L2 VPN in EXOS

L2VPN

L2 VPN is used for transparent delivery of L2 traffic from end user over MPLS infra-structure.  The Extreme product uses target LDP in the PE devices to handshake inner label for L2 VPN service.

In case of point-to-point service between two sites, VPWS (Virtual Private Wire Service) is used to deliver traffic based on single user port.  MAC address learning for end user traffic would not occur in the VPWS because of point-to-point connection.

For multiple sites (three or more), VPLS (Virtual Private LAN service) is used to deliver traffic based on MAC learning. VPLS requires MAC address learning on user ports and VPLS pseudo-wires to the other PEs devices together because logical LAN is formed among PEs for packet forwarding.  As IBGP routers do, All PE devices who participate in the same VPLS service needs full mesh configuration to the other PEs for VPLS service to prevent loop inside PWs (Pseudo-Wire) via split horizon rule.  Any VPLS traffic from one PW will not be reflected or copied into the PWs. The traffic will be copied or sent to only user edge ports where VLAN for VPLS service is defined.

To implement redundancy for VPLS in each customer site requires additional protocol, ESRP (Extreme Standby Routing Protocol), to make assure only one PE activated in each site so that loop can be avoided and duplicate copies of flooding/broadcast traffic can be eliminated.  However, implementing redundancy for VPWS is not possible without changing to VPLS.

VPWS

VPWS encapsulates the traffic from specific end user port in the one PE device with MPLS inner label and attaches outer MPLS label to deliver the encapsulated traffic to the other PE device.  

Extreme Solution provides VMAN (802.1Q double tagging) to hide VLAN information from end user in the PE device.   The ingress port where CE device is attached is configured with VMAN.  Therefore, both VLAN tagged traffic and untagged traffic from CE device will be blindly assigned with additional VMAN tag in the PE device and VPWS is associated with the specific VMAN to deliver the traffic to the other PE device over MPLS cloud.  Inside MPLS cloud, outer MPLS label is used to deliver the encapsulated traffic to the final egress PE device. In the egress PE device, inner label would be used to find the VPWS service and then egress port is identified because VPWS is associated with specific VMAN.   After inner label is stripped, the original user traffic will be transparently sent to egress port without VMAN tag.

Because VPWS is designed for point-to-point service, PE devices for VPWS would not learn any MAC addresses of user traffic in both the end-user facing port and VPWS pseudo-wire.  Therefore, resources for MAC learning in the PE device can be saved for VPWS service.

VPWS EXTREME Switch Configuration Template

1. Create VMAN and assign one port connected to CE device as untagged
2. create vman VMAN-NAME
3. config vman VMAN-NAME add ports PORT untagged
4. Disable IGMP Snooping on VMAN
5. Disable igmp snooping vman VMAN-NAME
6. Create VPWS pseudo-wire configuration
7. create l2vpn vpws VPWS-NAME fec-id-type pseudo-wire PW-NUMBER
8. Associate VMAN into VPWS pseudo-wire configuration
9. configure l2vpn vpws VPWS-NAME add service vman VMAN-NAME
10. Configure VPWS remote PE’s loopback IP address for VPWS pseudo-wire configuration
11. configure l2vpn vpws  VPWS-NAME add peer REMOTE-PE-IPADDRESS
12. Enable VPWS service
13. Enable l2vpn vpws VPWS-NAME

VPLS

VPLS encapsulates L2 traffic from specific VLAN or VMAN in the  PE device and then delivers the encapsulated traffic into two more sites.  This solution allows three or more sites to be inter-connected by LAN switch.  Because VPLS is associated with specific VLAN, in the case that end customer has multiple VLANs, separate VPLS instance should be created per each VLAN.

However, if each VLAN has the same distribution tree (the same PE devices), multiple VLANs can be aggregated into one VMAN using VMAN technology, 802.1Q double tagging, and then only single VPLS instance be used for the VMAN nstead of VLAN so that traffic with multiple VLANs can be transparently delivered to the other PEs.

EXTREME VPLS Configuration Template

1. Create VLAN and assign one port connected to CE device as tagged or untagged depending on VLAN configuration for the port in the CE device connected to PE device.
2. create vlan VLAN-NAME
3. config vman VLAN-NAME add ports [port] untagged|tagged
4. Disable igmp snooping on VLAN
5. Disable igmp snooping on vlan VLAN-NAME
6. Create VPLS pseudo-wire configuration
7. create l2vpn vpls VPLS-NAME  fec-id-type pseudo-wire PW-NUMBER
8. Associate VLAN into VPLS pseudo-wire configuration
9. configure l2vpn vpls VPLS-NAME add service vlan VLAN-NAME
10. Add each remote PE’s loopback IP address into VPLS pseudo-wire configuration
11. configure l2vpn vpls  VPLS-NAME add peer REMOTE-PE-IPADDRESS core full-mesh
12. Enable VPLS service
13. Enable l2vpn vpls VPLS-NAME