VPLS, PPB, EVPN and VxLAN Diagrams

Similar documents
Ethernet VPN (EVPN) and Provider Backbone Bridging-EVPN: Next Generation Solutions for MPLS-based Ethernet Services. Introduction and Application Note

Contents. EVPN overview 1

Implementing IEEE 802.1ah Provider Backbone Bridge

Internet Engineering Task Force (IETF) Request for Comments: N. Bitar Nokia R. Shekhar. Juniper. J. Uttaro AT&T W. Henderickx Nokia March 2018

BESS work on control planes for DC overlay networks A short overview

Internet Engineering Task Force (IETF) ISSN: A. Sajassi Cisco J. Uttaro AT&T May 2018

HPE FlexFabric 5940 Switch Series

Ethernet VPN (EVPN) in Data Center

VXLAN EVPN Multihoming with Cisco Nexus 9000 Series Switches

H3C S6520XE-HI Switch Series

Designing Mul+- Tenant Data Centers using EVPN- IRB. Neeraj Malhotra, Principal Engineer, Cisco Ahmed Abeer, Technical Marke<ng Engineer, Cisco

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

Huawei CloudEngine Series. VXLAN Technology White Paper. Issue 06 Date HUAWEI TECHNOLOGIES CO., LTD.

Data Center Configuration. 1. Configuring VXLAN

Implementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN

E-VPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN

IEEE 802.1ah on Provider Backbone Bridges

EVPN Multicast. Disha Chopra

E-VPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN

Deploy VPLS. APNIC Technical Workshop October 23 to 25, Selangor, Malaysia Hosted by:

H3C S7500E-X Switch Series

Hierarchical Fabric Designs The Journey to Multisite. Lukas Krattiger Principal Engineer September 2017

Configuring VXLAN EVPN Multi-Site

Introduction to External Connectivity

Optimizing Layer 2 DCI with OTV between Multiple VXLAN EVPN Fabrics (Multifabric)

Unicast Forwarding. Unicast. Unicast Forwarding Flows Overview. Intra Subnet Forwarding (Bridging) Unicast, on page 1

Understanding Basic 802.1ah Provider Backbone Bridge

Configuring VXLAN EVPN Multi-Site

EVPN Command Reference

Virtual Hub & Spoke with BGP EVPNs

IP Fabric Reference Architecture

Spirent TestCenter EVPN and PBB-EVPN AppNote

Configuring VXLAN EVPN Multi-Site

Virtual Extensible LAN and Ethernet Virtual Private Network

SharkFest 18 US. BGP is not only a TCP session

Overview. Overview. OTV Fundamentals. OTV Terms. This chapter provides an overview for Overlay Transport Virtualization (OTV) on Cisco NX-OS devices.

Configure L2VPN Autodiscovery and Signaling

Intended status: Standards Track. Cisco Systems October 22, 2018

EVPN Overview. Cloud and services virtualization. Remove protocols and network simplification. Integration of L2 and L3 services over the same VPN

Provisioning Overlay Networks

Configuring VPLS. VPLS overview. Operation of VPLS. Basic VPLS concepts

Implementing VXLAN in DataCenter

Solution Guide. Infrastructure as a Service: EVPN and VXLAN. Modified: Copyright 2016, Juniper Networks, Inc.

Configuring VXLAN Multihoming

VXLAN Overview: Cisco Nexus 9000 Series Switches

H3C S6520XE-HI Switch Series

Implementing IP in IP Tunnel

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

MPLS design. Massimiliano Sbaraglia

Configuration and Management of Networks. Pedro Amaral

Network Virtualization in IP Fabric with BGP EVPN

Multi-site Datacenter Network Infrastructures

Virtual Subnet (VS): A Scalable Data Center Interconnection Solution

Configure Multipoint Layer 2 Services

EXTREME VALIDATED DESIGN. Network Virtualization in IP Fabric with BGP EVPN

Configuring Virtual Private LAN Services

Implementing Virtual Private LAN Services

Implementing MPLS VPNs over IP Tunnels

Contents. Configuring EVI 1

EVPN Routing Policy. EVPN Routing Policy

Configuring Virtual Private LAN Service (VPLS) and VPLS BGP-Based Autodiscovery

VXLAN Design with Cisco Nexus 9300 Platform Switches

Feature Information for BGP Control Plane, page 1 BGP Control Plane Setup, page 1. Feature Information for BGP Control Plane

Higher scalability to address more Layer 2 segments: up to 16 million VXLAN segments.

Network Configuration Example

Fabric Connect Multicast A Technology Overview. Ed Koehler - Director DSE. Avaya Networking Solutions Group

Building Data Center Networks with VXLAN EVPN Overlays Part I

APNIC elearning: MPLS L3 VPN

Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling

Traffic Load Balancing in EVPN/VXLAN Networks. Tech Note

Internet Engineering Task Force (IETF) Request for Comments: 8014 Category: Informational. M. Lasserre Independent T. Narten IBM December 2016

MPLS VPN Multipath Support for Inter-AS VPNs

Internet Engineering Task Force (IETF) Request for Comments: 8214 Category: Standards Track

Configuring Routed Pseudowire and VPLS

Cloud Data Center Architecture Guide

Building Blocks in EVPN VXLAN for Multi-Service Fabrics. Aldrin Isaac Co-author RFC7432 Juniper Networks

Inter-networking. Problem. 3&4-Internetworking.key - September 20, LAN s are great but. We want to connect them together. ...

EVPN for VXLAN Tunnels (Layer 3)

Scaling bridge forwarding database. Roopa Prabhu, Nikolay Aleksandrov

Ethernet Virtual Connections Configuration

L2 MPLS VPN (VPLS) Technology White Paper

Configure Virtual LANs in Layer 2 VPNs

Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling

Carrier Ethernet Evolution

Deploying MPLS L2VPN

ROUTING INTRODUCTION TO IP, IP ROUTING PROTOCOLS AND PROXY ARP

Network Configuration Example

Configure EVPN IRB EVPN IRB

Wide-Area Networking Configuration Guide: Overlay Transport Virtualization, Cisco IOS XE Release 3S

Routing Between VLANs Overview

Virtual Subnet : A L3VPN-based Subnet Extension Solution draft-xu-l3vpn-virtual-subnet-01

VXLAN Cisco and/or its affiliates. All rights reserved. Cisco Public

Impact Analysis in MPLS Networks

Point-to-Multipoint and Multipoint-to-Multipoint Services on PBB-TE System

VXLAN EVPN Multi-Site Design and Deployment

Configuring Ethernet Virtual Connections on the Cisco ASR 1000 Series Router

Vmware VCXN610. VMware Certified Implementation Expert (R) Network Virtualization.

MPLS VPN over mgre. Finding Feature Information. Last Updated: November 1, 2012

HPE FlexFabric 7900 Switch Series

Configuring multicast VPN

Transcription:

VLS, B, EVN and VxLAN Diagrams Contents 1. VLS Signalling: An overview of how VLS is signalled to create the pseudowires and how the different labels are chosen. This based on the following document: VLS with BG Signalling - Cisco TAC Document ID 116121 2. VLS Issues: Common issues experienced within a VLS setup. 3. B Switching: A look at the path a packet will take through a BB Switched network, including the different labels and identifiers used. This is partially based on http:// www.tatacommunications.com/vpn/bbknowledgecenter/brksg-2203.pdf. Any images marked with taken from the document, I claim no credit for their creation. are 4. EVN Overview: Shows the operation and principles involved in EVN. This is partially based on https://conference.apnic.net/data/37/2014-02-24- apricot-evpn-presentation_1393283550.pdf. Any images marked with credit for their creation. are taken from the document, I claim no 5. EVN Operation: More detailed notes on the processes involved in EVN. 6. BB-EVN: Some of the basic processes involved when the above two technologies work together (MAC learning and advertisements) 7. Inter-operation: A conceptual diagram showing how B-EVN and VLS technologies could interrelated in a Service rovider core. 8. VxLAN: A very brief overview of a VxLAN packet. by Steven Crutchley

router bgp 1 l2vpn context ONE vpn id 100 autodiscovered bgp singaling bgp ve id 1001 ve range 50 route-target export 32:64 route-target import 32:64 If A BG Router Reflector runs software that does not support RFC 4761, but does have support for RFC 4762, the special BG neighbor x.x.x.x prefixlength-size 2 configuration command is needed on the Route Reflector so it can reflect the BG updates used for RFC 4761. 1 RFC 4762: VLS Discovery = BG (auto) Signalling = LD RFC 4761: VLS Discovery = BG (auto) Signalling = BG (auto) VLS - BG Signalling Operation Based on VLS with BG Signalling - Cisco TAC Document ID 116121 LD still used as hop-by-hop used for tunnel labels 3 If the process of selecting a label fails 1 will notice, when it gets an update from 3. Knowing its own advertised label range, it will see that the VE-ID will fall outside of the VBO <= VE-ID < (VBO + VBS) test. So in reaction, 1 will send a new update with new VBO and LB values. It should now accommodate the VE-ID of 3. 3 may do the same in the opposite direction. Both advertised blocks will show in show bgp commands. Blocks of contiguous VE-IDs are less likely to require second BG messages to be sent. mpls label range 10000 20000 router bgp 1 roblem Statement VLS needs point-to-mutlipoint Ws. s within one VLS Realm could be manually configured or discovered using BG. But targeted LD would still be needed for signalling. This diagram shows how to use BG for signalling (RFC4761). ibg is used because of its full mesh requirement with Router Reflectors. There would be two methods to send updates: 1. Send one update per W. But this goes to all routers and only one of them can use this information (the that is the other end of the W in question) 2. To avoid a high level of updates, one local router sends a set/block of local VC labels to all remote routers. Each remote picks a VC label in a unique fashion, so that no other picks the same one. There must be enough labels and they must not be wasted. This diagram describes this second method. ID N L R I C o m m u n i t i e s Signalling (octets) Indentity Length (2) RD (8) VE ID (2) VE Block Offset (2) VE Block Size (2) Label Base (3) Extended Comm Type (2) Encapsulation Type (1) Control Flags (1) Layer 2 MTU (2) Reservered (2) Additional RTs (import, export ) BG Signalling Update BG sender - afi/safi 25/65. l2 router-id <id> identity of the VLS domain. If not configured format is ASN:vpn_id (VE-ID) must be a unique to each to identify it within the VLS domain RR (VBO) gap used if more than one block needs to be sent. VBO = RND (VE-ID/VBS) * VBS (VBS) size of the block set (default 10). ve range (LB) first free label in the block 0x800A Encapsulation Type (1) 0-5 must be zero. 6 = C for control word. 7 = S for sequencing imports and exports from an L2VN like MLS L3VN RND = the maximum value out of the division result, rounded down or 1. Full mesh reflection 2 To select VC label from block sent by 1, it must determine if VBO is within range of its configuration. Note the VBO will be very close to the LB. This is essentially the range the 1 is offering 2. VBO <= VE-ID < (VBO + VBS) If this passes, VC label is determined using: LB + VE-ID - VBO Examples VBS of 20, VBO of 5 and LB of 10. VBO + VBS = 25. VE-ID of 6 succeeds. 5<=6<25 Label = 10+6-5=11 VE-ID of 26 fails. 26>25 Label = 10+26-5=31 (above block) VE-ID of 3 fails. 3<5 Label = 10+3-5=8 (below block) The successful label is used as the remote label in the output (10002 in the example shown) The same process is done in the opposite direction l2vpn context ONE vpn id 100 autodiscovered bgp singaling bgp ve id 1002 ve range 50 route-target export 32:64 route-target import 32:64 mpls label range 3000 600000 VE-ID = 3 (VC Label 8) 10 30 VE-ID = 6 (VC Label 11) VE-ID = 26 (VC Label 31)

VLS Issues MAC Learning Flood ARs and BUM traffic Learn Source MAC Multihoming BDUs Multi homed s can get their own packet back from the core MAC Move MAC moves - wait for MaxAge

acket ath through Switched BB Network Customer C Legend S = Assigned by supplier for bridged network B = Assigned by supplier for backbone bridged network C = Assigned by customer DA = Destination MAC Address SA = Source MAC Address TAG = VLAN tag (also termed VLAN) SID = Service ID C-Switch BUM = Broadcast, Multicast or Unknown Unicast (when referring to traffic) 802.1ad QinQ Devices B = rovider Edge Bridge CB = Core rovider Bridge 802.1ah BB Devices BEB = rovider Backbone Edge Bridge BCB = rovider Backbone Core Bridge Customer switch adds a VLAN tag onto the packet and sends it over a trunk link across their network and ultimately up to the provider B CB B assed to rovider s Backbone Network Service rovider, using QinQ, adds their own VLAN tag (S- TAG) to the frame S-TAG assed through Service rovider 802.1ad core S-TAG BEBs > Each BEB is identified by a unique unicast B-MAC Address. > BEBs learn and forward based on both C-MAC and B- MAC addresses. > It builds a map of C-MAC to B-MAC addresses. Bridge Forwarding Database (Bridge FDB) Within the B-MAC address space or core: The FDB to use is selected based on the B-TAG. Within the C-MAC Address space: Frames coming in from access (from 802.1ad) have their FDB selected based on the S-TAG. Frames coming in from the B-MAC core: Have their FDB selected based on the I-SID Set to egress BEBs MAC (BEB2-MAC) BEB1 Entire Frame is encapsulated using 802.1ah. This includes a 24bit SID (breakdown below), an optional VLAN tag for the BB network and the source and destination MAC addresses within the BB network. B-MAC address space. Forwarding based on outer B-MAC. B-DA B-SA B-TAG B BEB2 BCB S-TAGs are mapped to SIDs SID same length as VLAN header SIDs are bundled into B-TAG VLANs if used. B-TAG defines the transport topology in the BB network 3 1 1 3 24 C DEI UCA RES I-SID S-TAG S-TAG CB C = priority code points DEI = drop eligibility indication UCA = Use customer address RES = Reserved I-SID = Actual identifier value for the SID (Service Instance Identifier) B C-Switch Customer C you only care about the ORT. Not the tagging. ort-based Service Interface (UNI) Each I-SID will have a multicast group for BUM traffic so think how this will affect things if many customers map to one I-SID (See BUM Network acket Flow diagrams below) Looking at S-TAG Service Interfaces (below) as an example, this depends on how customers are mapped to S-TAGs or SIDs. It could be one customer per S-TAG in the 802.1ad realm. If the provider doesn t want to separate them in the core you could use S- TAG port mode. Or give them each their own setup and use S-TAG Mode. Or some customers could use multiple S-TAGs (in which case you might what S-TAG bundle mode). Or maybe each customer does only have one S- TAG each and you want to give a fixed number of internal topologies rather than one each (also bundle mode) similar to mapping VLANs to MST instances S-Tagged Service Interface (UNI) s, Untagged and riority tagged frames all map to one SID. All S-TAGs map to one SID Each S-TAG maps to own SID Some S-TAGs map to some SIDs I-Tagged Service Instance (Inter-provider NNI) (In these diagrams the term TAG has been replaced with VLAN) C-Tagged Service Interface (UNI) (In these diagrams the term TAG has been replaced with VLAN) Looking one level deeper just at I-SIDs. I-TAG = SID + + In this instance there is no 802.1ad network. Comes straight from customer VLANs. If it is a one to one mapping you don t need to worry about the VLAN tag but if multiple VLANs map to one SID (either because it is multiple customers or one customer wants different treatment for multiple VLANs) you do need to carry the VLANs. SIDs translated. SIDs can be bundle into B-TAGs allowing for independent provider topologies Each SID limited to single provider. B-DA might need translating. Single on UNI mapped to one SID each - doesn t need to carry over. However Bundle Mode means that multiple s are mapped to single SID (i.e. the C- TAG does matter) Some parts of this diagram have been based on http:// www.tatacommunications.com/vpn/bbknowledgecenter/ BRKSG-2203.pdf

EVN L3VN EVN Multihomed devices can be > Single-Active: with one active > All-Active: with multiple active s (will need split horizon and designated forwarding) EVI 4 VRF MLS or VXLAN control plane 3 1 Data lane learning can be static or dynamic LD still used as hop-by-hop for tunnel labels 1 3 Overview AFI = 25 (L2VN), SAFI = 70 (EVN). ECM from mutlihomed s is possible. EVI is a VN instance (like a VRF for L3VN). ESI is a link that connects the to the s. advertises MAC addresses and next hops from s using MBG Full mesh reflection 2 LAG (with All Active mode) L2 and L3 services in one VN. Multiple Data lane encapsulation models (MLS or VXLAN). AR or ND proxy ( responds on behalf of client) No more flood-and-learn. re-signalled FDB used instead. You can control who learns what MAC (using policies). This update will be one of the route types shown below BG Update (octets) RD (8) ESI (10) Ethernet Tag ID (4) MAC Length (1) MAC Address (6) I Length (1) I Address (0, 4 or 16) MLS Label 1 (3) MLS Label 2 (0 or 3) Each EVI (just like a VRF) has an RD (?) Ethernet Segment Identifier Broadcast domain (VLAN) for the EVN 48-bit MAC address 0 for no I, 4 for Iv4 and 16 for Iv6 MLS Label for EVI (?) Label for split horizon BUUM traffic (?) RR Services Overview VLAN Based - one to one 1:1 mapping of VLAN to EVI. VLAN translation allowed. Single bridge domain per EVI. Ethernet tag in route is set to 0. A VLAN WILL MA TO AN EVI MUCH LIKE A VLAN (S-TAG or ) MAD TO AN I-SID One EVI per VLAN (possibly indicating each customer is represented by one VLAN. OR each customers VLAN gets an EVI). When carried across an EVI the Ethernet Tag ID isn t needed to differentiate. EVN Data lanes (including VXLAN) Ext comms VLAN Bundle - EVI doesn t care about the VLAN and multiple VLANs map to it Multiple to one mapping of VLAN to EVI. Still single bridge domain for each EVI. MACs need to be unique across VLANs. No VLAN translation. Ethernet tag in route is set to 0. Mapping multiple VLANs to one EVI the only catch is that duplicate MACs could cause issues. VLANs are not carried across. (BB functionality over MLS) VLAN Aware - EVI cares about what the VLAN is Multiple to one Mapping of VLAN to EVI. Multiple broadcast domains. One bridge domain per VLAN. VLAN translation allowed (look at left then right VIDs). Ethernet tag is set to configured tag (VLAN). Some parts of this diagram have been based on https:// conference.apnic.net/data/37/2014-02-24-apricot-evpnpresentation_1393283550.pdf Mapping multiple VLANs to one EVI but the VLAN is cared about, so you have one broadcast domain per EVI (e.g. the Ethernet tag is not zero) - possibly one customer with multiple VLANs.

EVN Operation Can have same DFs for all ESIs or different DFs for different ESIs DF All-Active MULTIHOMING and SLIT HORIZON Split horizon = BUM traffic from one ESI is not forwarded back onto the same ESI. A split horizon label is advertised by s for filtering. 1 s connected to 3 1 2 multihomed s discover each other through auto discovery. One is selected the DF (designated forwarder). 2 Blocks BUM traffic to avoid duplication Non-BF blocks BUM flooding. 4 You could have spoofed or AR/ND roxy untrusted sources additionally you could get large levels of unknown unicast. 1 3 1 All MACs and Is are 2 advertised by all s. Snooping reduces unknown unicast flooding. 2 rovisioning MACs can eliminate it entirely. 4 MAC learned These s know that the MAC Aliasing address in question is reachable MAC not learned Load balance to All Active setups over a give ethernet segment (represented by ESI) and so can load balance between the two 1 3 s connected to that ESI. 1 (MAC Address) 2 Advertisement is mapping MAC to ESI 2 2 doesn t need to learn the source MAC to have it be involved in the load balancing. It does not need to advertise anything. This setup could also be used for Active-Standby 4 MAC Mobility 1 3 1 2 MAC/I Seq# 2 Highest MAC (included in an extended If learned via Sequence wins community) data plane, may not detect move and won t send withdrawal. Device moved to new location within network 4 This triggers withdrawal of old MAC Default Gateway Inter-subnet Forwarding GATEWAY GATEWAY 1 3 1 2 EVN Supports inter-subnet forwarding when I routing is required. No additional separate L3VN Functionality is needed. EVN uses the default gateway. 2 GATEWAY One or more s are configured as the default gateway, 0.0.0.0 or :: MAC is advertised with default gateway extended community. Local s respond to AR/ND requests for default gateway 4 GATEWAY Enables efficient routing at local MAC Mass-Withdrawal 1 3 1 2 Withdraw ESI 2 advertises two routes (1) MAC/I address and its ESI If failure affects an ESI the simply withdraws routes for that ESI. Remote s remove failed 4 (2) Connectivity to ESIs from path for all MAC addresses associated with an ESI. Fast convergence. Don t have to wait for individual MAC addresses to be withdrawn

BB-EVN Overview (view of the packet on the wire in the core) Tunnel Label EVN Label Flow Label Control Word B-DA B-SA I-SID MLS Core BEB MAC address to MAC address mapping BEB- Frames encapsulated in BB headers (MAC-in- MAC) BEB- BEB- RR EVN advertises MACs using BG BEB- (1) MAC Learning MLS Core aaaa.aaaa.aaaa BEB- (2) BEB- bbbb.bbbb.bbbb BEB- RR BG Core only knows B-MACs BEB- cccc.cccc.cccc (1) acket goes to BEB1: Source MAC learning (2) Doesn t know destination: Broadcast AR. All remote s learn B-MAC that aaaa.aaaa.aaaa maps to. In this way a B-MAC to C-MAC table is built.

Inter-operation Typhoon Cards (VLS or BB-EVN) VLS VFI Customer Bridge Domain EVI Customer Bridge Domain R2 Only Trident Cards (VLS Only) R1 VFI VLS BB- EVN Core Bridge Domain (For BEB MACs) VLS EVI Customer Bridge Domain VFI R3 Typhoon Cards (VLS or BB-EVN)

VxLAN is a Layer 2 overlay scheme on a Layer 3 network. Each overlay is termed a VXLAN segment. Each segment has a 24 bit identifier called a VNI (VxLAN Network Identifier). A VNI is an outer header that encapsulates the inner MAC. VxLAN Tunnel End oints hide the VxLAN infrastructure from hosts and could be on physical or virtual switches or servers. Multicast carries BUM traffic (destination is multicast group for VNI segment). VTE I to VM MAC learning needs to take place (control plane learning like BG with EVN). VTEs must not fragment VxLAN packets. VxLAN Overview DM = Destination MAC SM = Source MAC DI = Destination I SI = Source I I = Inner O = Outer (sections not to scale. Some part missing - only shown to give most important parts and general idea) O-DM O-SM O-VLAN O-SI O-DI UD source ort UD Dest ort (VXLAN) VxLAN header (incl. VNI) I-DM I-SM Underlying network is usually layer 3 Look up VNI that this host is associated with. Is destination MAC on same segment and is there a mapping? VTE1 Only hosts in same VxLAN segment can communicate with one another VTE2 Upon receipt, VTE will validate VNI and determine whether a host in that VNI matches inner MAC. If so it decapsulates it and sends it on. I-DM I-SM I-DM I-SM WWW WWW

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback