Introduction to Layer Transport and Tunneling Technologies (L2VPNs) ACC _06_2003_X. 2003, Cisco Systems, Inc. All rights reserved.

Transcription

1 Introduction to Layer Transport and Tunneling Technologies (L2VPNs) 2 1

2 Objectives Define what the leading drivers for L2VPN over packet switched infrastructure are? Outline the IETF srole in L2VPN evolution. Provide a technical review of emerging L2VPN technologies for IP & MPLS cores. Demonstrate how application of L2VPNs is meeting the challenges of Service Providers. 3 Agenda Why L2VPNs Now? PWE3 Overview Layer 2 Tunneling Options Virtual Private LAN Services L2VPN Application 4 2

3 The Facts First: Current Major Access Methods Billions $US Y E A R Worldwide L2 Access Market Forecasts* Vertical Systems Group 2001 URL:// ATM 37% CAGR Frame Relay 19% CAGR Leased Line 2% CAGR *NB. New and Emerging Access Methods e.g. Metro Ethernet, Broadband Wireless etc. not projected here but supported by Unified VPN 5 VPN Market Drivers Worldwide L2 Access Market Forecasts* $ $ ILECs PTTs VPN IXCs ISPs Enterprises 6 3

4 VPN Market Drivers ILECs PTTs VPN Strategy Reduce CAPEX, OPEX via migration to converged MPLS Backbones or current invested backbones while maintaining existing L2 revenue streams Capitalize on de-regulation via expansion and global reach of MPLS /IP Lucrative incremental MPLS service offerings, e.g., Firewalls, Content Management 7 VPN Market Drivers Leverage investment made in MPLS / IP backbone Obtain L2 services market share Provide solution for emerging large markets (example: Metro Ethernet) VPN ISPs IXCs 8 4

5 VPN Market Drivers Internally Managed: Simplify creation of secure (IPsec) Intranets and Extranets Outsourced VPNs: Flexible demarcations & cost effectiveness Full integration of Remote access VPNs VPN Enterprises 9 VPN Deployments Today: Technology & VPN Diversity Access Different Access Technologies Different Core Solutions Only Partial Integration Access IP/ IPsec MPLS or IP IP/ IPsec FR/ATM Broadband ATM FR/ATM Broadband Ethernet SONET Ethernet 10 5

6 VPN Deployments Today: Partial Integration Core Network FR ATM IP MPLS VPN Access Frame Relay ATM Ethernet / TLS Leased Line/HDLC N/A N/A In Progress In Progress In Progress In Progress IPsec N/A N/A Integration Gap Limitation Today: Circuit Termination Requirement: Standards-Based End-to-End Transport 11 VPN Delivery Challenges: Using Today s Technologies Service Providers Increased CAPEX & OPEX : Maintain & operate multiple core networks Under-utilization of Packet Networks Increased Time to Service Complicated circuit provisioning Constrained Global Reach Would require consistent global L2 topology! MPLS and IP backbone currently support circuit termination and not transport Enterprise If in-sourced: Increased CAPEX & OPEX to maintain & operate diverse VPNs If out-sourced: Few Service Providers offer required access service and reach Inflexible Demarcations Dependent on Service Provider access and core network technology Constrained Global Reach Must work with multiple Service Providers to obtain global VPN services 12 6

7 Requirements to Address VPN Markets Flexibility to transport any L2 VPN service across a backbone of choice; ATM, MPLS or IP End-to-end Transport - not just Termination Flexible demarc Customer / Subscriber Managed, Managed CPE, Provider Edge Standards-based solutions Ease of Deployment, Provisioning and Billing Scalable, dynamic deployment (control plane) 13 Consolidated Core Supports Access Different Access Technologies Complete Integration Access IP/ IPsec MPLS or IP IP/ IPsec FR/ATM Broadband FR/ATM Broadband Ethernet Ethernet 14 7

8 Summary of Benefits for L2VPNs New Service Opportunities Virtual leased line Service Offer PVC like Layer 2 based service Reduced Cost Consolidate multiple core technologies into a single packet-based infrastructure Simplify Services - Layer 2 transport provide options for Service Providers who need to provide L2 connectivity and maintain customer autonomy. Protect Existing Investments - Greenfield networks to extend customer access to existing Layer 2 networks without deploying an old-world infrastructure. Feature Support Through the use of IOS features such as IPsec, QoS and Traffic Engineering, L2 transport can be tailored to meet customer requirements 15 A brief word about L2 / L3 VPNs Layer 3 VPNs Provider devices forward customer packets based on Layer 3 information (e.g., IP) SP involvement in routing MPLS/BGP VPNs (RFC 2547), GRE, virtual router approaches Layer 2 VPNs Provider devices forward customer packets based on Layer 2 information Tunnels, circuits, LSPs, MAC address pseudo-wire concept 16 8

9 Agenda Why L2VPNs Now? PWE3 Overview Layer 2 Transport Options Virtual Private LAN Services L2VPN Application 17 Pseudo Wire IETF Working Groups PWE3 L2transport Area MPLS Sub-IP Area L2TPv3 Internet Area PPVPN Sub-IP Area 18 9

10 IETF Standardization Activity IETF working group PWE3 Pseudo Wire Emulation Edge to Edge ; Requirements detailed in draft-ietf-pwe3-requirements draft-ietf-pwe3-framework Develop standards for the encapsulation & service emulation of pseudo wires Across a packet switched backbone Focused on Point-to-Point circuit emulation PSN tunnel -> GRE, MPLS, L2TP Service -> Ethernet, ATM, PPP, FR, HDLC and so on.. 19 What is an L2VPN? IETF s L2VPN Logical Context An L2VPN is comprised of switched connections between subscriber endpoints over a shared network. Non-subscribers do not have access to those same endpoints. Provider Edge SP Interconnection SP Network Remote Subscriber Location Provider Edge Pseudowire ATM PPP Ethernet HDLC FR Many subscriber encapsulations supportable Some L1 frame encapsulations are transportable under the framework of L2VPN. This is acceptable since (unlike native L1) Frames can be dropped dueto congestion

11 What is an L2VPN? Pseudowire Abstraction Enables Transport over non-native Backbones Co-existence with other Encapsulations Service Interworking (i.e., swapping subscriber s UNI encapsulation) Bridged Ethernet over ATM One Ethernet Example: SP Network CE EoMPLS Pseudowire Ethernet VLAN CE 21 Service Offerings L2VPN Transport Services ATM Frame Relay Ethernet VPWS VPLS AAL5 over Pseudowire FR over Pseudowire Ethernet Relay Service (ERS) Ethernet Multipoint Service (EMS) Muxed UNI Cell Relay w/ packing over Pseudowire Muxed UNI PPP/HDLC over Pseudowire Muxed UNI Ethernet Wire Service (EWS) Unmuxed UNI Ethernet Relay Multipoint Service (ERMS) Muxed UNI Other variants Unmuxed UNI Unmuxed UNI Muxed UNI PPP/HDLC 22 11

12 Pseudo Wire Cisco IETF Technology Adoption Layer 2 Transport L2TPv3 draft-ietf-l2tpext-l2tp-base-07.txt draft-ietf-l2tpext-l2tpmib-base-01.txt MPLS (P2P, formerly draft-martini) draft-ietf-pwe3-control-protocol-01.txt draft-ietf-pwe3-[atm, frame-relay, ethernet, etc.] Layer 2 VPN (VPLS) Draft-lasserre-vkompella-ppvpn-vpls-02.txt No VPLS draft for native IP PSNs defined yet Auto-Provisioning draft-ietf-ppvpn-bgpvpn-auto-02.txt (BGP auto-discovery) 23 Pseudo Wire Reference Model Customer Site PSN Tunnel Customer Site PWES PE Pseudo Wires PE PWES Customer Site PWES PWES Emulated Service A pseudo-wire (PW) is a connection between two provider edge (PE) devices which connects two pseudo-wire end-services (PWESs) of the same type Service Types: Ethernet HDLC Customer Site 802.1Q (VLAN) ATM VC or VP PWES PPP Frame Relay VC 24 12

13 PWE3 Functional Components Assumptions Core PE LSP router P PE POP router Providers Buildings PE-CLE CPE PE-Customer Located Equipment MxTU Customer Edge router Customers Buildings 25 Pseudo Wire Basic Building Blocks Control Connection Transport Component Scale through: Session Management, Error Notification, L2 Access management interworking, etc. Required Components This is the delivery header of the encapsulated packet. This can be a Label (MPLS) or an IP Header. (Typically the IP address of the Loopback interface on Provider Edge (PE) routers. Tunneling Component A Unique identifier used to identify a particular circuit / port on a given PE. (VC Label or VC ID) L2 PDU The Layer 2 PDU that is the subject of transport (I.e. traffic received from the Customer Edge router, typically Ethernet, Frame Relay, HDLC frames,..etc.) Connectivity between PEs assumed; verified through ICMP or LSP ping

14 Agenda Why L2VPNs Now? PWE3 Overview Layer 2 Transport Options Virtual Private LAN Services L2VPN Application 27 L2TPv3 Layer 2 Tunneling Protocol version 3 Layer 2 Transport for native IP networks HDLC & PPP Frame Relay Ethernet 802.1Q ATM AAL5 Virtual Path Mode 28 14

15 Layer 2 Tunneling Protocol version 3 Frame Relay ATM Leased Line Ethernet L2TPv3 IP Core Frame Relay ATM Leased Line Ethernet L2TPv3 for customers that prefer a native IP network Provides ability to transport layer 2 traffic across IP packet-based core networks Based on a well-established lineage of protocols: L2TPv2 and pre-standards Cisco innovation Universal Transport Interface (UTI) A standards track open architecture allows extensibility to many transport types Efficient header for high performance decapsulation Configuration on the edge routers (PEs) only! 29 Layer-2 Transport over IP Control Connection L2TP Control Connection Used for Session ID Negotiation, Withdrawal, Error Notification Transport Component Tunneling Component L2 PDU Emulated Circuits have 3 layers of encapsulation Delivery Header (IPv4 Header) to get PDU from ingress to egress PE; could be an MPLS label, GRE tunnel, L2TP tunnel Demultiplexer field (L2TPv3 Header) to identify individual circuits within a tunnel; (4 byte Session ID + Optional 8 byte Cookie) L2 Specific Sublayer + Payload (Layer 2 PDU) Basic Priority & Sequence Support L2 Payload:ATM, HDLC, PPP, Ethernet, Frame Relay, etc

16 Layer-2 Transport over IP Control Connection L2TP Control Channel Session ID Negotiation, Circuit/Session Status, Error Notification, etc Session ID (0x0000) T L x x S x x x x x x x Version Ns Control Connection ID Length Nr 12.0(23)S T Set to 1, indicates this is a control message L, S For a control message, this must be set to 1 indicating the pres ence of Length & Sequence fields x Reserved for future extensions. Ver Indicates which version of L2TP is in use. This field must be set to 3. Length Indicates the total size of the control message in octets, starting with the T bit. Control Connection ID A locally significant ID, it is the peer s ID not it s own. 31 L2TP Control Connection Highlights Dynamic Sessions L2TP Control Connection and sessions for each Pseudowire are setup and torn down dynamically, no need to configure each individually. In band Data and Control Plane If the Control Connection is active, the IP path between L2TP Connection endpoints is likely good. Keepalive Hello message provides periodic keepalive, dead-peer and path detection for all sessions associated with a given Control Connection. Tunnel Authentication Shared-secret tunnel authentication for Control Connection LMI Interworking - Circuit Status Integration with various circuit LMI to provide circuit status updates without tearing down L2TP session

17 L2TPv3 Data Messages IPv4 Header (20 Bytes) L2TPv3 Header L2 PW Cntrl Encap Layer 2 PDU (variable) Session ID (4 Bytes) Session Cookie (0 8 Bytes) IPv4 Header - The delivery header for the Tunnel. Always destined for an LCCE. L2TPv3 header Consists of two parts; (1) Session ID used to uniquely identify the correct Session on the Remote system, and (2) the Cookie used as an added measure of session integrity between peers. L2 PW Control Encapsulation - Sequence numbers, priority bits, and any additional flags needed to support the L2 emulation for the given PW type. There is a default defined in the L2TPv3 base specification, though this may vary among PW types if necessary. Payload - Payload to be transported by L2TPv3. Typically the entire link-level frame. 33 Default Control Encapsulation IPv4 Header (20 Bytes) L2TPv3 Header L2 PW Cntrl Encap Layer 2 PDU (variable) P S x x x x x x Sequence Number PW emulation enhancements (optional): (P)riority Used to give higher priority to PW packets that shouldn t be dropped during congestion. This is not a hop-by-hop QoS bit. Per-hop QoS should utilize IP ToS (DSCP) settings. (S)equencing - Indicates the presence of sequence numbers and can be used in services such as ATM / Frame-Relay, etc. (2^24 Looping Counter, includes 0) (x) Reserved 34 17

18 Highlights on IP Encap. of Data Plane Path MTU Leverage the Control Plane to communicate the data plane MTU between LCCEs Fragment IP packets before entering PW Time-to-Live Control the scope of routable space for the L2TPv3 packets Type-of-Service Set the TOS bits of the encapsulating header May reflect the TOS bits from framed and tunneled IP payloads 35 Negotiating Circuit Identification VC Information Exchange Optional Control Connection provides scalable session negotiation and reliable VC management Keepalive (Hellos) Tunnel authentication Session IDs are negotiated between L2TP Endpoints Negotiated in L2TPv3 Control Messages (ICRQ, ICRP, ICCN), and applied to L2TPv3 Data Messages Attribute Value Pairs (AVPs) are used to describe the session and provide optional parameters Described in draft-ietf-l2tpext-l2tp-base-02.txt 36 18

19 L2TPv3 Session Negotiation CE1 3. PE1 requests a call to be setup from PE2.(ICRQ,ICRN) 1. Xconnected circuit transitions to an active state PE1 4. PE2 replies to the request from PE1 and confirms the call should be processed (ICRP) 2. PE1 starts a control connection with PE2 if one doesn t already exist. (SCCRQ, SCCRP, SCCRN) PE2 IC[xx] messages are exchanged for each new PW that is provisioned. CE 5. Negotiated Session IDs are now prepended to the PW and PDUscan be forwarded. IPv4 Header L2TPv3 Header PDU Bi-directional Session ID exchange initiated by one of the LCCEs 37 AToM Any Transport Over MPLS Layer 2 Transport for MPLS Networks HDLC/PPP Frame Relay Ethernet 802.1Q ATM AAL5 & Cell Relay 38 19

20 Layer-2 Transport across MPLS Two relevant drafts by Luca Martini draft-ietf-pwe3-control-protocol formerly Martini Control Plane describes label distribution mechanisms for VC labels draft-martini-l2circuit-encap-mpls separate docs now! Data Plane draft-ietf-pwe3-atm-encap, draft-ietf-pwe3-hdlc-ppp-encap-mpls draft-ietf-pwe3-ethernet-encap, draft-ietf-pwe3-frame-relay describes emulated VC encapsulation mechanisms Layer 2 Transport Options: Frame Relay ATM AAL5 & ATM Cell Relay Ethernet, 802.1q (VLAN) POS TDM, Cisco HDLC & PPP 39 Layer-2 Transport across MPLS Control Connection Directed LDP Used for VC-Label Negotiation, Withdrawal, Error Notification Transport Component Tunneling Component L2 PDU (Emulated) Emulated Circuits have 3 layers of encapsulation Tunnel Header (Tunnel Label) to get PDU from ingress to egress PE; could be an MPLS label, GRE tunnel, L2TP tunnel Demultiplexer field (VC Label) to identify individual circuits within a tunnel; could be an MPLS label, L2TPv3 header, GRE Key, etc. Emulated VC encapsulation (Control Word) information on enclosed Layer-2 PDU; implemented as a 32-bit control word 40 20

21 Negotiating Circuit Identification VC Information Exchange VC labels are exchanged across a directed LDP session between PE routers Carried in Generic Label TLVwithin LDP Label Mapping Message (RFC3036 -LDP) New LDP FEC element defined to carry VC information FEC element type 128 Virtual Circuit FEC Element ; Carried within LDP Label Mapping Message VC information exchanged using Downstream Unsolicited label distribution procedures Described in draft-martini-l2circuit-trans-mpls 41 Virtual Circuit FEC Element VC TLV (0x80) C VC-type VC info length Group ID VC ID Interface Parameters C: Control Word (1 bit) Control word present if bit set VC-type (15 bits) - Type of VC e.g FR, ATM, VLAN, Ethernet, PPP, HDLC VC info length (8 bits) Length of VCID field and interface parameters Group ID (32 bits) Represents a groups of VCs. Can be used for mass label withdrawal VC ID (32 bits) Connection identifier used in conjunction with the VC-type to identify a particular VC Interface Parameters (Variable) Edge facing interface parameters, such as MTU 42 21

22 VC Label Mapping Composition Label Message (0x0400) Message Length 0 0 FEC TLV (0x0100) Length VC TLV (0x80) 0 Message ID VC Type Group ID VC ID VC Info Length LDP Label Mapping Message (Specified in RFC 3036) FEC TLV Header (Specified in RFC 3036) Virtual Circuit FEC Element (Specified in draft-martini-l2circuit-trans-mpls) I/F Parameters 0 0 Generic Label (0x0200) Label Length Label TLV Header (Specified in RFC 3036) Optional Parameters 43 Layer-2 Transport Control Word Tunnel Label Tunnel Label (LDP or RSVP) EXP 0 TTL VC Label VC Label (VC) EXP 1 TTL (set to 2) Control Word Rsvd F B D C 0 0 Length Sequence number Flags Layer -2 PDU When transporting layer-2 protocols over an IP or MPLS backbone: The sequence of the packets may need to be preserved; Small packets may need to be padded if the minimum MTU of the medium is larger than actual packet size; Control bits carried in header of Layer-2 frame may need to be transported Encap. CR Eth FR Control Word AAL5 HDLC PPP Required No Yes No Yes No No 44 22

23 AToM Label Mapping Exchange CE1 3. PE1 allocates VC label for new interface & binds to configured VCID 1. L2 transport route entered on ingress PE PE1 4. PE1 sends label mapping message containing VC FEC TLV & VC label TLV 2. PE1 starts LDP session with PE2 if one does not already exist PE2 PE2 repeats steps 1-5 so that bi-directional label/vcid mappings are established CE 5. PE2 receives VC FEC TLV & VC label TLV that matches local VCID Tunnel Label VC Label PDU Bi-directional Label/VCID mapping exchange 45 VC Label Withdrawal Procedures If a PE router detects a condition that affects normal service it MUST withdraw the corresponding VC label Through the use of LDP signalling A PE router may provide circuit status signalling FR MUST through the use of LMI procedures; ATM SHOULD through the use of ILMI procedures LDP Label Withdraw VCID 320 VC Label 16 Circuit Status Signalling PE1 MPLS PE2 PE Port Failure Triggers Group ID withdrawal Layer-2 Circuit CE Port / VC Failure Triggers Label Withdrawal Msg 46 23

24 Layer 2 Transport Summary AToM & L2TPv3 are technologies for the transport of Layer 2 PDUs across and native or MPLS enabled IP cores. AToM uses Directed LDP sessions to exchange VC Labels between participating peers while L2TPv3 uses Control messages to negotiate Session IDs AToM & L2TPv3 can use an optional Control Word to preserve information in transported PDUs AToM & L2TPv3 provides interworking with access circuit management protocols to maintain VC status consistency (i.e. label withdrawal or call disconnect notification in the event of edge service loss, etc.) 47 Agenda Why L2VPNs Now? PWE3 Overview Layer 2 Transport Options Virtual Private LAN Services L2VPN Application 48 24

25 What is VPLS? Service or Architecture VPLS is an end-to-end Service CE PE PE CE MPLS Network Initial IETF drafts: treat PWs a logical ports of a switch do MAC address learning/forwarding on that logical port Run split horizon among the PWs to avoid STP over core 49 VPLS Overview Building Blocks Common VC ID between PEs creates a Virtual Switching Instance MPLS enabled core forms Tunnel LSPs CE PE PE CE MPLS Full Mesh of directed LDP sessions exchange VC Labels Attachment VCs are Port Mode or VLAN ID CE 50 25

26 VPLS L2 Forwarding Instance Requirements for this solution MAC table instances per customer and per customer VLAN (L2-VRF idea) for each PE VSI will participate in learning, forwarding process Create partial or full-mesh of EoMPLS VCs per VPLS Usage of network split horizon to prevent loops New additional VC-Type to draft-martini-trans Announce EoMPLS VPLS VC tunnels New additional MAC TLV to LDP 51 VPLS Overview Flooding & Forwarding? Data SA? Flooding (Broadcast, Multicast, Unknown Unicast) Dynamic learning of MAC addresses on PHY and VCs Forwarding: - Physical Port - Virtual Circuit 52 26

27 VPLS Overview MAC Address Learning Send me traffic 102 MAC 1 MAC 2 Data Send me traffic with Label 102 with Label 201 PE1 PE2 CE VC Label 102?Tx CE Tx?VC Label 201 E0/0 E0/1 MAC Address Adj MAC MAC 1 E0/0 MAC x xxx Data MAC 1 MAC MAC Address Adj MAC 2 E0/1 MAC MAC x xxx Broadcast, Multicast, and unknown Unicast are learned via the received label associations 2 LSPs associated with an VC (Tx & Rx) If inbound or outbound LSP is down the entire circuit is considered down 53 VPLS Overview L2 VPN Topology CEs PEs MPLS Network PE view - Full Mesh LDP - EoMPLS PW to each peer Each PE has a P2MP view of all other PEs it sees it self as a root bridge, split horizon loop protection Full mesh topology obviates STP requirements in the service provider network Customer STP is transparent to the SP / Customer BPDUs are forwarded transparently 54 27

28 VPLS Overview MAC Address Withdrawal LDP Address Withdrawal X Primary link failure triggers Notification Message PE removes any locally learned MAC addresses and send LDP Address Withdrawal (RFC3036) to remote PEs in VPLS New MAC TLV is used 55 VPLS Overview Data Forwarding Topology 2: L2VPN, Ethernet Virtual Circuit Service (Distributed PE) 3550s 7600s CE1.1Q 401 U-PE QinQ N-PE Full Mesh LDP N-PE MPLS Network CE4 Data Customer VLAN Ether 133 SA DA Type SP VLAN Ether Type 401 SA DA VC Label Customer frames / VLANs are forwarded only Service delimiters are local to PE -.1q tags, VC-labels, RFC1483, etc. Allows for hierarchical design options 56 28

29 VPLS Overview VPLS Learning Unqualified: Single port assigned for all customer VLANs Single broadcast domain for all customer VLANs Single MAC address space (no overlap!) Qualified: Each VLAN has its own VPLS instance A VLAN has its own broadcast space and MAC address space Customer MAC addresses MAY overlap One FIB per Customer VLAN Broadcast domain limited to VLAN scope 57 VPLS Architectures VPLS Architectures Direct Attachment (Flat) Hierarchical QinQ PWE3 (AToM, L2TPv3) 58 29

30 VPLS Functional Components Assumptions Core N-PE LSP router P PE POP router Providers Buildings U-PE CPE PE-Customer Located Equipment MxTU Customer Edge router Customers Buildings 59 VPLS Architecture Characteristics - Directed attachment (Flat) Okay for simple implementations Full mesh of directed LDP sessions required between participating PEs; N*(N-1) No hierarchical scalability VLAN and Port level support (no QinQ) 60 30

31 VPLS architecture Directed attached PE Core N-PE Forwarding L2 Control Plane Plane LDP + CE-1Q VPLS VPLSoMPLS extensions VSI VPLS Auto-c/d Auto-discovery BGP or DNS LDAP CE-1Q U-PE CPE 61 VPLS Overview Illustrated Directed attachment (Flat) Address Tx / Rx MAC / 201 MAC 2 E1/1 MAC / 203 CE2 MAC 2 PE1, VCID 100 Address Tx / Rx MAC 1 E0/0 MAC / 102 MAC / 103 MAC 1 CE1 PE1 PE2 MPLS Network PE3 Address Tx / Rx MAC / 301 MAC / 302 MAC 3 E0/1 CE3 Port or VLAN based aggregation in the CEs VPLS exists between the PEs in the PoP MAC

32 VPLS Architecture Characteristics Hierarchical (H-VPLS) Best for larger scale deployment Reduction in packet replication and signaling overhead Full mesh for Core tier (Hub) only Attachment VCs virtual switch-ports effected through Layer 2 tunneling mechanisms (AToM, L2TPv3, QinQ) Expansion affects new nodes only (no reconfiguring existing PEs) 63 VPLS Architecture Components U-PE w / QinQ Tunnel PE-CLE with 1Q1Q tunnel Core N-PE Forwarding L2 Control Plane Plane LDP + CE-1Q VPLS VPLSoMPLS extensions VSI VPLS Auto-c/d Auto-discovery BGP or DNS LDAP CE-1Q PE- 1Q LDP - light U-PE 1Q in 1Q CE-1Q CPE 64 32

33 VPLS Architecture Architecture U-PE w / QinQ Tunnel CE2a CE Q s U-PE CE2b SP applied VLAN Tags for Customer isolation (PE-VLAN) Customer applied VLAN Tags for WG isolation (CE-VLAN) QinQ N-PE 7600s Full Mesh LDP MPLS Network PE-PoP N-PE CE4 VPLS functioning between participating PEs Ether Type 401 SA DA Ether Type 102 SA DA 65 VPLS Architecture Architecture U-PE w / QinQ Tunnel 3550s 7600s CE2a CE2b CE Q Customer applied VLAN Tags for WG isolation (CE-VLAN) U-PE QinQ SP applied VLAN Tags will be removed prior to forwarding across the core (PE-VLAN) N-PE Full Mesh LDP MPLS Network PE-PoP PW VC Label is imposed N-PE CE4 VPLS functioning between participating PEs Data Ether Type 401 SA DA VC Label 66 33

34 VPLS Architecture Components U-PE w / LSP Tunnel PE-CLE with LSP tunnel Core N-PE Forwarding L2 Control Plane Plane LDP + CE-1Q VPLS VPLSoMPLS extensions VSI VPLS Auto-c/d Auto-discovery BGP or DNS LDAP U-PE CE-1Q PE-EoMPLS L2TPv3 LDP L2TPv3 CE-1Q CPE 67 VPLS Architecture Architecture U-PE w / LSP Tunnel CE1.1Q L2VPN Router U-PE AToM or L2TPv3 N-PE 7600s Full Mesh LDP N-PE CE4 CE2a CE2b Customer applied VLAN Tags for WG isolation (CE-VLAN) PSN SP applied VC-Label & Tunnel LSP Label MPLS Network PE-PoP PW VC & Tunnel labels are imposed VPLS functioning between participating PEs Ether Type Data SA DA

35 VPLS Draft Updates IETF Draft Progress VPLS over MPLS draft-lasserre-vkompella-ppvpn-vpls-04.txt (on track to become WG document) Auto-discovery draft-stokes-ppvpn-vpls-discover-00.txt (LDP auto-discovery) (No traction) draft-heinanen-dns-l2tp-vpls-00.txt (DNS auto-discovery) (Obsolete) draft-heinanen-dns-ldp-vpls-00.txt (DNS auto-discovery) (Obsolete) Replaced by: draft-heinaen-radius-pe-discovery-01.txt draft-ietf-ppvpn-bgpvpn-auto-02.txt (BGP auto-discovery) (WG document) Management draft-paari-ppvpn-vpls-mib-00.txt (no update) 69 Agenda PWE3 Overview Layer 2 Tunneling Protocol version 3 Any Transport over MPLS Virtual Private LAN Services L2VPN Application 70 35

36 L2VPN Application Objectives Illustrate How L2VPNs are being utilized: Operational Simplification through Network Consolidation Creative Cost Reduction for managed Services Leveraging the PSN for New Services 71 L2VPNs Network Consolidation Provider Profile: Wireless services, updating internal infrastructure, no new service creation Problem: Next generation technology required build-out of new network infrastructure Legacy services left too many overlapping networks to support, maintain and operate. New high-speed network is underutilized Q: How can the Service Provider consolidate legacy systems by utilizing L2VPN technology? 72 36

37 L2VPNs Pre - Network Consolidation T1s HDLC DS3 2G DS3 T1s HDLC MSC MSC DS3 2.5G DS3 MSC 3G MSC OC-3 OC-3 MSC Regional Switching Center National Data Center Regional Switching Center MSC 73 L2VPNs Post - Network Consolidation Serial Connections terminated locally on MPLS enabled Edge Router DS3 MSC MSC DS3s OC-3s 3G OC-3s DS3s MSC RSC NDC RSC RSC MSC AToMPWs running HDLC encap form overlay for legacy systems MSC MPLS Domain MSC 74 37

38 L2VPNs Recurring Cost Reduction Provider Profile: Tier 2 Service Provider, regulatory limitation prevents owning copper last mile; ILEC leased. Providing Frame Relay, Leased Line services Problem: Recurring costs from ILEC make aggressive competition impossible. Wireless bypass alone doesn t allow existing customer s service protection Limited ability to expand. Q: How can the Service Provider save local loop costs without service disruption to existing customers? 75 L2VPNs PRE - Recurring Cost Reduction CPE Customer NTU Tier 1 SP Tier 2 SP ATM/FR Tier 1 SP NTU Customer CPE DTE DTE CPE NTU Cust. Prem. Copper Access MGX Edge - FRSM Copper Access NTU CPE Cust. Prem. Nx64 TDM access provided from the ILEC Frame Relay encapsulation from the CPE to the MGX Frame Relay VCs mapped through Tier 2 SPs ATM Core 76 38

39 L2VPNs Recurring Cost Reduction CPE Customer U-PE Wireless Access Tier 2 SP ATM/FR DTE DCE CPE U-PE Cust. Prem. MGX Edge - FRSM L2TPv3 Tunnel Frame Relay Encap L2TPv3 enables transparent Frame Relay service Simplifies management and reduces overhead Seamless no-touch migration for the customer 77 L2VPNs New Service Offering Provider Profile: Tier 1 Service Provider with traditional voice & data services. Problem: Existing L3 data network is massively underutilized Upgrading legacy L2 ATM/FR network with switches is undesirable. Would like to offer more competitive L2 options. Possibly migrate FR switches to IP backbone. Q: How can the Service Provider take advantage of the unused bandwidth on their existing L3 packet infrastructure? 78 39

40 L2VPNs PRE - New Service Offering Separate ATM/FR 10% IP Core 3% 8% 9% 7% Europe 6% Asia 12% 11% 3% Internet & IP-VPN traffic only Bandwidth glut on IP core South America OC-192 OC-48 OC L2VPNs POST - New Service Offering IP Core FR FR FRoL2TPv3 Europe Asia FRoL2TPv3 FR Resist purchasing legacy switches New L2 services offered cost effectively Drive up utilization on L3 network South America OC-192 OC-48 OC

41 L2VPN Summary Established why L2VPN technologies are emerging as the new VPN options for PSNs? Introduced IETF backed solutions for addressing L2VPN market requirements Introduced some innovative ways Service Providers are taking advantage of L2VPN technologies. 81 L2 VPN Outstanding Topics Unresolved Questions Configuration Guidelines Performance QoS SLAs Management Security Most will be covered in the deployment session ACC-2001! 82 41

42 Any Questions? 83 What s Next? Follow-on Sessions: ACC L2 Transport & Tunneling (L2VPN) Application & Deployment RST-2062 Deploying MPLS Traffic Engineering Related Sessions: RST-1061 Introduction to MPLS RST-2081 Deploying Quality of Service for Converged Networks OPT-2045 Deploying Metro Ethernet Architecture & Services 84 42

43 Thank You! 85 Recommended Reading MPLS and VPN Architectures, CCIP Edition ISBN: MPLS and VPN Architectures, Volume II ISBN: publishes in early June Advanced MPLS Design and Implementation ISBN: X Available on-site at the Cisco Company Store 86 43

44 Please Complete Your Evaluation Form Session