Ethernet Virtual Circuits
advertisement
1 EVC Atahar Khan CCIE SP 44012 AGENDA L2VPN overview Ethernet Virtual Circuits (EVC) 2 3 L2VPN Overview 4 What is L2VPN ? • We call L2VPN any method which allow to have a LAN shared across multiple remote location across a non L2 network • The network in the middle can be : •IPv4 Routed network L2TPv3 can be use •MPLS network EoMPLS or VPLS •Another switched Network QinQ • The PE to CE interface might not be Ethernet •Atom : tunnel of anything over MPLS network •L2TPv3 : encapsulate anything over ipv4 network •Interworking : allow to interconnect one L2 tech to another (FR to ATM or Eth to ATM or…) • Those technique can be combined to achieve LAN transparency ! 5 L2VPN Models AToM L2TPv3 L2-VPN Models MPLS Core VPWS IP core VPLS P2MP/ MP2MP Point-to-Point Point-to-Point Ethernet FR ATM AAL5/Cell Ethernet PPP/ HDLC FR ATM AAL5/Cell Ethernet PPP/ HDLC 6 Virtual Private Wire Service (VPWS) Reference Model L2transport over IP = L2TPv3 L2transport over MPLS = AToM SE = Service Endpoint Customer Site Customer Site PSN = Packet Switched Network PSN Tunnel PWES Pseudo Wires PE PWES PE PWES Customer Site PWES Customer Site Emulated Service A Pseudowire (PW) is a connection between two Provider Edge (PE) devices which connects two pseudowire End-Services (PWESs) of the same type Service Types: • Ethernet • HDLC • 802.1Q (VLAN) • PPP • ATM VC or VP PWES • Frame Relay VC 7 Ethernet Virtual Circuits (EVC) 8 The Challenges On traditional switches, we require the switch to do two things: 1.) Have the VLAN configured globally 2.) Perform MAC learning in this VLAN switches have a finite amount of CAM space for MAC Learning limiting the number of hosts we can support. Since the 802.1q VLAN tag is only 12-bits wide we can only configure a maximum of 4096 VLANs. In modern provider and cloud environments there is a need to scale beyond these limitations. VLAN translation can not be done. 9 EVC Advantages The VLAN tag is used for classification and the Service Instance defines the forwarding action. we could allocate one VLAN to different customers on every switchport and forward each customer's traffic across different MPLS Pseudowires, but never actually configure the VLAN globally. Customer VLAN ID preservation/ translation. CE-VLAN ID Preservation Application (1) ERS services with same End to End CE-VLAN ID VLAN Mapping Points Customer CE-1 MEN Customer 200 CE-2 100 CE-HQ 200 300 CE-VLAN ID Customer 100 Customer 300 CE-3 11 CE-VLAN ID Preservation Application (2) Corporate Customers with all remote offices using the same CE-VLAN ID Also useful for SP deploying Managed CPEs Customer 100 NEED OF VLAN TRANSLATION !!! Customer VLAN Mapping Points MEN Customer 100 CE-2 600 CE-HQ 601 602 CE-VLAN ID CE-1 Customer 100 CE-3 12 EVC – Flexible Frame Matching • Service instance Service instance ... – – – – – – – Provide classification of L2 flows on Ethernet interfaces Are also referred to as EVC service-instances Support dot1q and Q-in-Q Support VLAN lists Support VLAN ranges Support VLAN Lists and Ranges combined Coexist with routed subinterfaces 14 100 101 102 200 203 Match VLAN: 14 Match VLAN range: 100-102 Match VLAN list: 200, 203, 210 210 300,10 0 Match VLAN: 300,100 400,1 Match outer VLAN 400, inner VLAN range: 1-3 400,2 400,3 400,11 400,17 400,34 Match outer 400, inner VLAN list: 11,17,34 13 Exact vs. Non-Exact • EVC only supports Non-Exact matching • ‘encap dot1q 10’ matches any packets with outmost tag equals to 10: 10 10 200 • ‘encap dot1q 10 sec 100’ matches any packets with outmost tag as 10 and second most tag as 100 10 100 10 100 1000 14 Longest tag match EVC supports longest tag matching within the same GigE port. Matching double tag at first, then single tag, then default tag (similar concept as routing table lookup) 10 10 200 dot1q 10 10 100 sec 100 dot1q 10 10 130 sec 128-133 Int G3/0/0 dot1q 10 15 EVC – Flexible VLAN Tag Manipulation EVCs allow us to classify inbound frames in a highly flexible manner based on 1 or more VLAN tags or CoS values. Here are some examples Configuration Effect encapsulation dot1q 10 Match the single VLAN tag 10 encapsulation dot1q 25 second-dot1q 13 Match first VLAN tag 25 and second tag 13 encapsulation dot1q any second-dot1q 22 Match any double tagged frame with a second tag of 22 encapsulation dot1q 16 cos 4 Match a single tag 16 when it has CoS value 4 encapsulation dot1q untagged Match the native (untagged) VLAN encapsulation dot1q default The catch all class for all traffic not previously classified 16 Encap match order • From most specific to most general • No exact match based on outmost tag # • Encap untag matches untagged packet • Encap default catches all remaining traffic w/o specific match. If there is no encap untag configured, it also catches untag packet. 17 Encapsulation Rewrite CLI . interface gig 1/1/1 service instance 1 ethernet encapsulation dot1q 10 rewrite ingress tag ? pop Pop the tag push Rewrite Operation of push translate Translate Tag Configuration rewrite ingress tag pop 1 symmetric rewrite ingress tag pop 2 symmetric Effect remove the top 802.1q tag remove the top two 802.1q tags rewrite ingress tag translate 1-to-1 dot1q 28 symmetric remove the top tag and replace it with 28 rewrite ingress tag translate 2-to-2 dot1 22 remove the top two tags and replace them second-dot1q 23 with 22 and 23 (23 will be the inner tag) push two new tags on top of the existing rewrite ingress tag push dot1q 56 secondframe. The top tag will be 56; inner tag of dot1q 55 55 18 Encapsulation Rewrite CLI - Symmetric . 19 Here's a sample topology, with two access switches processing different VLANs. The service instance configurations are on PE Blue and PE Purple 20 EVC – Flexible Forwarding Model Service instance BD MPLS P-to-P Local Connect L3/VRF or EoMPLS/VPLS MPLS UPLINK SVI P-to-P EoMPLS BD BD EoMPLS/VPLS SVI L2 Bridging PVC / DLCI Physical Ports L2 inter-working ATM / FR 21 Flexible Service Mapping Configuration Example Access port Local connect Service instance or Ethernet Flow Point core interface, L2 trunk or L3 MPLS service instance 1 ethernet encapsulation dot1q 20 second-dot1q 10 rewrite ingress tag pop 1 sym bridge-domain 10 c-mac 802.1ah (PBB or .1ah over VPLS service instance 2 ethernet encapsulation dot1q 11-100 rewrite ingress tag push dot1q 101 xconnect 1.1.1.1 101 en mpls E-LINE (VPWS) service instance 3 ethernet encapsulation dot1q 101 second-dot1q 10 rewrite ingre tag translate 2-to-1 100 bridge-domain 200 Interface vlan 200 xconnect vfi myvpls E-LAN (VPLS or Local bridging) service instance 4 ethernet encapsulation dot1q 102 rewrite ingress tag pop 1 bridge-domain 201 Interface vlan 201 ip address 2.2.2.2 255.255.255.0 ip vrf myvrf L3 termination 22 EVC (Service Instance) Example Here is an example of an interface configured with a bridge-domain: interface g0/2 service instance 1 ethernet encapsulation dot1q 11 rewrite ingres tag pop 1 symmetric bridge-domain 22 ! interface Vlan22 ip address 192.168.1.1 255.255.255.0 23 EVC – Local & remote bridging example LOCAL Switching interface g0/2 service instance 1 ethernet encapsulation dot1q 10 rewrite ingres tag pop 1 symmetric bridge-domain 22 service instance 2 ethernet encapsulation dot1q 11 rewrite ingress tag pop 1 symmetric bridge-domain 22 ! interface Vlan44 ip address 192.168.1.1 255.255.255.0 Remote Connection interface g0/2 service instance 1 ethernet encapsulation dot1q 10 rewrite ingres tag pop 1 symmetric bridge-domain 22 split-horizon service instance 2 ethernet encapsulation dot1q 11 rewrite ingress tag pop 1 symmetric bridge-domain 22 split-horizon ! interface Vlan44 xconnect 192.168.1.1 12 encapsulation mpls Thank You
