source 802.1Q VLAN to a destination 802.1Q VLAN through a single VC over an MPLS network.
•
Port mode—allows all traffic on a port to share a single VC across an MPLS network.
Supervisor Engine 720-Based EoMPLS
With Supervisor Engine 720-based systems, the supervisor engine 720 supports the MPLS functionality. The supervisor engine 720 can receive Layer 2 traffic, impose labels, and switch the frames into the MPLS core without using an OSM or FlexWAN module.
You can also equip a Supervisor Engine 720-based system with an OSM or a Flexwan module facing the core of MPLS network. In this case, you can use either OSM/FlexWAN-based configuration or the SUP720-3BXL-based configuration.
Note
A system can have both an OSM/FlexWAN-based configuration and a SUP720-3BXL-based configuration enabled at the same time. Cisco supports this configuration but does not recommend it. Unless the uplinks to the MPLS core are through OSM/FlexWAN-enabled interfaces then OSM/FlexWAN-based EoMPLS connections are not active; this causes packets for OSM/FlexWAN-based EoMPLS arriving on non-WAN interfaces to be dropped.
Supported OSMs
EoMPLS is supported on the OSM-2+4GE-WAN+.
Configuring EoMPLS VLAN Mode for OSM-Based System
To configure MPLS to transport Layer 2 VLAN packets between two endpoints in an OSM-based system, perform the following steps on the provider edge (PE) routers.
Note
When OSPF is used as the IGP, all loopback addresses on PE routers must be configured with 32-bit masks to ensure proper operation of MPLS forwarding between PE routers.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
vlan
4.
interface gigabitEthernet
5.
switchport
6.
switchport trunk encapsulation dot1q
7.
switchport trunk allowed vlan list
8.
switchport mode trunk
9.
exit
10.
interface vlan
11.
xconnect peer-router-id vcid encapsulation mpls
DETAILED STEPS
|
|
|
Step 1 |
enable
|
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
vlan {vlan-id | vlan-range}
Router (config)# vlan 2-3 |
Enter VLAN ID or range. |
Step 4 |
interface gigabitEthernet
Router(config)# interface gigabitEthernet |
Specifies the Layer 2 interface and enters interface configuration mode. |
Step 5 |
switchport
Router(config-if)# switchport |
Configures the port for switching. |
Step 6 |
switchport trunk encapsulation dot1
Router(config-if)# switchport trunk encapsulation dot1 |
Set the trunk characteristics when the interface is in trunking mode. |
Step 7 |
switchport trunk allowed vlan list
Router(config-if)# switchport trunk allowed vlan list |
Changes the allowed list for the specified VLANs. |
Step 8 |
switchport mode trunk
Router(config-if)# switchport mode trunk |
Specifies a trunking VLAN Layer 2 interface. |
Step 9 |
exit
Router(config-if)# exit |
Exits interface configuration mode. |
Step 10 |
interface vlan vlanid
Router(config)# interface vlan vlanid |
Creates a unique VLAN ID number and enters subinterface configuration mode. |
Step 11 |
xconnect peer-router-id vcid encapsulation mpls
Router(config-subif)# xconnect 10.0.0.1 123
encapsulation mpls
|
Binds the attachment circuit to a pseudowire VC. The syntax for this command is the same as for all other Layer 2 transports. |
The following configuration shows a mode trunk configuration.
CE1 Configuration
interface GigabitEthernet1/0
interface GigabitEthernet1/0.2
ip address 180.8.0.1 255.255.0.0
interface GigabitEthernet1/0.3
ip address 180.9.0.1 255.255.0.0
CE2 Configuration
interface GigabitEthernet4/0
interface GigabitEthernet4/0.2
ip address 180.8.0.2 255.255.0.0
interface GigabitEthernet4/0.3
ip address 180.9.0.2 255.255.0.0
PE1 Configuration
interface GigabitEthernet1/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-3
xconnect 11.11.11.11 2 encapsulstion mpls
xconnect 11.11.11.11 3 encapsulation mpls
PE2 Configuration
interface GigabitEthernet7/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-3
xconnect 13.13.13.13 2 encapsulation mpls
xconnect 13.13.13.13 3 encapsulation mpls
Configuring EoMPLS VLAN Mode for Supervisor Engine 720-Based System
To configure MPLS to transport Layer 2 VLAN packets between two endpoints in a supervisor engine 720-based system, perform the following steps on the provider edge (PE) routers.
Note
You must configure Ethernet over MPLS (VLAN mode) on the subinterfaces.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
vtp mode transparent
4.
interface gigabitethernetslot/interface.subinterface
5.
encapsulation dot1q vlan-id
6.
xconnect peer-router-id vcid encapsulation mpls
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
vtp mode transparent
Router(config)#vtp mode transparent |
Disables VLAN Trunking Protocol (VTP). |
Step 4 |
interface gigabitethernetslot/interface.subinterface
Router(config)# interface gigabitethernet4/0.1 |
Specifies the Gigabit Ethernet subinterface and enters subinterface configuration mode. Make sure the subinterface on the adjoining CE router is on the same VLAN as this PE router. |
Step 5 |
encapsulation dot1q vlan-id
Router(config-subif)# encapsulation dot1q 100 |
Enables the subinterface to accept 802.1Q VLAN packets. The subinterfaces between the CE and PE routers that are running Ethernet over MPLS must be in the same subnet. All other subinterfaces and backbone routers do not. |
Step 6 |
xconnect peer-router-id vcid encapsulation mpls
Router(config-subif)# xconnect 10.0.0.1 123
encapsulation mpls
|
Binds the attachment circuit to a pseudowire VC. The syntax for this command is the same as for all other Layer 2 transports. |
The following shows an example of a EoMPLS VLAN mode configuration:
Note
The IP address is configured on subinterfaces of the CE devices.
CE1 Configuration
interface GigabitEthernet1/0
interface GigabitEthernet1/0.2
ip address 180.8.0.1 255.255.0.0
interface GigabitEthernet1/0.3
ip address 180.9.0.1 255.255.0.0
CE2 Configuration
interface GigabitEthernet4/0
interface GigabitEthernet4/0.2
ip address 180.8.0.2 255.255.0.0
interface GigabitEthernet4/0.3
ip address 180.9.0.2 255.255.0.0
PE1 Configuration (OSM based)
interface GigabitEthernet1/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-3
xconnect 11.11.11.11 2 encapsulation mpls
xconnect 11.11.11.11 3 encapsulation mpls
PE2 Configuration (supervisor engine 720)
interface GigabitEthernet7/4
interface GigabitEthernet7/4.1
xconnect 13.13.13.13 2 encapsulation mpls
interface GigabitEthernet7/4.2
xconnect 13.13.13.13 3 encapsulation mpls
Ethernet over MPLS VLAN Mode Configuration Guidelines
When configuring Ethernet over MPLS in VLAN mode, use the following guidelines:
•
The AToM control word is supported. However, if the peer PE does not support a control word, the control word is disabled. This negotiation is done by LDP label binding.
•
Ethernet packets with hardware level cyclic redundancy check (CRC) errors, framing errors, and runt packets are discarded on input.
Verifying the Configuration
To verify and display the configuration of Layer 2 VLAN transport over MPLS tunnels, perform the following steps:
Step 1
To display a brief summary of IP status and configuration for all interfaces, issue the show vlan brief command. If the interface can provide two-way communication, the Protocol field is marked "up." If the interface hardware is usable, the Status field is marked "up."
---- -------------------------------- --------- -------------------------
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Step 2
To make sure the PE router endpoints have discovered each other, issue the show mpls ldp discovery command. When an PE router receives an LDP Hello message from another PE router, it considers that router and the specified label space to be "discovered."
Router# show mpls ldp discovery
osr1#show mpls ldp discovery
GE-WAN3/3 (ldp): xmit/recv
13.13.13.13 -> 11.11.11.11 (ldp): active/passive, xmit/recv
Step 3
To make sure the label distribution session has been established, issue the show mpls ldp neighbor command. The third line of the output shows that the state of the LDP session is operational and shows that messages are being sent and received.
Router# show mpls ldp neighbor
osr1#show mpls ldp neighbor
Peer LDP Ident: 12.12.12.12:0; Local LDP Ident 13.13.13.13:0
TCP connection: 12.12.12.12.646 - 13.13.13.13.11010
State: Oper; Msgs sent/rcvd: 1649/1640; Downstream
GE-WAN3/3, Src IP addr: 34.0.0.2
Addresses bound to peer LDP Ident:
23.2.1.14 37.0.0.2 12.12.12.12 34.0.0.2
Peer LDP Ident: 11.11.11.11:0; Local LDP Ident 13.13.13.13:0
TCP connection: 11.11.11.11.646 - 13.13.13.13.11013
State: Oper; Msgs sent/rcvd: 1650/1653; Downstream
Targeted Hello 13.13.13.13 -> 11.11.11.11, active, passive
Addresses bound to peer LDP Ident:
11.11.11.11 37.0.0.1 23.2.1.13
Step 4
To make sure the label forwarding table is built correctly, issue the show mpls forwarding-table command. The output shows the following data:
•
Local tag—Label assigned by this router.
•
Outgoing tag or VC—Label assigned by next hop.
•
Prefix or Tunnel Id—Address or tunnel to which packets with this label are going.
•
Bytes tag switched— Number of bytes switched out with this incoming label.
•
Outgoing interface—Interface through which packets with this label are sent.
•
Next Hop—IP address of neighbor that assigned the outgoing label.
Router# show mpls forwarding-table
osr1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Untagged 223.255.254.254/32 \
20 Untagged l2ckt(2) 133093 Vl2 point2point
21 Untagged l2ckt(3) 185497 Vl3 point2point
24 Pop tag 37.0.0.0/8 0 GE3/3 34.0.0.2
25 17 11.11.11.11/32 0 GE3/3 34.0.0.2
26 Pop tag 12.12.12.12/32 0 GE3/3 34.0.0.2
Step 5
To view the state of the currently routed VCs issue the show mpls l2transport vc command.
Router# show mpls l2transport vc
osr1#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
Vl2 Eth VLAN 2 11.11.11.11 2 UP
Vl3 Eth VLAN 3 11.11.11.11 3 UP
Step 6
Add the keyword detail to see detailed information about each VC.
Router# show mpls l2transport vc detail
osr1#show mpls l2transport vc detail
Local interface: Vl2 up, line protocol up, Eth VLAN 2 up
Destination address: 11.11.11.11, VC ID: 2, VC status: up
Tunnel label: 17, next hop 34.0.0.2
Output interface: GE3/3, imposed label stack {17 18}
Create time: 01:24:44, last status change time: 00:10:55
Signaling protocol: LDP, peer 11.11.11.11:0 up
MPLS VC labels: local 20, remote 18
Group ID: local 71, remote 89
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
packet totals: receive 1009, send 1019
byte totals: receive 133093, send 138089
packet drops: receive 0, send 0
Local interface: Vl3 up, line protocol up, Eth VLAN 3 up
Destination address: 11.11.11.11, VC ID: 3, VC status: up
Tunnel label: 17, next hop 34.0.0.2
Output interface: GE3/3, imposed label stack {17 19}
Create time: 01:24:38, last status change time: 00:10:55
Signaling protocol: LDP, peer 11.11.11.11:0 up
MPLS VC labels: local 21, remote 19
Group ID: local 72, remote 90
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
packet totals: receive 1406, send 1414
byte totals: receive 185497, send 191917
packet drops: receive 0, send 0
Configuring EoMPLS Port Mode for OSM-Based System
To support 802.1Q-in-802.1Q traffic and native Ethernet traffic over EoMPLS in an OSM-based system, configure port-based EoMPLS by performing these tasks:
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
vlan
4.
vlan dot1q tag native
5.
interface gigabitEthernet
6.
switchport
7.
switchport mode dot1qtunnel
8.
switchport access vlan
9.
exit
10.
interface vlan
11.
xconnect peer-router-id vcid encapsulation mpls
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
vlan {vlan-id | vlan-range}
Router (config)# vlan 2-3 |
Enter VLAN ID or range. |
Step 4 |
Router(config)# vlan dot1q tag native |
Enables dot1q tagging for all VLANs in a trunk. |
Step 5 |
interface gigabitEthernet Router(config)# interface gigabitEthernet |
Specifies the Layer 2 interface and enters interface configuration mode. |
Step 6 |
switchport
Router(config-if)# switchport |
Configures the port for switching. |
Step 7 |
switchport mode dot1qtunnel
Router(config-if)# switchport mode dot1qtunnel |
Set the trunking mode to tunneling. |
Step 8 |
switchport access vlan vlan_id
Router(config-if)# switchport access vlan 7 |
Configures the port to accept traffic from the specified VLAN. |
Step 9 |
exit
Router(config-if)# exit |
Exits interface configuration mode. |
Step 10 |
interface vlan vlanid
Router(config)# interface vlan vlanid |
Creates a unique VLAN ID number. |
Step 11 |
xconnect peer-router-id vcid encapsulation mpls
Router(config-subif)# xconnect 10.0.0.1 123
encapsulation mpls
|
Binds the attachment circuit to a pseudowire VC. The syntax for this command is the same as for all other Layer 2 transports. |
This example shows a port mode access configuration for untagged packets. It requires configuring the IP addresses on the main interface of the CE devices.
CE1 Configuration
interface GigabitEthernet1/0
ip address 180.8.0.1 255.255.0.0
CE 2 Configuration
interface GigabitEthernet4/0
ip address 180.8.0.2 255.255.0.0
PE1 Configuration
interface GigabitEthernet1/4
xconnect 11.11.11.11 2 encapsulation mpls
PE2 Configuration
interface GigabitEthernet7/4
xconnect 13.13.13.13 2 encapsulation mpls
This configuration shows a port mode dot1Q-tunneling configuration. You must configure subinterfaces on the CE devices for this configuration. There is a specific access VLAN for the packets.
CE1 Configuration
interface GigabitEthernet1/0
interface GigabitEthernet1/0.2
ip address 180.8.0.1 255.255.0.0
interface GigabitEthernet1/0.3
ip address 180.9.0.1 255.255.0.0
CE2 Configuration
interface GigabitEthernet4/0
interface GigabitEthernet4/0.2
ip address 180.8.0.2 255.255.0.0
interface GigabitEthernet4/0.3
ip address 180.9.0.2 255.255.0.0
PE1 Configuration
Note
This configuration requires vlan dot1q tag native.
interface GigabitEthernet1/4
switchport trunk encapsulation dot1q
switchport mode dot1q-tunnel
spanning-tree bpdufilter enable
xconnect 11.11.11.11 2 encapsulation mpls
PE2 Configuration
Note
This configuration requires vlan dot1q tag native.
interface GigabitEthernet7/4
switchport trunk encapsulation dot1q
switchport mode dot1q-tunnel
spanning-tree bpdufilter enable
xconnect 13.13.13.13 2 encapsulation mpls
Configuring EoMPLS Port Mode for Supervisor Engine 720-Based System
To support 802.1Q-in-802.1Q traffic and native Ethernet traffic over EoMPLS in a supervisor engine 720-based system, configure port-based EoMPLS by performing these tasks:
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
interface gigabitethernetx/x
4.
xconnect peer-router-id vcid encapsulation mpls
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface gigabitethernetslot/interface
Router(config-if)# interface gigabitethernet4/0 |
Specifies the Gigabit Ethernet interface. Make sure the interface on the adjoining CE router is on the same VLAN as this PE router. |
Step 4 |
xconnect peer-router-id vcid
encapsulation mpls
Router(config-subif)# xconnect 10.0.0.1
123 encapsulation mpls
|
Binds the attachment circuit to a pseudowire VC. The syntax for this command is the same as for all other Layer 2 transports. |
Note
When the underlying port of the VLAN is an access port or .1q in .1q tunnel, then you must use an OSM or Enhanced FlexWAN module to access the MPLS core similarly to the OSM configuration in the example below.
The following example provides provides two configurations for the CE devices: one where the IP address is configured on the main interface and another where the IP address is configured on the subinterface.
CE1 Configuration (main interface)
interface GigabitEthernet1/0
ip address 180.8.0.1 255.255.0.0
CE1 Configuration (subinterface)
interface GigabitEthernet1/0
interface GigabitEthernet1/0.2
ip address 180.8.0.1 255.255.0.0
interface GigabitEthernet1/0.3
ip address 180.9.0.1 255.255.0.0
CE2 Configuration (main interface)
interface GigabitEthernet4/0
ip address 180.8.0.2 255.255.0.0
CE2 Configuration (subinterface)
interface GigabitEthernet4/0
interface GigabitEthernet4/0.2
ip address 180.8.0.2 255.255.0.0
interface GigabitEthernet4/0.3
ip address 180.9.0.2 255.255.0.0
PE1 Configuration (OSM based)
interface GigabitEthernet1/4
switchport trunk encapsulation dot1q
switchport mode dot1q-tunnel
spanning-tree bpdufilter enable
xconnect 11.11.11.11 2 encapsulation mpls
PE2 Configuration (SUP720-3BXL)
interface GigabitEthernet7/4
xconnect 13.13.13.13 2 encapsulation mpls
Ethernet over MPLS Port Mode Configuration Guidelines
When configuring Ethernet over MPLS in port mode, use the following guidelines:
•
The AToM control word is supported. However, if the peer PE does not support a control word, the control word is disabled. This negotiation is done by LDP label binding.
•
Ethernet packets with hardware level cyclic redundancy check (CRC) errors, framing errors, and runt packets are discarded on input.
•
Port mode and Ethernet VLAN mode are mutually exclusive. If you enable a main interface for port-to-port transport, you cannot also enter commands on a subinterface.
Verifying the Configuration
To verify and display the configuration of Layer 2 VLAN transport over MPLS tunnels, perform the following steps:
Step 1
To display a brief summary of IP status and configuration for all interfaces, issue the show vlan brief command. If the interface can provide two-way communication, the Protocol field is marked "up." If the interface hardware is usable, the Status field is marked "up."
---- -------------------------------- --------- -------------------------------
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Step 2
To make sure the PE router endpoints have discovered each other, issue the show mpls ldp discovery command. When an PE router receives an LDP Hello message from another PE router, it considers that router and the specified label space to be "discovered."
Router# show mpls ldp discovery
osr1#show mpls ldp discovery
GE-WAN3/3 (ldp): xmit/recv
13.13.13.13 -> 11.11.11.11 (ldp): active/passive, xmit/recv
Step 3
To make sure the label distribution session has been established, issue the show mpls ldp neighbor command. The third line of the output shows that the state of the LDP session is operational and shows that messages are being sent and received.
Router# show mpls ldp neighbor
osr1#show mpls ldp neighbor
Peer LDP Ident: 12.12.12.12:0; Local LDP Ident 13.13.13.13:0
TCP connection: 12.12.12.12.646 - 13.13.13.13.11010
State: Oper; Msgs sent/rcvd: 1715/1706; Downstream
GE-WAN3/3, Src IP addr: 34.0.0.2
Addresses bound to peer LDP Ident:
23.2.1.14 37.0.0.2 12.12.12.12 34.0.0.2
Peer LDP Ident: 11.11.11.11:0; Local LDP Ident 13.13.13.13:0
TCP connection: 11.11.11.11.646 - 13.13.13.13.11013
State: Oper; Msgs sent/rcvd: 1724/1730; Downstream
Targeted Hello 13.13.13.13 -> 11.11.11.11, active, passive
Addresses bound to peer LDP Ident:
11.11.11.11 37.0.0.1 23.2.1.13
Step 4
To make sure the label forwarding table is built correctly, issue the show mpls forwarding-table command. The output shows the following data:
•
Local tag—Label assigned by this router.
•
Outgoing tag or VC—Label assigned by next hop.
•
Prefix or Tunnel Id—Address or tunnel to which packets with this label are going.
•
Bytes tag switched— Number of bytes switched out with this incoming label.
•
Outgoing interface—Interface through which packets with this label are sent.
•
Next Hop—IP address of neighbor that assigned the outgoing label.
Router# show mpls forwarding-table
osr1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Untagged 223.255.254.254/32 \
20 Untagged l2ckt(2) 55146580 Vl2 point2point
24 Pop tag 37.0.0.0/8 0 GE3/3 34.0.0.2
25 17 11.11.11.11/32 0 GE3/3 34.0.0.2
26 Pop tag 12.12.12.12/32 0 GE3/3 34.0.0.2
Step 5
To view the state of the currently routed VCs issue the show mpls l2transport vc command.
Router# show mpls l2transport vc
osr1#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
Vl2 Eth VLAN 2 11.11.11.11 2 UP
osr3#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
Gi7/4 Ethernet 13.13.13.13 2 UP
Step 6
Add the keyword detail to see detailed information about each VC.
Router# show mpls l2transport vc detail
osr1#show mpls l2transport vc detail
Local interface: Vl2 up, line protocol up, Eth VLAN 2 up
Destination address: 11.11.11.11, VC ID: 2, VC status: up
Tunnel label: 17, next hop 34.0.0.2
Output interface: GE3/3, imposed label stack {17 18}
Create time: 00:15:13, last status change time: 00:11:46
Signaling protocol: LDP, peer 11.11.11.11:0 up
MPLS VC labels: local 20, remote 18
Group ID: local 71, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
packet totals: receive 407857, send 407684
byte totals: receive 53827205, send 55444697
packet drops: receive 0, send 0
How to Configure QoS with AToM
The following QoS features are supported on AToM:
•
Marking on CE facing card—(imposition packets) with match criteria, match-dlci, match-any, or class-default.
Note
For Marking on CE facing card, match-dcli applies to the Enhanced FlexWAN module only.
•
Shaping on the core-facing card, with match exp, and match-any.
•
Shaping on the CE-facing card - (disposition packets) with match-any.
•
WRED on the core-facing card with match criteria, match-exp, or match-any
This section explains how to configure QoS with AToM and includes the following procedures:
•
How to Set Experimental Bits with AToM
•
Setting the Priority of Packets with EXP Bits
•
Enabling Traffic Shaping
How to Set Experimental Bits with AToM
MPLS AToM uses the three experimental bits in a label to determine the queue of packets. You statically set the experimental bits in both the VC label and the LSP tunnel label, because the LSP tunnel label might be removed at the penultimate router. The following sections explain the transport-specific implementations of the EXP bits.
Ethernet over MPLS and EXP Bits
Note
The information in this section is for OSM-based EoMPLS only. For information on PFC3BXL QoS, see http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/qos.html.
OSM-based EoMPLS supports the following QoS implementations:
•
VLAN interface policies
•
Core-facing interface policy
You apply a VLAN interface policy to an individual VLAN. You may configure a unique policy for each individual VLAN. Within a policy, you can classify on 802.1q P bits to set the MPLS experimental bits. You can also implement a single traffic shaper that applies to all traffic within the VLAN.
Note
Within a VLAN interface policy, only the shape average and set mpls experimental commands are supported. Within the shape average command, only the cir argument is valid for EoMPLS.
You apply a core-facing interface policy to the EoMPLS uplink interface. This policy applies to traffic from all VLANs. It does not distinguish between different VLANs. Within a policy, you can classify on MPLS experimental bits and configure the following features:
•
Class-based traffic shaping
•
Class-based weighted fair queuing (CBWFQ)
•
Low latency queuing (LLQ)
•
Weighted random early detection (WRED)
Note
You cannot use both VLAN interface policies and core-facing interface policies at the same time. If you configure QoS for OSM-based EoMPLS, you must select either VLAN interface policies or a core-facing interface policy.
For more information on VLAN interface policies, see "Setting the Priority of Packets with the Experimental Bits" section and "Enabling Traffic Shaping" section.
For more information on core-facing policies, see "Configuring MPLS QoS" section.
For more information on the commands used to enable Quality of Service, see the following documents:
•
Modular Quality of Service Command-Line Interface
•
Cisco IOS Quality of Service Solutions Command Reference, Release 12.2
Setting the Priority of Packets with the Experimental Bits
Ethernet over MPLS provides Quality of Service (QoS) using the three experimental bits in a label to determine the priority of packets. To support QoS between LERs, set the experimental bits in both the VC and tunnel labels. If you do not assign values to the experimental bits, the priority bits in the 802.1q header's "tag control information" field and are written into the experimental bit fields.
Perform the following steps to set the experimental bits:
|
|
|
Step 1 |
Router(config)# class-map
class-name
|
Specifies the user-defined name of the traffic class. |
Step 2 |
Router(config-cmap)# match
cos 0-7
|
Specifies that IEEE 802.1Q packets with the cos-values of 0-7 be matched. As an alternative, you can use the match any command. |
Step 3 |
Router(config-cmap)#
policy-map policy-name
|
Specifies the name of the traffic policy to configure. |
Step 4 |
Router(config-pmap)# class
class-name
|
Specifies the name of a predefined traffic class, which was configured with the class-map command, used to classify traffic to the traffic policy. |
Step 5 |
Router (config-pmap-c)# set
mpls experimental value
|
Designates the value to which the MPLS bits are set if the packets match the specified policy map. |
Step 6 |
Router(config)# interface
vlanvlan-number
|
Enters the VLAN interface. |
Step 7 |
Router(config-if)#
service-policy [input |
output] policy-name
|
Attaches a traffic policy to an interface. |
Note
You can enable traffic shaping and set experimental bits in the same policy-map.
Note
You can configure the service-policy for either the input or the output direction. However, the policy is always implemented on the core-facing OSM port and is applied only to the traffic leaving the core-facing OSM port.
Enabling Traffic Shaping
Traffic shaping limits the rate of transmission of data. Average rate shaping limits the transmission rate to the committed information rate (CIR). To add traffic shaping, issue the following commands:
|
|
|
Step 1 |
Router(config)# class-map
class-name
|
Specifies the user-defined name of the traffic class. |
Step 2 |
Router(config-cmap)# match
any
|
Specifies that all packets will be matched. (Using the class-default in the policy-map would have the same effect.) |
Step 3 |
Router(config-cmap)#
policy-map policy-name
|
Specifies the name of the traffic policy to configure. |
Step 4 |
Router(config-pmap)# class
class-name
|
Specifies the name of a predefined traffic class, which was configured with the class-map command, used to classify traffic to the traffic policy. |
Step 5 |
Router (config-pmap-c)# shape
average cir 1 2
|
Shapes traffic according to the bit rate you specify. |
Step 6 |
Router(config)# interface
vlanvlan-number
|
Enters the VLAN interface. |
Step 7 |
Router(config-if)#
service-policy [input |
output] policy-name
|
Assigns a traffic policy to an interface. |
The shape average rate is rounded to the nearest multiple of the link rate divided by 255. If the shape value is lower than the link rate divided by 255, it is rounded up to link rate divided by 255.
This example shows how the shape value is rounded:
shape average 2000000 8000 8000
class-map:any-pkt (match-all)
2018169 packets, 4575195376 bytes
30 second offered rate 295768000 bps, drop rate 0 bps
queue size 0, queue limit 0
packets input 40492, packet drops 1977677
tail/random drops 0, no buffer drops 0, other drops 1977677
shape:cir 2000000, Bc 8000, Be 8000
(shape parameter is rounded to 2439000 due to granularity)
input bytes 40847436, shape rate 1874000 bps
class-map:class-default (match-any)
30 second offered rate 0 bps, drop rate 0 bps
To display the traffic policy attached to an interface, issue the following command:
Router# show policy-map vlan50
service-policy input: badger
class-map: blue (match-all)
30 second offered rate 0 bps, drop rate 0 bps
queue size 0, queue limit 2
packets input 0, packet drops 0
tail/random drops 0, no buffer drops 0, other drops 0
shape: cir 2000000, Bc 8000, Be 8000
output bytes 0, shape rate 0 bps
class-map: class-default (match-any)
30 second offered rate 0 bps, drop rate 0 bps
30 second rate 0 bps
Setting the Priority of Packets with EXP Bits
Set the experimental bits in both the VC label and the LSP tunnel label. You set the experimental bits in the VC label, because the LSP tunnel label might be removed at the penultimate router.
Perform the following steps to set the experimental bits.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
class-map class-name
4.
match any
5.
policy-map policy-name
6.
class class-name
7.
set mpls experimental value
8.
interfaceslot/port
9.
service-policy input policy-name
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
Router(config)# class-map
jane
|
Specifies the user-defined name of the traffic class. |
Step 4 |
Router(config-cmap)# match
any
|
Specifies that all packets will be matched. In this release, use only the any keyword. Other keywords might cause unexpected results. |
Step 5 |
Router(config-cmap)#
policy-map doe
|
Specifies the name of the traffic policy to configure. |
Step 6 |
Router(config-pmap)# class
jane
|
Specifies the name of a predefined traffic class, which was configured with the class-map command, used to classify traffic to the traffic policy. |
Step 7 |
set mpls experimental value
Router(config-pmap-c)# set
mpls experimental 7
|
Designates the value to which the MPLS bits are set if the packets match the specified policy map. |
Step 8 |
Router(config)# interface
atm4/0
|
Enters the interface and enters interface configuration mode. |
Step 9 |
service-policy input
policy-name
Router(config-if)#
service-policy input doe
|
Attaches a traffic policy to an interface. |
Enabling Traffic Shaping
Traffic shaping limits the rate of transmission of data. Average rate shaping limits the transmission rate to the committed information rate (CIR). To add traffic shaping, issue the following commands:
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
class-map class-name
4.
match any
5.
policy-map policy-name
6.
class class-name
7.
shape average bit rate
8.
interfaceslot/port
9.
service-policy input policy-name
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
Router(config)# class-map
jane
|
Specifies the user-defined name of the traffic class. |
Step 4 |
Router(config-cmap)# match
any
|
Specifies that all packets will be matched. In this release, use only the any keyword. Other keywords might cause unexpected results. |
Step 5 |
Router(config-cmap)#
policy-map doe
|
Specifies the name of the traffic policy to configure. |
Step 6 |
Router(config-pmap)# class
jane
|
Specifies the name of a predefined traffic class, which was configured with the class-map command, used to classify traffic to the traffic policy. |
Step 7 |
Router(config-pmap-c)# shape
average 2000000 8000 8000
|
Shapes traffic according to the bit rate you specify. |
Step 8 |
Router(config)# interface
atm4/0
|
Enters the interface and enters interface configuration mode. |
Step 9 |
service-policy input
policy-name
Router(config-if)#
service-policy input doe
|
Attaches a traffic policy to an interface. |
Note
You can enable traffic shaping and set experimental bits in the same policy-map.
Note
EoMPLS VLAN Policing Exclusion—traffic on the EoMPLS uplink port is excluded from a VLAN-based ingress policer.
To display the traffic policy attached to an interface, use the show policy-map interface command.
EoMPLS QoS Example
If the egress MPLS tunnel is carried on an OSM WAN interface configured for fair queuing, the shape value is rounded to the nearest multiple of the link rate divided by 255. If the shape value is lower than the link rate divided by 255, it is rounded up to link rate divided by 255.
This example shows how the shape value is rounded:
shape average 2000000 8000 8000
class-map:any-pkt (match-all)
2018169 packets, 4575195376 bytes
30 second offered rate 295768000 bps, drop rate 0 bps
queue size 0, queue limit 0
packets input 40492, packet drops 1977677
tail/random drops 0, no buffer drops 0, other drops 1977677
shape:cir 2000000, Bc 8000, Be 8000
(shape parameter is rounded to 2439000 due to granularity)
input bytes 40847436, shape rate 1874000 bps
class-map:class-default (match-any)
30 second offered rate 0 bps, drop rate 0 bps
EoMPLS QoS Example—Displaying the Traffic Policy Assigned to an Interface
To display the traffic policy attached to an interface, issue the following command:
Router# show policy-map vlan50
service-policy input: badger
class-map: blue (match-all)
30 second offered rate 0 bps, drop rate 0 bps
queue size 0, queue limit 2
packets input 0, packet drops 0
tail/random drops 0, no buffer drops 0, other drops 0
shape: cir 2000000, Bc 8000, Be 8000
output bytes 0, shape rate 0 bps
class-map: class-default (match-any)
30 second offered rate 0 bps, drop rate 0 bps
EoMPLS QoS Example— Configuring QoS on VLAN
The following example show how to configure QoS on the VLAN.
shape average 2000000 8000 8000
mpls l2transport route 192.168.255.255 50
service-policy input badger
HQoS for EoMPLS Virtual Circuits
The Hierarchical Quality of Service (HQoS) for Ethernet over MPLS (EoMPLS) Virtual Circuits (VCs) feature enables hierarchical QoS services on WAN-based interfaces, allowing service providers to classify the traffic in customer EoMPLS networks before it is forwarded into the core network. This gives users of Cisco 7600 series routers greater flexibility in providing QoS services to specific customers in their EoMPLS networks.
The HQoS for EoMPLS VCs feature allows you to classify EoMPLS networks in the following ways:
•
Match on the VLAN ID that the packet contained when it was originally received at the input interface. You can match a single VLAN ID, a range of VLAN IDs, or a combination of the two, allowing you to match all or part of an EoMPLS network.
•
Match on a QoS group value that is set to the same value of the IP precedence or CoS bits that are received with the packet at the input interface.
The use of hierarchical policy maps can simplify the configuration of the router, because the same child policy map can be used in multiple parent maps. You can also match multiple VLANs with one class map, as opposed to having separate class maps for each VLAN.
The HQoS for EoMPLS VCs feature does not require any upgrades to the customer-facing interfaces, because the HQoS policy map is applied to the WAN interface, allowing the customer-facing interfaces to be standard Ethernet interfaces.
Prerequisites for the HQoS for EoMPLS VCs Feature
•
You must enable QoS on the router before using HQoS. To enable QoS globally on the router, use the mls qos command in global configuration mode. To enable QoS on an individual interface, use the mls qos interface configuration command. In addition, the mls trust command must be configured on the CE facing PE interfaces.
Restrictions for the HQoS for EoMPLS VCs Feature
The following section lists restrictions for the HQoS for EoMPLS VCs feature. Other restrictions may also apply to QoS services in general, depending on the supervisor module and line cards being used.
Note
The HQoS for EoMPLS VCs feature is supported only on PXF- based QoS configured on switched virtual interfaces (SVIs).
•
If a policy contains a class map with a match input vlan command, you cannot attach that policy map to an interface if you have already attached a service policy to a VLAN interface (a logical interface that has been created with the interface vlan command).
Note
This restriction means that match input vlan configurations and interface vlan configurations are mutually exclusive.
•
The HQoS for EoMPLS VCs feature is supported only for output (egress) interfaces (policy maps must be attached to the interface using the service-policy output command).
•
The HQoS for EoMPLS VCs feature supports only point-to-point VCs, not point-to-multipoint VCs.
•
If the parent class contains a class map with a match input vlan command, you cannot use a match exp command in a child policy map.
•
You cannot attach a child policy map to the parent class default.
•
Child and parent policy maps do not support any marking, such as the match ip dscp and set commands.
•
The HQoS for EoMPLS VCs feature does not support multiple levels of parent and child policy map nesting. Each parent policy map supports only one level of nesting. In other words, a traffic class in a parent policy map can have a maximum of one child policy map, and child policy maps cannot have their own child policy maps.
Note
You can mix flat traffic classes (that do not refer to child policy maps) and hierarchical traffic classes (that do refer to child policy maps) in the same HQoS parent policy maps.
•
You cannot apply both HQoS output policy on a main interface (using the service-policy output command) and an output policy (service-policy output command) on a subinterface of that same interface. If you attempt to do so, then attaching the HQoS output policy fails with the following error message:
Attaching service policy to main and sub-interface concurrently is not allowed
•
Policy maps can contain a maximum of 255 class maps.
•
Child policy maps support only strict priority (the priority command without any options). Parent policy maps do not support any form of the priority command.
•
When using both the priority and police commands in more than one class in a child priority map, you must configure the commands in the following order:
–
In the first class to be configured on the priority map, specify the priority command first, and then the police command.
–
In the second and any additional classes to be configured on the priority map, specify the police command first, and then the priority command.
–
The police cir command is supported only on OSM interfaces.
Note
The priority command can be configured only with the police command. You cannot use priority together with any forms of the bandwidth or shape commands.
•
Class maps that use the match input vlan command support only the match-any option. You cannot use the match-all option in class maps that use the match input vlan command.
•
Classes using the the match input vlan command should always be placed first in the policy maps, before any classes that use flat policies.
•
Parent policy maps do not support the fair-queue command. Also, the fair-queue command is not supported for OSM interfaces.
•
You must use class-default for the input service policy on a CE-PE interface that uses the qos-group command to set CoS or IP-Precedence.
•
Service policies cannot be attached to subinterfaces for OSM interfaces.
•
OSM interfaces support only the shape average command. Other forms of the shape command are not supported on OSM interfaces.
•
The bandwidth remaining precent command is not supported on any OSM interfaces. However, the following OSMs support the bandwidth command in a parent class under a hierarchical policy map:
–
OSM-2+4GE-WAN-GBIC+
Note
For the bandwidth command, the minimum rate and the granularity are 1/255 of the bandwidth.
Note
For additional prerequisites and restrictions for HQoS in general, see the section "Configuring Hierarchical Traffic Shaping" at "Configuring Hierarchical Traffic Shaping" section.
Supported Features
The HQoS for EoMPLS VCs feature supports the following commands on the class maps and policy maps for output interfaces.
The following are supported on parent policy maps:
•
bandwidth—Egress class-based weighted fair queuing (CBWFQ) supported on parent policy maps on OSM-2+4GE-WAN-GBIC+ interfaces.
•
shape average—Egress shaping
The following are supported on child policy maps:
•
bandwidth—Egress class-based weighted fair queuing (CBWFQ)
•
priority—Egress low latency queuing (LLQ) (Only strict priority is supported on child maps and on OSMs.)
Note
Strict priority is supported for OSM-2+4GE-WAN-GBIC+ interfaces only.
•
queue-limit—Queue throttling
•
random-detect—Egress weighted random early detection (WRED)
•
shape average—Egress shaping
Related Commands
Do not confuse the match input vlan command with the match vlan command, which is also a class-map configuration command.
•
The match vlan command matches the VLAN ID on packets for the particular interface at which the policy map is applied. Policy maps using the match vlan command can be applied to either ingress or egress interfaces on the router, using the service-policy {input | output} command.
•
The match input vlan command matches the VLAN ID that was on packets when they were received on the ingress interface on the router. Policy maps using the match input vlan command must be applied to egress interfaces on the router, using the service-policy output command.
The match input vlan command can also be confused with the match input-interface vlan command, which matches packets being received on a logical VLAN interface that is used for inter-VLAN routing.
Tip
Because class maps also support the match input-interface command, you cannot abbreviate the input keyword when giving the match input vlan command.
Configuring the HQoS for EoMPLS VCs Feature
To use a hierarchical QoS policy map for EoMPLS traffic, you must perform the following tasks. (All tasks are required.)
•
Apply a policy map to the input interface to set the QoS group value on incoming packets. See the "Creating and Assigning a Policy Map to Mark the QoS Group at the Incoming Interface" section.
•
Create class maps that match packets on the basis of their QoS group values. See the "Configuring the Class Map to Match on a QoS Group" section.
•
Create a child policy map that uses these class maps. See the "Creating the Child Policy Map for the Egress Interface" section.
•
Create class maps that match packets on the basis of their input VLAN IDs. See the "Configuring the Class Maps for Matching on an Input VLAN" section.
•
Create a parent policy map and apply it to the output interface. See the "Creating the Parent Policy Map and Attaching It to the Egress Interface" section.
Note
For more information about hierarchical traffic shaping, see the section "Configuring Hierarchical Traffic Shaping" at "Configuring Hierarchical Traffic Shaping" section.
Creating and Assigning a Policy Map to Mark the QoS Group at the Incoming Interface
To be able to classify traffic on a QoS group, you must first create a policy map that marks incoming packets with the desired QoS group value. You can set the QoS group value to the value of either the IP precedence bits or 802.1P CoS bits of the incoming packets. You then must assign that policy map to the incoming interface (which must be a Layer 2 LAN interface). To perform these tasks, use the following procedure.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
policy-map policy-map-name
4.
description string
5.
class class-default
6.
set qos-group {cos | ip-precedence}
7.
interface if-type {slot/port | slot/subslot/port}
8.
service-policy input policy-map-name
9.
end
10.
show policy-map
show policy-map policy-map-name [class class-map]
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
policy-map policy-map-name
Router(config)# policy-map cos-to-qosgrp-pmap |
Creates a policy map with the specified name and enters policy-map configuration mode. • policy-map-name—Name of the policy map. The name must be a unique string of up to 40 alphanumeric characters. |
Step 4 |
description string
Router(config-pmap)# description Sets QoS group to 802.1P CoS of incoming packets |
(Optional) Arbitrary string, up to 200 characters long, that describes this policy map. |
Step 5 |
class class-default
Router(config-pmap)# class class-default |
Specifies the default class to be used for traffic with this policy, and enters policy-map class configuration mode. |
Step 6 |
set qos-group {cos | ip-precedence}
Router(config-pmap-c)# set qos-group cos |
Sets a quality of service (QoS) group identifier (ID) that can be used later to classify packets. • cos—Sets the packet's QoS group value to the same value as the packet's original 802.1P Class of Service (CoS) bits. • ip-precedence—Sets the packet's QoS group value to the same value as the packet's original IP precedence bits. Note The set qos-group command also supports setting the QoS group to an arbitrary value from 0 to 99, but this configuration is not supported when using the HQoS for EoMPLS VCs feature. This command also supports the option of specifying a table map, but the HQoS for EoMPLS VCs feature does not support this option, because it always uses the default mappings. |
Step 7 |
interface if-type {slot/port | slot/subslot/port}
Router(config-pmap-c)# interface GigabitEthernet 5/2 |
Enters interface configuration mode for the incoming interface. Note This interface must be a Layer 2 LAN interface. It cannot be a Layer 3 WAN interface. |
Step 8 |
service-policy input policy-map-name
Router(config-if)# service-policy input cos-to-qosgrp-pmap |
Attaches the specified policy map to the interface for input (ingress) traffic. • policy-map-name—Name of the policy map that was created in Step 3. |
|
Note Repeat Step 7 and Step 8 for each interface that should be marking the QoS group value on incoming traffic. |
Step 9 |
show policy-map show policy-map policy-map-name [class class-map]
Router# show policy-map cos-to-qosgrp-pmap |
(Optional) Displays the configured class map to verify the configuration. To display all policy maps, enter the command without any options. To display a specific policy map, specify its name on the command line. You can also display a specific class that is part of a specific policy map by adding the class option. |
The following policy map sets the QoS group value to match the CoS value of the incoming packets. The policy map is then assigned to two interfaces:
policy-map cos-to-qosgroup-pmap
service-policy input cos-to-qosgroup-pmap
service-policy input cos-to-qosgroup-pmap
What to Do Next
After attaching the policy map to the input interface, create the class map to match on the QoS group value at the egress (outgoing) interface. See the "Configuring the Class Map to Match on a QoS Group" section for details.
Configuring the Class Map to Match on a QoS Group
To be able to match EoMPLS traffic using QoS groups, you must create class maps to match traffic on the basis of the QoS group value at the egress (outgoing) interface. To create these class maps, use the following procedure.
Prerequisites
•
You must create policy maps that contain class maps that use the set qos-group command to mark incoming packets with the desired QoS group values. Then attach those policy maps to the input interfaces that are receiving the incoming traffic. See the "Creating and Assigning a Policy Map to Mark the QoS Group at the Incoming Interface" section.
•
Input interfaces must also be configured with mls trust.
Restrictions
•
A policy map that refers to a class map that uses the match qos-group command cannot have other class maps that match on the following commands:
–
match ip prec match
–
match mpls exp
•
The allowable range of values for QoS groups is from 0 to 99. The only valid values for EoMPLS traffic are from 0 to 7. This is because the QoS group value is set to the IP precedence or CoS fields in the incoming packets, and both of these fields are only 3-bit values that can range from 0 to 7.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
class-map [match-all | match-any] class-map-name
4.
match qos-group qos-group-value
5.
end
6.
show class-map class-map-name
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
class-map [match-all | match-any] class-map-name
Router(config)# class-map group4 |
Creates a class map and enters class-map configuration mode. • match-all—(Optional) All match criteria must be matched for a packet to be matched by this class map. This is the default if no option is specified. • match-any—(Optional) Only one match criterion must be matched for a packet to be matched by this class map. • class-map-name—Arbitrary string that identifies this class map. |
Step 4 |
match qos-group qos-group-value
Router(config-cmap)# match qos-group 4 |
Matches packets with the specified QoS group marking. • qos-group-value—Specifies the QoS group value to be matched. The allowable range is from 0 to 99, but for EoMPLS traffic, the only valid values are from 0 to 7, because the QoS group value is set to the value of the IP precedence or CoS bits in the incoming packets. |
Step 5 |
end
Router(config-cmap)# end |
Exits class-map configuration mode and returns to privileged EXEC mode. |
Step 6 |
show class-map class-map-name
Router# show class-map group4 |
(Optional) Displays the configured class map to verify the configuration. |
The following example configuration shows all of the class maps that are allowed for matching on QoS groups for EoMPLS traffic.
class-map match-all group0
class-map match-all group1
class-map match-all group2
class-map match-all group3
class-map match-all group4
class-map match-all group5
class-map match-all group6
class-map match-all group7
What to Do Next
After creating all of the desired class maps, you must include them in a child policy map. See the next section, "Creating the Child Policy Map for the Egress Interface," for more information.
Creating the Child Policy Map for the Egress Interface
A hierarchical policy map is identical to the flat policy maps that were supported in earlier Cisco IOS software releases, except that at least one of the traffic class maps in the parent policy map refers to a child policy map. You must create the child policy maps before creating the parent policy maps.
To create a child policy map, use the following procedure. Repeat as needed to create the desired number of child policy maps.
Tip
Different parent policy maps can use the same child policy maps, if desired.
Prerequisites
•
You must first create the class maps to be used by this policy map. See the "Configuring the Class Map to Match on a QoS Group" section.
Restrictions
Child policy maps for EoMPLS traffic have the following restrictions:
•
The set command is not supported on the child policy map.
•
Child policy maps support only strict priority (the priority command without any options). Parent policy maps do not support any form of the priority command.
•
When using both the priority and police commands in more than one class in a priority map, you must configure the commands in the following order:
–
In the first class to be configured on the priority map, specify the priority command first, and then the police command.
–
In the second and any additional classes to be configured on the priority map, specify the police command first, and then the priority command.
•
You cannot use the service-policy child-pmap-name command in child policy maps, because multi-level nesting is not supported for HQoS for EoMPLS VCs policy maps.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
policy-map child-pmap-name
4.
description string
5.
class {class-map-name | class-default}
Note
Each class action below must be preceded by a class command.
6.
shape {average} mean-rate
7.
class {class-map-name | class-default}
8.
priority
9.
police bps [burst-normal] [burst-max] conform-action action exceed-action action [violate-action action]
10.
class {class-map-name | class-default}
11.
bandwidth {bandwidth-kbps | remaining percent percentage | percent percentage}
12.
end
13.
show policy-map child-pmap-name
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
policy-map child-pmap-name
Router(config)# policy-map child-pmap-name |
Creates a policy map with the specified name, for use as a child policy map, and enters policy-map configuration mode. • child-pmap-name—Name of the child policy map. The name must be a unique string of up to 40 alphanumeric characters. |
Step 4 |
description string
Router(config-pmap)# description Child policy map for input VLAN parent class |
(Optional) Arbitrary string, up to 200 characters long, that describes this policy map. |
Step 5 |
class {class-map-name | class-default}
Router(config-pmap)# class qosgroup4 Router(config-pmap-c)# or Router(config-pmap)# class class-default |
Specifies the name of a class map that should be used with this policy, and enters policy-map class configuration mode. • class-map-name—Name of the class map to be used. This should be a class map that was created using the class-map command in previous configuration tasks. • class-default—Specifies the default class that should be used for this policy for unclassified traffic that does not match the other class maps for this policy. |
Step 6 |
shape {average} mean-rate
Router(config-pmap-c)# shape average 10000000 |
(Optional) Shapes the traffic in this class by the limits specified. • average—Limits traffic to the maximum bit rate that is specified by the mean-rate parameter. • mean-rate—Maximum number of bits to transmitted, in bits per second. Also called the Committed Information Rate (CIR). The valid range is from 8000 to 4,000,000,000 bits per second, with no default. |
Step 7 |
class {class-map-name | class-default}
Router(config-pmap)# class qosgroup5 or Router(config-pmap)# class class-default |
Specifies the name of a class map that should be used with this policy, and enters policy-map class configuration mode. • class-map-name—Name of the class map to be used. This should be a class map that was created using the class-map command in previous configuration tasks. • class-default—Specifies the default class that should be used for this policy for unclassified traffic that does not match the other class maps for this policy. |
Step 8 |
priority
Router(config-pmap-c)# priority |
(Optional) Specifies that traffic in this class is priority traffic. Note You cannot configure both the shape and the priority commands in the same class. |
|
Note When using both the priority and police commands in a class, you must configure them in the following order: In the first class to be configured on the priority map, specify the priority command first, and then the police command. In the second and any additional classes to be configured on the priority map, specify the police command first, and then the priority command. |
Step 9 |
police bps [burst-normal] [burst-max] conform-action action exceed-action action [violate-action action]
Router(config-pmap-c)# police 8000 1000 conform-action transmit exceed-action drop |
(Optional) Specifies the policing policy that should be used for traffic in this class. • bps—Average rate in bits per second. The valid range is from 8,000 to 200,000,000. • burst-normal—(Optional) The normal maximum burst size in bytes. The valid range is from 1,000 to 51,200,000 bytes, with a default value of 1,500 bytes. • burst-max—(Optional) Excess burst size in bytes. The valid range is from 1,000 to 51,200,000. • conform-action—Specifies the action to take for packets that are within the specified rate limit. • exceed-action—Specifies the action to take for packets that exceed the specified rate limit. • violate-action—(Optional) Specifies the action to take for packets that violate the normal and maximum burst sizes. • action—Action to be taken for the specified condition. The most common values are drop (drop the packet) or transmit (transmits the packet without change). Additional values are possible for setting different class of service (CoS) parameters. |
Step 10 |
class {class-map-name | class-default}
Router(config-pmap)# class qosgroup6 or Router(config-pmap)# class class-default |
Specifies the name of a class map that should be used with this policy, and enters policy-map class configuration mode. • class-map-name—Name of the class map to be used. This should be a class map that was created using the class-map command in previous configuration tasks. • class-default—Specifies the default class that should be used for this policy for unclassified traffic that does not match the other class maps for this policy. |
Step 11 |
bandwidth {bandwidth-kbps | remaining percent percentage | percent percentage}
Router(config-pmap-c)# bandwidth percent 50 |
(Optional) Specifies the bandwidth that is allowed for traffic in this class. • bandwidth-kbps—Amount of bandwidth, in kbps, to be assigned to the class. The valid range is from 1 to 2,000,000, but the allowable values vary according to the interface and platform in use. • remaining percent—Amount of guaranteed bandwidth, based on a relative percent of available bandwidth. The valid range for percentage is from 1 to 100. • percent—Amount of guaranteed bandwidth, based on an absolute percent of available bandwidth. The valid range for percentage is from 1 to 100. |
|
Note Repeat Step 10 through Step 11 for each class to be used in this child policy map. |
Step 12 |
end
Router(config-pmap-c)# end |
Exits policy-map class configuration mode and returns to privileged EXEC mode. |
Step 13 |
show policy-map show policy-map child-pmap-name [class class-map]
Router# show policy-map child-policy1 (command output) |
(Optional) Displays the configured policy map to verify the configuration. To display all policy maps, enter the command without any options. To display a specific policy map, specify its name on the command line. You can also display a specific class that is part of a specific policy map by adding the class option. |
The following sample configuration shows a typical child policy map that refers to two of the QoS group class maps that were defined in the "Configuring the Class Map to Match on a QoS Group" section.
! Class for QoS Group 3 performs LLQ
police 20000000 625000 625000 conform-action transmit exceed-action drop
! Class for QoS Group 4 performs CBWFQ when bandwidth usage is at 30 percent
Note
When using both the priority and police commands in a class, you must configure them in the following order: In the first class to be configured on the priority map, specify the priority command first, and then the police command. In the second and any additional classes to be configured on the priority map, specify the police command first, and then the priority command.
What to Do Next
After creating the child policy map, you must create the parent policy map. See the "Creating the Parent Policy Map and Attaching It to the Egress Interface" section for details.
Configuring the Class Maps for Matching on an Input VLAN
To match EoMPLS packets that are tagged with one or more specific VLAN IDs, you must create a class map that matches on those VLAN IDs. To do this, use the following procedure.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
class-map match-any class-map-name
4.
match input vlan input-vlan-list
5.
end
6.
show class-map class-map-name
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
class-map match-any class-map-name
Router(config)# class-map vlan-map |
Creates a class map and enters class-map configuration mode. • class-map-name—Arbitrary string that identifies this class map. Note Class maps that use the match input vlan command support only the match-any option. You cannot use the match-all option in these class maps. |
Step 4 |
match input vlan input-vlan-list
Router(config-cmap)# match input vlan 10 20 30 100-1999 |
Matches packets that are tagged with a VLAN ID specified in the input-vlan-list, which can be one or both of the following: • Single VLAN IDs, separated by spaces. The valid range is 0 to 4094. • One or more ranges of VLAN IDs, separated by spaces. The allowable values are between 0 and 4094. Note Repeat this command, if desired, to specify additional VLANs. If you use multiple match input vlan commands, be sure to use the match-any keyword in Step 3 so that the class map can match on any of the VLAN IDs. |
Step 5 |
end
Router(config-cmap)# end |
Exits class-map configuration mode and returns to privileged EXEC mode. |
Step 6 |
show class-map class-map-name
Router# show class-map vlan-map |
(Optional) Displays the configured class map to verify the configuration. |
The following configuration example shows a number of class maps that match either one specific VLAN ID, or a range of VLAN IDs. The last class map matches all valid VLAN IDs.
class-map match-any vlan1
class-map match-any vlan2
class-map match-any vlan3
class-map match-any vlan4
class-map match-any vlans1-4
class-map match-any vlans-all
The following sample configuration shows multiple match input vlan commands being used in the traffic class map.
class-map match-any vlans-even
match input vlan 102 104 106 108
match input vlan 202 204 206 208
What to Do Next
After creating all desired class maps, you must then create the parent policy map and assign it to the egress interface. See the next section, ""Creating the Parent Policy Map and Attaching It to the Egress Interface" section," for details.
Creating the Parent Policy Map and Attaching It to the Egress Interface
After creating the class maps and child policy maps, you must create a parent policy map and attach it to the appropriate egress (output) interface. To create and attach a parent policy map, use the following procedure. Repeat as needed to create the desired number of parent policy maps.
Prerequisites
Create at least one child policy map to be used in this parent policy map. See the "Creating the Child Policy Map for the Egress Interface" section for details. (Different parent policies can use the same child policy maps, if desired.)
Restrictions
Parent policy maps have the following restrictions:
•
You cannot attach a policy with the match input vlan command to an interface if you have already attached a service policy to its VLAN interface (a logical interface that has been created with the interface vlan command). If you attempt to do so, you must then remove both types of policy maps from all interfaces, and then reattach only one type of policy map to the interfaces.
•
The priority and fair-queue commands are not supported in parent policy maps.
•
Only the shape command and the bandwidth command are supported in parent classes; other actions are not supported.
•
The bandwidth command is supported on parent policy maps only on OC-3 and OC-12 POS OSM interfaces, and on OSM-2+4GE-WAN-GBIC+ interfaces.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
policy-map parent-pmap-name
4.
description string
5.
class {class-map-name}
6.
shape {average | peak} mean-rate [Bc [Be]]
7.
bandwidth {bandwidth-kbps | percent percentage}
8.
service-policy child-pmap-name
9.
interface if-type {slot/port | slot/subslot/port}
10.
service-policy output parent-pmap-name
11.
end
12.
show policy-map parent-pmap-name
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
policy-map parent-pmap-name
Router(config)# policy-map parent-policy1 |
Creates a policy map with the specified name, for use as a parent policy map, and enters policy-map configuration mode. • parent-pmap-name—Name of the parent policy map. The name must be a unique string of up to 40 alphanumeric characters. |
Step 4 |
description string
Router(config-pmap)# description Parent Policy Map |
(Optional) Arbitrary string, up to 200 characters long, that describes this policy map. |
Step 5 |
class {class-map-name}
Router(config-pmap)# class vlan100 or Router(config-pmap)# class class-default |
Specifies the name of a class-map that should be used with this policy, and enters policy-map class configuration mode. • class-map-name—Name of the class map to be used. This should be a class map that was created using the class-map command in the "Configuring the Class Maps for Matching on an Input VLAN" section. |
Step 6 |
shape {average} mean-rate]
Router(config-pmap-c)# shape average 10000000 |
(Optional) Shapes the traffic in this class by the limits specified. • average—Limits traffic to the maximum bit rate that is specified by the mean-rate parameter. • mean-rate—Maximum number of bits to transmitted, in bits per second. Also called the Committed Information Rate (CIR). The valid range is from 8,000 to 4,000,000,000 bits per second, with no default. |
Step 7 |
bandwidth {bandwidth-kbps | percent percentage}
Router(config-pmap-c)# bandwidth percent 50 |
(Optional) Specifies the bandwidth that is allowed for traffic in this class. • bandwidth-kbps—Amount of bandwidth, in kbps, to be assigned to the class. The valid range is from 1 to 2,000,000, but the allowable values vary according to the interface and platform in use. • percent—Amount of guaranteed bandwidth, based on an absolute percent of available bandwidth. The valid range for percentage is from 1 to 100. |
Step 8 |
service-policy child-pmap-name
Router(config-pmap-c)# service-policy child-pmap-name |
Specifies a child policy map that should be applied to the traffic in this class: • child-pmap-name—Name of a child policy map that was created previously in the "Creating the Child Policy Map for the Egress Interface" section. (The child policy map cannot be another parent policy map—that is, it cannot be a policy map that also uses the service-policy command.) |
|
Note Repeat Step 5 through Step 8 for each class to be used to match VLANs in this parent policy map. |
Step 9 |
interface if-type {slot/port | slot/subslot/port}]
Router(config)# interface ge-wan 5/2 |
Enters interface configuration mode for the specified interface. |
Step 10 |
service-policy output parent-pmap-name
Router(config-pmap)# service-policy output parent-policy1 |
Attaches the specified parent policy map to the interface for outgoing traffic. • parent-pmap-name—Name of the policy map that was created in Step 3. |
Step 11 |
end
Router(config-pmap-c)# end |
Exits policy-map class configuration mode and returns to privileged EXEC mode. |
Step 12 |
show policy-map show policy-map parent-pmap-name [class class-map]
Router# show policy-map vlan-map |
(Optional) Displays the configured policy map to verify the configuration. To display all policy maps, enter the command without any options. To display a specific policy map, specify its name on the command line. You can also display a specific class that is part of a specific policy map by adding the class option. |
The following sample configuration shows a parent policy map that shapes all of the traffic for three VLANs to specific maximum values. Each class in the parent policy map also specifies a child policy map that further shapes the VLAN traffic on the basis of each packet's QoS group value.
! Class maps to match on QoS groups (to be used in child policy map)
class-map match-all qosgroup0
class-map match-all qosgroup1
class-map match-all qosgroup2
class-map match-all qosgroup3
class-map match-all qosgroup4
class-map match-all qosgroup5
class-map match-all qosgroup6
class-map match-all qosgroup7
! Class maps to match on input vlan IDs (to be used in parent policy map)
class-map match-all vlan101
class-map match-all vlan102
class-map match-all vlan103
description Child policy map to shape on the basis of the QoS group values
description Parent pmap that shapes traffic for individual VLANs
service-policy child-pmap
service-policy child-pmap
service-policy child-pmap
Configuration Examples for the HQoS for EoMPLS VCs Feature
This section contains the following sample configurations for the HQoS for EoMPLS VCs feature:
•
Simple Hierarchical Configuration Example
•
Complete Hierarchical QoS Example
•
Multiple Parent Policies Using the Same Child Policy Example
•
Common Class-Map Templates Example
Simple Hierarchical Configuration Example
The following example shows a simple hierarchical QoS configuration with one parent policy and one child policy. This configuration performs the following:
•
The parent policy shapes all outgoing traffic for VLAN 101 on the GE7/1 interface to a total maximum of 90 Mbps.
•
The child policy performs LLQ on the VLAN 101 traffic that has the QoS group set to 1, giving it 10 percent of the bandwidth.
•
The child policy allocates 10 percent of the bandwidth of the VLAN 101 traffic that has the QoS group set to 2.
•
The child policy performs WRED on the remaining VLAN 101 traffic.
class-map match-any vlan101
class-map match-all qos-group2
match mpls experimental topmost 2
shape average 90000000 360000 360000
service-policy child-pmap
interface GigabitEthernet 7/1
service-policy output vlan101-pmap
Complete Hierarchical QoS Example
The following example shows a hierarchical QoS configuration with one parent policy map and two child policy maps. This configuration performs the following:
•
The input interface (Gigabit Ethernet 2/2) uses the cos-to-qosgroup-pmap policy map to set the QoS group value of incoming packets to match the packets' original 802.1P CoS values.
•
The parent policy map shapes traffic for VLAN 101 and 102 to different bandwidths, and applies separate child policy maps to each. The rest of the traffic on the interface is shaped and made subject to the random-detect method.
•
The child policy map for VLAN 101 allocates different bandwidth to traffic for QoS groups 1 and 2, and transmits all other traffic on that VLAN unchanged (subject to the parent policy map's bandwidth limitations).
•
The child policy map for VLAN 102 marks traffic with QoS group set to 2 as priority traffic, and limits all other traffic to 40 percent of the bandwidth (subject to the parent policy map's bandwidth limitations).
•
The outgoing interface (POS 8/7) attaches the parent policy map (vlan-parent) for outgoing traffic.
class-map match-any vlan101
class-map match-any vlan102
class-map match-all group1
class-map match-all group2
policy-map cos-to-qosgroup-pmap
description top-level parent policy map
shape average 50000000 200000 200000
shape average 100000000 400000 400000
shape average 50000000 200000 200000
description child-level policy map for VLAN 101
description child-level policy map for VLAN 102
! Customer-facing interface - the cos-to-qosgroup-pmap policy map sets the
! packet's QoS group value to match the customer's original CoS values.
interface GigabitEthernet2/2
description Customer-facing interface
ip address 192.168.100.13 255.255.255.0
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 101-1000,1002-1005
service-policy input cos-to-qosgroup-pmap
description Network-Facing OSM POS
ip address 10.11.0.5 255.255.255.0
service-policy output vlan-parent
Multiple Parent Policies Using the Same Child Policy Example
This excerpt from a sample configuration file shows several parent policy maps using the same child map.
! You can enable QoS globally or per-interface
class-map match-all group1
class-map match-all group2
class-map match-any vlan101
class-map match-any vlan102
class-map match-any vlan103
class-map match-all exp-3
match mpls experimental topmost 3
service-policy child-pmap
service-policy child-pmap
service-policy child-pmap
Common Class-Map Templates Example
This excerpt from a configuration file gives some common templates for class maps that can be used with your own policy maps.
! You can enable QoS globally or per-interface
! Class Maps to Match on IP Precedence Bits
class-map match-any prec0
class-map match-any prec1
class-map match-any prec2
class-map match-any prec3
class-map match-any prec4
class-map match-any prec5
class-map match-any prec6
class-map match-any prec7
! Matches all non-priority precedence values
class-map match-any prec0-4
match ip precedence 0 1 2 3 4
! Class-Maps to Match on QoS Groups
class-map match-all group0
class-map match-all group1
class-map match-all group2
class-map match-all group3
class-map match-all group4
class-map match-all group5
class-map match-all group6
class-map match-all group7
! Class Maps to Match on MPLS EXP Bits
match mpls experimental topmost 0
match mpls experimental topmost 1
match mpls experimental topmost 2
match mpls experimental topmost 3
match mpls experimental topmost 4
match mpls experimental topmost 5
match mpls experimental topmost 6
match mpls experimental topmost 7
class-map match-all exp1-4
match mpls experimental topmost 1 2 3 4
! Sample Class-MapS to Match on VLAN
! Copy and Change the VLAN Number as Desired
class-map match-any vlan101
class-map match-any vlan102
class-map match-any vlan103
class-map match-any vlan104
class-map match-any vlans101-104
AToM Load Balancing
Load-balancing allows a router to take advantage of multiple best paths to a given destination. By default most AToM modes (except Supervisor Engine 720-based EoMPLS) use a similar load balancing mechanism to determine the tunnel label for the core facing interface: the router distributes AToM VCs across all available paths, irrespective of each link's load. The router hashes the VC label into an index value that is used to select a tunnel label. The selected tunnel label is placed on the top of the label stack of a particular VC.
The Cisco 7600 series router provides another way to load balance by selecting the path with the lowest use across all available paths based on the following order:
•
Different ports on the same packet processor complex
•
Different interfaces on a chosen port on the same packet processor complex.
Load Balancing Guidelines
Enable lowest use mode by entering configuration commands (one command per line) and pressing Ctrl-Z after each command.
PE-7600B(config)#mpls load-balance per-l2transport-circuit
Disable lowest use mode by entering configuration commands (one command per line) and pressing Crtl-Z after each command.
PE-7600B(config)#no mpls load-balance per-l2transport-circuit
Display the current load balancing mode using the show cwan atom load-balance-mode command.
PE-7600B#sh cwan atom load-balance-mode
Current load balancing mode : per-l2transport-circuit
Note
When the lowest use load balancing mode is enabled on a system that is already up, it only affects newer AToM VCs. Existing AToM VCs are not affected. To apply the lowest use load balancing mode to all the existing VCs, you can flap the VCs.
Lowest Use Mode Limitations
If the interfaces facing the MPLS core are a mix of WAN and LAN interfaces, then the AToM VCs remain active as long as there is a minimum of one usable WAN interface. However, this is not a recommended setup and the AToM VC may be dropping disposition packets that arrive on the LAN interface.
If you ignore the warning message that indicates this type of configuration, you risk losing disposition packets because the AToM VC may not be fully functioning.
Virtual Private LAN Services on the Optical Services Modules
This section describes how to configure Virtual Private LAN Services (VPLS) on the Optical Services Modules (OSMs) and covers the topics below.
•
VPLS Overview
•
Supported Features
•
VPLS Services
•
Benefits of VPLS
•
Configuring VPLS
•
Basic VPLS Configuration
•
Full-Mesh Configuration Example
•
H-VPLS with MPLS Edge Configuration Example
•
Configuring Dot1q Transparency for EoMPLS
VPLS Overview
Virtual Private LAN Services (VPLS) uses the provider core to join multiple attachment circuits together to simulate a virtual bridge that connects the multiple attachment circuits together. From a customer point of view, there is no topology for VPLS. All of the CE devices appear to connect to a logical bridge emulated by the provider core. See Figure 9-1.
Figure 9-1 VPLS
Full-mesh, hub and spoke, and Hierarchical VPLS (H-VPLS) with MPLS edge configurations are available.
Full-Mesh Configuration
The full-mesh configuration requires a full mesh of tunnel label switched paths (LSPs) between all the PEs that participate in the VPLS. With full-mesh, signaling overhead and packet replication requirements for each provisioned VC on a PE can be high.
You set up a VPLS by first creating a virtual forwarding instance (VFI) on each participating PE router. The VFI specifies the VPN ID of a VPLS domain, the addresses of other PE routers in the domain, and the type of tunnel signaling and encapsulation mechanism for each peer PE router.
The set of VFIs formed by the interconnection of the emulated VCs is called a VPLS instance; it is the VPLS instance that forms the logic bridge over a packet switched network. The VPLS instance is assigned a unique VPN ID.
The PE routers use the VFI to establish a full-mesh LSP of emulated VCs to all the other PE routers in the VPLS instance. PE routers obtain the membership of a VPLS instance through static configuration using the Cisco IOS CLI.
The full-mesh configuration allows the PE router to maintain a single broadcast domain. Thus, when the PE router receives a broadcast, multicast, or unknown unicast packet on an attachment circuit, it sends the packet out on all other attachment circuits and emulated circuits to all other CE devices participating in that VPLS instance. The CE devices see the VPLS instance as an emulated LAN.
To avoid the problem of a packet looping in the provider core, the PE devices enforce a "split-horizon" principle for the emulated VCs. That means if a packet is received on an emulated VC, it is not forwarded on any other emulated VC.
After the VFI has been defined, it needs to be bound to an attachment circuit to the CE device.
The packet forwarding decision is made by looking up the Layer 2 virtual forwarding instance (VFI) of a particular VPLS domain.
A VPLS instance on a particular PE router receives Ethernet frames that enter on specific physical or logical ports and populates a MAC table similarly to how an Ethernet switch works. The PE router can use the MAC address to switch those frames into the appropriate LSP for delivery to the another PE router at a remote site.
If the MAC address is not in the MAC address table, the PE router replicates the Ethernet frame and floods it to all logical ports associated with that VPLS instance, except the ingress port where it just entered. The PE router updates the MAC table as it receives packets on specific ports and removes addresses not used for specific periods.
Hub and Spoke
In a hub-and-spoke model, the PE router that acts as the hub establishes a point-to-multipoint forwarding relationship with all PE routers at the spoke sites. An Ethernet or VLAN packet received from the customer network on the hub PE can be forwarded to one or more emulated VCs.
The PE routers that act as the spoke establish a point-to-point connection to the PE at the hub site. Ethernet or VLAN packets received from the customer network on the spoke PE are forwarded to the VFI or VPLS instance at the hub. If there are a number of customer sites connecting to the spoke, you can terminate mutiple VCs per spoke into the same VFI or VPLS instance at the hub.
H-VPLS
Hierarchical VPLS (H-VPLS) reduces both signaling and replication overhead by using both full-mesh as well as hub and spoke configurations. Hub and spoke configurations operate with split horizon to allow packets to be switched between pseudo-wires (PWs), effectively reducing the number of PWs between PEs.
Note
Split horizon is the default configuration to avoid broadcast packet looping. To avoid looping when using the no-split-horizon keyword, be very mindful of your network configuration.
Restrictions for VPLS
The following general restrictions pertain to all transport types under VPLS:
•
Split horizon is the default configuration to avoid broadcast packet looping and to isolate Layer 2 traffic. With split horizon, a packet coming from a WAN interface never goes back to another WAN interface (it always get switched to a Layer 2 interface). Split horizon prevents packets received from an emulated VC from being forwarded into another emulated VC. This technique is important for creating loop-free paths in a full-meshed network.
•
The Cisco 7600 series routers support a maximum of 60 peer PEs and a maximum of 15,000 VCs. For example, you can configure 15,000 VCs as 1,000 VFIs with 15 VPLS peers per VFI.
Note
The 60 peer PEs are distributed between the MPLS edge and the core; do not assume there are 60 peer PEs on each side.
•
No software-based data plane is supported.
•
No auto-discovery mechanism is supported.
•
Load sharing and failover on redundant CE-PE links are not supported.
•
The addition or removal of MAC addresses with Label Distribution Protocol (LDP) is not supported.
•
On the Cisco 7600 series router, the virtual forwarding instance (VFI) is supported only with the interface vlan command.
Supported Features
Multipoint-to-Multipoint Support
Two or more devices are associated over the core network. No one device is designated as the Root node, but all devices are treated as Root nodes. All frames can be exchanged directly between nodes.
Non-Transparent Operation
A virtual Ethernet connection (VEC) can be transparent or non-transparent with respect to Ethernet PDUs (that is, BPDUs). The purpose of VEC non-transparency is to allow the end user to have a Frame Relay-type service between Layer 3 devices.
Circuit Multiplexing
Circuit Multiplexing allows a node to participate in multiple services over a single Ethernet connection. By participating in multiple services, the Ethernet connection is attached to multiple logical networks. Some examples of possible service offerings are VPN services between sites, Internet services, and third-party connectivity for intercompany communications.
MAC-Address Learning Forwarding and Aging
PEs must learn remote MAC addresses and directly attached MAC addresses on customer facing ports. MAC address learning accomplishes this by deriving topology and forwarding information from packets originating at customer sites. A timer is associated with stored MAC addresses. After the timer expires, the entry is removed from the table.
Jumbo Frame Support
Jumbo frame support provides support for frame sizes between 1548 through 9216 bytes. You use the CLI to establish the jumbo frame size for any value specified in the above range. The default value is 1500 bytes in any Layer 2/VLAN interface. You can configure jumbo frame support on a per-interface basis.
Q-in-Q Support and Q-in-Q to EoMPLS Support
With 802.1Q tunneling (Q-in-Q), the CE issues VLAN-tagged packets and the VPLS forwards the packets to a far-end CE. Q-in-Q refers to the fact that one or more 802.1Q tags may be located in a packet within the interior of the network. As packets are received from a CE device, an additional VLAN tag is added to incoming Ethernet packets to segregate traffic from different CE devices. Untagged packets originating from the CE use a single tag within the interior of the VLAN switched network, while previously tagged packets originating from the CE use two or more tags.
VPLS Services
Transparent LAN Service (TLS) and Ethernet Virtual Connection Service (EVCS) are available for service provider and enterprise use.
•
Transparent LAN Service (TLS)—Use when you need transparency of bridging protocols (for example, bridge protocol data units [BPDUs]) and VLAN values. Bridges see this service as an Ethernet segment.
Note
You must enable Layer 2 protocol tunneling to run the Cisco Discovery Protocol (CDP), the VLAN Trunking Protocol (VTP), and the Spanning-Tree Protocol (STP). See Chapter 18, "Configuring IEEE 802.1Q Tunneling" in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR.
•
Ethernet Virtual Connection Service (EVCS)—Use when you need routers to reach multiple intranet and extranet locations from a single physical port. Routers see subinterfaces through which they access other routers.
Transparent LAN Service
TLS is an extension to the point-to-point port-based EoMPLS. With TLS, the PE router forwards all Ethernet packets received from the customer-facing interface (including tagged, untagged, and BPDUs) as follows:
•
To a local Ethernet interface or an emulated VC if the destination MAC address is found in the Layer 2 forwarding table.
•
To all other local Ethernet interfaces and emulated VCs belonging to the same VPLS domain if the destination MAC address is a multicast or broadcast address or if the destination MAC address is not found in the Layer 2 forwarding table.
Ethernet Virtual Connection Service
EVCS is an extension to the point-to-point VLAN-based EoMPLS. With EVCS, the PE router forwards all Ethernet packets with a particular VLAN tag received from the customer-facing interface (excluding BPDUs) as follows:
•
To a local Ethernet interface or to an emulated VC if the destination MAC address is found in the Layer 2 forwarding table.
•
To all other local Ethernet interfaces and emulated VCs belonging to the same VPLS domain if the destination MAC address is a multicast or broadcast address or if the destination MAC address is not found in the Layer 2 forwarding table.
Note
Because it has only local significance, the demultiplexing VLAN tag that identifies a VPLS domain is removed before forwarding the packet to the outgoing Ethernet interfaces or emulated VCs.
Benefits of VPLS
VPLS (Virtual Private LAN Service) enables enterprises to link together their Ethernet-based LANs from multiple sites via the infrastructure provided by their service provider. From the enterprise perspective, the service provider's public network looks like one giant Ethernet LAN. For the service provider, VPLS provides an opportunity to deploy another revenue-generating service on top of their existing network without major capital expenditures. Operators can extend the operational life of equipment in their network.
Configuring VPLS
This section explains how to perform a basic VPLS configuration.
Note
Provisioning a VPLS link involves provisioning the associated attachment circuit and the VFI on the PE.
Note
VPLS is supported on Supervisor Engine 720-based systems.
Prerequisites
Before you configure VPLS, ensure that the network is configured as follows:
•
Configure IP routing in the core so that the PE routers can reach each other via IP.
•
Configure MPLS in the core so that a label switched path (LSP) exists between the PE routers.
•
Configure a loopback interface for originating and terminating Layer 2 traffic. Make sure the PE routers can access the other router's loopback interface. Note that the loopback interface is not needed in all cases. For example, tunnel selection does not need a loopback interface when VPLS is directly mapped to a TE tunnel.
Supported Modules
The OSM-2+4GE-WAN-GBIC+ is the only core facing module supported.
Customer facing interfaces are all Ethernet/ Fast Ethernet/ Gigabit Ethernet interfaces based on Layer 2 Catalyst LAN ports. See the Catalyst 6500 Switch Module Guide at: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Module_Installation/Mod_Install_Guide/6500-emig.html
Basic VPLS Configuration
VPLS configuration requires you to identify peer PE routers and to attach Layer 2 circuits to the VPLS at each PE router.
VPLS configuration requires the following:
•
Configuring the PE Layer 2 Interface to the CE
•
Configuring Layer 2 VLAN Instance on the PE
•
Configuring MPLS WAN Interface on the PE
•
Configuring MPLS in the PE
•
Configuring the VFI in the PE
•
Associating the Attachment Circuit with the VSI at the PE
Configuring the PE Layer 2 Interface to the CE
You must configure the Layer 2 interface as a switchport for local bridging. You have the option of selecting tagged or untagged traffic from the CE device.
Note
It is important to define the trunk VLANs; use the switchport trunk allow vlan command as shown in the first example below.
SUMMARY STEPS
Option 1—802.1Q Trunk for Tagged Traffic from the CE
1.
interface type number
2.
no ip address ip-address mask [secondary]
3.
switchport
4.
switchport trunk encapsulation dot1q
5.
switchport trunk allow vlan
6.
switchport mode trunk
Note
When EVCS is configured, the PE router forwards all Ethernet packets with a particular VLAN tag to a local Ethernet interface or emulated VC if the destination MAC address is found in Layer 2 forwarding table.
DETAILED STEPS
|
|
|
Step 1 |
Router(config)# interface fastethernet 2/4
|
Selects an interface to configure. |
Step 2 |
no ip address ip-address mask [secondary]
Router(config)# no ip address
|
Disables IP processing and enters interface configuration mode. |
Step 3 |
Router(config-if)# switchport
|
Modifies the switching characteristics of the Layer 2-switched interface. |
Step 4 |
switchport trunk encapsulation dot1q
Router(config-if)# switchport trunk
encapsulation dot1q
|
Sets the switch port encapsulation format to 802.1Q. |
Step 5 |
switchport trunk allow vlan
Router(config-if)# switchport trunk allow vlan
501
|
Sets the list of allowed VLANs. |
Step 6 |
Router(config-if)# switchport mode trunk
|
Sets the interface to a trunking VLAN Layer 2 interface. |
This example shows how to configure the tagged traffic.
Router(config)# interface GigabitEthernet4/4
Router(config)# no ip address
Router(config-if)# switchport
Router(config-if)# switchport trunk encapsulation dot1q
Router(config-if)# switchport trunk allow vlan 501
Router(config-if)# switchport mode trunk
This example shows how to use the show run interface command to verify the configuration.
Router# show run interface GigabitEthernet4/4
Building configuration...
Current configuration : 212 bytes
interface GigabitEthernet4/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 501
SUMMARY STEPS
Option 2—802.1Q Access Port for Untagged Traffic from CE
1.
interface type number
2.
no ip address ip-address mask [secondary]
3.
speed [1000 | nonegotiate]
4.
switchport
5.
switchport mode access
6.
switchport access vlan vlan-id
DETAILED STEPS
|
|
|
Step 1 |
Router(config)# interface GigabitEthernet4/4
|
Selects an interface to configure. |
Step 2 |
no ip address ip-address mask [secondary]
Router(config)# no ip address
|
Disables IP processing and enters interface configuration mode. |
Step 3 |
speed [1000 | nonegotiate]
Router(config-if)# speed nonegotiate
|
Sets the port speed for an Ethernet interface; enables or disables the link negotiation protocol on the Gigabit Ethernet ports. |
Step 4 |
Router(config-if)# switchport
|
Modifies the switching characteristics of the Layer 2-switched interface. |
Step 5 |
Router(config-if)# switchport mode access
|
Sets the interface type to nontrunking, nontagged single VLAN Layer 2 interface. |
Step 6 |
switchport access vlan vlan-id
Router(config-if)# switchport access vlan 501
|
Sets the VLAN when the interface is in Access mode. |
This example shows how to configure the untagged traffic.
Router(config)# interface GigabitEthernet4/4
Router(config)# no ip address
Router(config-if)# speed nonegotiate
Router(config-if)# switchport
Router(config-if)# switchport mode access
Router(config-if)# switchport access vlan 501
This example shows how to use the show run interface command to verify the configuration.
Router# show run interface GigabitEthernet4/4
Building configuration...
Current configuration : 212 bytes
interface GigabitEthernet4/4
switchport access vlan 501
end
SUMMARY STEPS
Option 3—Using Q-in-Q to Place All VLANs into a Single VPLS
1.
interface type number
2.
no ip address ip-address mask [secondary]
3.
speed [1000 | nonegotiate]
4.
switchport
5.
switchport access vlan vlan-id
6.
switchport mode dot1q-tunnel
7.
l2protocol-tunnel [cdp | stp | vtp]
Note
When TLS is configured, the PE router forwards all Ethernet packets received from the CE device to all local Ethernet interfaces and emulated VCs belonging to the same VPLS domain if the MAC address is not found in the Layer 2 forwarding table.
DETAILED STEPS
|
|
|
Step 1 |
Router(config)# interface GigabitEthernet4/4
|
Selects an interface to configure. |
Step 2 |
no ip address ip-address mask [secondary]
Router(config)# no ip address
|
Disables IP processing and enters interface configuration mode. |
Step 3 |
speed [1000 | nonegotiate]
Router(config-if)# speed nonegotiate
|
Sets the port speed for an Ethernet interface; enables or disables the link negotiation protocol on the Gigabit Ethernet ports. |
Step 4 |
Router(config-if)# switchport
|
Modifies the switching characteristics of the Layer 2-switched interface. |
Step 5 |
switchport access vlan vlan-id
Router(config-if)# switchport access vlan 501
|
Sets the VLAN when the interface is in Access mode. |
Step 6 |
switchport mode dot1q-tunnel
Router(config-if)# switchport mode dot1q-tunnel
|
Sets the interface as an 802.1Q tunnel port. |
Step 7 |
l2protocol-tunnel [cdp | stp | vtp]
Router(config-if)# l2protocol-tunnel cdp
|
Enables protocol tunneling on an interface. |
This example shows how to configure the tagged traffic.
Router(config)# interface GigabitEthernet4/4
Router(config)# no ip address
Router(config-if)# speed nonegotiate
Router(config-if)# switchport
Router(config-if)# switchport access vlan 501
Router(config-if)# switchport mode dot1q-tunnel
Router(config-if)# l2protocol-tunnel cdp
This example shows how to use the show run interface command to verify the configuration.
Router# show run interface GigabitEthernet4/4
Building configuration...
Current configuration : 212 bytes
interface GigabitEthernet4/4
switchport access vlan 501
switchport mode dot1q-tunnel
Use the show spanning-tree vlan command to verify the port is not in a blocked state.
Router# show spanning-tree vlan 501
Spanning tree enabled protocol ieee
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33269 (priority 32768 sys-id-ext 501)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- --------
--------------------------------
Gi4/4 Desg FWD 4 128.388 P2p
Use the show vlan id command to verify that a specific port is configured to send and receive a specific VLANs traffic.
---- -------------------------------- ---------
501 VLAN0501 active Gi4/4
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------
501 enet 100501 1500 - - - - - 0 0
Primary Secondary Type Ports
------- --------- -----------------
Configuring Layer 2 VLAN Instance on the PE
Configuring the Layer 2 VLAN interface on the PE enables the Layer 2 VLAN instance on the PE router to the VLAN database to set up the mapping between the VPLS and VLANs.
For more information, see See "Configuring VLANs" in the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR.
SUMMARY STEPS
1.
vlan vlan-id
2.
interface vlan vlan-id
DETAILED STEPS
|
|
|
Step 1 |
|
Configures a specific virtual LAN (VLAN). |
Step 2 |
Router(config)# interface vlan 501
|
Configures an interface on the VLAN. |
This is an example of configuring a Layer 2 VLAN instance.
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# interface vlan 501
Use the show interfaces vlan command to verify the VLAN is in the up state (example not shown).
Configuring MPLS WAN Interface on the PE
The following commands configure the MPLS WAN interface.
Note
The MPLS uplink must be on one of the supported OSMs.
SUMMARY STEPS
1.
interface type number
2.
ip address ip-address mask
3.
tag-switching ip
4.
mls qos trust [cos | dscp | ip-precedence]
DETAILED STEPS
|
|
|
Step 1 |
Router(config)# interface pos 2/4
|
Selects an interface to configure. |
Step 2 |
ip address ip-address mask
Router(config)# ip address 100.1.1.1 255.255.255.0 |
Sets a primary or secondary IP address for an interface and enters interface configuration mode. |
Step 3 |
Router(config-if)# tag-switching ip
|
Enables label switching of IPv4 packets on an interface. |
Step 4 |
mls qos trust [cos | dscp | ip-precedence]
Router(config-if)# mls qos trust dscp |
Sets the trusted state of an interface to specify that the ToS bits in the incoming packets contain a DSCP value. |
This is an example of configuring the WAN interface.
Router(config)# interface pos4/1
Router(config)# ip address 181.10.10.1 255.255.255.0
Router(config-if)# ip directed-broadcast
Router(config-if)# ip ospf network broadcast
Router(config-if)# no keepalive
Router(config-if)# mpls label protocol ldp
Router(config-if)# tag-switching ip
Router(config-if)# mls qos trust dscp
Use the show tag-switching interfaces command to verify operation.
Router# show tag-switching interfaces pos4/1
Interface IP Tunnel Operational
Configuring MPLS in the PE
To configure MPLS in the PE, you must provide the required MPLS parameters.
Note
Before configuring MPLS, ensure that you have IP connectivity between all PEs by configuring Interior Gateway Protocol (IGP) (Open Shortes Path First [OSPF] or Intermediate System to Intermediate System [IS-IS]) between the PEs.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
mpls label protocol {ldp | tdp}
4.
(Optional) mpls ldp logging neighbor-changes
5.
tag-switching tdp discovery {hello | directed hello} {holdtime | interval} seconds
6.
tag-switching tdp router-id Loopback0 force
DETAILED STEPS
|
|
|
Step 1 |
|
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
mpls label protocol {ldp | tdp}
Router(config)# mpls label protocol ldp
|
Specifies the default Label Distribution Protocol for a platform. |
Step 4 |
mpls ldp logging neighbor-changes
Router(config)# mpls ldp logging
neighbor-changes
|
(Optional) Determines logging neighbor changes. |
Step 5 |
tag-switching tdp discovery {hello | directed
hello} {holdtime | interval} seconds
Router(config)# tag-switching tdp discovery
hello holdtime 5
|
Configures the interval between transmission of LDP (TDP) discovery hello messages, or the hold time for a LDP transport connection |
Step 6 |
tag-switching tdp router-id Loopback0 force
Router(config)# tag-switching tdp router-id
Loopback0 force
|
Configures MPLS. |
This example shows global MPLS configuration.
Router(config)# mpls label protocol ldp
Router(config)# tag-switching tdp discovery directed hello
Router(config)# tag-switching tdp router-id Loopback0 force
This example shows how to use the show ip cef command to verify that LDP label is assigned.
Router# show ip cef 192.168.17.7
192.168.17.7/32, version 272, epoch 0, cached adjacency to POS4/1
fast tag rewrite with PO4/1, point2point, tags imposed: {4017}
via 11.3.1.4, POS4/1, 283 dependencies
next hop 11.3.1.4, POS4/1
tag rewrite with PO4/1, point2point, tags imposed: {4017}
Configuring the VFI in the PE
The virtual switch instance (VFI) specifies the VPN ID of a VPLS domain, the addresses of other PE routers in this domain, and the type of tunnel signaling and encapsulation mechanism for each peer. (This is where you create the VSI and associated VCs.) Configure a VFI as follows:
Note
Only MPLS encapsulation is supported.
SUMMARY STEPS
1.
l2 vfi name manual
2.
vpn id vpn-id
3.
neighbor remote router id [vc-id-value] {encapsulation mpls} [no-split-horizon]
4.
shutdown
DETAILED STEPS
|
|
|
Step 1 |
Router(config)# l2 vfi vfi17 manual |
Enables the Layer 2 VFI manual configuration mode. |
Step 2 |
Router(config-vfi)# vpn id 17 |
Configures a VPN ID for a VPLS domain. The emulated VCs bound to this Layer 2 VRF use this VPN ID for signaling. |
Step 3 |
neighbor remote router id
[vc-id-value]{encapsulation mpls}
[no-split-horizon]
Router(config-vfi)# neighbor 1.5.1.1 101 encapsulation mpls |
Specifies the remote peering router ID and the tunnel encapsulation type or the pseudo wire property to be used to set up the emulated VC. Note Split horizon is the default configuration to avoid broadcast packet looping and to isolate Layer 2 traffic. Use the no-split-horizon keyword to disable split horizon and to configure multiple VCs per spoke into the same VFI. Note The optional VC ID value identifies the emulated VC between a pair of peering PE routers. |
Step 4 |
Router(config-vfi)# shutdown
|
Disconnects all emulated VCs previously established under the Layer 2 VFI and prevents the establishment of new attachment circuits. Note It does not prevent the establishment of new attachment circuits configured with the Layer 2 VFI using CLI. |
The following example shows a VFI configuration.
Router(config)# l2 vfi VPLSA manual
Router(config-vfi)# vpn id 100
Router(config-vfi)# neighbor 11.11.11.11 encapsulation mpls
Router(config-vfi)# neighbor 33.33.33.33 encapsulation mpls
Router(config-vfi)# neighbor 44.44.44.44 encapsulation mpls
The following example shows a VFI configuration for hub and spoke.
Router(config)# l2 vfi VPLSA manual
Router(config-vfi)# vpn id 100
Router(config-vfi)# neighbor 9.9.9.9 2001 encapsulation mpls
Router(config-vfi)# neighbor 12.12.12.12 2002 encapsulation mpls
Router(config-vfi)# neighbor 33.33.33.33 2003 encapsulation mpls no-split-horizon
The show mpls 12transport vc command displays various information related to PE1.
Note
The show mpls l2transport vc detail command is also available to show detailed information about the VCs on a PE router as in the following example. (This example is not based on the previous VFI configurations.)
VPLS-PE2# show mpls l2transport vc 201
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
VFI test1 VFI 153.1.0.1 201 UP
VFI test1 VFI 153.3.0.1 201 UP
VFI test1 VFI 153.4.0.1 201 UP
Note
The VC ID in the output represents the VPN ID; the VC is identified by the combination of the Dest address and the VC ID as in the example below. (This example is not based on the previous VFI configurations.)
The show vfi vfi name command shows VFI status.
VFI name: VPLS-2, state: up
Local attachment circuits:
Neighbors connected via pseudowires:
Peer Address VC ID Split-horizon
Associating the Attachment Circuit with the VSI at the PE
After defining the VFI, you must bind it to one or more attachment circuits (interfaces, subinterfaces, or virtual circuits).
SUMMARY STEPS
1.
interface vlan vlan-id
2.
no ip address (Configuring an IP address causes Layer 3 interface to be created for the VLAN.)
3.
xconnect vfi vfi name
DETAILED STEPS
|
|
|
Step 1 |
Router(config-if)# interface vlan 100
|
Creates or accesses a dynamic switched virtual interface (SVI). |
Step 2 |
Router(config-if)# no ip address
|
Disables IP processing. (You configure a Layer 3 interface for the VLAN if you configure an IP address.) |
Step 3 |
Router(config-if)# xconnect vfi vfi16 |
Specifies the Layer 2 VFI that you are binding to the VLAN port. |
This example shows an interface VLAN configuration.
Router(config-if)# interface vlan 100
Router(config-if)# no ip address
Router(config-if)# xconnect vfi VPLS_501
This is an example of how to use the show vfi command for VFI status.
Router# show vfi VPLS_501
VFI name: VPLS_501, state: up
Local attachment circuits:
Neighbors connected via pseudowires:
192.168.11.1 192.168.12.2 192.168.13.3 192.168.16.6
Full-Mesh Configuration Example
In a full-mesh configuration, each PE router creates a multipoint-to-multipoint forwarding relationship with all other PE routers in the VPLS domain using a VFI. An Ethernet or VLAN packet received from the customer network can be forwarded to one or more local interfaces and or emulated VCs in the VPLS domain. To avoid broadcasted packets looping around in the network, no packet received from an emulated VC can be forwarded to any emulated VC of the VPLS domain on a PE router. That is, the Layer 2 split horizon should always be enabled as the default in a full-mesh network. Figure 9-2 shows the configuration example.
Figure 9-2
VPLS Configuration Example
Configuration on PE 1
This shows the creation of the virtual switch instances (VSIs) and associated VCs.
neighbor 2.2.2.2 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls
ip address 1.1.1.1 255.255.255.255
This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).
interface FastEthernet0/0
switchport mode dot1qtunnel
switchport access vlan 100
Here the attachment circuit (VLAN) is associated with the VSI.
This is the enablement of the Layer 2 VLAN instance.
Configuration on PE 2
This shows the creation of the virtual switch instances (VSIs) and associated VCs.
neighbor 1.1.1.1 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls
ip address 2.2.2.2 255.255.255.255
This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).
interface FastEthernet0/0
switchport mode dot1qtunnel
switchport access vlan 100
Here the attachment circuit (VLAN) is associated with the VSI.
This is the enablement of the Layer 2 VLAN instance.
Configuration on PE 3
This shows the creation of the virtual switch instances (VSIs) and associated VCs.
neighbor 1.1.1.1 encapsulation mpls
neighbor 2.2.2.2 encapsulation mpls
ip address 3.3.3.3 255.255.255.255
This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).
interface FastEthernet0/1
switchport mode dot1qtunnel
switchport access vlan 100
Here the attachment circuit (VLAN) is associated with the VSI.
xconnect vfi PE3-VPLS-A .
This is the enablement of the Layer 2 VLAN instance.
The show mpls l2 vc command provides information on the status of the VC.
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
Vi1 VFI 22.22.22.22 100 DOWN
Vi1 VFI 22.22.22.22 200 UP
Vi1 VFI 33.33.33.33 100 UP
Vi1 VFI 44.44.44.44 100 UP
Vi1 VFI 44.44.44.44 200 UP
The show vfi command provides information on the VFI.
PE-1# show vfi PE1-VPLS-A
VFI name: VPLSA, state: up
Local attachment circuits:
Neighbors connected via pseudowires:
The show mpls 12transport vc command provides information about the virtual circuits.
osr12# show mpls l2 vc detail
Local interface: VFI vfi17 up
Destination address: 1.3.1.1, VC ID: 17, VC status: up
Output interface: PO3/4, imposed label stack {18}
Create time: 3d15h, last status change time: 1d03h
Signaling protocol: LDP, peer 1.3.1.1:0 up
MPLS VC labels: local 18, remote 18
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
packet totals: receive 0, send 0
byte totals: receive 0, send 0
packet drops: receive 0, send 0
H-VPLS with MPLS Edge Configuration Example
The Hierarchical VPLS model comprises hub and spoke and full-mesh networks. In a full-mesh configuration, each PE router creates a multipoint-to-multipoint forwarding relationship with all other PE routers in the VPLS domain using VFIs.
In the hub and spoke configuration, a PE router can operate in a non-split-horizon mode that allows inter-VC connectivity without the requirement to add a Layer 2 port in the VLAN.
In the example below, the VLANs on CE1, CE2, CE3, and CE4 (in red color) connect through a full-mesh network. The VLANs on CE2, CE5, and CE6 connect through a hub and spoke network. CE2 is directly attached to the PE2 hub and CE6 is directly attached to the PE1 hub. CE4 and CE5 both are connected to the PE3 hub through the spoke uPE. Figure 9-3 shows the configuration example.
Figure 9-3 H-
VPLS Configuration
Configuration on PE1
This shows the creation of the virtual switch instances (VSIs) and associated VCs. Note that the VCs in green require the no-split-horizon keyword. The no-split-horizon command disables the default Layer 2 split horizon in the data path.
neighbor 120.0.0.3 encapsulation mpls no-split-horizon
neighbor 162.0.0.2 encapsulation mpls no-split-horizon
neighbor 120.0.0.3 encapsulation mpls
neighbor 162.0.0.2 encapsulation mpls
ip address 20.0.0.1 255.255.255.255
This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).
switchport trunk encap dot1q
switchport trunk allow vlan 1001,1002-1005
Here the attachment circuit (VLAN) is associated with the VFI.
interface FastEthernet2/1
switchport trunk encap dot1q
switchport trunk allow vlan 211,1002-1005
Configuration on PE2
This shows the creation of the VFIs and associated VCs.
neighbor 20.0.0.1 encapsulation mpls
neighbor 120.0.0.3 encapsulation mpls
neighbor 20.0.0.1 encapsulation mpls
ip address 162.0.0.2 255.255.255.255
This configures the CE device interface (there can be multiple Layer 2 interfaces in a VLAN).
switchport trunk encap dot1q
switchport trunk allow vlan 211,1001,1002-1005
Here the attachment circuit (VLAN) is associated with the VFI.
This shows the creation of the VFIs and associated VCs.
neighbor 20.0.0.1 encapsulation mpls
neighbor 162.0.0.2 encapsulation mpls
neighbor 30.0.0.1 encapsulation mpls no-split horizon
neighbor 162.0.0.2 encapsulation mpls
neighbor 20.0.0.1 encapsulation mpls
neighbor 30.0.0.1 200 encapsulation mpls no-split horizon
ip address 120.0.0.3 255.255.255.255
This configures the CE device interface.
switchport trunk encap dot1q
switchport trunk allow vlan 211
This configures the attachment circuits.
Usually EoMPLS is configured on the uPE device. You can use port-based or VLAN-based EoMPLS. This configures port-based EoMPLS on the uPE (the uPE connects to CE4).
interface GigEthernet 1/1
xconnect 120.0.0.3 100 encapsulation mpls
This configures VLAN-based EoMPLS on the uPE. (the uPE connects to CE4).
interface GigEthernet 1/1.1
xconnect 120.0.0.3 100 encapsulation mpls
MAC Limit Per VLAN
VPLS provides the ability to limit the maximum number of MAC entries per VLAN to avoid exhausting resources. To enable the MAC limit feature, use the mac-address-table limit command; see the Cisco 7600 Series Cisco IOS Software Command Reference Guide, 12.2SR.
Traffic Engineering for Transport Tunnel
MPLS traffic engineering software enables an MPLS backbone to replicate and expand upon the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks. See
http://www.cisco.com/en/US/docs/ios/12_2/switch/configuration/guide/xcftagov_ps1835_TSD_Products_Configuration_Guide_Chapter.html.
Load Balancing
Load balancing describes a functionality in a router that distributes packets across multiple links. For information on load balancing, see
http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_slb.html
QoS
VPLS uses PFC-based QoS on the input side; on the core-facing interface, VPLS uses OSM-based features similar to EoMPLS, except for shaping.
Per-VLAN Shaping
Per-VLAN traffic shaping in an VPLS environment has different characteristics from EoMPLS. The queues are based on the shaping parameter on a per-MPLS port basis. A VLAN configured for a 100 Mbps shaper creates a 100 M queue on each physical MPLS uplink port in the VPLS domain. In a PE with four MPLS uplinks, this allows up to 400 Mbps of traffic to be forwarded into the core network. If two VCs share an egress interface, they would also share the same 100M shaper.
The following configuration matches all traffic input, and shapes the traffic on each egress interface to 100 Mbps.
service-policy output shape100
For information on PFC-based QoS, see "Configuring PFC QoS" at http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/software/122sx/swcg/qos.htm.
For information on QoS for the core-facing interface, see the "How to Configure QoS with AToM" section.
Note
If you are shaping policy to both the VLAN interface and the core-facing interface, then the policy on the VLAN interface overrides the policy on the core-facing interface.
Note
VPLS supports a maximum of up to 30,000 VCs; for this number, we recommend that you configure a maximum of five different EXP classifications.
Note
If a service policy is applied on the core-facing interface, then the number of VPLS VCs going out of the interfaces on a single PXF processor cannot exceed 21,000.
Configuring Dot1q Transparency for EoMPLS
The Dot1q Transparency for EoMPLS feature allows a service provider to modify the MPLS EXP bits for core-based QoS policies while leaving any VPLS customer 802.1p bits unchanged.
When applying a service policy to an EoMPLS configured VLAN interface that sets the MPLS EXP bits, the set effects both the Interior Gateway Protocol (IGP) label and the VC label. If the customer traffic includes an 802.1q label with associated 802.1p bits, the 802.1p bits are rewritten on the egress PE based on the received VC EXP bits. If the policy sets the MPLS EXP bits to a different value from the received 802.1p bits, the rewriting on the egress PE results in a modification of the customer's 802.1p bits.
The Dot1q Transparency for EoMPLS feature provides the option for the VLAN-applied policy to affect only the IGP label (for core QoS) and leaves the VC label EXP bits equal to the 802.1p bits. On the egress PE, the 802.1p bits are still rewritten based on the received VC EXP bits, however, because the EXP bits now match the ingress 802.1p bits, a VPLS customer's 802.1p bits do not change.
Restrictions
The following restrictions apply to the Dot1q Transparency for EoMPLS feature:
•
Global configuration applies to all virtual forwarding instance (VFI) and switched virtual interface (SVI) EoMPLS VCs configured on the Cisco 7600 series routers.
•
Only supported on OSMs.
•
Interoperability requires applying the Dot1q Transparency for EoMPLS feature to all participating PE routers.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
platform vfi dot1q-transparency
4.
interface vlan
5.
no ip address
6.
xconnect peer-router-id vcid encapsulation mpls
7.
service-policy output
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
platform vfi dot1q-transparency
Router(config)# platform vfi dot1q-transparency |
Sets the EXP value in the remote VC label with the DBUS CoS value. |
Step 4 |
interface vlan vlanid
Router(config)# interface vlan 566 |
Creates a unique VLAN ID number. |
Step 5 |
no ip address ip-address mask [secondary]
Router(config)# no ip address
|
Disables IP processing. |
Step 6 |
xconnect peer-router-id vcid
encapsulation mpls
Router(config-subif)# xconnect 10.0.0.1
123 encapsulation mpls
|
Binds the attachment circuit to a pseudowire VC. The syntax for this command is the same as for all other Layer 2 transports. |
Step 7 |
Router(config-if)# service-policy output
policy-name
Router(config-if)# service-policy output
policy-name ip
|
Attaches a traffic policy to an interface. |
This is an example of configuring the Dot1q Transparency feature.
platform vfi dot1q-transparency
neighbor 1.0.10.1 encapsulation mpls
neighbor 1.0.11.1 encapsulation mpls
neighbor 1.0.111.1 encapsulation mpls
policy-map mpls-set-exp-1
set mpls experimental imposition 1
service-policy input mpls-set-exp-1
Use the show cwan vfi dot1q-transparent command to verify the VLAN is in the up state.
Router# show cwan vfi dot1q-transparency
VFI dot1q transparency is enabled