VPLS Demystified…

Introduction

VPLS is a multipoint technology used to emulate a layer 2 Ethernet broadcast domain across a service provider network. The technology uses Ethernet MAC addresses to learn the source of frames, storing them in VPLS MAC tables on PE routers in an MPLS network. VPLS only supports Ethernet untagged or Ethernet-VLAN tagged encapsulation for either a transparent service or a provider provisioned VLAN tagged service.
RFC4761 (Draft Kompella BGP Signalling)
Junipers preferred approach for signalling VPLS is to use the BGP auto provisioning scheme. The reasoning behind this is simply because the VPLS control plane can utilise the existing BGP processes within an MPLS network. This offers an efficient use of the scalability and multiple address families that MP-BGP is capable of handling.
This allows for a VPLS to be setup and over provisioned enabling the addition of new sites by simplying adding the respective VRF configuration to the PE router serving the added site.
VRF and NLRI
The VRF routing table handles all of the label allocations and blocks by creating a VT interface for each VPLS instance. The VRF table is also populated with information received from other PEs that use L2 VPN NLRI to deliver labels and encapsulation so that the local site can map remote forwarding to next hop LSPs. The site ID, layer 2 encapsulation, logical attachment circuits and a label base parameters are used to associate inbound and outbound traffic to the logical VPLS attachment circuits.
The VPLS label mapping process uses the same approach as the L2 VPN NRLI. VPLS label mapping information is distributed for each VPN site between PE routers. The PE routers advertise the label association for all of their attachment circuits in one label block. The simple BGP L2 VPN calculation is used by each remote site to calculate the labels to use for site to site connectivity.
For forwarding to a remote CE attachment circuit this would be calculated by remote label base + local site ID – remote label offset.
For both the BGP and LDP approach Junos creates a logical tunnel interface with the PFE for each remote VPLS site. This allows ingress frames to pass through the PFE twice. The first pass pops the MPLS labels from the frame and the second pass carries out MAC address learning and forwarding using the VPLS forwarding tables. This approach is different to the L2 VPN approach that simply binds labels to attachment circuits and does not rely on MAC learning and forwarding due to the p2p nature of L2 VPN.
BGP NRLI Extended Community
The extended community carries the route target, encapsulation type, MTU of PE to CE link, control flags and preference. The MTU must match on each PE to CE link within the VPLS as fragmentation is not supported. The preference value is copied into the BGP local preference field, this relates to the preference of different sites and can be used for resilience or dual-homing.
To provision a VPLS instance the following must be configured :
VPLS routing instance
Route Target Community
Site ID (unique value in the context of each VPLS)
Site range (maximum number of sites to which the local site can connect, this is defined by the label range)
Remote sites (labels for remote sites are learnt dynamically via BGP NLRI process)
Encapsulation must be VPLS
Interface configuration for VLAN tagging and Ethernet :
Attachment Circuit Configuration
interfaces {
     vlan-tagging;
     encapsulation vlan-vpls;
     ge-0/0/1 {
          unit 10 {
               encapsulation vlan-vpls;
               vlan-id 515;
               family vpls;
          }
     }
}
interfaces {
     encapsulation ethernet-vpls;
          ge-0/0/2 {
               unit 0 {
                    family vpls;
               }
          }
     }
}

VRF Configuration

For BGP NLRI signalling a standard VRF is configured but with a VPLS instance type. Interfaces are configured as the attachment circuits within the VPLS, however only one routing instances is created for one VPLS. If an additional interface is configured within the routing instance it will be used for multi-homing CE sites into the VPLS. Route-targets are used in the same manner as L2 and L3 VPN. The VPLS protocol is configured with a site range value that

routing-instances vpn-a {
     instance-type vpls;
     interface ge-0/0/1.515;
     vrf-target target:65001:100;
     protocols {
          vpls {
               site-range 20;
               site ce-a {
                    site-identifier 1;
               }
          }
     }
}
VPLS Multi-homing
Multi-homing allows two PEs to connect to a CE device to provide resilience in a multi-homed state. In order to prevent a loop the downstream switch has a primary and secondary forwarding path towards the PEs. This is controlled via BGP with a preference feature configured within each PE routing-instance that’s carried into BGP within the local preference attribute.
The primary PE is configured as follows :
routing-instances vpn-a {
     instance-type vpls;
     interface ge-0/0/1.515;
     route-distinguisher 192.168.2.2:100;
     vrf-target target:65001:100;
     protocols {
          vpls {
               site-range 20;
               site ce-b {
                    site-identifier 2;
                    multi-homing;
                    site-preference 300;
               }
          }
     }
}
routing-instances vpn-a {
     instance-type vpls;
     interface ge-0/0/1.515;
     route-distinguisher 192.168.2.3:100;
     vrf-target target:65001:100;
     protocols {
          vpls {
               site-range 20;
               site ce-b {
                    site-identifier 2;
                    multi-homing;
                    site-preference 100;
               }
          }
     }
}
Primary and Backup Interfaces
If a PE has multiple VPLS interfaces towards one CE device then the primary and backup feature can be used to prevent loops.
routing-instances vpn-a {
     instance-type vpls;
     interface ge-0/0/1.515;
     interface ge-0/0/2.515;
     interface ge-0/0/3.515;
     vrf-target target:65001:100;
     protocols {
          vpls {
               site-range 20;
               site ce-a {
                    site-identifier 1;
                    interface ge-0/0/1.515;
               }
               site ce-c {
                    site-identifier 3;
                    active-interface primary interface ge-0/0/2.515;
                    interface ge-0/0/2.515;
                    interface ge-0/0/3.515;
RFC4762 (Draft Martini LDP Signalling)
Uses LDP for VPLS signalling. When using the LDP approach additional LDP extended circuits need to be built for every new site so there is admin burden and extra load on the routers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s