VPLS for

Carrier Ethernet
Services

Tim McSweeney
Product Manager
Layer 2 VPNs & Network Access

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
 Agenda - GARR

ƒ What Is Driving L2VPNs?

ƒ Foundations
MPLS and GMPLS
Pseudo Wires

ƒ VPLS Overview
Why Deploy VPLS?
VPLS in a Nutshell
Hierarchical VPLS and Autodiscovery
Manageability and Cisco Service Delivery Models

ƒ Customer Deployment Profiles

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
 What Is Driving L2VPNs?
The Ever Expanding Applications of Ethernet
Access Aggregation PSN Aggregation Access

Internet

VLAN 100
Termination

IP/MPLS
VLAN 200 VLAN
200
Transport

VPWS
Layer 3

ƒ Fast becoming the access technology of choice

ƒ Layer 2, Layer 3 and Internet services on a common port
ƒ Extends the reach of metro area Ethernet networks
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
 L2VPN Taxonomy
L2VPN Models

VPWS VPLS
Virtual Private Wire Service Virtual Private LAN Service
Point
Point to
to Point
Point Point
Point to
to Multipoint
Multipoint

MPLS
MPLS Core
Core

L2TPv3 AToM Ethernet

Ethernet

IP
IP Core
Core MPLS
MPLS Core
Core

Ethernet
Ethernet Ethernet
Ethernet
Frame
Frame Relay
Relay Frame
Frame Relay
Relay
ATM
ATM (AAL5
(AAL5 &
& Cell)
Cell) ATM
ATM (AAL5
(AAL5 &
& Cell)
Cell)

PPP
PPP &
& HDLC
HDLC PPP
PPP &
& HDLC
HDLC

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
 MPLS Operation Overview
3. Ingress Edge LSR 4. LSR switches 5. Egress Edge LSR
receives and packets using removes label and
“labels” packets label swapping delivers packet

Customer PE P P
Site A
Customer
PE Site B

1. Routing Protocols (OSPF, IS-IS) 2. Label Distribution Protocol (LDP)

establish reachability to establishes label-to-destination
destination networks network mappings
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
 MPLS Encapsulation
One or More Labels Inserted into Packet Header

PPP Header PPP Header Label Layer 2/L3 Packet

(Packet over SONET/SDH)

LAN MAC Label Header MAC Header Label Layer 2/L3 Packet

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Label – 20bits EXP S TTL-8bits

EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
 MPLS VPN Security: Comparable to Frame
Relay and ATM

ƒ Miercom testing that proved

that MPLS VPNs met or
exceeded all of the security
characteristics of a comparable
Layer 2 VPN based on Frame
Relay or ATM
ƒ References
RFC 4381: Analysis of the
Security of BGP/MPLS IP Virtual
Private Networks (VPNs),
Feb 2006
Cisco white paper: Security of the
MPLS Architecture
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/mxinf_
ds.pdf

Source: Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM, Miercom, March 2001,
http://www.miercom.com/_gfx/nav/acrobat.gif

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
 GMPLS Overview
GMPLS provides Unified Control Plane across different layers
ƒ GMPLS extends MPLS/MPLS-TE control plane
GMPLS extends these control planes to support ANY class of
interfaces (i.e. layers)
Provides Bi-directional LSPs
ƒ GMPLS supports 5 types of interfaces:
PSC - Packet Switching Capable: IP/MPLS
L2SC - Layer-2 Switching Capable: ATM, FR, Ethernet
TDM - Time-Division Multiplexing: SONET, SDH, G.709 ODUk
LSC - Wavelength Switching: Lambda, G.709 OCh
FSC - Fiber Switching
ƒ With MPLS-TE, GMPLS enables:
Connection Protection/Restoration capabilities
Separation between transmission, control and management plane
Network management using SNMP (dedicated MIB)
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
 Network Hierarchy: GMPLS/MPLS Integration

GMPLS Network - OTN

MPLS Network MPLS Network
PE1 G-PE1 G-PE2 PE2
GMPLS LSP

MPLS LSP MPLS LSP

Ethernet Ethernet
GMPLS LSP
Frame Frame

MPLS MPLS MPLS MPLS

Layer Layer Layer Layer

GMPLS GMPLS
LSP LSP
Stacks GMPLS Stacks

L1, L2, L3 connection L1, L2, L3

between PEs

MPLS LSP between customer networks over GMPLS

VPLS connection between customers PEs

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
 GMPLS/MPLS Integration
ƒ Cisco actively involved in private and GMPLS
public interoperability (for example, available for
ISOCORE – www.iscocore.com) customer
ƒ Main focus: IP/Optical integration – proof of evaluation on
concept and interoperability across Cisco routers
GMPLS/MPLS layers
ƒ Optical Dynamic GMPLS LSPs signalled • Cisco CRS-1
and advertised in the MPLS layer • Cisco 12000
ƒ L3VPNs, TE, VPLS, PW, Multicast services • Cisco 7600
running over the GMPLS LSP
ƒ If you are interested let us know!!!
ƒ GMPLS deployment
ƒ Service providers in Japan – have done
testing and ready for deployment
ƒ Typical services: L3VPN, TE, PW

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
 Pseudo Wires Enable… VPLS, AToM, L2TPv3
ƒ Transport over non-Native Bridged
Backbones Ethernet
over
ƒ Co-existence with other ATM
Encapsulations
SP Network CE
ƒ Service
Interworking

EoMPLS
Pseudo Wire

Ethernet example
Ethernet VLAN CE
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
 Why Deploy VPLS?
Feature Benefits
MPLS core network ƒ Overcomes distance limitations of
emulates a flat LAN segment Ethernet-switched networks
Æ Offer Virtual Private LAN Services
Formerly called Transparent LAN
Services (TLS)
Extends Ethernet broadcast ƒ Connects each customer site to many
capability across WAN or all other customer sites
ÆPoint to Multipoint – A single CE-PE link transmits Ethernet
Connectivity packets to multiple remote CE routers
– Fewer connections required to get full
connectivity among customer sites
Æ OpEx Savings
Multipoint plug-and-play ƒ Adding, removing or relocating a CE
provisioning router requires configuring only the
directly attached PE router
Æ OpEx Savings
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
 VPLS Reference Model

PE PE Customer
Customer
Site
Site

MPLS

Full Mesh of
PE
Pseudowires Attachment VCs are
Ethernet

Customer
Site

A full mesh of pseudo wires (PWs) is used to connect all

provider edge (PE) devices which support a given VPLS VPN
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
 VPLS and Hierarchical VPLS
192.168.11.25/24

VPLS 192.168.11.11/24
ƒ VPLS
192.168.11.1/24
- Single flat hierarchy
- MPLS to the EDGE
- MPLS Core

192.168.11.2/24

H-VPLS
H-VPLS
ƒ Hierarchical VPLS u-PE
PE-CLE n-PE n-PE
u-PE
PE-CLE
MTU-s
MTU-s PE-POP PE-POP
- Two (or More) Tier GE PE-rs PE-rs
PW
Hierarchy
- MPLS or Ethernet
at the Edge
- MPLS Core ETHERNET EDGE MPLS CORE MPLS EDGE
Point-to-Point or Ring
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
 “Flat” VPLS Deployment Model:
Customers Attach Directly to VPLS Service
PE-1 PE-2

CE- MPLS Network CE-SITE2

SITE1

PE-3
CE-SITE3
Description: Customers directly attach to VPLS service at Provider
Edge
• Suitable for small customer implementations
• Simple provisioning
• Full mesh of directed LDP sessions required between participating PEs
• VLAN and port level support (no QinQ)
Challenge: Limited scalability
• Full mesh causes classic scaling issue — N*(N-1)/2

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
 Hierarchical VPLS Deployment Model:
Hub-and-Spoke
Cisco Cisco
7600 7600
VPLS/ MPLS
Cisco Cisco
7600 7600

STP
Cisco
7600
City 1 City 3
STP Domain Q-in-Q 20 Domain
STP
Q-in-Q 14
City 2
Q-in-Q 10 Domain

Description:
• Customers attach to Regional Metro Ethernet networks
• VPLS links the Metro Ethernet Regions
Benefit: Scales to support larger Ethernet deployments
• Full mesh for core tier (hub) only
A Comprehensive Solution: Robust, Flexible, Scalable, Manageable
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
 VPLS Autodiscovery and Signaling
VPN Centralized DNS Distributed
Discovery Radius Directory Services BGP

Label Distribution
Signaling
Protocol

ƒ Autodiscovery: BGP is the

configuration agent Autodiscovery
Configuration Steps
True autodiscovery of VPN members 1. Establish BGP sessions &
(e.g., no need to explicitly list them) activate it for the
L2VPN/VPLS address-family
ƒ Signaling: LDP sets up a 2. Create VPLS instance &
standard PW associated interfaces to it
3. (Optional) Establish
PWs signal other information such as
import/export rules (or use
attachment circuit state, sequencing
the default mode)
information, etc.
Cisco IOS supports targeted LDP for
AToM and VPLS
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
 Discovery & Signaling

ƒ Signaling & discovery are separable parts of L2VPN

establishment
Discovery (finding members of an L2VPN) is a point-to-
multipoint task
Signaling (establishing the pseudowires) is a point-to-point
task
ƒ By separating the tasks, you can choose a suitable
protocol for each:
LDP, L2TPv3 for PW Signaling
BGP, RADIUS, etc. for Discovery

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
 LDP vs. BGP for PW Signaling

ƒ For VPLS scaling,

full mesh is not a
significant problem
LDP BGP
ƒ LDP provides Point-to-Point Broadcasts All
lighter-weight Information Only Information to
solution All Peers
No Policy Complex Policy,
Often Changing
Information
Advertised
Mostly Idle Can Have
Significant
Churn Due to
Broadcast

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
 Pseudowire Redundancy:
Protects from Key Potential Faults
PE2a CE2a
Packet Switched
Network 2 3 4
1
CE1 PE1
Attachment
Primary
Circuits
Pseudowire

PE2b CE2b
Attachment
Circuit Redundant
Pseudowire

ƒ Protects from fault in four key areas

1 PSN failure due to end-to-end routing failure
2 PE failure due to HW or SW fault
3 Attachment circuit failure due to line break
4 CE failure due to HW or SW fault

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
 Inter-Autonomous System Pseudowires

AS10 AS20
Provider A Provider B

• Inter-Autonomous System (Inter-AS) model: When a

pseudowire spans at least 2 different service provider or
administrative domains

Goal:
• Extend end-to-end pseudowire deployment across multiple ASes
using VPLS
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
 Inter-Autonomous Systems:
Pseudowire Switching

Switch Points
AS10 AS20
Provider A Provider B

• Pseudowire switching interconnects pseudowires belonging to

different autonomous systems, thus providing an end-to-end path
• Switch point refers to the ASBR where pseudowire switching
is performed
• Achieved through inter-working of data and control planes
at the switch point

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
 Pseudowire Switching Model
attached-circuit 3

attached-circuit 1 pwvc 11

pwvc 151
PE-3
PE-1 pwvc 111
AS 1
AS 2
Pwvc 112
pwvc 12 ASBR-2 pwvc 152
PE-2 ASBR-1
attached-circuit 4 PE-4
attached-circuit 6

attached-circuit pseudo-wire pseudo-wire pseudo-wire attached-circuit

L2 signalling (UNI) LDP / L2TPv3 LDP/L2TPv3 LDP / L2TPv3 L2 signalling (UNI)

VPWS VPWS VPWS

• Pseudowires that comprise the end-to-end solution can be of the

same (VPLS-to-VPLS) or different types (VPLS-to-AToM)
• Each pseudowire segment can independently employ draft-
martini or L2TPv3 signaling and encapsulations
• The ASBRs are responsible for "cross-connecting" the
pseudowire control channels and pseudowire data planes
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
 Manageability &
Cisco Service
Delivery Models

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
 Unified L2 VPN Management

Integrated network
management platform
to manage:
• Metro Ethernet
Services (switched
as well as Ethernet
transport over MPLS
Core) services.
• MPLS BGP VPN
services
• AToM (ATM/FR
transport over
MPLS) services
• DiffServ/IP/ MPLS
CoS treatment for
MPLS services
above

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
 Business Ethernet Services Architecture
Service EoMPLS PW
Port, 1:1 VLAN EoMPLS PW Ethernet
MPLS-VPN Ethernet UNI
QinQ
Business
L3 VPN Port, 1:1 VLAN
MPLS NNI

Port, 1:1 VLAN EoMPLS Pseudowire

EoMPLS PW
VPLS Ethernet UNI
Business
E-LAN Port, 1:1 VLAN

H-VPLS MPLS NNI

Port, 1:1 VLAN

Business Ethernet UNI
E-LINE
Port, 1:1 VLAN
MPLS NNI

Efficient Large Scale Intelligent Multiservice

Access Aggregation Edge Core

MSE
Aggregation Node
Access Node E-MSE for MPLS NNI Distribution Node

MSE

DSL, Ethernet MPLS / IP IP, MPLS MPLS

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
 VPLS Deployment
Profiles

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
 VPLS for Service Differentiation and Revenue
Growth

PCCW (Hong Kong)

ƒ Leading telecommunications
provider
ƒ Deployed VPLS on 28
C7600 Series routers &
Catalyst 3750-ME switches

PCCW Limited, the leading communications provider in Hong Kong, deployed a

combination of Cisco 7600 Series routers and Cisco Catalyst 3750 Metro Ethernet
switches to build its VPLS network. PCCW's VPLS architecture allowed it to
converge a number of different services into one network.

"PCCW is pleased to have deployed the Cisco VPLS Carrier Ethernet solution for
the provision of our next generation data services," said Larry Wong, Director of
Marketing and Products of Commercial Group, PCCW Limited based in Hong
Kong. "Cisco's VPLS Carrier Ethernet technology allows us to create service
differentiation and increase revenue growth in the enterprise and commercial
markets, as it enables flexible bandwidth utilization, service customization, multiple
connectivity, and high level of QoS and availability."

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
 VPLS for Scalable Ethernet Services
ƒ WebPartner
(Denmark)
ƒ VPLS-based
Ethernet
broadband
services
ƒ Cisco Catalyst
6500 series
switches

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
 VPLS Customer Deployment Profiles
ƒ SP (USA)
– VPLS used to link 16 Metro Ethernet regions
– Deployed 80 C7600 running VPLS
ƒ Financial (USA)
– Deployed VPLS in November 2004
– Provides integrated information and technology applications in the
global financial services industry
ƒ SP (Brasil)
– Developing rollout of triple play services to the DSL and Metro
Ethernet market in the city of São Paulo
– Network has independent Layer 2 aggregation domains
interconnected via pseudowires for customers that need to cross
domains
– Will use TE and Pseudowire Redundancy on the inter-domain
connections

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
 VPLS Customer Deployment Profile
ƒ SP (North America)
– Converting existing Layer 2 access and aggregation Metro
Ethernet service offering to complete VPLS
– Objectives:
• Minimize spanning tree domain
• Unify routing scheme so VPLS endpoints and multicast video
share the same paths
• Simplify troubleshooting by not having divide troubleshooting
between L2 and L3 expert teams
• Unify QoS, routing, and convergence policies across all
services

Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32