The Present and Future of MPLS-based Layer 2 Virtual Private Networks An Overview and Evolution June 2012 2
Today s Presenters Tina Lam (tinalam@cisco.com) Product Manager Cisco Jose Liste () Technical Marketing Engineer Cisco 3
Agenda Market Overview Fundamentals PW Signaling and PE Auto-Discovery Use Cases Latest Trends and Future
Market Overview
Motivation for L2VPNs Current Drivers IP Next Generation Network Network convergence of legacy (ATM, TDM, FR) and Ethernet, fixed and mobile on to the same network Business Ethernet Services Flexible offering. P2P, MP. Can be L2VPN, L3VPN or a hybrid High speed services driven by cloud connectivity Mobile Backhaul Evolution TDM / PDH to Dual/Hybrid to All-packet (IP/Ethernet) Single (voice + data) IP/Ethernet mobile backhaul universally accepted solution New Drivers Data Center Interconnection (DCI) L2 connectivity across data centers in disjoint geographical locations across MPLS or IP networks L2 Services over MPLS Transport Profile (MPLS-TP) Provides TDM/ATM/Ethernet services over SDH/SONET like transport using MPLS networks
Ethernet Services by the Numbers Worldwide market for Ethernet services projected to reach $40B+ by 2014 Double-digit annual growth across all geographic regional markets Asia Pac will be the largest market at 31% Fastest growing strategic wireline data product for SPs U.S. Business Ethernet market will grow from $6B in 2011 to $11B in 2014 1Gbps fastest growing and will be 50% of the revenue by 2014 100M will have the highest number of ports, followed closely by 10M, 1G and sub-10m Bandwidth tipping point in 2011 Aggregated Ethernet BW purchased in US surpassed BW for legacy circuits Source: Vertical System Group 2012
Poll Question #1 What are the key business applications / drivers for deploying L2VPNs in your network? [multiple choice] A. Legacy Services (F/R, ATM, TDM) B. Business Ethernet Services (E-Line / E-LAN) C. Mobile Backhaul D. Data Center Interconnect (DCI) E. Layer 2 services over MPLS TP F. No L2VPN deployed
Fundamentals Virtual Private Wire Service (VPWS) Overview
Layer 2 VPN Enabler The Pseudowire L2VPNs are built with Pseudowire (PW) technology Provider Edge PWs provide a common intermediate format to transport multiple types of network services over a Packet Switched Network (PSN) PW technology provides Like-to- Like transport and also ATM Interworking (IW) Provider Edge Packet Switched Network Pseudowire FR PPP/HDLC Ethernet TDM
Service Offerings L2VPN Transport Services TDM ATM Frame Relay Virtual Private Wire Service (VPWS) Ethernet Virtual Private LAN Service (VPLS) Circuit Emulation Service over PSN (CESoPSN) AAL5 over Pseudowire FR over Pseudowire Ethernet Virtual Private Line (EVPL) Ethernet Private LAN (EPLAN) Muxed UNI Structure Agnostic TDM over Packet (SAToP) Muxed UNI Cell Relay with Packing over Pseudowire Muxed UNI PPP/HDLC over Pseudowire Muxed UNI Ethernet Private Line (EPL) Unmuxed UNI Ethernet Virtual Private LAN (EVPLAN) Muxed UNI Muxed UNI Unmuxed UNI Unmuxed UNI Muxed UNI PPP/HDLC
Layer 2 Transport over MPLS Control Connection Tunneling Component Demultiplexing Component Layer 2 Encapsulation Targeted LDP session / BGP session / Static Used for VC-label negotiation, withdrawal, error notification The emulated circuit has three (3) layers of encapsulation Tunnel header (Tunnel Label) To get PDU from ingress to egress PE MPLS LSP derived through static configuration (MPLS-TP) or dynamic (LDP or RSVP-TE) Demultiplexer field (VC Label) To identify individual circuits within a tunnel Could be an MPLS label, L2TPv3 header, GRE key, etc. Emulated VC encapsulation (Control Word) Information on enclosed Layer 2 PDU Implemented as a 32-bit control word
VPWS Forwarding Plane Processing CE-1 PE1 P1 MPLS P2 PE2 CE-2 Pseudowire Traffic direction VC and Tunnel label imposition Tunnel label swapping through MPLS cloud Penultimate Hop Popping (PHP) VC label disposition Push Push Swap Pop Pop Tunnel Label VC Label Label = 34 Label = 28 Label = 45 Label = 28 Label = 28 Payload Payload Payload Payload Payload
Fundamentals Ethernet over MPLS (EoMPLS) Virtual Private LAN Service (VPLS) Overview
How Are Ethernet Frames Transported? Ethernet frames transported without Preamble, Start Frame Delimiter (SFD) and FCS Two (2) modes of operation supported: Ethernet VLAN mode (VC type 0x0004) created for VLAN over MPLS application Ethernet Port / Raw mode (VC type 0x0005) created for Ethernet port tunneling application MPLS E-Type Preamble LSP Label DA VC Label SA Original Ethernet Frame 802.1q tag Length /Type 6B 6B 4B (optional) 2B Control Word Ethernet Header Ethernet Payload Ethernet Payload DA SA 0x8847 FCS 4B 4B 4B (optional) MPLS-encapsulated Ethernet Frame FCS MPLS Stack AToM Header
Introducing Cisco EVC Framework Functional Highlights Flexible service delimiters Single-tagged, Double-tagged VLAN Lists, VLAN Ranges Header fields (COS, Ethertype) ANY service ANY port Layer 2 Point-to-Point Layer 2 Multipoint Layer 3 Flexible Service Mapping Service Abstraction EVC Framework Multiplexed Forwarding services Advanced Frame Manipulation Ethernet Service Layer Ethernet Flow Point (EFP) Ethernet Virtual Circuit (EVC) Bridge Domain (BD) Local VLAN significance VLAN Header operations - VLAN Rewrites POP PUSH SWAP
Encapsulation Adjustment Considerations EoMPLS PW VC Type and EVC VLAN Rewrites VLAN tags can be added, removed or translated prior to VC label imposition or after disposition Any VLAN tag(s), if retained, will appear as payload to the VC VC label imposition and service delimiting tag are independent from EVC VLAN tag operations Dummy VLAN tag RFC 4448 (sec 4.4.1) At disposition, VC service-delimiting VLAN-ID is removed before passing packet to AC processing MPLS Imposition EVC VLAN Rewrite (Ingress) AC MPLS Disposition MPLS Label Disposition POP 1 VLAN tag 4 PW VC Type 4 VC Type 5 PUSH 1 VLAN tag 5 Dummy VLAN tag PW MPLS Label Imposition EVC VLAN Rewrite (Egress) AC 17
Virtual Private LAN Service Operation Flooding / Forwarding Forwarding based on destination MAC addresses Customer Equipment CE N-PE 1 N-PE 3 Applies Split- Horizon Flooding (Broadcast, Multicast, Unknown Unicast) MAC Learning/Aging/Withdrawal CE U-PE B Ethernet UNI N-PE 2 PW Applies Split- Horizon N-PE 4 Applies Split- Horizon CE Ethernet UNI Dynamic learning based on Source MAC and VLAN Refresh aging timers with incoming packet Customer Equipment N-PE 1 N-PE 3 MAC withdrawal upon topology changes Split-Horizon and Full-Mesh of PWs for loop-avoidance in core SP does not run STP in the core CE CE U-PE B Ethernet UNI N-PE 2 PW N-PE 4 CE Ethernet UNI
Pseudowire (PW) Signaling and PE Auto- Discovery
VPWS / VPLS An abstraction Provisioning Model What information needs to be configured and in what entities Semantic structure of the endpoint identifiers (e.g. VC ID, VPN ID) Discovery Provisioning information is distributed by a "discovery process Distribution of endpoint identifiers Signaling When the discovery process is complete, a signaling protocol is automatically invoked to set up pseudowires (PWs) Provisioning Model Discovery Signaling 20
VPWS Discovery and Signaling Alternatives VPWS Signaling LDP-based (RFC 4447) BGP-based (informational RFC) VPWS with LDP-signaling and No auto-discovery Most widely deployed solution Auto-discovery for point-to-point services not as relevant as for multipoint VPN Discovery Manual No Auto-Discovery Signaling Static No Signaling Most widely deployed Label Distribution Protocol (LDP) Border Gateway Protocol (BGP) BGP 21
VPLS Discovery and Signaling Alternatives VPLS Signaling LDP-based (RFC 4762) BGP-based (RFC 4761) VPLS with LDP-signaling and No auto-discovery Most widely deployed solution Operational complexity for larger deployments BGP-based Auto-Discovery (BGP- AD) (RFC 6074) Enables discovery of PE devices in a VPLS instance VPN Discovery Manual No Auto-Discovery Signaling Static No Signaling Most widely deployed Label Distribution Protocol (LDP) Border Gateway Protocol (BGP) RFC 6074 BGP RFC 4761 22
PW Control Plane Operation LDP Signaling 2 4 PEs advertize local VC label using LDP label-mapping message: Label TLV + PW FEC TLV New targeted LDP session between PE routers established, in case one does not already exist PE-1 PE-2 CE-1 MPLS CE-2 1 Interface A Interface B PW manually provisioned Remote PE info included Local_int = A Remote PE = PE2_ip VC-id <123> PEs assigns local VC label to PW Local_int = B Remote PE = PE1_ip VC-id <123> PW manually provisioned Remote PE info included 1 5 PEs bind remote label for PW with matching VC-id Local Label X 3 Local Label Y 3 5 Remote Label Y Remote Label X
BGP Auto-Discovery (BGP-AD) Eliminates need to manually provision VPLS neighbors Automatically detects when new PEs are added / removed from the VPLS domain Uses BGP Update messages to advertize PE/VFI mapping (VPLS NLRI) Typically used in conjunction with BGP Route Reflectors to minimize ibgp fullmesh peering requirements Two (2) RFCs define use of BGP for VPLS AD 1 RFC 6074 when LDP used for PW signaling RFC 4761 when BGP used for PW signaling CE-A1 PE1 VFI Pseudowire Covered in this section BGP session CE-A2 BGP RR MPLS PE2 VFI BGP Update message with VPLS NLRI (1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values PE3 VFI CE-A3 I am a new PE with ACs on BLACK VFI 24
BGP Signaling and Auto-Discovery Overview RFC 4761 1 defines use of BGP for VPLS PE Auto-Discovery and Signaling All PEs within a given VPLS are assigned a unique VPLS Edge device ID (VE ID) A PE X wishing to send a VPLS update sends the same label block information to all other PEs using BGP VPLS NLRI Each receiving PE infers the label intended for PE X by adding its (unique) VE ID to the label base Each receiving PE gets a unique label for PE X for that VPLS CE-A1 PE1 VE_ID 1 VFI Pseudowire BGP session CE-A2 BGP Update message with VPLS NLRI BGP RR MPLS PE2 VE_ID 2 VFI PE X VE_ID X VFI CE-A3 I am PE X with ACs on BLACK VFI Here is my label block for this VFI (1) VPLS BGP NLRIs from RFC 6074 and 4761 are different in format and thus not compatible, even though they share same AFI / SAFI values 25
Use Cases Data Center Interconnect
Poll Question #2 What is the most important factor when selecting a DCI solution? (single choice) A. Ease of Provisioning B. Flow-Based Load-Balancing / Multi-Homing C. Sub-second Convergence for Link / Port / Node failures D. Massive MAC address scalability (order of millions) E. Optimal Multicast Forwarding
Use Cases Data Center Interconnect Catalyst 6500
Data Center Interconnect with VPLS Access Agg DC WAN Edge device (Catalyst 6500) implements VPLS with Advanced VPLS (A-VPLS) for DCI applications A-VPLS provides: Single-Chassis (Virtual) Redundancy solution Virtual Switching System (VSS) Multichassis EtherChannel (MEC) Flow-based load balancing over WAN using Flow Aware Transport (FAT) PW Simplified configuration Catalyst 6500 WAN Edge Si Si VFI VFI VFI PW vlan X VFI PW vlan Y WAN Catalyst 6500 DC 1 VSS VSS DC 2 VFI VFI Si Si
Data Center Interconnect with VPLS Sample Configuration Catalyst 6500 PE 1 hostname PE1! interface Loopback0 Virtual Ethernet interface modeled as Switchport trunk towards VFIs One VFI per vlan on virtual interface ip address 10.0.0.1 255.255.255.255! pseudowire-class sample-class encapsulation mpls load-balance flow flow-label enable interface virtual-ethernet 1 transport vpls mesh neighbor 10.0.0.2 pw-class sample-class switchport switchport mode trunk switchport trunk allowed vlan 80,81 PE 2 hostname PE2! interface Loopback0 ip address 10.0.0.2 255.255.255.255! pseudowire-class sample-class encapsulation mpls load-balance flow flow-label enable interface virtual-ethernet 1 transport vpls mesh neighbor 10.0.0.1 pw-class sample-class switchport switchport mode trunk switchport trunk allowed vlan 80,81 Multichassis EtherChannel (MEC) VSS PE1 10.0.0.1 Si Si VFI VFI PW VC id 80 81 VFI PE2 10.0.0.2 VFI Si Si interface port-channel50 switchport switchport mode trunk switchport trunk allowed vlan 80,81 interface port-channel50 switchport switchport mode trunk switchport trunk allowed vlan 80,81 Single VFI PW per Vlan per VSS pair Note: Complete Virtual Switching System (VSS) / Multichassis EtherChannel (MEC) configuration not shown 30
Deployment Use Cases Data Center Interconnect ASR 9000
ASR 9000 Network Virtualization (nv) Technology Overview Before: nv Technology SP Services/ Content Third-Party Services/ Content After: nv Technology Individual device to manage Core Cisco Prime IP NGN One virtual system to manage Complex network protocols Feature inconsistent, inter-operability Edge Aggregation Access Residential Converged Business nv Edge nv Satellite nv No network protocols within virtual system, Remote satellite is plug-n-play, zero touch Single feature set, one release cycle Physical port limit Scale to 10 of 1000s physical ports
Data Center Interconnect with VPLS Example 1 nv Edge Access DC WAN Edge device (ASR 9000) implements VPLS with Network Virtualization (nv) for DCI applications nv and VPLS provides: Single-Chassis (Virtual) Redundancy solution Network Virtualization Cluster Single control and management plane, distributed data plane Multichassis EtherChannel Flow-based load balancing over Pseudowire using Flow Aware Transport (FAT) PW Scalability Agg Cisco ASR 9000 WAN Edge VFI VFI VFI PW vlan X VFI PW vlan Y WAN Cisco ASR 9000 WAN Edge DC 1 nv Edge nv Edge DC 2 VFI VFI
Data Center Interconnect with VPLS Sample Configuration ASR 9000 PE 1 PE 2 hostname PE1! interface Loopback0 ipv4 address 10.0.0.1 255.255.255.255 interface bundle-ethernet1.1 l2transport encapsulation dot1q 80 interface bundle-ethernet1.2 l2transport encapsulation dot1q 81 l2vpn pw-class sample-flow-lb encapsulation mpls load-balancing load-balancing flow-label! bridge group DCI bridge-domain bd-80 interface bundle-ethernet1.1 vfi vfi1111 neighbor 10.0.0.2 pw-id 1111 pw-class sample-flow-lb! bridge-domain bd-81 interface bundle-ethernet1.2 vfi vfi2222 neighbor 10.0.0.2 pw-id 2222 pw-class sample-flow-lb hostname PE2! interface Loopback0 ipv4 address 10.0.0.2 255.255.255.255 interface bundle-ethernet1.1 l2transport encapsulation dot1q 80 interface bundle-ethernet1.2 l2transport encapsulation dot1q 81 l2vpn pw-class sample-flow-lb encapsulation mpls load-balancing load-balancing flow-label! bridge group DCI bridge-domain bd-80 interface bundle-ethernet1.1 vfi vfi1111 neighbor 10.0.0.1 pw-id 1111 pw-class sample-flow-lb! bridge-domain bd-81 interface bundle-ethernet1.2 vfi vfi2222 neighbor 10.0.0.1 pw-id 2222 pw-class sample-flow-lb Multichassis EtherChannel nv PE1 10.0.0.1 VFI VFI Single PW per VFI/ Vlan PW VC id 1111 2222 VFI Note: nv cluster configuration not shown Etherchannel configuration incomplete PE2 10.0.0.2 VFI nv 34
Data Center Interconnect with VPLS Example 2 mlacp Access Agg Cisco ASR 9000 WAN Edge ICCP VFI WAN Cisco ASR 9000 WAN Edge VFI ICCP DC WAN Edge device (ASR 9000) implements VPLS with multi-chassis LACP (mlacp) for DCI applications mlacp and VPLS provides: Geo-Redundant dual-home DCI layer solution Distributed Control / Management / Data Plane Multichassis EtherChannel (mlacp) (Active / Standby links 1:1 protection) using Inter-Chassis Communication Protocol (ICCP) Flow-based load balancing over Pseudowire using Flow Aware Transport (FAT) PW VFI DC 1 DC 2 VFI
Use Cases Mobile Backhaul Legacy TDM / ATM Transport
Legacy ATM and TDM Transport Mobile Backhaul migration strategies vary among Challengers and Incumbents Circuit Emulation required to support legacy interfaces across a packet-based network Structure Agnostic TDM over Packet (SAToP - RFC 4553) for encapsulating TDM bit-streams (T1/E1, T3/E3) as PWs Example: full T1/E1 from cell site to BSC Circuit Emulation Services over PSN (CESoPSN - RFC 5086) for encapsulating structured TDM signals (NxDS0) as PWs More efficient with use of transport resources than SAToP Example: fractional T1/E1 from cell site to BSC ATMoMPLS for carrying ATM cells over an MPLS network using ATM PWE3 (Cell relay) Statistical multiplexing gains of packet transport Enabled with ATM PWE3 for UMTS Not enabled with SAToP or CESoPSN for GSM
TDM / ATM PW Backhaul Cell Site Access Layer Pre-Aggregation Layer Aggregation Layer BSC RNC Aggregation node Distribution node Cell site Router GE Ring 10 GE Ring TDM / ATM PW Backhaul with Layer 2 (Ethernet) Access TDM (CESoPSN,SAToP) & ATM (VC,VP) PWE3 L2 Rings or Point-to-Point L2 Rings or Point-to-Point S-PE MS-PW TDM & ATM PWE3 IP/MPLS Multi-Segment PWs deployed to minimize reachability information down to cell site router TDM / ATM L2 P2P or rings REP/G.8032/MSTP/ GE 10GE 10GE STM1 STM1 TDM / ATM PW Backhaul with MPLS in Access IP / MPLS IP / MPLS MS-PW IP/MPLS TDM / ATM IP / MPLS RAN Access GE 10GE 10GE STM1 STM1 38
Latest Trends and Future Unified MPLS - Extending MPLS to the Access of Mobile & Wireline Networks
Challenges with Traditional MPLS Designs Access Aggregation Core Aggregation Access MPLS PE MPLS ABR ABR PE MPLS MPLS MPLS MPLS MPLS As MPLS moves into access layers, large number of network elements pose challenges Core Edge / Distribution (100s-1,000s nodes), AGG (1,000s - 10,000s), Access (10,000s - 100,000s) End-to-end LSPs between access devices requires distributing large amount of loopback prefixes IGP RIB table would be required to support say 100K prefixes MPLS LIB / LFIB tables would be required to support say 200K labels (assuming two paths per prefix) Multi-Segment PWs and Prefix aggregation with LDP inter-area LSPs can only partially alleviate scale challenge 40
Unified MPLS Requirements Access Aggregation Core Aggregation Access MPLS PE MPLS ABR ABR PE MPLS MPLS MPLS What is it? - End-to-end packet transport architecture based on MPLS forwarding addressing scale and operational simplification Scalability Interconnection of large number of access nodes (e.g.100k) Flexible placement of L2 / L3 service nodes Seamless LSPs to any location in the network Service Provisioning Simplicity - Service provisioning only required at the edge of the network High network availability (protection or fast restoration) 41
Addressing Scale - Hierarchical LSPs Access Aggregation Core Aggregation Access PE MPLS ABR ABR PE MPLS MPLS Inter-domain LSP Intra-domain LSP Intra-domain LSP Intra-domain LSP Addresses scale with hierarchical LSPs using two transport labels Intra-domain LSP (IGP+LDP or RSVP-TE) Inter-domain LSP (ibgp+label per RFC3107) Isolates IGP domains - No IP prefix redistribution Area Border Routers (ABR) used as BGP Route Reflectors (RR) for inter-domain exchange of prefix/label ABR / RRs inserted into the data plane by modifying next-hop attribute (next-hop-self) 42
Control Plane Operation (Pseudowire) PE1 P ABR1 P ABR2 P PE2 LDP / RSVP-TE LDP / RSVP-TE LDP / RSVP-TE LDP / RSVP-TE LDP / RSVP-TE LDP / RSVP-TE PE to ABR and ABR to ABR LSPs ibgp IP+Label ibgp IP+Label ibgp IP+Label PE to PE LSPs T-LDP Pseudowire signaling E2E Single Segment PW
Forwarding Plane Operation (Pseudowire) PE1 P ABR1 P ABR2 P PE2 Push Push Push Pop Swap Push Pop Pop Push Pop Pop IGP Label IGP Label BGP Label BGP Label BGP Label BGP Label IGP Label PW Label PW Label PW Label PW Label PW Label PW Label Payload Payload Payload Payload Payload Payload Payload Payload
Latest Trends and Future MPLS Transport Profile (MPLS-TP)
MPLS Transport Profile Existing functionality meeting Existing functionality transport requirements prior to MPLS Transport profile MP2P / MP2MP LSP IP forwarding MPLS Forwarding ECMP P2P / P2MP LSP Pseudowire Architecture OAM Resilicency GMPLS MPLS Transport Profile New extensions based on transport requirements Extends MPLS to meet packet transport requirements Connection-oriented Deployable with or without control plane Separation of control/management plane from data-plane In-band OAM 1:1, 1:n, 1+1 protection Multi-service Identifies subset of MPLS supporting traditional transport requirements 46
MPLS-TP Components Forwarding Plane OAM Protection Control Plane Services Bi-directional, co-routed LSPs Static LSP QoS CC/RDI On-demand CV Route Tracing AIS/LDI/LKR CFI (PW Status) Linear protection (1:1, 1+1, 1:N) Reversion Wait-to-restore timer Static Dynamic (GMPLS) Ethernet/VLAN ATM TDM MS-PW integration with IP/MPLS 47
MPLS-TP Transport and Service Options MPLS-TP currently focuses on Layer- 2/1services Services (clients) IPv4 Transport IPv6 IPv4 VPN IP/MPLS (LDP / RSVP-TE / BGP) IPv6 VPN MPLS Forwarding PW1 PW2 PW3 LSP VPMS VPWS VPLS MPLS-TP (Static / RSVP-TE) Existing pseudowire architecture applies to MPLS-TP LSPs typically aggregate multiple services As usual, pseudowires can be signaled or established via manual configuration Ethernet PW EoMPLS / VPLS TDM PW CESoPSN / SAToP ATM PW AAL5 and Cell Relay 48
MPLS-TP and IP/MPLS Integration Access Aggregation Core Aggregation Access T-PE S-PE S-PE T-PE MPLS-TP IP/MPLS MPLS-TP Static PW Static Tunnel Signaled PW Signaled Tunnel Static PW Static Tunnel Multi-segment pseudowires (MS-PW) enable layer-2/-1 services over a combined MPLS-TP and IP/MPLS infrastructure S-PE switches traffic between a static and a dynamic segment MPLS-TP domain uses static LSP as PSN tunnel and static PW segment IP/MPLS domain uses signaled LSP (LDP or RSVP-TE) as PSN tunnel and signaled PW segment 49
Latest Trends and Future Ethernet Virtual Private Network (E-VPN) Provider Backbone Bridges E-VPN (PBB-EVPN)
Motivation L2VPN (VPLS) currently used as PEbased data center interconnect (DCI) solution Ent DC1 Enterprise DCI back door Ent DC2 Need to address technology evolution requirements Active / Active Multi-homing PE PE Load balancing and Multi-Pathing (vlanbased / flow-based) Multicast optimization Scale (e.g. PW and MAC-addresses) CE DCPE DCE SP DC1 DCE DCPE SP NGN SP DC2 CE Multi-tenancy (service scale) Standalone DCI network Enhancements bring benefits to other VPLS applications Business services Mobile backhaul 51
E-VPN At A Glance Active IETF L2VPN working group document draft-ietf-l2vpn-evpn-00 Treat learned MAC addresses as routable addresses and distribute them in BGP over IP/MPLS network Receiving PE injects these MAC addresses into forwarding table along with its associated adjacency When multiple PE nodes advertise the same MAC, then multiple adjacency is created for that MAC address in the forwarding table When forwarding traffic for a given unicast MAC DA, a hashing algorithm could be based on L2/L3/L4 header is used to pick one of the adjacencies for forwarding Full-Mesh of PW no longer required MP2P tunnels used for unicast Ingress PE replication (MP2P tunnels) or LSM used for multi-destination traffic (multicast / broadcast / unknown unicast) PE PE BGP PE PE 52
E-VPN Broadcast Example (e.g. ARP) AGG1 BGP AGG4 M1 MH-ID=1 AGG2 PE1 PE3 AGG5 MH-ID=3 M2 C-MAC2 C-MAC1 MH-ID=2 AGG3 PE2 ibgp L2-NLRI PE4 AGG6 next-hop: n-pe1 <C-MAC1, Label 100> Host M1 sends a message with MAC SA = M1 and MAC DA=bcast PE1 learns M1 over its Agg2-PE1 AC and distributes it via BGP to other PE devices All other PE devices learn that M1 sits behind PE1 Broadcast frame sent to remote PEs using MP2P tunnels (or LSM) 53
E-VPN Unicast Example AGG1 AGG4 M1 AGG2 PE1 PE3 AGG5 MH-ID=3 M2 MH-ID=1 MH-ID=2 AGG3 PE2 PE4 AGG6 ibgp L2-NLRI next-hop: n-pe4 <C-MAC2, Label 200> Host M2 sends response with MAC SA = M2 and MAC DA = M1 PE4 learns M2 over its Agg5-PE4 AC and distributes it via BGP to other PE devices PE4 forwards the frame to PE1 (MP2P tunnel) since it has learned previously that M1 sits behind PE1 All other PE devices learn that M2 sits behind PE4 54
MAC Address Scalability Introducing PBB-EVPN WAN O(100) B-MACs O(1M) C-MACs DC Site 1 DC Site 2 DC Site N BGP MAC Advertisement Route Scalability Multiple orders of magnitude difference between C-MAC & B-MAC addresses C-MAC Address Confinement E-VPN - control plane C-MAC learning, C-MACs are always in RIB and maybe also in FIB PBB-EVPN - data plane C-MAC learning, C-MACs are never in RIB and are only present in FIB for active flows 55
Ethernet Encapsulation Evolution 802.3 802.3 C-DA C-SA 802.1Q 802.1Q Service Instances (VID) 2 12 =4,096 C-DA C-SA C-TAG 802.1ad PB 802.1ad PB Service Instances (VID) 2 12 =4,096 C-DA C-SA S-TAG C-TAG 802.1ah PBB Service Instances (I-SID) 2 24 =16,777,216 B-DA B-SA B-TAG I-TAG C-DA C-SA S-TAG C-TAG C-DA: Customer dest addr C-SA: Customer src addr C-TAG: Customer tag S-TAG: Service tag B-DA: Backbone dest addr S-SA: Backbone src addr I-TAG: Service instance tag VID: VLAN identifier (part of C-/S-/B-TAG) I-SID: Backbone service instance identifier (part of I-TAG) PB: Provider Bridges PBB: Provider backbone bridges 802.1Q/ad service Instances (2 12 ) Payload Payload Payload Payload 802.1ah service Instances (2 24 ) FCS FCS FCS FCS 56
Provider Backbone Bridges EVPN (PBB-EVPN) Solution Overview Active L2VPN working group document draft-ietf-l2vpn-pbb-evpn-03 Advertise local Backbone MAC (B-MAC) addresses in BGP to all other PEs that have at least one VPN in common just like E-VPN Build a forwarding table from remote BGP advertisements just like E-VPN (e.g., association of B-MAC to MPLS labels) Single B-MAC to represent site ID Can derive the B-MAC automatically from system MAC address of LACP peer PEs perform PBB functionality just like PBB- VPLS C-MAC learning for traffic received from ACs and C-MAC/B-MAC association for traffic received from core CE1 LACP B-MAC = Site ID BEB PE1 PE2 B-MAC Routes BEB PE3 MPLS 802.1Qbp BEB = IEEE 802.1ah Backbone Edge Bridge 57
PBB-EVPN: Dual Homed Device VLAN 2, 3 PE1 PE3 VPN B-MAC NH RouteTarget 3 B-MAC1 PE1 RIB RT3 B-MAC1 PE2 B-MAC1 MPLS/ IP RT2 B-MAC1 PE1 RT2 B-MAC1 PE2 VLAN 2,3 PE2 VPN B-MAC NH RT3 B-MAC1 PE1, PE2 FIB RT2 B-MAC1 PE1, PE2 Each PE advertises a MAC route per Ethernet Segment (carries B-MAC associated with Ethernet Segment). Both PEs advertise the same B-MAC for the same Ethernet Segment. Remote PE installs both next hops into FIB for associated B-MAC. Hashing used to load-balance traffic among next hops. PE1 MAC Routes: Route: Route Descriptor (RD11), B-MAC1, RT2, RT3 PE2 MAC Routes: Route: RD22, B-MAC1, RT2, RT3 58
Poll Question #3 What applications would you be most interested for deployment of E-VPN / PBB-EVPN in your network? [multiple choice] A. E-LAN Business Ethernet Services B. E-Tree Business Ethernet Services C. Mobile Backhaul D. Data Center Interconnect (DCI) E. No interest for now What best describes your company s interest on E-VPN / PBB-EVPN? [single choice] A. Not Interested B. Would like to learn more C. Interested. Would consider deployment in the next 12 months D. Interested. Would consider deployment in the next 18-24 months
Summary
Summary Ethernet-based WAN services, Data Center Interconnect and Mobile Backhaul are the key applications driving deployments of L2VPN today MPLS-based Layer 2 VPNs are fairly mature and have been deployed by Service Providers and Enterprises around the globe MPLS-TP extends MPLS to support operational model of traditional transport networks while supporting L2VPNs PBB-EVPN emerging as solution that meets next generation requirements for Layer 2 connectivity in verticals such as DCI
Additional References Cisco Community Service Provider Mobility https://communities.cisco.com/community/solutions/sp/mobility Unified MPLS for Mobile Transport 2.0 Design Guide https://communities.cisco.com/docs/doc-29526 Data Center Interconnect (DCI) http://www.cisco.com/go/dci Implementing MPLS Transport Profile (IOS XR) http://cisco.com/en/us/docs/routers/asr9000/software/asr9k_r4.2/mpls/configuration/guide/b_mpls _cg42asr9k_chapter_0110.html MPLS Transport Profile Configuration Guide (IOS) http://cisco.com/en/us/docs/ios/mpls/configuration/guide/mp_transport_profile.html Cisco SP360: Service Provider Blog http://blogs.cisco.com/tag/mpls-tp/ 62
Comparison of L2VPN Solutions All-Active Redundancy VPLS E-VPN PBB-EVPN Flow Based Load Balancing No Yes Yes Flow Based Multi-pathing No Yes Yes Geo-redundancy and Flexible Redundancy Grouping No Yes Yes Simplified Provisioning and Operation Core Auto-Discovery Yes Yes Yes Access Multi-homing Auto-Discovery No Yes Yes New Service Interfaces No Yes Yes Optimal Multicast with LSM P2MP Trees Yes Yes Yes MP2MP Trees No Yes Yes Fast Convergence Link/Port/Node Failure Yes Yes Yes MAC Mobility Yes Yes Yes Avoiding C-MAC Flushing No No Yes Scalable for SP Virtual Private Cloud Services Support O(10 Million) MAC Addresses per DC No No Yes Confinement of C-MAC Learning No No Yes Seamless Interworking (TRILL/802.1aq/802.1Qbp/MST/RSTP Guarantee C-MAC Transparency on PE No No Yes 64
PBB-EVPN: A Closer Look Designated Forwarder (DF) Election with Service Carving PE PE Prevent duplicate delivery of flooded frames (multicast, broadcast, unknown unicast) Non-DF ports are blocked for flooded traffic PE PE Uses BGP Ethernet Segment Route. Announcements per Segment rather than per (VLAN, Segment). Split Horizon for Ethernet Segment PE PE Prevent looping of traffic originated from a multi-homed segment. Performed based on B-MAC source address rather than E- VPN s Ethernet Segment Identifier (ESI) MPLS Label. PE PE Aliasing PEs connected to the same multi-homed Ethernet Segment advertise the same B-MAC address. PE B-MAC1 B-MAC1 PE Remote PEs use these MAC Route advertisements for aliasing load-balancing traffic destined to C-MACs reachable via a given B-MAC. PE 65