Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1278
Views
10
Helpful
4
Replies

MPLS L2VPN

Aneek
Level 1
Level 1

‎06-19-2020 01:49 PM

Pls, explain to me the working of L2VPN. 

How is packet transferred from one point to another in this technology? 

 

 

Labels:
0 Helpful
4 Replies 4

insideshell
Level 1
Level 1

‎06-22-2020 01:46 AM

Hello,

Well, there is a lot to tell.

If you ask about the data plane, it is quite similar to MPLS L3VPN, that is, it makes the use of an MPLS label stack: one is the VPN label, the other is the LSP label (assuming the transport network is MPLS and not a GRE tunnel for example). So basically, you will have this protocol stack: Ethernet/MPLS VPN label/MPLS LSP label/Ethernet/PHY (once again, assuming the transport network is MPLS and the underlying L2 technology is Ethernet).

Now, about the control plane, to exchange VPN labels between PE, LDP can be used (this is known as Martini VPWS-VPLS) - using the remote neighbors mecanism - as well as MP-BGP (this is known as Kompella VPWS-VPLS). From my experience, LDP is often employed for VPWS (referred to as xconnect at Cisco) while MP-BGP is often employed for VPLS.

But for more detail, you may want to take a look at the original RFCs (rfc4905, rfc4906, rfc4762, rfc4761) and why not try the feature yourself in a Cisco lab if you can (e.g., using Configuring Ethernet Over MPLS).

VPWS = Virtual Private Wire Service = point-to-point L2VPN
VPLS = Virtual Private LAN Service = multipoint L2VPN (just like an Ethernet switch)

Aneek
Level 1
Level 1
In response to insideshell

‎06-22-2020 09:12 AM

Thank you so much. 

0 Helpful

insideshell
Level 1
Level 1
In response to Aneek

‎06-22-2020 09:41 AM

You're welcome! Do not hesitate if you have other questions about MPLS L2VPN, preferably more specific ones as it is a vast subject.

0 Helpful

insideshell
Level 1
Level 1

‎06-24-2020 02:36 PM - edited ‎06-24-2020 02:46 PM

Hello again @Aneek,

Actually, I was preparing a course on Martini VPWS this week so I can add a little more to my previous explanation, if you are still interested.

@insideshell wrote:

From my experience, LDP is often employed for VPWS (referred to as xconnect at Cisco) while MP-BGP is often employed for VPLS.

OK but why is BGP VPLS more common than LDP VPLS?

Because, to implement a basic Ethernet switch (full-mesh LAN topology) with VPLS, you have to set up a full-mesh of pseudowires (PWs) between all the PEs that participate in the L2VPN. So n*(n-1)/2 PWs must be set up between the PEs. If you have 10 PEs in a L2VPN, that's 45 PWs. If you another distinct L2VPN on these same 10 PEs, that's another 45 PWs! That is no problem but, thing is, with LDP VPLS you have to do it manually. To quote the rfc4761 itself, it “is fairly configuration-intensive.” We can call it static discovery in opposition to dynamic discovery and this is what BGP VPLS is about. (But there is no shame in LDP VPLS, I still use it in some parts of my company network.)

If you are familiar with BGP/MPLS IP VPNs, well BGP VPLS is quite similar. You configure MP-iBGP sessions between PEs (preferably, via a Route Reflector to prevent full-mesh MP-iBGP sessions between all the PEs of your network…) and then you use Extended Communities to make L2VPNs. Just like a VRF, it is done using the VFI (Virtual Forwarding Instance) configuration item. Note the full-mesh PWs are still needed to be set up! But this is done automatically (as well as the tear down) and not manually.

In a VPWS (point-to-point L2VPN), LDP is more common as the control plane because you have to set up only one PW (manually). You can do it with VPLS as well (the Extended Community would be exported/imported by only two PEs) but this is more configuration-intensive here and to me it brings confusion, since VPLS literally means LAN and not point-to-point.

Martini VPWS (LDP VPWS) lab

I did a lab of Martini VPWS using some IOSv for the course to better illustrate. Here is a Wireshark capture of the data plane:

eompls-data-plane.png

So you can see: the entire Ethernet frame (which can be VLAN tagged or not and without the CRC) is carried over MPLS. The VPN label is 20. The LSP label is 18. The Control Word is optional for Ethernet and was enabled by default in the IOSv.

Now about the control plane:

eompls-control-plane.png

The label 0x14 (20 in base-ten) is advertised from one PE to the other using LDP for the PW ID 50.

As I said in my previous message, the underlying tunnel does not need to be an MPLS tunnel (an LSP). It can be a GRE tunnel for example:

eomplsogre-data-plane.png

Here, the VPN label is (necessarily) still present and it is 17. There is no LSP label but instead a GRE tunnel. The frame is of course still carried over MPLS.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents