ASR1000 VPLS over TE

Similar Messages

• VPLS over FlexVPN

  Is VPLS (or other types of Layer 2 VPNs) supported using "MPLS over FlexVPN"? 
  All of the configuration documentation that I have read only illustrates VRFs - just curious if anyone has tried this as I have not had time to lab it up yet.  I have a requirement to support a number of different encrypted mult-ipoint layer 2 overlays and this would potentially be a good solution.  Thanks!

  Hello Arun,
  MTU has to be great enough to accomodate the additional label in Carrier Supporting Carrier scenario.
  Another point of attention with modern VPLS is that if the customer attempts to use point to multipoint LSPs this could be a problem
  Until the VPLS uses a collection of point to point LSPs to interconnect the L2 PE nodes it should be fine.
  -Antonio:
  are you referring to the different options of inter AS scenarios?
  Hope to help
  Giuseppe

• A-VPLS over GRE with Supervisor 2T

  Hello,
    I am trying to find the correct method of spanning two non-critical VLANs between campuses over a layer 3 IP network.  We have 2 6500-VSS-2T swtiches and all the documentation I can find points to me using AVPLSoGRE but I do not have the virtual-ethernet interface option.  I am running Advanced Services IOS.  What am I missing that the documentation is not telling me?  I'm not even able to get started for testing...
  Also, is there a better way to do span these two VLANs?  I would prefer not to at all, but as I am migrating the network design to a far less flat network, the business requirements require me to keep these two VLANs spanned for now.
  Thanks
  Robert

  missed the attachment

• VPLS MTU requirement

  Hi All,
  We are planning to run VPLS over the DSL link and i think MTU cab be an issue in such scenario as the MTU size will depends uppon the DSL provider settings. So i am not sure how to acheive this solution in terms of MTU issues and also can some one please guide me how to calculate the required MTU for running VPLS in DSL access media ?
  MTU on interface to CE ?
  MTU on interface to the Core ?
  Thanks in advance guys.
  Sree

  Hi Sree,
  the rule for MPLS (hence for VPLS too) is to have the highest MTU you can configure on the core interfaces. Usually ISPs have nowaday 9000.
  If this is not possible for VPLS you need to take into consideration the following for Max Frame Size:
  Max Frame Size = Link Header + Tunnel label + VC label + Control Word +Transported L2 Header + Payload.
  Link Header is the one of your DSL circuit (likely using ATM link header.. anyway it something you should know/ask your provider).
  Tunnel label + VC label + Control Word = 12 Bytes (4 bytes per label + 4 bytes for control word which is optional as it sepends on underlying transport media and on vendor implementation... anyway you should consider it)
  Transported L2 Header = it depends on what you transport. For Ethernet II encapsulation with dot1q consider 18 bytes (or 14 bytes if customer vlan id is not transported. This depends on implementations once again).
  So in the worst scenario where you have CW and you transport customer vlan id you need at least 1530 Bytes + the DSL link header on the core facing interface.
  On the customer facing interface I would leave the interface MTU you have (1500 if it is Ethernet - even though the actual value is higher as it considers the L2 link overhead already). Or else you need to change the MTU on every host.. not too handy.
  Riccardo

• L2 services over routed network.

  Does anyone know what Cisco recommends for multisite L2 lan services over a routed IP network(no MPLS core)? I've been reading about vpls over gre, but after checking Cisco feature navigator, it looks like the ME switches do not do it. Is there another way to accomplish multisite L2 lan services in the ME or do you have to use 6500 or 6800 series?

  Hi,
  I suggest doing NAT on both sites.
  For Site A with ASA running 8.4 software the NAT configuration might look something like this
  Base Information
  Site A LAN: 192.168.1.0/24
  Site A LAN NAT: 10.1.1.0/24
  Site B LAN (NAT): x.x.x.x/24
  Site A LAN interface = inside
  Site A WAN interface = outside
  Configuration
  object network LAN-LOCAL
    subnet 192.168.1.0 255.255.255.0
  object network LAN-NAT
    subnet 10.1.1.0 255.255.255.0
  object network REMOTE-LAN
    subnet x.x.x.x 255.255.255.0
  nat (inside,outside) source static LAN-LOCAL LAN-NAT destination static REMOTE-LAN REMOTE-LAN
  What the above configuration will do is
  Do NAT between interfaces "inside" and "outside"
  When Site A users connect from their LAN-LOCAL to REMOTE-LAN their NAT IP address will be LAN-NAT This works both ways. When Site B REMOTE-LAN connect to LAN-NAT they will reach LAN-LOCAL of Site A
  Also notice that since you are using this type of NAT that every LOCAL and NAT address will match eachother regarding the last portion of the IP address
  192.168.1.1 = 10.1.1.1
  192.168.1.2 = 10.1.1.2
  192.168.1.3 = 10.1.1.3
  etc
  As I said before I would suggest you ask the Site B admin to also NAT their local LAN 192.168.1.0/24 to something and then you can use that network range and insert to the above configuration to the place of x.x.x.x.
  Please rate if you found the information helpfull
  Also ask more if needed
  - Jouni

• VPLS TLS and EVCS support?

  I have been trying to read the VPLS section on the following page to what versions of VPLS are supported.
  http://www.cisco.com/en/US/products/hw/routers/ps368/products_module_configuration_guide_chapter09186a00801e5c06.html
  I have a few questions:
  1. What flavors of VPLS does Cisco support?
  2. For the config exmaple on that page, is it TLS of EVCS?
  3. Can I attach multiple vlan interfaces to a VFI?
  4. Related to last question, does the packet that enters the VPLS over the core maintain the VLAN header of is it stripped? I'll have more questions about this depedning on the answer I get.
  5. I am seeing conflicting reports in the forum and in the docs about which SUP card I need. What do I need to get my 6509 to work with VPLS?
  Thanks,
  Greg

  1. I apologize. I guess I should have been more clear. I understand which draft Cisco used, it was more around vlan based and port based implementations I've seen on other vendors.
  2. Sorry, I meant in the VPLS section. The section was a bit confusing saying where it kept mentioning the TLS and EVCS. But it never clearly showed which lines make it EVCS and which lines make it TLS. Are you saying that EVCS is actually just a reference to Martini?
  3. Thanks. I guess this means vlan headers are maintained across VPLS.
  4. I think I understand now. Mainly I was trying to see if Cisco's VPLS also did the same type4(vc-type vlan) and type5(vc-type ether) as they did with Martini. From what I iunderstand, Cisco's current VPLS is type4. Correct?
  5. So for VPLS, I need at least a SUP2 MSFC2 with OSM+. For Martini, if I have a SUP720-3BXL, what card can I use to support MPLS core interface? Will a standard GE card work?
  Thanks,
  Greg

• VPLS - Implementation

  Hi Team
  Can someone advise me on a basic VPLS implementation. i.e. the configurations on the PE's and P nodes and customer CE devices. CE device's will be routers. Its for a single customer. The requirement will be for 8 sites.
  But for now i just need an overview of how to implement VPLS over MPLS technology.
  I've tried to make this post as simple as possible, my previous posts I think went into to much detail.
  Thanks
  C Williams

  C Williams,
  there are many documents on Cisco's website covering this subject.
  I use vpls within my P core network using a manual configuration.  ie lets say you have 8 routers in a mesh and you want to create a vpls instance for vlan 400.
  Using ES20 cards on a 7600 router the configs look like this.
  R1
  l2 vfi vlan400 manual
  vpn id 400
  neighbor ip-address(R2)
  neighbor ip-address(R8)
  each neighbor statement creates a l2 connection from R1.  Do this on all routers.  Thats it
  you can also us iBGP to make this an auto connection.
  Be aware if you are not using the ES20+ cards and SRE, MAC learning occurs with the xconnect statement.
  The new configuration uses 802.1ah or MACinMAC so all the MAC address for a specific location is represented by 1 MAC address.
  Regards
  Jude Bryant
  Network Engineer
  Pioneer Telephone

• Ethernet over Public link with Cisco 65XX Series

  We are transferring some equipment from one datacenter to another and we do not have private line connectivity between them at the current time.
  We are hoping to be able to temporarily be able to establish some type of Layer2 connectivity between the facilities to help allow us to spread out the migration into 2 events.  We have Cisco 65XX series switches at the core at both facilities and I am wondering what we might be able to use to make this happen?
  EoMPLS is out as we have to be able to extend the layer2 functionality across carrier networks and L2TPv3 is not supported on Cisco 65XX from what I have read / checked on our switches (if there is an IOS version that does support it, please let me know).
  I have read a bit about VPLS over GRE but I am not clear on the configuration and/or if it supported as it references MPLS at various points within the documentation that I have read.
  Any guidance would be appreciated.

  I've absolutely no idea if this would help in your case. 
  But anyway, I think 6500 handles DMVPN. May be MPLS over DMVPN would be a solution?
  https://sites.google.com/site/amitsciscozone/home/important-tips/traffic-engineering/p2mp-mpls-te-over-dmvpn
  http://networkknerd.blogspot.be/2014/08/dmvpn-mpls-over-dmvpn-oh-yeah.html
  HTH

• Virtualisation - trunking Vlans

  Hi,
  I am working on a requirement on virtualisation involving Business crtical applications in multiple data centers. The challenges being currently faced are:
  1. The 3 Tier architecture with web servers, app servers and db servers to be virtualised with common ESX hosts along with multiple other intranet applications. Issues around security between environments, management of ESX, logging etc.
  2. multiple swtiched environments to be virtualized with clash of Vlan id's, Vlan in excess on 512 to be trunked.
  3. The ultimate goal is to go for the complete virtualised environment with full DR capability and flexibility akin Cloud computing.
  4. Can we think of Q in Q support on Nexus 1000v?
  Any help in untangling this situation will be highly appreciated.
  regds/John

  John,
  With 512 VLANs just keep in mind you are at the upper limit of Nexus 1000V number of active VLANs supported (512).
  While the Nexus 1000V does not support Q-in-Q, the best place to implement such a feature would be at the physical switch layer anyway.
  Or perhaps another approach would be to implement your own VPLS cloud to interconnect the various switched environments together. The VLAN #'s dont need to be the same at each location, you could for example have VLAN 10 at Site A bridged to VLAN 20 at Site B. The advantage of VPLS over plain Q-in-Q would be preserving STP isolation and autonomy between sites.
  Also, talk to your Cisco SE about OTV for Nexus 7000 :)
  Cheers,
  Brad
  p.s. please rate if helpful

• LACP or Link State Tracking over VPLS?

  Hi all!
  I have 2 sites connected with VPLS.  Both sites are now having a 2nd VPLS circuit installed (with a different carrier) for redundancy/failover.  I've got a Catalyst 3750 at each end to work with.
  My question: what's the best way to configure the 3750's?  I was thinking either LACP with 2 physical interfaces (one for each VPLS line) - in which case traffic would be balanced across them, which is fine.
  OR I could use Link State Tracking, such that if 1 link fails it would failover.  Though I'm new to Link State Tracking so I don't know if this would actually work over VPLS.
  Your thoughts are very appreciated.

  Link state tracking, also known as trunk failover, provides Layer 2 redundancy in the network when used in conjunction with server network interface card (NIC) adapter teaming. Link-state tracking is used to mirror the state of the ports that carry upstream traffic from connected hosts and servers, and to allow the failover of the server traffic to an operational link on another Cisco Ethernet switch. Check out the following link for more information on link state tracking :
  http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a00805a75e0.html#wp1285238
  Hope this helps.

• REP common link over VPLS

  Hi,
  I'm looking for some guidance on how to configure a REP common link over VPLS.  I've read a bunch of docs that more or less elude to the fact that it should be supported, but no combination of documents thus far have clearly outlined what the prerequisites are in terms of software, ES vs. ES+ hardware or relevant configuration glue to make this work.
  http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_cfg_rep.html#wp1316104
  http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_guide/baldpref.html
  Cisco Live 2010 session BRKSPG-2205 (Deploying and Designing with Resilient Ethernet Protocol) page 79
  I've got two 7600/SUP720/SRE5 boxes with a chain of ME3400s connecting the two over 6724 LAN based linecard ports.  I've also got an ES port between each 7600 to carry the SVI based EoMPLS foo between the two, and this is where I'd like to establish the VPLS common link (hopefully the below ASCII diagram will show up OK):
  [ 7600-1 ]--(6724-GE)--[ ME3400-1 ]--[ ME3400-2 ]--(6724-GE)--[ 7600-2 ]
     |                                                               |
     |                                                               |
     +---------------------------(ES20-GE)-------------------------- +
  In terms of config, I've got the 6724 chain side configured as a REP segment and the REP admin VLAN is 1/default.  I haven't been able to find the configuration glue needed to make REP aware that the common link for the segment is the VPLS pseudowire between the two 7600s:
  ! 7600-1
  interface loopback 0
  ip address 2.2.2.2 255.255.255.255
  ip router isis 21949
  interface GigabitEthernet8/22
  description Facing ME3400-1
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  rep segment 19 edge primary
  interface GigabitEthernet7/0/19
  description Facing 7600-2
  mtu 9216
  ip address 1.1.1.2 255.255.255.254
  no ip redirects
  ip router isis 21949
  mpls ip
  mls qos trust dscp
  bfd interval 250 min_rx 250 multiplier 4
  clns mtu 9199
  ethernet vlan color-block all
  interface Vlan1
  no ip address
  xconnect vfi REP-PROTECT
  l2 vfi REP-PROTECT manual
  vpn id 2194900101
  bridge-domain 1 vlan
  neighbor 2.2.2.3 encapsulation mpls
  ! 7600-2
  interface loopback 0
  ip address 2.2.2.3 255.255.255.255
  ip router isis 21949
  interface GigabitEthernet8/22
  description Facing ME3400-2
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  rep segment 19 edge
  interface GigabitEthernet7/0/19
  description Facing 7600-1
  mtu 9216
  ip address 1.1.1.3 255.255.255.254
  no ip redirects
  ip router isis 21949
  mpls ip
  mls qos trust dscp
  bfd interval 250 min_rx 250 multiplier 4
  clns mtu 9199
  ethernet vlan color-block all
  l2 vfi REP-PROTECT manual
  vpn id 2194900101
  bridge-domain 1 vlan
  neighbor 2.2.2.2 encapsulation mpls
  REP topology looks OK:
  7600-1#show rep top
  REP Segment 19
  BridgeName       PortName   Edge Role
  7600-1           Gi8/22     Pri  Open
  3400-1           Gi0/2           Open
  3400-1           Gi0/1           Open
  3400-2           Gi0/1           Open
  3400-2           Gi0/2           Open
  7600-2           Gi8/22     Sec  Alt
  VFI is up:
  7600-1#show vfi name REP-PROTECT
  Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
  VFI name: REP-PROTECT, state: up, type: multipoint
  VPN ID: 2194900101
  Bridge-Domain 1 attachment circuits:
     Vlan1 
  Neighbors connected via pseudowires:
  Peer Address     VC ID        S
  2.2.2.3          2194900101   Y
  However in a REP segment failure, the pseudowire seems to be pretty much useless acting as a common link for the failed segment.
  Is anyone running a config like this?  Am I missing something obvious (or not so obvious?)?
  Thanks in advance.

  I have a Mac and have tried the suggestion above with the places.sqlite but it DID NOT HELP! FIREFOX IS STILL HANGING!!!!!!!!!!!! I've been a real fan of firefox for several years, but lately it's just plain annoying!!! I have to force quit FF several times a day. I THINK I'M GOING TO SWITCH TO SAFARI until you guys get your act together soon :(

• Ethernet over MPLS/VPLS

  Hi,
  I would appreciate if you answer my following questions :
  - As you know EoMPLS is based on physical port, but how about VPLS?
  - Could you tell me minimum router which supports VPLS?
  - Any other solutions for transfer ethernet frames over MPLS except VPLS and EoMPLS?
  - I think VPLS is better EoMPLS because it supports multipoint to multipoint ,is it true? could you please tell me VPLS advantage and disadvatage?
  Regards,
  M.Arshad rad

  Ehlo ,
  1)EoMPLS is available in port and vlan mode.Since VPLS
  is actually using martini encapsulations ( both lasserre and kompella ) it is possible to use raw and tagged modes.
  2)IMHO only Cisco router that supports VPLS now is 7600.Additionaly VFI can be only assigned to SVI.
  3)Juniper CCC ( RSVP based ) - but obviously you won't use it since it's proprietary ( nevertherless it has nice feature like lsp-stiching ) and IOS couldn't signall it .
  4) VPLS is designed to support p-to-mp and therefore
  it's more complex.IF you don't need its features you can stick with raw p2p martini , which is relatively simple and widely implemented ( no problem for example to configure it between ios and junos boxes ).
  pm

• Strach VRF over VPLS

             Hi,
  We are building two DC which are connected by 2x10G L2 fibers.We are plannig to implement VPLS for DCI(see attached diagram).We would extend some VLANS for L2 connectivity ( Hearbeat,VMotion etc etc).But there is also a requirment to run L3 routing between two DC'S.
  My question is,
  Insted of run L3 routing over streached VLAN , will it be possible to   run separate VRF inside VPLS between two DC's and enable L3 routing ?
  Regards,  

  Narayan, you can try couple to steps as below to troubleshoot.
  1) I suspect there is 192.168.111.1 and 192.168.111.2 in the global routing table as well, have this checked.
  2) To confirm that you have not established the tunnel with your MVRF CE enable tunnel keepalives so it will come down as there is no way it can establish a tunnel with your CE using a source from the VRF without the "tunnel vrf" command.
  3) I believe your 7600 must be having the default IOS which it was shipped with 12.2SX, the SX doesnt have this command. You may have to migrate to SRA.
  Following the above steps you can verify and solve your problem.
  HTH-Cheers,
  Swaroop

• STP over VPLS

  Hi Everyone!
  I have a scenario of 3 PE routers with full mesh VPLS Pseudo-wires configured over it. If you look into the design, I have connected two switches Sw1 and Sw2 with the PEs R2 and R3 respectively. Considering that the VPLS cloud is operating correctly, I have connected a CE switch [Sw3] with Sw1 and Sw2. Now, the issue is STP over VPLS. Without having STP running inside the VPLS cloud, it's causing loop all over the ring. 
  In order to avoid loop, I have run PVST+ on all the three switches but the PEs are not running STP as I believe that the BPDUs are to be transparently forwarded through the VPLS pseudo wires. But, i'm not really sure why i'm getting PVST_Inc error on both Sw1 and Sw2 for the links that are connected with their respective PEs. Any response regarding this will be highly appreciated. 
  For your reference, network diagram is attached below:
  Thanks!

  What kind of PE routers do you have? Are they ASR9k  running EVC/EFP on switch facing interfaces?
  http://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/116514-problem-stp-00.html
  Best Regards,
  Bheem

• VPLS between ASR1000 and 7600

  Hello.
  I'm trying to create VPLS between two ASR1004 routers and one 7600 with ES+ card.
  IGP/BGP and LDP connections between all routers are OK.
  Configuration is the following:
  Cisco 7600: (IP 12.12.12.12)
  l2 vfi TEST manual
  vpn id 777
  neighbor 8.8.8.8 encapsulation mpls
  neighbor 2.2.2.2 encapsulation mpls
  interface Vlan777
  no ip address
  xconnect vfi TEST
  end
  interface GigabitEthernet1/12  // Link to switch1
  description LINK to SW1
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  end
  And the ASR's config: (IP 8.8.8.8/2.2.2.2)
  l2 vfi TEST manual
  vpn id 777
  bridge-domain 777
  neighbor 12.12.12.12 encapsulation mpls
  neighbor 8.8.8.8 encapsulation mpls
  interface GigabitEthernet0/0/0 // Link to switch2
  description DOWNLINK to SW2
  load-interval 30
  speed 1000
  no negotiation auto
  no clns route-cache
  service instance 777 ethernet
  encapsulation dot1q 777
  bridge-domain 777
  Then I created SVI interfaces on both switches, connected to 7600 and ASR1K (SW1 and SW2), but ping between them in the vlan 777 was failed.
  sh xconnect all from the ASR:
  UP pri vfi TEST UP mpls 12.12.12.12:777 UP
  UP pri vfi TEST UP mpls 8.8.8.8:777 UP
  What's wrong in this configuration?

  I've solved the problem.
  Just added
  rewrite ingress tag pop 1 symmetric
  to the CE facing interface
  and also
  mpls no-split-horizon
  to l2 vfi section