Have you seen other blogs in MPLS series? If not then I definitely recommend you to check it.
In this blog I am going to discuss about the L2VPN or also known as xConnect virtual circuits. At this point you know how MPLS forwarding works, if you are also aware about data forwarding with the help of frame-relay DLCI, then it would be easier for you to understand the VC mappings in l2vpn. Let me first try to answer the question that.
“Why do we need L2VPN?”
Before answering this, I may try to explore this question more with the help of a top up question that “Do you know any protocols which are used only in broadcast network(l2 network)?” Or may be another “Would it help if you can have spanning tree/HSRP/IGPs running between the sites which are connected via ISP ?”
You must have understood, where I am trying to reach with this discussion. The whole idea behind the L2VPN technology is to provide the capability of extending the layer2 vlan across the ISP network. The more you read about xconnect the more L2VPN applications you see like CEM(Circuit emulation), PWHE (psedowire head end) for BNG subscribers and many more. I have plans to discuss all these technologies in my upcoming posts.
If I need to tell you this quickly then I would say its a technology to extent l2 domain across ISP.
Alright this is the good time to get started with the network topology and the configurations. Following is the network that I am using for the lab, the topology is prepared in GNS3 with the help of Cisco7200 routers.
STEP 1 : Configuring Core devices
The Core BGP AS 500 network has IGP and MPLS configured. Following is the configuration that we have in one of the core router. Configuration similar to this is done on PE1(Internal interfaces and loopback), PE2((Internal interfaces and loopback), R3(Provider router) and R4(Provider router) .
! interface Loopback1 ip address 22.214.171.124 255.255.255.255 ip router isis ! interface FastEthernet0/0 ip address 126.96.36.199 255.255.255.252 ip router isis mpls ip ! interface FastEthernet1/0 ip address 188.8.131.52 255.255.255.252 ip router isis mpls ip ! router isis net 49.1111.2222.3332.00 ! mpls ldp router-id Loopback1 !
Once our Core is configured and MPLS is up on core devices, we need to bring up the connections between the PE router . In general BGP is favored protocol to do this. So here as well we are going to use the same.
STEP 2: Bringing up interface between PE and CE
Once the core connectivity over MPLS is UP we can bring up the interface between the CE and PE routers. To make sure everything is fine in the MPLS network use MPLS ping between two PE routers and ensure MPLS connectivity.
PE1#ping mpls ipv4 184.108.40.206/32 Sending 5, 100-byte MPLS Echos to 220.127.116.11/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/29/48 ms PE2#ping mpls ipv4 18.104.22.168/32 Sending 5, 100-byte MPLS Echos to 22.214.171.124/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/24/36 ms
Above test confirms that the MPLS path between the two PE routers are fine. We can move to the PE and CE interface config. In this example I am bridging VLAN 10 between the two sites over MPLS network.
PE1#sh run int fa 2/0.1 Building configuration... Current configuration : 99 bytes ! interface FastEthernet2/0.1 encapsulation dot1Q 10 xconnect 126.96.36.199 10 encapsulation mpls end
PE2#show run int fastEthernet 2/0.1 Building configuration... Current configuration : 99 bytes ! interface FastEthernet2/0.1 encapsulation dot1Q 10 xconnect 188.8.131.52 10 encapsulation mpls end
CE1#show run int fastEthernet 1/0.1 Building configuration... Current configuration : 98 bytes ! interface FastEthernet1/0.1 encapsulation dot1Q 10 ip address 192.168.30.1 255.255.255.0 end
CE2#sh run int fastEthernet 1/0.1 Building configuration... Current configuration : 98 bytes ! interface FastEthernet1/0.1 encapsulation dot1Q 10 ip address 192.168.30.2 255.255.255.0 end
At this point the xConnect should be up and working between the sites. let us see some of the ping and traceroute results.
CE1#ping 192.168.30.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.30.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/44/76 ms CE1#traceroute 192.168.30.2 Type escape sequence to abort. Tracing the route to 192.168.30.2 1 192.168.30.2 68 msec 76 msec 60 msec ---------> Indicates single hop or L2 domain. CE1#sh ip arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.30.1 - ca01.911b.001c ARPA FastEthernet1/0.1 Internet 192.168.30.2 39 ca06.9120.001c ARPA FastEthernet1/0.1 -----> Arp learnt over MPLS
Great we got it working, our layer 2 is extended now. Now lets extend our knowledge more on this. Now I am going to explain that how xconnect works. Lets see following diagram.
In the above image we see the packet with each segment when it passes through the network. At CE1 the packet will only have IP/MAC and Data field additionally it can also have 802.1Q field. When it reaches to PE1 where the xconnect configuration sits, two more labels are added to the original packet , transport label and the virtual circuit label(VC). The transport label is to switch packet in the MPLS network. The VC label is used when the packet reaches to destination PE. At the same time new layer2(MAC address) header is added to the packet which is for hop to hop forwarding. When the packet moves from P router to PE2 router, Mpls penultimate hop popping(PHP) occurs and transport label is removed from the packet. But at this point the VC label still remains on the packet which is used by PE2 to identify the virtual ckt for which the packet is destined.Let us see how that works with the help of following diagram.
Have a look at the mpls forwarding table entries highlighted in yellow. These entries are the one responsible for forwarding packet in our situation. Pakcet is forwarded with the help of two entries in MPLS LFIB, transport label and VC label. PE needs two information in order to send packet first it needs to know which PE it has send, in this case PE2 . Once the PE is identified router needs to know how to reach to the PE.
You must have noticed two entries in the above image one for prefix l2ckt(10) and other is for prefix 184.108.40.206/32(PE2) . In l2ckt(10) , 10 means the pseudowire id which we have defined in the xconnect configuration under the interface on PE router. With this entry in mpls forwarding table we see a local label associated but no outgoing label. The local label will be used as VC label by the other side PE to reach to this PE. For example if PE1 needs to send data to PE2 it will use VC label corresponding to l2ckt(10) local label on PE2 which is 24. Similarly if PE2 needs to send some data over the pseuduwire 10 to PE1 it will use the local label assigned to l2ckt(10) on PE1 which is 17 in our case. Let us see this in more detail with the help of packet capture.
The above capture was taken at two places in the network. The left side packet was taken in between PE1 and P and the right side one was taken between P and PE2 Router. You can see see the transport and VC labels and try to match this with mpls forwarding table explain in previous image (Mpls forwarding table) .
L2VPN is great for extending VLANs across the MPLS network. The packet forwarding is exactly same as we know it in MPLS core. To isolate between different customers we have dedicated logical circuits between the PE routers, which are assigned a label and takes part in MPLS forwarding. The technology is very simple to implement and very easy to troubleshoot as well. Even though there are many new technologies available to extend layer 2 over MPLS/ISP like VxLAN , OTV etc but xConnect charm has never faded.