Implementation and
Utilization of Layer 2
VPN Technologies
BRKAGG-2000
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
2
1
General Prerequisites
Spanning Tree problems and Data Center knowledge
Why L2VPN technology is becoming ever important to
service providers and enterprise
Good understanding of L2VPN technology pseudowires
(PWs) operation (AToM, L2TPv3)
Basic understanding of network design principles
Familiarity with quality of service principles; application
will be discussed, with examples
Basic understanding of MPLS traffic engineering
(MPLS-TE) concepts
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
3
L2VPN Deployment Objectives
Quick review of the motivating factors for
L2VPN adoption
Outline common service requirements for L2VPN and
how they are being addressed by Service Providers
and Enterprise
Quick overview EoMPLS and VPLS
Using Traffic Engineering with Layer 2 VPN
Position Layer 2 VPN for Data Center
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
4
2
Summary Technology
AToM/L2TPv3
EoMPLS
VPLS
Traffic—Engineering
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
5
Deployment Objectives
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
6
3
Why Is L2VPN Needed?
It allows SP and Enterprise to have a single
infrastructure for both IP and legacy services
For SP Move legacy ATM/FR traffic to MPLS/IP core without
interrupting current services
Enterprise allow them to build better DataCenter and spam
across L2 AC across WAN/MPLS and provide better HA
Help SP provide new P2P Layer 2 tunnelling services
Customer can have its own routing, QoS policy, etc.
A migration step towards IP/MPLS VPN
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
7
Benefits for L2VPNs
New service opportunities:
Virtual leased line service
Offer “PVC-like” Layer 2-based service
Reduced cost—consolidate multiple core technologies
into a single packet-based network infrastructure
Simplify services—Layer 2 transport provides options for service
providers who need to provide L2 connectivity and maintain
customer autonomy
Protect existing investments—Greenfield networks to extend
customer access to existing Layer 2 networks without deploying
a new separate infrastructure
Feature support—through the use of Cisco IOS features
such as IPsSec, QoS, and Traffic Engineering, L2 transport
can be tailored to meet customer requirements
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
8
4
L2VPN Models
L2VPN Models
Local Switching
MPLS Core
IP Core
CE-TDM
VPWS
VPLS
AToM
L2TPv3
P2MP/
MP2MP
Like-to-Like OR
Any-to-Any
Point-to-Point
Any-to-Any Service
Point-to-Point
T1/E1
Ethernet
ATM
AAL5/Cell
FR
FR
PPP/
HDLC
© 2008 Cisco Systems, Inc. All rights reserved.
PPP/
HDLC
Ethernet
Ethernet
BRKAGG-2000
14555_04_2008_c1
ATM
AAL5/Cell
9
Cisco Public
Motivation for L2VPNs
I’ve Really Got to Consolidate These Networks
MPLS or IP
IP/IPSec
FR/ATM
Broadband
IP/IPSec
FR/ATM
Broadband
ATM
Ethernet
Ethernet
SONET
Access
Access
Multiple Access Services Require Multiple Core Technologies = $$$ High Costs/Complex
Management
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
10
5
Generic L2 VPN Architecture
Emulated VC/PW
VC
L2
PSN
Attachment
Circuit
Tunnel
Emulated VC
VC
L2
Attachment
Circuit
Tunnels (MPLS, L2TPv3, GRE, IPSec, etc.)
Emulated VCs (pseudowires) inside tunnels (many-to-one)
Attachment VCs (e.g., FR DLCI, PPP) mapped to emulated VCs
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
11
Cisco Public
Motivation for L2VPNs
How Can I Leverage My Packet Infrastructure?
New Service Growth
Edge
Packet Switched Network
MSE
Existing Infrastructure
MPLS/IP
Ethernet
Broadband Access
Frame Relay ATM
Trunk Replacement
Reduce overlapping core expense; consolidate trunk lines
Offer multiservice/common interface (i.e. Ethernet MUX = L2, L3 and Internet)
Maintain existing revenues from legacy services
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
12
6
New Evolution for Circuit Emulation
Radio Access Network
Backbone Network
RAN Edge
BTS/NodeB
GMSC
MSC
BSC/RNC
PSTN
MGW
SS7oIP
ITP
Pre-Aggregation
Site
IP/MPLS Backbone
Broadband Ethernet
Backhaul
Pseudo
Wires
MSC Server
Abis/Iub Optimization
MGW
SGSN
Internet
GGSN
IP POP at
cellsite
PW/Abis/Iub
FR/ATM
IP/MPLS
IP/MPLS
SONET/SDH
SONET/SDH/Ethernet/DSL
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
13
L2VPN Deployment
Laying the Groundwork for Successful Deployment
The “Need to Knows” of Your Infrastructure:
What is the aggregate bandwidth requirements for converged
services?
What are the minimum platform requirements to run
the planned services?
What software features will be required to meet all of my planned
needs?—such as:
L2VPN functionality (like-to-like, any-to-any, etc.)
VPLS functionality (point-to-multipoint)
Q-in-Q
OAM requirements
IGP, EGP, and TE requirements
Cisco Express Forwarding (CEF, dCEF)
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
14
7
Ethernet over
MPLS Overview
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
15
Cisco Public
EoMPLS Reference Model
Physical Connectivity
Customer A
Targeted LDP Session Between PE Routers
Customer A
12000
10720
Switch
MPLS
Enabled
PE
10720
Switch
MPLS
Enabled
P
PE
Site#2
Site#1
Logical Connectivity
Switch
Switch
BPDUs, VTP Messages
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
16
8
A Typical Configuration: EoMPLS VLAN
R201
10.0.0.201
e0/0.10
e1/0
e0/0.10
R200
R202
10.0.0.202
e1/0
P
© 2008 Cisco Systems, Inc. All rights reserved.
e0/0.10
PE
LDP
R204
dot1Q 10
10.10.10.204/24
Targeted LDP
CE
hostname R203
!
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id Loopback0 force
!
interface Loopback0
ip address 10.0.0.203 255.255.255.255
!
pseudowire-class eompls
encapsulation mpls
!
interface Ethernet0/0.10
description *** To R204
encapsulation dot1Q 10
no ip directed-broadcast
no cdp enable
xconnect 10.0.0.201 10 pw-class eompls
hostname R201
!
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id Loopback0 force
!
interface Loopback0
ip address 10.0.0.201 255.255.255.255
!
interface Ethernet0/0.10
description *** To R200 ***
encapsulation dot1Q 10
no ip directed-broadcast
no cdp enable
xconnect 10.0.0.203 10 encapsulation mpls
BRKAGG-2000
14555_04_2008_c1
e0/0.10
e2/0
10.1.2.0/24
LDP
dot1Q 10
10.10.10.200/24
CE
e2/0
10.1.1.0/24
PE
R203
10.0.0.203
17
Cisco Public
Calculating MTU Requirements
for the Core
Core MTU ≥ Edge MTU + Transport Header + AToM
Header + (MPLS Label Stack * MPLS Header Size)
Edge MTU is the MTU configured in the CE-facing
PE’s interface
Examples (all in bytes):
Edge
Transport
AToM
MPLS
Stack
MPLS
Header
Total
EoMPLS Port Mode
1500
14
4 [0]
2
4
1526
[1522]
EoMPLS VLAN Mode
1500
18
4 [0]
2
4
1530
[1526]
EoMPLS Port w/ TE FRR
1500
14
4 [0]
3
4
1530
[1526]
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
18
9
L2 VPN Interworking
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
19
Cisco Public
Interworking Modes and Features
The AC are terminated locally!!!
There are two types of Interworking (a.k.a. any-2-any)
Ethernet (AKA bridged)—Ethernet frames are extracted
from the AC and sent over the PW; VLAN Tag is removed;
CEs can run Ethernet, BVI, or RBE
IP (a.k.a. routed)—IP packets are extracted from the AC
and sent over the PW
AToM
L2TPv3
IP Mode
Ethernet
Frame Relay to Ethernet/VLAN
Yes
Yes
Yes
Yes
Frame Relay to PPP
Yes
Yes
Yes
No
Frame Relay to ATM AAL5
Yes
No
Yes
No
Ethernet/VLAN to ATM AAL5
Yes
No
Yes
Yes
Ethernet to VLAN
Yes
Yes
Yes
Yes
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
20
10
Configuration Example
Frame-Relay to Ethernet
Frame Link
frame-relay switching
!
pseudowire-class atom_fr_vlan
encapsulation mpls
interworking ip
!
interface POS3/0
encapsulation frame-relay
clock source internal
frame-relay lmi-type ansi
frame-relay intf-type dce
!
connect fr-vlan POS3/0 210 l2transport
xconnect 192.168.200.2 210 pw-class atom_fr_vlan
Ethernet/VLAN Link
frame-relay switching
!
pseudowire-class atom_vlan_fr
encapsulation mpls
interworking ip
!
interface GigabitEthernet4/0.310
encapsulation dot1Q 310
xconnect 192.168.200.1 210 pw-class atom_vlan_fr
MPLS/IP
VLAN 310
DLCI 210
interface POS5/0.210 point-to-point
ip address 172.16.1.1 255.255.255.0
frame-relay interface-dlci 210
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
interface GigabitEthernet6/0.310
encapsulation dot1Q 310
ip address 172.16.1.2 255.255.255.0
21
Cisco Public
Local Switching InterWorking
interface Serial1/0/1:0
encapsulation frame-relay MFR100
!
interface Serial1/0/2:0
encapsulation frame-relay MFR100
!
interface Serial1/0/3:0
encapsulation frame-relay MFR100
!
interface MFR100
frame-relay lmi-type ansi
frame-relay intf-type dce
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
connect FR_to_Ether MFR100 Ethernet0/1.10 interworking ip
Ethernet0/1.20
speed 100
MFR
PPP/HDLC
CE3
Ethernet0/1.10
speed 100
T1/E1 Total
6.144 Mbps
CE2-HUB
CE
BRKAGG-2000
14555_04_2008_c1
PE1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
22
11
VPLS Introduction
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
23
VPLS Introduction
Pseudo Wire Refresher
VPLS Architecture
VPLS Configuration Example
VPLS Deployment
Summary
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
24
12
Virtual Private LAN Service (VPLS)
VPLS defines an architecture allows MPLS networks offer
Layer 2 multipoint Ethernet Services
SP emulates an IEEE Ethernet bridge network (virtual)
Virtual Bridges linked with MPLS Pseudo Wires
Data Plane used is same as EoMPLS (point-to-point)
VPLS is an Architecture
CE
PE
PE
CE
CE
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
25
Virtual Private LAN Service
End-to-end architecture that allows MPLS networks
to provide Multipoint Ethernet services
It is “Virtual” because multiple instances of this
service share the same physical infrastructure
It is “Private” because each instance of the service
is independent and isolated from one another
It is “LAN Service” because it emulates Layer 2
multipoint connectivity between subscribers
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
26
13
Why Provide a Layer 2 Service?
Customer have full operational control over their
routing neighbours
Privacy of addressing space - they do not have to
be shared with the carrier network
Customer has a choice of using any routing protocol
including non IP based (IPX, AppleTalk)
Customers could use an Ethernet switch instead of
a router as the CPE
A single connection could reach all other edge
points emulating an Ethernet LAN (VPLS)
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
27
Cisco Public
VPLS Is Defined in IETF
VPWS, VPLS, IPLS
Application
ISOC
L2VPN
General
Formerly PPVPN
workgroup
IAB
L3VPN
Internet
PWE3
IETF
Ops and Mgmt
Routing
BGP/MPLS VPNs (RFC 4364 was
2547bis)
IP VPNs using Virtual Routers (RFC
2764)
CE based VPNs using IPsec
MPLS
Pseudo Wire Emulation edge-to-edge
Forms the backbone transport for VPLS
Security
Transport
As of 2-Nov-2006
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
28
14
VPLS Components
Pseudo Wires within LSP
Virtual Switch Interface (VSI) terminates PW
and provides Ethernet bridge function
Attachment circuits
Port or VLAN mode
Mesh of LSP between N-PEs
N-PE
N-PE
CE router
CE router
CE router
CE router
CE switch
CE switch
MPLS
Core
Targeted LDP between PEs to exchange
VC
labels for Pseudo Wires
CE router
Attachment CE
can be a switch or router
CE switch
BRKAGG-2000
14555_04_2008_c1
N-PE
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
29
Virtual Switch Interface
Flooding/Forwarding
MAC table instances per customer (port/vlan) for each PE
VFI will participate in learning and forwarding process
Associate ports to MAC, flood unknowns to all other ports
Address Learning/Aging
LDP enhanced with additional MAC List TLV (label withdrawal)
MAC timers refreshed with incoming frames
Loop Prevention
Create full-mesh of Pseudo Wire VCs (EoMPLS)
Unidirectional LSP carries VCs between pair of N-PE Per
A VPLS use “split horizon” concepts to prevent loops
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
30
15
VPLS Architecture
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
31
Cisco Public
VPLS Topology—PE View
CEs
PEs
MPLS
Full Mesh LDP
Ethernet PW to each peer
PE view
Each PE has a P2MP view of all other PEs it sees it self
as a root bridge with split horizon loop protection
Full mesh topology obviates STP in the SP network
Customer STP is transparent to the SP/Customer
BPDUs are forwarded transparently
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
32
16
VPLS Topology—CE View
CEs
PEs
MPLS
Full Mesh LDP
Ethernet PW to each peer
PE view
CE routers/switches see a logical Bridge/LAN
VPLS emulates a LAN – but not exactly…
This raises a few issues which are discussed later
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
33
Cisco Public
VPLS Functional Components
Customer
MxUs
CE
Customer
MxUs
SP PoPs
U-PE
N-PE
MPLS Core
N-PE
U-PE
CE
N-PE provides VPLS termination/L3 services
U-PE provides customer UNI
CE is the customer device
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
34
17
Why H-VPLS?
VPLS
H-VPLS
PE
CE
CE
CE
PE
MTU-s
PE-rs
PE
CE
CE
PE
PE
CE
PE-rs
PE-rs
CE
CE
PE
PE
PE-rs
CE
PE-r
PE-rs
CE
PE-rs
CE
PE
CE
Potential signaling overhead
Minimizes signaling overhead
Full PW mesh from the Edge
Full PW mesh among Core devices
Packet replication done at the Edge
Packet replication done the Core
Node Discovery and Provisioning
extends end to end
Partitions Node Discovery process
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
35
Cisco Public
Ethernet Edge Topologies
Efficient Access
U-PE
Full
Service CPE
Large Scale
Aggregation
PE-AGG
Intelligent Edge
N-PE
Multiservice Core
P
Intelligent Edge
N-PE
Efficient Access
U-PE
Full
Service CPE
Si
User Facing Provider Edge (U-PE)
Metro A
Metro C
U-PE
PE-AGG
10/100/
1000 Mbps
GE Ring
Hub and
Spoke
10/100/
1000 Mbps
Si
P
U-PE
P
N-PE
MPLS VPLS
Metro B
10/100/
1000 Mbps
N-PE
P
DWDM/
CDWM
P
RPR
N-PE
10/100/
1000 Mbps
U-PE
U-PE
Network Facing Provider Edge (N-PE)
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Metro D
Cisco Public
36
18
VFI and Split Horizon (VPLS, EE-H-VPLS)
This traffic will not be replicated out PW #2
and visa versa
CE
1
3
1
3
1
3
1
1
1
3
CE
2
2
2
2
3
3
3
3
1
1
1
N-PE2
Pseudo Wire #1
1
2
1
2
1
3
3
3
3
3
3
3
3
3
3
VFI
2
2
2
2
2
N-PE3
Pseudo Wire #2
N-PE1
Broadcast
/Multicast
3
Virtual
Forwarding
Interface
Bridging Function
(.1Q or QinQ)
Local Switching
3
3
3
3
Pseudo Wires
Split Horizon Active
Virtual Forwarding Interface is the VSI representation in IOS
Single interface terminates all PWs for that VPLS instance
This model applicable in direct attach and H-VPLS with Ethernet Edge
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
37
Cisco Public
VFI and No Split Horizon (ME-H-VPLS)
CE
Split Horizon disabled
1
1
1
1
1
N-PE2
Pseudo Wire #1
U-PE
1
CE
2
1
2
1
3
3
3
3
3
3
3
VFI
Pseudo Wire #3
3
3
3
2
2
2
2
2
Pseudo Wire #2
N-PE3
Unicast
N-PE1
Virtual
Forwarding
Interface
Pseudo Wire
MPLS Based
NO Split Horizon
Pseudo Wires
Split Horizon Active
This model applicable H-VPLS with MPLS Edge
PW #1, PW #2 will forward traffic to PW #3 (non split horizon port)
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
38
19
VPLS Configuration
Example
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
39
Configuration Examples
Direct Attachment
Using a Router as a CE
(VLAN Based)
Using a Switch as a CE
(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire
(VLAN Based)
EoMPLS Pseudo Wire
(Port Based)
Sample Output
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
40
20
Direct Attachment Configuration (C7600)
1.1.1.1
2.2.2.2
PE1
CE1
PE2
MPLS Core
pos4/1
CE2
pos4/3
gi3/0
gi4/4
VLAN100
pos3/0
pos3/1
VLAN100
PE3
gi4/2
3.3.3.3
CE2
VLAN100
CEs are all part of same VPLS instance (VCID = 56)
CE router connects using VLAN 100 over sub-interface
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
41
Cisco Public
Direct Attachment CE Router
Configuration
interface GigabitEthernet 2/1.100
encapsulation dot1q 100
ip address 192.168.20.1
interface GigabitEthernet 1/3.100
encapsulation dot1q 100
ip address 192.168.20.2
CE1
CE2
Subnet 192.168.20.0/24
VLAN100
VLAN100
interface GigabitEthernet 2/0.100
encapsulation dot1q 100
ip address 192.168.20.3
CE2
VLAN100
CE routers sub-interface on same VLAN
Can also be just port based (NO VLAN)
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
42
21
Direct Attachment VSI Configuration
l2 vfi VPLS-A manual
vpn id 56
neighbor 2.2.2.2 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls
l2 vfi VPLS-A manual
vpn id 56
neighbor 1.1.1.1 encapsulation mpls
neighbor 3.3.3.3 encapsulation mpls
1.1.1.1
2.2.2.2
PE1
CE1
PE2
MPLS Core
pos4/1
CE2
pos4/3
gi3/0
gi4/4
VLAN100
pos3/0
pos3/1
VLAN100
PE3
gi4/2
3.3.3.3
CE2
l2 vfi VPLS-A manual
vpn id 56
neighbor 2.2.2.2 encapsulation mpls
neighbor 1.1.1.1 encapsulation mpls
VLAN100
Create the Pseudo Wires between N-PE routers
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
43
Cisco Public
Direct Attachment CE Router
(VLAN Based)
Same set of commands on each PE
Configured on the CE facing interface
1.1.1.1
2.2.2.2
PE1
CE1
PE2
MPLS Core
pos4/1
CE2
pos4/3
gi3/0
gi4/4
VLAN100
pos3/0
3.3.3.3
VLAN100
Interface
GigabitEthernet3/0
pos3/1
switchport
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100
!
PE3
Interface vlan 100
gi4/2no ip address
xconnect vfi VPLS-A
CE2
!
vlan 100
state active
VLAN100
This command associates the VLAN with the
VPLS instance
VLAN100 = VCID 56
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
44
22
Configuration Examples
Direct Attachment
Using a Router as a CE
(VLAN Based)
Using a Switch as a CE
(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire
(VLAN Based)
EoMPLS Pseudo Wire
(Port Based)
Sample Output
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
45
Cisco Public
Direct Attachment CE Switch
(Port Based)
If CE was a switch instead of a router then we can use QinQ
QinQ places all traffic (tagged/untagged) from switch into a VPLS
1.1.1.1
2.2.2.2
PE1
CE1
PE2
MPLS Core
pos4/1
CE2
pos4/3
gi3/0
gi4/4
All VLANs
pos3/0
3.3.3.3
All VLANs
Interface
GigabitEthernet3/0
pos3/1
switchport
switchport mode dot1qtunnel
switchport access vlan 100
l2protocol-tunnel stp
!
PE3
Interface vlan 100
gi4/2 no ip address
xconnect vfi VPLS-A
! CE2
vlan 100
state active
All VLANs
This command associates the VLAN with the
VPLS instance
VLAN100 = VCID 56
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
46
23
Configuration Examples
Direct Attachment
Using a Router as a CE
(VLAN Based)
Using a Switch as a CE
(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire
(VLAN Based)
EoMPLS Pseudo Wire
(Port Based)
Sample Output
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
47
Cisco Public
H-VPLS Configuration (C7600/3750ME)
U-PE1
1.1.1.1
Cisco
3750ME
U-PE2
2.2.2.2
Cisco
3750ME
4.4.4.4
MPLS Core
pos4/1
pos4/3
gi3/0
gi4/4 gi1/1/1
pos3/0
N-PE1
pos3/1
fa1/0/1
N-PE2
CE1
CE1
N-PE3
3.3.3.3
CE2
CE2
gi4/2
CE2
U-PE3
Cisco 3750ME
CE1
U-PEs provide services to customer edge device
CE traffic then carried in QinQ or EoMPLS PW to N-PE
PW VSI mesh configuration is same as previous examples
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
48
24
Configuration Examples
Direct Attachment
Using a Router as a CE
(VLAN Based)
Using a Switch as a CE
(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire
(VLAN Based)
EoMPLS Pseudo Wire
(Port Based)
Sample Output
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
49
Cisco Public
H-VPLS QinQ Tunnel (Ethernet Edge)
U-PE carries all traffic from CE using QinQ
Outer tag is VLAN100, inner tags are customer’s
U-PE1
1.1.1.1
Cisco
3750ME
U-PE2
2.2.2.2
Cisco
3750ME
4.4.4.4
MPLS Core
pos4/1
pos4/3
gi3/0
Interface GigabitEthernet4/4
switchport
switchport mode trunk
N-PE1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100
!
Interface vlan 100
no CE1
ip address CE2
xconnect vfi VPLS-A
!
vlan 100
CE2
state active
gi4/4 gi1/1/1
pos3/0
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
N-PE2
CE1
N-PE3
3.3.3.3
gi4/2
CE1
BRKAGG-2000
14555_04_2008_c1
pos3/1
fa1/0/1
Cisco Public
CE2
interface FastEthernet1/0/1
switchport
switchport access vlan 100
switchport mode dot1q-tunnel
U-PE3
switchport
trunk allow vlan 1-1005
Cisco 3750ME
!
interface GigabitEthernet 1/1/1
switchport
switchport mode trunk
switchport allow vlan 1-1005
50
25
Configuration Examples
Direct Attachment
Using a Router as a CE
(VLAN Based)
Using a Switch as a CE
(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire
(VLAN Based)
EoMPLS Pseudo Wire
(Port Based)
Sample Output
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
51
Cisco Public
H-VPLS EoMPLS PW Edge (VLAN Based)
CE interface on U-PE can be access or trunk port
xconnect per VLAN is required
U-PE1
1.1.1.1
Cisco
3750ME
U-PE2
2.2.2.2
Cisco
3750ME
4.4.4.4
MPLS Core
pos4/1
pos4/3
gi3/0
Interface GigabitEthernet4/4
no switchport
ip address 156.50.20.1 255.255.255.252
N-PE1
mpls ip
!
l2 vfi VPLS-A manual
vpn id 56
neighbor
encapsulation mpls
CE1 1.1.1.1
CE2
neighbor 3.3.3.3 encapsulation mpls
neighbor 4.4.4.4 encaps mpls no-split
gi4/4 gi1/1/1
pos3/0
pos3/1
fa1/0/1
N-PE2
CE1
3.3.3.3
gi4/2
CE2
CE1
N-PE3 FastEthernet1/0/1
interface
switchport
switchport access vlan 500
!
interface vlan500
U-PE3
xconnect
2.2.2.2 56 encapsulation mpls
Cisco 3750ME
!
interface GigabitEthernet1/1/1
no switchport
ip address 156.50.20.2 255.255.255.252
mpls ip
CE2
Ensures CE traffic passed on PW to/from U-PE
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
52
26
Configuration Examples
Direct Attachment
Using a Router as a CE
(VLAN Based)
Using a Switch as a CE
(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire
(VLAN Based)
EoMPLS Pseudo Wire
(Port Based)
Sample Output
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
53
Cisco Public
H-VPLS EoMPLS PW Edge (Port Based)
CE interface on U-PE can be access or trunk port
xconnect for entire PORT is required
U-PE1
1.1.1.1
Cisco
3750ME
U-PE2
2.2.2.2
Cisco
3750ME
4.4.4.4
MPLS Core
pos4/1
pos4/3
gi3/0
Interface GigabitEthernet4/4
no switchport
ip address 156.50.20.1 255.255.255.252
N-PE1
mpls ip
!
l2 vfi PE1-VPLS-A manual
vpn id 56
neighbor
encapsulation mpls
CE1 1.1.1.1
CE2
neighbor 3.3.3.3 encapsulation mpls
neighbor 4.4.4.4 encaps mpls no-split
gi4/4 gi1/1/1
pos3/0
pos3/1
fa1/0/1
N-PE2
CE1
3.3.3.3
gi4/2
CE2
CE1
N-PE3 FastEthernet1/0/1
interface
no switchport
xconnect 2.2.2.2 56 encapsulation mpls
!
interface GigabitEthernet1/1/1
U-PE3
no Cisco
switchport
3750ME
ip address 156.50.20.2 255.255.255.252
mpls ip
CE2
Ensures CE traffic passed on PW to/from U-PE
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
54
27
Configuration Examples
Direct Attachment
Using a Router as a CE
(VLAN Based)
Using a Switch as a CE
(Port Based)
H-VPLS
Ethernet QinQ
EoMPLS Pseudo Wire
(VLAN Based)
EoMPLS Pseudo Wire
(Port Based)
Sample Output
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
55
Cisco Public
show mpls l2 vc
U-PE1
1.1.1.1
Cisco
3750ME
U-PE2
2.2.2.2
Cisco
3750ME
4.4.4.4
MPLS Core
pos4/1
pos4/3
gi3/0
gi4/4 gi1/1/1
pos3/0
N-PE1
pos3/1
fa1/0/1
N-PE2
CE1
CE1
N-PE3
3.3.3.3
CE2
CE2
gi4/2
CE2
U-PE3
Cisco 3750ME
CE1
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Local intf
------------VFI VPLS-A
VFI VPLS-A
Cisco Public
NPE-A#show mpls l2 vc
Local circuit Dest address
------------- ------------VFI
1.1.1.1
VFI
3.3.3.3
VC ID
-----10
10
Status
-----UP
UP
56
28
show mpls l2 vc detail
U-PE1
1.1.1.1
Cisco
3750ME
U-PE2
2.2.2.2
Use VC
Label 19
MPLS Core
pos4/1
Cisco
3750ME
Use VC
Label 23
4.4.4.4
pos4/3
gi3/0
gi4/4 gi1/1/1
pos3/0
N-PE1
pos3/1
fa1/0/1
N-PE2
CE1
CE1
CE2
CE2
CE1
BRKAGG-2000
14555_04_2008_c1
3.3.3.3
NPE-2#show
mpls l2 vc detail N-PE3
Local interface: VFI VPLS-A up
gi4/2
Destination address:
1.1.1.1, VC ID: 10, VC status: up
Tunnel label: imp-null, next hop 156.50.20.1
Output interface: POS4/3, imposed label stack {19}
Create time: 1d01h, last status U-PE3
change time: 00:40:16
Signaling protocol: LDP, peer 1.1.1.1:0
Cisco 3750ME up
MPLS VC labels: local 23, remote 19
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
CE2
57
PW Redundancy
Concepts
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
58
29
PW High Availability
PE1
PE3
P1
P2
Site1
P3
P4
PE2
Site2
PE4
CE2
CE1
Failure in the Provider core mitigated with link redundancy and FRR
PE router failure – PE Diversity
Attachment Circuit failure – Need Pair of Attachment Ckts end-to-end
CE Router failure – Redundant CEs
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
59
Cisco Public
PW High Availability
PE1
PE3
P1
P2
Site1
PE2
P3
P4
Site2
PE4
CE2
CE1
Failure in the Provider core mitigated with link redundancy and FRR
PE router failure – PE Diversity
Attachment Circuit failure – Need Pair of Attachment Ckts end-to-end
CE Router failure – Redundant CEs
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
60
30
L2VPN Networks—Dual Homed PW
Sites Without Redundancy Feature
interface e 1/0.1
encapsulation dot1q 10
xconnect <PE3 router ID> <VCID> encapsulation mpls
PE1
x
PE3
P1
Site1
P3
P4
P2
Site2
PE2
PE4
CE1
CE2
CE3
Interface e1/0.1
encapsulation dot1q 10
xconnect <PE4 router ID> <VCID> encapsulation mpls
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
61
Cisco Public
High Availability in L2VPN Networks
PE3
PE1
P1
P3
Primary
Site1
Primary
Standby
P2
P4
Site2
Primary
PE4
The TCP session between two LDP peers may go down due
to HW/SW failure (RP switchover)
If PE3 fails, traffic will be dropped
Need PW-redundancy so that pw can be re-routed to the
redundant router i.e. PE4
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
62
31
Dual Homed PW Sites—
with Redundancy Feature
PE1
x
PE3
P1
P3
CE2
Site1
P2
P4
PE2
Site2
PE4
CE3
CE1
pe1(config)#int e 0/0.1
pe1(config-subif)#encapsulation dot1q 10
pe1(config-subif)# xconnect <PE3 router ID> <VCID> encapsulation mpls
pe1(config-subif-xconn)#backup peer <PE4 router ID> <VCID>
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
63
Cisco Public
PW Redundancy—Manual Switchover
pe1>xconnect backup force-switchover peer 192.168.1.3 10
Maintenance Required
PE1
PE3
P1
P3
CE2
CE1
Site1
P2
P4
PE2
Site2
PE4
CE3
interface Ethernet0/0.1
encapsulation dot1Q 10
xconnect 192.168.1.3 10 encapsulation mpls
backup peer 192.168.1.4 10
backup delay 3 10
pe1#sh mpls l2transport vc 10
Local intf Local circuit
Dest address VC ID
Status
------------- -------------------------- --------------- ---------- ---------Et0/0.1
Eth VLAN 20
192.168.1.3 10
DOWN
Et0/0.1
Eth VLAN 20
192.168.1.4 10
UP
pe1#sh mpls l2transport vc 10
Local intf Local circuit
Dest address VC ID
Status
------------- -------------------------- --------------- ---------- ---------Et0/0.1
Eth VLAN 20
192.168.1.3 10
UP
Et0/0.1
Eth VLAN 20
192.168.1.4 10
DOWN
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
64
32
PW Redundancy—Config Examples (1/2)
Example 1: MPLS xconnect with 1 redundant peer. The debounce timer is set to 3 seconds so
that we don’t allow a switchover until the connection has been deemed down for 3 seconds.
interface serial0/0
xconnect 10.0.0.1 100 encapsulation mpls
backup peer 10.0.0.2 200
backup delay 3 10
Example 2: xconnect with 1 redundant peer. In this example, once a switchover occurs, we will
not fallback to the primary until the secondary xconnect fails.
pseudowire-class test
encapsulation mpls
!
connect frpw1 serial0/1 50 l2transport
xconnect 20.0.0.1 50 pw-class test
backup peer 20.0.0.2 50
backup delay 0 never
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
65
Cisco Public
PW Redundancy—Config Examples
Example 3: Local-switched connection between ATM and FR using Ethernet interworking.
The FR circuit is backed up by a MPLS pseudowire
pseudowire-class test
r201
1.1.1.1
encapsulation mpls
interworking ethernet
connect atm-fr atm1/0 100/100 E0/0.10 100 interworking ethernet
f0/0.10
atm4/0
PE2-Backup
backup peer 1.1.1.1 100 pw-class test..
f0/0.10
atm4/0
pe
ce
ce
Example 4: xconnect with 1 redundant peer. In this example, the switchover will not begin
unless the pseudowire has been down for 3 seconds. Once a switchover occurs, we will not
fallback to the primary has been re-established and UP for 10 seconds.z`
pseudowire-class test
encapsulation mpls
connect frpw1 serial0/1 50 l2transport
xconnect 20.0.0.1 50 pw-class test
backup peer 20.0.0.2 50
backup delay 3 10
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
66
33
Tunnel Selection
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
67
What If the Core Uses Traffic Engineering?
Need to Use the Command ‘preferred-path {interface | peer}’ Under the ‘pseudowire-class’;
Have in Mind That:
The selected path must be a label switched path (LSP) destined to
the peer PE router
If you specify a tunnel (selecting interface):
The tunnel must be an MPLS traffic engineering tunnel
The tunnel tailend must be on the remote PE router
If you specify an IP address (selecting peer):
The address must be the IP address of a loopback interface on the
remote PE router, not necessarily the LDP router-id address; peer
means targeted LDP peer
The address must have a /32 mask
There must be an LSP destined to that selected address
The LSP does not have to be a TE tunnel
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
68
34
Forwarding Traffic into a TE Tunnel
Static routing
Policy routing
Global table only—not from VRF at present
Autoroute
Forwarding Adjacency
AToM Tunnel Selection
Class Based Tunnel Selection
Static, Autoroute, and Forwarding Adjacency
Get You Unequal-Cost Load-Balancing
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
69
Cisco Public
Coupling Layer-2 Services with MPLS
TE—AToM Tunnel Selection
Static mapping between
pseudo-wire and TE
Tunnel on PE
Implies PE-to-PE TE
deployment
TE tunnel defined as
preferred path for
pseudo-wire
Traffic will fall back
to peer LSP if tunnel
goes down
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
CE
PE1
IP/MPLS
PE2
ATM
PE3
ATM
TE LSP
CE
Layer 2 Circuit
Layer 2 Circuit
pseudowire-class my-path-pref
encapsulation mpls
preferred-path interface tunnel 1 disable-fallback
!
interface fastEthernet <slot/port>.<subif-id>
encapsulation dot1Q 150
xconnect 172.18.255.3 1000 pw-class my-path-pref
70
35
MPLS Forwarding (AToM Traffic)
Site 2
Voice
CE2
CE1
10.1.1.0/24
P4
P3
E2/0.1
Vlan 10
Video
17
23
17
23
37
PE1
CE2
CE1
37
10.1.1.0/24
E2/0.2
vlan20
38
20
CE1
Site 2
P2
E2/0.3
Vlan 30
38
CE2
P1
Site 2
PE2
10.1.1.0/24
PE2 sees multiple IGP paths to reach PE1
L2VPN Packets load balanced per customer site
according to VC label over two label
Switched paths from PE to P
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
71
L2VPN Deployment
Tunnel Selection for Bandwidth Protection
preferred path [interface tunnel tunnel-number | peer /
{ip address | host name}] [disable-fallback]
pseudowire-class my-path-pref
encapsulation mpls
preferred-path interface tunnel 1 disable-fallback
!
interface fastEthernet <slot/port>.<subif-id>
encapsulation dot1Q 150
xconnect 172.18.255.3 1000 pw-class my-path-pref
This configuration will allow one to direct which path
pseudowires are to take throughout the network
The tunnel head end / tail end must be on the PEs
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
72
36
ATOM: Preferred Path TE Tunnels
Three TE tunnels (Tunnel 0, Tunnel 1 and Tunnel2) between PE1 and PE2
“Preferred path” can be used to map each vc (or multiple vcs) traffic into different
TE tunnels
TE Tunnel 0
Site 1
CE1
10.1.1.0/24
Site 2
TE Tunnel 2
192.168.0.5/32
P3
CE2
P4
30
CE2
Site 1
CE1
Site 2
35
10.1.1.0/24
PE1
Site 1
P2
CE1
10.1.1.0/24
TE Tunnel 1
© 2008 Cisco Systems, Inc. All rights reserved.
PE2
CE2
Site 2
interface Ethernet2/0.1
description green vc
xconnect 192.168.0.5 1 encapsulation mpls pw-class test
!
interface Ethernet2/0.2
description red vc
xconnect 192.168.0.5 20 encapsulation mpls pw-class test1
!
interface Ethernet2/0.3
description dark green vc
xconnect 192.168.0.5 30 encapsulation mpls pw-class test2
pseudowire-class test
encapsulation mpls
preferred-path interface Tunnel0
!
pseudowire-class test1
encapsulation mpls
preferred-path interface Tunnel1
!
pseudowire-class test2
encapsulation mpls
preferred-path interface Tunnel2
BRKAGG-2000
14555_04_2008_c1
34
P1
73
Cisco Public
ATOM: Preferred Path TE Tunnels
Each vc is mapped to a different tunnel
pe2#sh mpls l2transport vc detail | in label
Output interface: Tu0, imposed label stack {30 16}
MPLS VC labels: local 16, remote 16
Tunnel label: 3, next hop point2point
Output interface: Tu1, imposed label stack {34 37}
MPLS VC labels: local 17, remote 37
Tunnel label: 3, next hop point2point
Output interface: Tu2, imposed label stack {35 38}
MPLS VC labels: local 37, remote 38
Site 2
Site 1
CE1
CE2
192.168.0.5/32
P3
10.1.1.0/24
P4
30
Site 1
CE2
CE1
Site 2
35
10.1.1.0/24
PE1
Site 1
P2
CE1
34
PE2
CE2
Site 2
TE Tunnel 2
10.1.1.0/24
BRKAGG-2000
14555_04_2008_c1
P1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
74
37
Data Center
Implementation with
Layer 2 VPN PWE
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
75
Cisco Public
Data Center Option (A) Utilizing Layer 2 VPN to Provide High Availability
Between Two Data Centers and Two Service Providers
PE1-COREB
!
interface gigabitethernet 1/0/0
no switchport
xconnect X.X.X.PE2 70 encapsulation mpls PE2-COREA
__________________________________________________
PE2-COREB
!
interface gigabitethernet 1/0/0
no switchport
xconnect X.X.X.PE1 70 encapsulation mpls PE1-COREA
6500-DCN-SWITCH
!
interface gigabitethernet 1/0/1 COREA
channel-group 1 mode on
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface gigabitethernet 1/0/2 COREB
channel-group 1 mode on
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
76
38
Data Center Option (B) Utilizing Layer 2 VPN to Provide Physical High
Availability Between Two Data Centers
6500-DCN-SWITCH
!
interface gigabitethernet 1/0/1
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface gigabitethernet 1/0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel1
switchport trunk
!
interface gigabitethernet 1/0/4
switchport mode access
Switchport access vlan 10
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
interface gigabitethernet 1/0/1
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface gigabitethernet 1/0/2
channel-group 2 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface gigabitethernet 2/0/1
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface gigabitethernet 2/0/2
channel-group 2 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel1
switchport trunk
!
interface Port-channel2
switchport trunk
PE1-COREA
interface gigabitethernet 3/0
no switchport
xconnect X.X.X.PE2-CORE A 70
encapsulation mpls
PE1-COREB
interface gigabitethernet 3/0
no switchport
xconnect X.X.X.PE2-CORE B 70
encapsulation mpls
77
Cisco Public
Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High
Availability Dual Switches Between Two Data Centers STP Free Topology
6500-A
6500-A
!
interface gigabitethernet 1/0/1
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface gigabitethernet 1/0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel1
switchport trunk
!
interface gigabitethernet 1/0/4
switchport mode access
Switchport access vlan 10
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
6500-B
!
interface gigabitethernet 1/0/1
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface gigabitethernet 1/0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel1
switchport trunk
!
interface gigabitethernet 1/0/4
switchport mode access
Switchport access vlan 10
Cisco Public
PE1-COREA
interface gigabitethernet 3/0 <-6500 A
xconnect 10.1.1.2 20 encapsulation mpls
!
interface gigabitethernet 4/0 <-6500 B
xconnect 10.1.1.2 40 encapsulation mpls
PE1-COREB
interface gigabitethernet 3/0 <-6500 A
xconnect 10.1.1.2 20 encapsulation mpls
!
interface gigabitethernet 4/0 <-6500 B
xconnect 10.1.1.2 40 encapsulation mpls
78
39
Data Center Option (C) Utilizing Layer 2 VPN to Provide Physical High
Availability Dual Switches Between Two Data Centers STP Free Topology
6500-A
6500-A
!
interface gigabitethernet 1/0/1
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface gigabitethernet 1/0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel1
switchport trunk
!
interface gigabitethernet 1/0/4
switchport mode access
Switchport access vlan 10
BRKAGG-2000
14555_04_2008_c1
PE1-COREA
interface gigabitethernet 3/0 <-6500 A
xconnect 10.1.1.2 20 encapsulation mpls
!
interface gigabitethernet 4/0 <-6500 B
xconnect 10.1.1.2 40 encapsulation mpls
6500-B
!
interface gigabitethernet 1/0/1
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface gigabitethernet 1/0/2
channel-group 1 mode on
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel1
switchport trunk
!
interface gigabitethernet 1/0/4
switchport mode access
Switchport access vlan 10
© 2008 Cisco Systems, Inc. All rights reserved.
PE1-COREB
interface gigabitethernet 3/0 <-6500 A
xconnect 10.1.1.2 20 encapsulation mpls
!
interface gigabitethernet 4/0 <-6500 B
xconnect 10.1.1.2 40 encapsulation mpls
79
Cisco Public
Data Center Option (D) Utilizing Layer 2 VPN to Provide Physical High
Availability Dual Switches Between Three Data Centers and One Transit
Data Center
X
PE1
interface gigabitethernet 3/0
xconnect 10.1.1.3 20 encapsulation mpls backup peer
10.1.1.2 200
Data Center 3 6500 Switch
!
interface gigabitethernet 3/0
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface gigabitethernet 4/0
switchport trunk encapsulation dot1q
switchport mode trunk
BRKAGG-2000
14555_04_2008_c1
PE2
interface gigabitethernet 3/0
xconnect 10.1.1.3 30 encapsulation mpls backup peer
10.1.1.1 200
Q-in-Q
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
PE3
interface gigabitethernet 3/0
xconnect 10.1.1.1 20 encapsulation mpls
Q-in-Q
PE3
interface gigabitethernet 4/0
xconnect 10.1.1.1 30 encapsulation mpls
Cisco Public
80
40
Virtual Switching
and Layer 2 VPN
in Data Center
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
81
Cisco Public
Current Network Challenges
Enterprise Campus
Traditional Enterprise Campus deployments have been designed
in such a way that allows for scalability, differentiated services and
high availability. However they also face many challenges, some of
which are listed in the below diagram…
Extensive routing
topology, Routing
reconvergence
L3 Core
L2/L3
Distribution
FHRP, STP, Asymmetric
routing,
Policy Management
Single active uplink per
VLAN (PVST), L2
reconvergence, increased
route peering with L3
access
Access
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
82
41
Current Network Challenges
Data Center
Traditional Data Center designs are requiring ever increasing
Layer 2 adjacencies between Server nodes due to prevalence of
Virtualization technology. However, they are pushing the limits of
Layer 2 networks, placing more burden on loop-detection protocols
such as Spanning Tree…
FHRP, HSRP, VRRP
Spanning Tree
Policy Management
L2/L3 Core
Single active uplink per VLAN
(PVST), L2 reconvergence,
excessive BPDUs
L2
Distribution
Dual-Homed Servers to single
switch, Single active uplink per
VLAN (PVST), L2
reconvergence
L2 Access
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
83
Introduction to Virtual Switch
Concepts
Virtual Switch System is a new technology break through for the
Catalyst 6500 family…
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
84
42
Virtual Switch System
Enterprise Campus
A Virtual Switch-enabled Enterprise Campus network takes
on multiple benefits including simplified management &
administration, facilitating greater high availability, while
maintaining a flexible and scalable architecture…
Reduced routing
neighbors, Minimal L3
reconvergence
L3 Core
L2/L3
Distribution
No FHRPs
No Looped topology
Policy Management
Multiple active uplinks per
VLAN, No STP
convergence
Access
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
85
Virtual Switch System
Data Center
A Virtual Switch-enabled Data Center allows for maximum
scalability so bandwidth can be added when required, but still
providing a larger Layer 2 hierarchical architecture free of reliance
on Spanning Tree…
Single router node, Fast L2
convergence, Scalable
architecture
L2/L3 Core
Dual Active Uplinks, Fast L2
convergence, minimized L2
Control Plane, Scalable
L2
Distribution
Dual-Homed Servers, Single
active uplink per VLAN (PVST),
Fast L2 convergence
L2 Access
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
86
43
Virtual Switch Architecture
Virtual Switch Link
The Virtual Switch Link is a special link joining each physical switch
together - it extends the out of band channel allowing the active
control plane to manage the hardware in the second chassis…
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
87
Cisco Public
Virtual Switch Architecture
VSL Initialization
Before the Virtual Switch domain can become active, the Virtual Switch
Link (VSL) must be brought online to determine Active and Standby
roles. The initialization process essentially consists of 3 steps:
1.
Link
Link Bringup
Bringup to
to determine
determine which
which ports
ports form
form the
the VSL
VSL
2.
Link
Link Management
Management Protocol
Protocol (LMP)
(LMP) used
used to
to track
track and
and reject
reject Unidirectional
Unidirectional Links,
Links, Exchange
Exchange Chassis
Chassis ID
ID and
and other
other information
information between
between the
the 22
switches
switches
3.
BRKAGG-2000
14555_04_2008_c1
LMP
LMP
LMP
LMP
RRP
RRP
RRP
RRP
Role
Role Resolution
Resolution Protocol
Protocol (RRP)
(RRP) used
used to
to determine
determine compatible
compatible Hardware
Hardware and
and Software
Software versions
versions to
to form
form the
the VSL
VSL as
as well
well as
as determine
determine
which
which switch
switch becomes
becomes Active
Active and
and Hot
Hot Standby
Standby from
from aa control
control plane
plane perspective
perspective
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
88
44
Virtual Switch Architecture
VSLP Ping
A new Ping mechanism has been implemented in VSS mode to allow the
user to objectively verify the health of the VSL itself. This is implemented as
a VSLP Ping…
VSL
VSLP
VSLP
VSLP
VSLP
VSLP
VSLP
VSLP
VSLP
Switch 1
Switch 2
The VSLP Ping operates on a per-physical interface basis and parameters
such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified…
vss#ping
vss#ping vslp
vslp output
output interface
interface tenGigabitEthernet
tenGigabitEthernet 1/5/4
1/5/4
Type
Type escape
escape sequence
sequence to
to abort.
abort.
Sending
Sending 5,
5, 100-byte
100-byte VSLP
VSLP ping
ping to
to peer-sup
peer-sup via
via output
output port
port 1/5/4,
1/5/4, timeout
timeout is
is 22 seconds:
seconds:
!!!!!
!!!!!
Success
rate
is
100
percent
Success rate is 100 percent (5/5),
(5/5), round-trip
round-trip min/avg/max
min/avg/max == 12/12/16
12/12/16 ms
ms
vss#
vss#
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
89
VSS EtherChannel
Concepts
Overview, Protocols, Load
Balancing, Enhancements with VSL
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
90
45
EtherChannel Concepts
Multichassis EtherChannel (MEC)
Prior to Virtual Switch, Etherchannels were restricted to reside within the
same physical switch. In a Virtual Switch environment, the 2 physical
switches form a single logical network entity - therefore Etherchannels
can now also be extended across the 2 physical chassis…
Virtual Switch
Virtual Switch
LACP,
LACP, PAGP
PAGP or
or ON
ON EtherChannel
EtherChannel
modes
modes are
are supported…
supported…
Regular EtherChannel on single chassis
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Multichassis EtherChannel across 2 VSLenabled Chassis
91
Cisco Public
EtherChannel Concepts
EtherChannel Hash for MEC
Deciding on which link of a Multi-chassis EtherChannel to use in a
Virtual Switch is skewed in favor towards local links in the bundle this is done to avoid overloading the Virtual Switch Link (VSL) with
unnecessary traffic loads…
Blue Traffic destined for the
Server will result in Link A1 in the
MEC link bundle being chosen as
the destination path…
Orange Traffic destined for the
Server will result in Link B2 in the
MEC link bundle being chosen as
the destination path…
Link A1
Link B2
MEC
Server
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
92
46
Hardware Requirements
VSL Hardware Requirements
The Virtual Switch Link requires special hardware as noted below…
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
93
Hardware Requirements
Other Hardware Considerations
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
94
47
High Availability
Link Failure, Redundancy Schemes,
Dual-Active Detection, GOLD
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
95
Cisco Public
High Availability
Redundancy Schemes
The default redundancy mechanism between the 2 VSS chassis and
their associated supervisors is NSF/SSO, allowing state information and
configuration to be synchronized. Additionally, only in NSF/SSO mode does
the Standby supervisor PFC, Switch Fabric, modules and their associated
DFCs become active…
Switch 2
12.2(33)SXH1
NSF/SSO
Switch 1
12.2(33)SXH1
Active
VSL
Should a mismatch of information occur between the Active and Standby
Chassis, the Standby Chassis will revert to RPR mode, where only configuration
is synchronized, but PFC, Switch Fabric and modules will not be brought up
Switch 2
12.2(33)SXH2
RPR
Switch 1
12.2(33)SXH1
Active
VSL
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
96
48
High Availability
SSO-Aware Protocols
As of Whitney 1, there are over 90 protocols that are SSO-aware. These
include information such as ARP, DHCP Snooping, IP Source Guard, NAC
Posture database, etc… In a VSS environment, failure of either VS will not
require this information to be re-populated again…
Switch 1
Virtual Switch
Switch 2
DHCP
DHCP Snooping
Snooping
Binding
Binding Table
Table
IP
IP Add
Add
MAC
MAC Add
Add
VLAN
VLAN
Interface
Interface
10.10.10.10
10.10.10.10
00:50:56:01:e1:02
00:50:56:01:e1:02
10
10
Po10
Po10
172.26.18.2
172.26.18.2
00:02:b3:3f:3b:99
00:02:b3:3f:3b:99
18
18
Po10
Po10
172.26.19.34
172.26.19.34
00:16:a1:c2:ee:32
00:16:a1:c2:ee:32
19
19
Po20
Po20
10.10.10.43
10.10.10.43
00:16:cb:03:d3:44
00:16:cb:03:d3:44
10
10
Po20
Po20
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
BRKAGG-2000
14555_04_2008_c1
97
High Availability
Dual-Active Detection
In a Virtual Switch Domain, one switch is elected as Active and the other is
elected as Standby during bootup by VSLP. Since the VSL is always configured
as a Port Channel, the possibility of the entire VSL bundle going down is remote,
however it is a possibility…
Virtual Switch Domain
Switch 1 Supervisor
Switch 2 Supervisor
VSL
VS State : Standby
Control Plane: Standby
Data Plane: Active
VS State : Active
Control Plane: Active
Data Plane: Active
ItIt is
is always
always recommended
recommended to
to deploy
deploy the
the VSL
VSL with
with 22 or
or more
more links
links and
and distribute
distribute those
those
interfaces
interfaces across
across multiple
multiple modules
modules to
to ensure
ensure the
the greatest
greatest redundancy
redundancy
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
98
49
High Availability
Dual-Active Detection
If the entire VSL bundle should happen to go down, the Virtual Switch Domain will
enter a Dual Active scenario where both switches transition to Active state and share
the same network configuration (IP addresses, MAC address, Router IDs, etc…)
potentially causing communication problems through the network…
Virtual Switch Domain
Switch 1 Supervisor
Switch 2 Supervisor
VSL
VS State : Active
Control Plane: Active
Data Plane: Active
VS State : Active
Control Plane: Active
Data Plane: Active
2 mechanisms have been implemented in the initial release to detect and recover from
a Dual Active scenario:
1.
Enhanced Port Aggregation Protocol (PAgP)
2.
Dual-Active Detection over IP-BFD
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
99
High Availability
Dual-Active Detection—Mechanisms
1.
Enhanced Port Aggregation Protocol (PAgP)
2.
Dual-Active Detection over IP-BFD
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
100
50
High Availability
Dual-Active Detection—Exclude Interfaces
Upon detection of a Dual Active scenario, all interfaces on the previousActive switch will be brought down so as not to disrupt the functioning of
the remainder of the network. The exception interfaces include VSL
members as well as pre-determined interfaces which may be used for
management purposes…
vs-vsl#conf
vs-vsl#conf tt
Enter
Enter configuration
configuration commands,
commands, one
one per
per line.
line.
vs-vsl(config)#switch
vs-vsl(config)#switch virtual
virtual domain
domain 100
100
vs-vsl(config-vs-domain)#dual-active
vs-vsl(config-vs-domain)#dual-active exclude
exclude
vs-vsl(config-vs-domain)#dual-active
vs-vsl(config-vs-domain)#dual-active exclude
exclude
vs-vsl(config-vs-domain)#
vs-vsl(config-vs-domain)# ^Z
^Z
vs-vsl#
vs-vsl#
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
End
End with
with CNTL/Z.
CNTL/Z.
interface
interface Gig
Gig 1/5/1
1/5/1
interface
interface Gig
Gig 2/5/1
2/5/1
101
Cisco Public
High Availability
Dual-Active Recovery
Upon the restoration of one or more VSL interfaces, VSLP will detect this
and will proceed to reload Switch 1 so that it may be able to re-negotiate
Active/Standby role after bootup…
Switch 1
Switch 2
VSL
VSL Up!
Up! Reload…
Reload…
Switch 1
Switch 2
VSLP
VSLP
VSLP
VSLP
After role has been resolved and SSO Hot Standby mode is possible, interfaces
will be brought up and traffic will resume back to 100% capacity…
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
102
51
High Availability
Generic OnLine Diagnostics (GOLD)
Some enhancements to the GOLD framework have been implemented in a
VSS environment, which leverages a Distributed GOLD environment. In
this case, each supervisor runs an instance of GOLD, but is centrally
managed by the Active Supervisor in the Active chassis…
Switch 1
Switch 2
VSL
VS State : Active
Local GOLD: Active
Distributed GOLD Manager
VS State : Standby
Local GOLD: Active
There are 4 new tests that are available in VSS mode:
1.
TestVSLLocalLoopback
2.
TestVSLBridgeLink
3.
TestVSLStatus
4.
TestVSActiveToStandbyLoopback
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
103
Virtual Switch System
Deployment Considerations
Virtual Switch will incorporate some deployment considerations as best practice…
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
104
52
Virtual Switch System
Benefits
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
105
Virtual Switch System
Summary
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
106
53
Data Center Option (E) Utilizing Layer 2
VPN and Virtual Switching New Features
PE1-COREA
interface gigabitethernet 3/0 <-6500 B
xconnect 10.1.1.2 20 encapsulation mpls
!
interface gigabitethernet 4/0 <-6500 B
xconnect 10.1.1.2 40 encapsulation mpls
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
PE1-COREB
interface gigabitethernet 3/0 <-6500 A
xconnect 10.1.1.1 20 encapsulation mpls
!
interface gigabitethernet 4/0 <-6500 B
xconnect 10.1.1.1 40 encapsulation mpls
Cisco Public
107
Cisco Public
108
Q and A
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
54
Recommended Reading
Continue your Cisco Live
learning experience with further
reading from Cisco Press
Check the Recommended
Reading flyer for suggested
books
“Layer 2 VPN Architectures”
ISBN: 1-58705-168-0
Available Onsite at the Cisco Company Store
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
109
Complete Your Online
Session Evaluation
Give us your feedback and you could win
fabulous prizes. Winners announced daily.
Receive 20 Passport points for each session
evaluation you complete.
Complete your session evaluation online now
(open a browser through our wireless network
to access our portal) or visit one of the Internet
stations throughout the Convention Center.
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
Don’t forget to activate
your Cisco Live virtual
account for access to
all session material
on-demand and return
for our live virtual event
in October 2008.
Go to the Collaboration
Zone in World of
Solutions or visit
www.cisco-live.com.
110
55
BRKAGG-2000
14555_04_2008_c1
© 2008 Cisco Systems, Inc. All rights reserved.
© 2006, Cisco Systems, Inc. All rights reserved.
Presentation_ID.scr
Cisco Public
111
56
