500 likes | 692 Views
Tokyo July 12 th 2002. VPLS/TLS/DTLS/VPSN…. Robert Raszuk IOS Engineering – MPLS Development raszuk@cisco.com. Prerequisites . LDP/TE or any other core tunneling Basic knowledge of LAN/STP/VLANs P2p draft-martini-encap & signaling. Agenda. What is VPLS and all of those acronyms
E N D
Tokyo July 12th 2002 VPLS/TLS/DTLS/VPSN…. Robert Raszuk IOS Engineering – MPLS Development raszuk@cisco.com
Prerequisites • LDP/TE or any other core tunneling • Basic knowledge of LAN/STP/VLANs • P2p draft-martini-encap & signaling
Agenda • What is VPLS and all of those acronyms • VPLS building blocks • What draft talk about what services • Summary
What is VPLS and all of those acronyms • VPLS = Virtual Private LAN Service • TLS = Transparent LAN Service • VPSN = Virtual Private Switched Network !!! Those above all mean the same thing = VPLS !!! • DTLS = Decoupled TLS • New: Ethernet Virtual Circuit Service (EVCS) • New: Virtual Private Wire/WAN Service (VPWS)
L2VPN L2 Transport VPWS VPLS MPLS (AToM) L2TPv3 MPLS L2TPv3 MPLS QinQ L2TPv3 L2VPN Terminology Clarification • - Ethernet - FR • ATM - PPP • HDLC • - Ethernet - FR • ATM - PPP • HDLC - Ethernet
L2VPN Terminology Clarification Basic L2 Transport:
What is VPLS and all of those acronyms • VPLS is a network service providing layer 2 multipoint connectivity between edge devices. • From customer edge device point of view WAN or Metro infrastructure providing vpls service is not visible. Customer edge devices appear to each other as connected via single logical learning bridge with fully meshed ports.
Agenda • What is VPLS and all of those acronyms • VPLS building blocks • What draft talk about what services • Summary
VPLS building blocks • Network elements • VPLS edge device discovery • Signaling (also called auto-configuration) • Packet’s encapsulation • MAC address learning & re-learning • Flooding • Decoupling • Loop avoidance - STP
VPLS building blocks Network elements providing two VPLS services: LAN-10c LAN-10a PE2 PE1 CE3 L2PE CE1 LAN-10d LAN-10b CE4 CE2 LAN-20b VPLS aware devices LAN-20a VPLS1: LAN10abcd VPLS2: LAN20ab CE2–L2PE & CE4-PE2 are VLAN trunks L2PE-PE1 can be QinQ or VLANinMPLS
VPLS building blocks VPLS Edge device discovery • Distribution of configuration information indicating mapping of VPLS instances to VPLS edge devices Example: Hello I’m PE1 I have VPLS 1 Site_ID 1 I have VPLS 2 Site_ID 5 • Can be: • BGP based • DNS/Directory based • NMS • Partially LDP • Manual LAN-10c PE2 CE3 LAN-10d CE4 LAN-20b PE1
VPLS building blocks VPLS Edge device discovery • Discovery of peer PEs for a VPLS instance (for a given VPN). • Two primary approaches: • - Directory based approach such as DNS (draft-heinanen-dirldp-eth-vpns.txt) • - BGP based approach (draft-ppvpn-bgpvpn-auto-01.txt)
Service Provider MPLS Network VPLS building blocks – LDP Autodiscovery CE-3 CE-1 PE1 (7600) PE3 (7600) CE-2 PE2 (7600) • Each Ethernet Attachment VC is Bound To A “Name” Resolved by Directory Lookup (e.g., DNS) • Circuit Name Is Associated With A Set Of PE Addresses (e.g., DNS A Resource Records) acmecorp.tls.sbc.com 10.1.1.1 10.2.2.2 10.3.3.3 • Binding of of Circuit Name to Ethernet Attachment VC Causes Directory Query • Reception of New VC over Targeted LDP Signaling Channel Causes Directory Query To Update List of PEs in Circuit Directory (Primary and Secondary) • Example • pe1# config t • pe1 (config)# interface ethernet 1/1 • pe1 (config-if)# name acmecorp.tls.sbc.com • pe2 (config)# interface ethernet 2/2 • pe2 (config-if)# name acmecorp.tls.sbc.com
Service Provider MPLS Network VPLS building blocks – BGP Autodiscovery CE-3 CE-1 PE1 (7600) PE2 (7600) CE-2 PE2 (7600) • Each Attachment VC is Associated with an L2VPN Id (Site_id) • Association Is Performed At Time of Attachment VC Provisioning • BGP Updates Distribute To Be Defined L2VPN NLRIs • Next Hop = PE Reporting the L2VPN, Route Target Contains VPN-Id • Updates Filtered Based on VPN-Id – Just reg ext community filtering • BGP Updates Sent On Binding of Attachment VC • BGP Withdrawal Sent on Removal of Binding VC • Requires BGP Route Reflector or I-BGP Mesh BGP Route Reflector (Primary and Secondary)
VPLS building blocks VPLS emulated VCs Signaling • Distribution of labels as demultiplexors for packets between VPLSs arriving to PE/L2PE from core. Needed because a single PE-PE tunnel can be used for transport data from different VPLS instances • Two main methods for signaling VPLS: 1. By using BGP (one draft) 2. By using LDP(all other drafts and Industry trend)
VPLS building blocks Signaling emulated VCs by using BGP • Can be used as a single protocol for combined discovery & signaling in full mesh topologies. All needed information received by PE1 with single TCP IBGP session ! For VPLS1/PE2 use (base 10, offset 0, length k) For VPLS2/PE2 use (base 20, offset 0, length j) LAN-10c PE2 PE1 CE3 LAN-10d CE4 I have VPLS1 – Site_ID 1 & VPLS2 – SIte ID 5 So I use the following VPLS VC labels to send to PE2 For VPLS1 10+1=11 & for VPLS 20+5=25 LAN-20b
VPLS building blocks Signaling emulated VCs by using BGP • This “trick” with advertising label base and length allows to generate one NLRI for all other PE-s. • Unique within a VPLS Site_ID added to the label base constitutes a VPLS VC label which in itself carries embedded information about the packet’s originator • Why not just send labels – simply because learning of MAC is done based on the VPLS VC label and it has to be known apriori what peer has send us a packet with a given MAC based on the VPLS VC label value.
VPLS building blocks Signaling emulated VCs by using BGP • If L2PEs are being used the advertised label blocks are per VPLS/L2PE pair • For those who don’t run BGP this is not an option • Industry (IETF) does not follow this path so vendor interoperabilty is not possible • Label blocks are getting fragmented at the Pes due to block pre-allocation requirement • Delay in delivery of control information due to BGP nature and reflection (update generation + advert.) • Non full mesh topologies require RT filtering on PEs
VPLS building blocks Signaling emulated VCs by using LDP • A separate directed LDP session required between each PE pair. • Watch LDP session’s scalability numbers • Multiple proposals (see draft section for details) • General Industry direction for emulated VC setup scheme in all L2VPN applications: L2 p2p Transport, VPWS & VPLS ! • Interoperability with number of vendors worldwide
VPLS building blocks Packet encapsulation • PE-s connected via full mesh of tunnels: GRE, MPLS(LDP/TE), L2TPv3 etc … • VPLS VCs (aka emulated VCs) transported inside those PE-PE tunnels based on draft-martini-encaps. Tunnel header/label VPLS VC Label Control Word Layer2 Frame Minus preamble Minus checksum PE-PE tunnels VPLS VCs
VPLS building blocks MAC address learning & re-learning • VPLS visible from customer devices as a learning bridge with geographically distributed ports: PC2 PC1 00-10-A4-92-F2-12 00-10-A4-92-F2-11 LAN-10c LAN-10a PE2 PP1 PE1 PP1 L2PE CE3 CE1 LAN-10d LAN-10b CE4 LP1 LP2 LP1 LP2 CE2 LAN-20b 00-10-A4-92-F2-12 - PP1 00-10-A4-92-F2-11 – VC 2 L2PE 00-10-A4-92-F2-11 - PP1 00-10-A4-92-F2-12 – VC to PE2 LAN-20a L2PE’s VPLS1 FIB PE2’s VPLS1 FIB
VPLS building blocks MAC address learning & re-learning • Two modes for learning: qualified and unqualified • In qualified learning we build FIB per VLAN per VPLS – general agreement to have only one VLAN per VPLS • In unqualified learning we build FIB per VPLS – in other words per port • Note that MAC’s being globally unique may relax to need for FIB’s separation • Virtual Switch Instance VSI – component responsible for the above actions
VPLS building blocks MAC address learning & re-learning • End users can move from place to place • Dual connected switches or hubs may block different ports. • PE or L2PE needs to be able to signal the need to flash all or subset of MAC entries previously learned via it
VPLS building blocks Flooding • When FIB tables do not contain dst MAC address VPLS wide flooding is needed of such a packet. PC2 PC1 00-10-A4-92-F2-12 00-10-A4-92-F2-11 LAN-10c LAN-10a PE2 PP1 PE1 PP1 L2PE CE3 CE1 LAN-10d LAN-10b CE4 LP1 LP2 LP1 LP2 CE2 LAN-20b 00-10-A4-92-F2-12 - PP1 00-10-A4-92-F2-11 - L2PE 00-10-A4-92-F2-11 - PP1 ??-??-??-??-??-?? – ?? LAN-20a L2PE’s VPLS1 FIB PE2’s VPLS1 FIB
VPLS building blocks Flooding • The same is needed for broadcast/multicast • To be flooded packet may be received from customer port or from other PE-s • If received from customer port it must be flooded to all other customer ports + all other PE-s • If received from other PE-s (because of full mesh) it must be flooded only to customer facing ports analogy to “split-horizon” scheme • With qualified learning the flooding scope may be limited per VLAN if more then one instance per VPLS is ever used
VPLS building blocks Decoupling • To offer VPLS service on most of the existing PE routers decoupling of MAC address learning, STP, replication/flooding from control plane’s discovery & signaling is necessary. This also helps to scale provider’s IGP. LAN-10a PE1 L2PE CE1 LAN-10b CE2 LAN-20a
VPLS building blocks Decoupling • STP on L2PE is needed when L2PE is connected to multiple PE boxes to select active ports • L2PE uses per interface MPLS or VLAN stacking to send customer L2 frames to PE • L2PE-PE exchange information about VPLS #, Site-id#, connected PE as well as assigned by PE MPLS/VLAN encapsulation value per VPLS # to be used on L2PE-PE link • PE generates and advertises to other PE-s VPLS VC label blocks each representing single L2PE-VPLS pair
VPLS building blocks Decoupling • PE also generates MPLS labels or VLAN tags for L2PE-PE trunk identifying VPLS-L2PE coming to PE • L2PE does flooding and packet replication freeing PE from doing it • L2PE does MAC learning both from the customer ports (trivial) and from the network. • If from the network the MAC’s originator Site_id is deducted from the originally advertised per VPLS/SiteID label base or VLAN tag base or label. • L2PE can load balance per VPLS when multihomed
VPLS building blocks Loop avoidance - STP • To avoid the need of running STP per VPLS between and on all provider’s network elements participating in a given VPLS – full mesh of tunnels between those elements (PE or L2PE devices) is mandated. • STP will typically be run by redundantly connected customer devices using VPLS. • In the fully meshed topology L2PE may select without running STP which PE’s port can be used when the packet with the identical MAC is received from more then one core facing interface
Agenda • What is VPLS and all of those acronyms • VPLS building blocks • What draft talk about what services • Summary
What draft talk about what services VPLS related IETF drafts: • draft-lasserre-tls-mpls-00.txt • draft-lasserre-vkompella-ppvpn-vpls-02.txt • draft-khandekar-ppvpn-hvpls-mpls-00.txt • draft-sajassi-vpls-architectures-00.txt • draft-heinanen-dns-ldp-vpls-00.txt • draft-tsenevir-gre-vpls-00.txt • draft-augustyn-vpls-arch-00.txt • draft-kompella-ppvpn-vpls-00.txt • draft-kompella-ppvpn-dtls-01.txt
Lasserre-Vkompella Control Plane: Directed LDP Directed LDP Directed LDP LDP CE PE –POP (PE-rs) PE-CLE (MTU-s) PE –POP (PE-rs) CE PE-CLE (MTU-s) MPLS MPLS MPLS Data Plane: Ether Pkt Ether Pkt L2 Hdr Ether Pkt L2 Hdr MPLS Ether Pkt L2 Hdr Ether Pkt
Sajassi draft Control Plane: Directed LDP LDP CE PE –POP (PE-rs) PE-CLE (MTU-s) PE –POP (PE-rs) CE PE-CLE (MTU-s) QinQ MPLS QinQ Data Plane: Ether Pkt Ether Pkt E Hdr Ether Pkt E Hdr MPLS Ether Pkt L2 Hdr Ether Pkt
MPLS-Lite Control Plane: Directed LDP Directed LDP Directed LDP LDP CE PE –POP (PE-rs) PE-CLE (MTU-s) PE –POP (PE-rs) CE PE-CLE (MTU-s) QinQ MPLS QinQ Data Plane: Ether Pkt Ether Pkt E Hdr Ether Pkt E Hdr MPLS Ether Pkt L2 Hdr Ether Pkt
What draft talk about what services draft-lasserre-vkompella-ppvpn-vpls-02.txt • PE must be able to flood, fwd or filter bridges frames • VPLS VCs use martini-encaps • For VPLS VC signaling uses martini-sig draft • Proposes the addition of new VC Type (in the VC TLV) “Ethernet VPLS” codepoint 0x000B where VCID will become a VPN_ID (VPLS ID) • Proposes to introduce a new optional 1 byte interface parameter to martini-sig: “VPLS learning mode” to distinguish qualified from unqualified learning modes
What draft talk about what services draft-lasserre-vkompella-ppvpn-vpls-02.txt cd … • Defines a new TLV “MAC TLV” type 0x0404 used for explicit removal of listed in it MAC addresses from all peer’s FIB tables for use in LDP Address Withdraw Message • When the length field of MAC TLV indicates an empty list all MACs received from a VPLS VC of a given peer are removed • Proposes to use two MAC aging timers: short for locally learned MACs – longer for MACs learned via VPLS VCs from other PE-s
What draft talk about what services draft-lasserre-vkompella-ppvpn-vpls-02.txt cd … • In qualified learning this is actually one VSI per VLAN per VPLS per PE. • Defines much broader & complete then any existing draft the QinQ case between L2PE(PE-CLE) and PE • Modified MAC address deletion which mean the message should be sent from MTU-s to backup PEs and NOT the primary PEs.
What draft talk about what services draft-lasserre-vkompella-ppvpn-vpls-02.txt cd … • Offers pretty attractive idea to eliminate the need to have all VPLS capable devices fully meshed by tunneling the emulated VPLS VC via non VPLS capable PE-s to those selected for given VPLS as well as capable to do all VPLS functions • Reduces number of emulated VCs - reduces signaling • If auto discovery is not used it reduces the number of configuration tasks when add/delete the L2PE (aka MTU) devices • Very much alike what L2TP or GRE tunnel do today
What draft talk about what services draft-lasserre-vkompella-ppvpn-vpls-02.txt cd … • Very nicely glues martini based p2p VCs with p2mp VPLS concept ! • Relaxes the need to have VPLS capable device in every POP
What draft talk about what services draft-heinanen-dns-ldp-vpls-00.txt • Uses DNS (draft-luciani-ppvpn-vpn-discovery) for PE discovery • Uses LDP for VPLS VC signaling • Introduces a new VPN ID FEC TLV draft-tsenevir-gre-vpls-00.txt • Proposes VPLS over GRE • VPLS VC demux based on GRE network wide uniqe key
What draft talk about what services draft-augustyn-vpls-arch-00.txt • Some requirements & just an overall architecture proposal. No new protocol definitions. draft-mroz-ppvpn-inter-as-lsps-00.txt • Proposes a way to establish a VPLS VC across AS-es • Uses EBGP ipv4+label code to distribute PE-s /32s between AS-es • More or less exactly the same thing as we do in our mpls-vpn inter-as case .
What draft talk about what services draft-kompella-ppvpn-vpls-00.txt +------------------------------------+ | Length (2 octets) | +------------------------------------+ | Route Distinguisher (8 octets) | +------------------------------------+ | VE ID (2 octets) | +------------------------------------+ | Label-block Offset (2 octets) | +------------------------------------+ | Label Base (3 octets) | +------------------------------------+ | Variable TLVs (0 to N octets) | | ... | +------------------------------------+ • Discovery & Signalling with BGP • Defines a new BGP NLRI for VPLS • Defines new bgp ext community as a container for control information for a VPLS VC +------------------------------------+ | Extended community type (2 octets) | +------------------------------------+ | Encaps Type (1 octet) | +------------------------------------+ | Control Flags (1 octet) | +------------------------------------+ | Layer-2 MTU (2 octet) | +------------------------------------+ | Reserved (2 octets) | +------------------------------------+
What draft talk about what services draft-rosen-ppvpn-l2-signaling-00.txt • Proposes a way to eliminate the need to configure VPLS VC on both ends by extending martini signaling • Proposes to build an emulated VC by not pair of <PE1, PE2, Vcid, VC_type> but by pair of <PE1, SAI, PE2, TAI> where …AI is an src/dst Attachment ID • TAIs and PE2 address can be learn via auto discovery mechanism which is not specified in the draft • In VPLS AI can be composed by concatenation of VPLS#+VLANid connecting customer switches to PE
What draft talk about what services draft-lasserre-tls-mpls-00.txt • Proposes to use IGP extension do discover VPLS capable PE-s (draft-tsenevir-8021qospf-00.txt) • Once directed LDP sessions are established between each PE-PE, extends draft-martini signalling VC FEC with the new parameter: 7-byte VPN_ID (VPLS_ID) • Assumes replication/flooding capable PE
Agenda • What is VPLS and all of those acronyms • VPLS building blocks • What draft talk about what services • Summary
Summary • Main problem – MAC addresses can’t be summarized ! • Fully VPLS capable devices must be able to replicate flood and filter packets • VPLS has some applications in MANs – I can’t see then pushing away L3 services from WANs • All L2 applications are IMHO only current moment’s industry fashion borned mostly due to the believe of some that flat networks/ethernet rock • L3 routing and L3 services are still the main element with far greater scalability !
Thank you ! This presentation can be found at: ftp://ftp-eng.cisco.com/rraszuk/vpls Ack: Some slides were borrowed from Ali Sajassi. Thx !