VPLS is an L2VPN technology based on MPLS and Ethernet technologies. VPLS can provide the multipoint-to-multipoint VPN services, which is better than the earlier point-to-point L2VPN services, and L3VPN services requiring carriers to manage the routing information. In the drafts relevant to VPLS, two VPLS network architectures are proposed: VPLS with PWs logically fully meshed and hierarchical VPLS (HVPLS). The CX600 uses either the Border Gateway Protocol (BGP) or Label Distribution Protocol (LDP) to implement the functions of the VPLS control plane. The VPLS using BGP is called the Kompella VPLS, and the VPLS using LDP is called the Martini VPLS.
VPLS Forwarding Model
The VPLS forwarding model is displayed in Figure 1. In the VPLS forwarding model, PEs utilize the Virtual Switch Instance (VSI) for VPLS forwarding; PEs forward Ethernet frames through the fully-meshed Ethernet emulation circuits or PWs.
PEs of the same VPLS network must be fully meshed. That is, PEs are interconnected with PWs. In this manner, packets can be sent directly from the ingress PE to the egress PE, and the transit PE needs not be passed. As a result, no loop occurs between PEs, and the Spanning Tree Protocol (STP) is not needed.
Typical VPLS Networking
Figure 2 shows a typical VPLS networking. Details are as follows:
- VPLS-A and VPLS-B access different UPEs and communicate through the Internet service provider (ISP) network.
- Each VPLS user network considers itself in the same LAN of other user networks.
- The VPLS interface must be able to broadcast, forward, and filter Ethernet frames.
- After being interconnected through PWs, UPEs form as an emulated LAN for customers.
- Each UPE must learn not only the MAC addresses of Ethernet packets transmitted through PWs, but also the MAC addresses of Ethernet packets from the connected CEs. PWs can not only use MPLS tunnels, but also other tunnels such as Generic Routing Encapsulation (GRE) tunnels and Layer 2 Tunneling Protocol (L2TP) tunnels.
Note that a UPE is often an MPLS edge device that can set up tunnels to other PEs.
VPLS Tunnel Setup
The tunnel between PWs can be set up in LDP mode or BGP mode.
The differences between the two tunnel setup modes are as follows:
In LDP tunnel setup mode, the requirements for PEs are low, but no auto-discovery mechanism for VPN members can be provided, which has to be configured manually. In BGP tunnel setup mode, the requirements for PEs are high. That is, PEs must run BGP. In addition, the auto-discovery mechanism for VPN members can be provided.
In LDP tunnel setup mode, an LDP session must be created between every two PEs. The number of sessions is in direct ratio to the square of the number of PEs. In BGP tunnel setup mode, route reflector (RR) can be used to reduce the number of BGP connections.
In LDP tunnel setup mode, each PE is assigned with a label only if necessary. In BGP tunnel setup mode, each PE is assigned with a label block, which leads to the waste of labels.
In LDP tunnel setup mode, the VSIs configured in all domains must use the same VSI ID range. In BGP tunnel setup mode, the VPN target is used to identify VPNs.
Table 1 shows the comparison between the two VPLS tunnel setup modes.
|Requirements for PEs||Common||High|
|Label utilization ratio||High||Low|
After the preceding comparison, the following conclusions can be drawn:
The LDP tunnel setup mode is preferable when the number of VPLS sites is relatively small, the VPLS network seldom or never traverses multiple domains, and PEs do not run BGP.
The BGP tunnel setup mode is applicable at the core layer of a large-scale network when PEs run BGP and cross-domain is required.
If the scale of a VPLS network is large (a great number of nodes in a wide geographical range), you can use HVPLS to combine the two modes. That is, the core layer uses the BGP tunnel setup mode and the access layer uses the LDP tunnel setup mode.
VPLS assumes that each PE is capable of setting up tunnels; PW labels functions as the identifiers for services; tunnels are responsible for transmitting VPLS data from a PE to another PE.
Basic VPLS Transport Components
The whole VPLS network is similar to a switch. In the VPLS network, PWs are set up between VPN sites of each VPN through MPLS tunnels, and Layer 2 packets are transparently transmitted between sites; PEs learn the source MAC addresses and create MAC forwarding entries when forwarding packets, and then maps the MAC addresses to attachment circuits (ACs) and PWs.
The basic VPLS transport components include ACs, virtual circuits (VCs), forwarders, tunnels, encapsulation, PW signaling protocol, and Quality of Service (QoS).
Figure 3 shows the location of each basic VPLS transport component in the VPLS network.
The following takes the flow direction of VPN1 packets from CE1 to CE3 as an example to show the basic direction of the data flow. CE1 forwards Layer 2 packets to PE1. After PE1 receives these packets, the forwarder selects a PW to forward these packets to PE2. Then the forwarder of PE2 forwards these packets to CE3.
VPLS Loop Avoidance
On Ethernet, STP is often enabled in Layer 2 networks to avoid loops. STP, as a private network protocol, however, can only avoid loops between devices of the private network, but not in the ISP network.
Therefore, in a VPLS network, full mesh and split horizon are used to avoid loops. To be specific, in each VPLS forwarding instance, each PE must create a tree to all the other PEs; each PE must support split horizon to avoid loops (that is, PEs cannot forward packets between PWs in the same VSI). Usually, PEs in the same VSI are interconnected through PWs. In this sense, split-horizon forwarding means that packets received from the PW on the public network side are forwarded only to the private network side, but not to other PWs.
The full mesh between PEs and split horizon ensure the reachability and loop-free in VPLS forwarding. When a CE is connected to multiple PEs, or CEs that are connected to the same VPLS network are interconnected, VPLS cannot ensure that no loop occurs. In such a situation, other methods such as STP must be used to avoid loops.
Note that STP can run in the private network of the L2VPN, and all the BPDUs of STP are transparently transmitted in the ISP network.
Packet Encapsulation on an AC
Packet encapsulation mode on an AC is determined by the user access mode. User access modes can be VLAN access and Ethernet access. Each user access mode is described as follows:
VLAN access: In VLAN access mode, the header of each Ethernet frame sent between CEs and PEs carries a VLAN tag. This tag is a service delimiter that is used to identify users in an ISP network. It is called provider-tag (P-tag).
Ethernet access: In Ethernet access mode, the header of each Ethernet frame sent between CEs and PEs does not carry any P-tag. If the frame header carries a VLAN tag, the VLAN tag is the internal VLAN tag of the user packet, and is called user-tag (U-tag). The U-tag is carried in a packet before the packet is sent to a CE and is thus not added by the CE. The U-tag is used by the CE to identify which VLAN the packet belongs to, and is meaningless to PEs.
You can specify the VPLS user access mode through manual configuration. On the CX600, the default user access mode is VLAN access.
Packet Encapsulation on a PW
Packet encapsulation modes on a PW can be Raw mode and Tagged mode, as shown follows:
Raw modeThe P-tag is not transmitted on the PW. If a PE receives the packet with a P-tag from a CE, the PE strips the P-tag, adds double MPLS labels (outer label and inner label) to the packet, and then forwards the packet. If a PE receives the packet without a P-tag from a CE, the PE directly adds double MPLS labels to the packet, and then forwards the packet. If a PE sends a packet to a CE, the PE adds or does not add the P-tag to the packet as required, and then forwards the packet to the CE. Note that the PE is not allowed to rewrite or remove any existing tag.
Tagged modeThe frame sent to a PW must carry the P-tag. If a PE receives the packet with a P-tag from a CE, the PE directly adds double MPLS labels to the packet without stripping the P-tag, and then forwards the packet; if a PE receives the packet without a P-tag from a CE, the PE adds a null tag and double MPLS labels to the packet, and then forwards the packet. If a PE sends a packet to a CE, the PE rewrites, removes, or preserves the service delimiter of the packet as required, and then forwards the packet to the CE.
By default, the packet on a PW is encapsulated in Tagged mode.
VPLS Packets and Encapsulation Types
According to the preceding packet encapsulation modes on a AC and a PW, the VPLS packets and encapsulations can be classified into eight types, as listed in Table 2.
|Ethernet||Raw||No||Ethernet access in raw mode (without the U-tag)|
|Ethernet||Raw||Yes||Ethernet access in raw mode (with the U-tag)|
|Ethernet||Tagged||No||Ethernet access in tagged mode (without the U-tag)|
|Ethernet||Tagged||Yes||Ethernet access in tagged mode (with the U-tag)|
|VLAN||Raw||No||VLAN access in raw mode (without the U-tag)|
|VLAN||Raw||Yes||VLAN access in raw mode (with the U-tag)|
|VLAN||Tagged||No||VLAN access in tagged mode (without the U-tag)|
|VLAN||Tagged||Yes||VLAN access in tagged mode (with the U-tag)|
VPLS Access Mode
VLAN interface in switching or routing modeA VLAN interface can be either of the following modes:
The physical interface in a VLAN interface of the switching mode can send VLAN packets in the following modes:
VLAN interface of the routing modeA VLAN interface of the routing mode is multiplexed from a physical interface. For example, a GE interface can be divided into multiple sub-interfaces, with each sub-interface acting as a VLAN interface of the routing mode.
VLAN interface of the switching modeA VLAN interface of the switching mode is a logical interface, rather than the sub-interface of a physical interface. A VLAN interface of the switching mode contains multiple physical interfaces. In this manner, the VLAN interface receives VLAN packets through multiple physical interfaces.
Access mode: allows only VLAN packets with the default VLAN ID to pass through.
Trunk mode: allows only VLAN packets with the VLAN ID of the local VLAN interface to pass through.
QinQ mode: adds the default VLAN ID to original packets, and allows only the packets with the default VLAN ID to pass through.
1483B bridgingThe Virtual-Ethernet (VE) interface of the CX600 supports ATM 1483B, and can forward VLAN packets.
CE-to-PE access modeA CE can access a PE through the access port or the trunk port.
Accessing the PE through the access port: The access port allows only default VLAN packets of this port to pass. The VLAN packets on this physical port are untagged.
You can assign multiple access ports of the PE to a VLAN for user access.
Accessing the PE through the trunk port: The trunk port allows the packet of multiple VLANs to pass.Packets of the default VLAN (one of these VLANs) are untagged, whereas packets of other VLANs are tagged. You can connect the trunk port of the PE to the Ethernet switch to allow the access of multiple VLAN users.
from the best of networking http://ift.tt/1OfIK00
(Visited 794 times, 2 visits today)