Thursday, November 24, 2016

CCIE SPv4 - MPLS L2VPN - Virtual Private LAN Service (VPLS) VLAN and QinQ

Software versions:
IOS XE 15.5
IOS XR 5.3

The topology for this demo:
In this post we will continue our VPLS deepdive and move into the VLAN and QinQ style rollout. The configuration for this is very close to the Port based method, I'll post all the relevant configurations as we go through. One thing I am doing now that I wasn't doing previously was having debugs actively running to see status/debug message written to the console window so I can see both triggered updates and normal operating outputs. This really helps in identifying the operations vs triggered outputs. The debugs I have currently running:



R5
debug mpls l2transport signaling message
debug mpls l2transport signaling event
debug xconnect event detail
debug xconnect initialization

 These debugs are pretty chatty but they are, to me anyway, very useful to see updates coming and going. 

 We'll take a look at the VLAN variation first per PE and then see the QinQ later on. 

 R3
interface GigabitEthernet3
 service instance 1356 ethernet
  encapsulation dot1q 100

 interface pseudowire35
 encapsulation mpls
 neighbor 192.168.1.5 35
interface pseudowire36
 encapsulation mpls
 neighbor 192.168.1.6 36
interface pseudowire311
 encapsulation mpls
 neighbor 192.168.1.11 311

 l2vpn vfi context VPLS
 vpn id 1356
 member pseudowire311
 member pseudowire36
 member pseudowire35

 bridge-domain 1356
 member GigabitEthernet3 service-instance 1356
 member vfi VPLS

 R5 - has the above debugs enabled
interface GigabitEthernet2
 service instance 1356 ethernet
  encapsulation dot1q 100

 interface pseudowire35
 encapsulation mpls
 neighbor 192.168.1.3 35
interface pseudowire56
 encapsulation mpls
 neighbor 192.168.1.6 56

 l2vpn vfi context VPLS
 vpn id 1356
 member pseudowire56
 member pseudowire35
 member 192.168.1.11 511 encapsulation mpls

 bridge-domain 1356
 member GigabitEthernet2 service-instance 1356
 member vfi VPLS



R5#show l2vpn vfi name VPLS
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

 VFI name: VPLS, state: up, type: multipoint, signaling: LDP
  VPN ID: 1356
  Bridge-Domain 1356 attachment circuits:
  Pseudo-port interface: pseudowire100002
  Interface          Peer Address     VC ID        S
  pseudowire56       192.168.1.6      56           Y
  pseudowire35       192.168.1.3      35           Y
  pseudowire100003   192.168.1.11     511          Y



R5#show bridge-domain 1356
Bridge-domain 1356 (4 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
    GigabitEthernet2 service instance 1356
    vfi VPLS neighbor 192.168.1.3 35
    vfi VPLS neighbor 192.168.1.6 56
    vfi VPLS neighbor 192.168.1.11 511
   AED MAC address    Policy  Tag       Age  Pseudoport
   0   000C.2994.B818 forward dynamic   291  VPLS.1004012
   0   000C.29BB.45EF forward dynamic   299  GigabitEthernet2.EFP1356
   1   FFFF.FFFF.FFFF flood   static    0    OLIST_PTR:0xe880a800
   0   000C.29C9.1F5C forward dynamic   298  VPLS.1004011


Let's go ahead and verify the CEs now.

R9
interface GigabitEthernet1.100
 encapsulation dot1Q 100
 ip address 10.1.100.9 255.255.255.0
 ipv6 address 2001:1:100::9/64
 ospfv3 1 ipv6 area 0

R9#show ospfv3 1 nei

          OSPFv3 1 address-family ipv6 (router-id 10.1.100.9)

 Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
10.1.100.8        1   FULL/DROTHER    00:00:38    12              GigabitEthernet1.100
10.1.100.10       1   FULL/DR         00:00:36    13              GigabitEthernet1.100


Now we'll go ahead and begin taking a look at the QinQ configuration. Very similar to the VLAN based rollout but it does have obvious differences.

Between configuring the VLAN and QinQ options is when I enabled the debugs, shown below.

The interface level EFP configuration
R3
interface GigabitEthernet3
 service instance 200 ethernet
  encapsulation dot1q 50 second-dot1q 200

R5
interface GigabitEthernet2
 service instance 200 ethernet
  encapsulation dot1q 50 second-dot1q 200

R6
interface GigabitEthernet2
 service instance 200 ethernet
  encapsulation dot1q 50 second-dot1q 200

XR1
interface GigabitEthernet0/0/0/2.200 l2transport
 encapsulation dot1q 50 second-dot1q 200


The pseudowire configuration.
R3
interface pseudowire20035
 encapsulation mpls
 neighbor 192.168.1.5 20035
interface pseudowire20036
 encapsulation mpls
 neighbor 192.168.1.6 20036
interface pseudowire20311
 encapsulation mpls
 neighbor 192.168.1.11 20311

R6
interface pseudowire20036
 encapsulation mpls
 neighbor 192.168.1.3 20036
interface pseudowire20056
 encapsulation mpls
 neighbor 192.168.1.5 20056
interface pseudowire20611
 encapsulation mpls
 neighbor 192.168.1.11 20611

XR1 doesn't create the pseudowire the same way IOS does, the configuration is placed under the l2vpn vfi configuration.


The below configuration is separated to show the associated debug outputs.
R5
interface pseudowire20035
 encapsulation mpls
 neighbor 192.168.1.3 20035

interface pseudowire20056
 encapsulation mpls
 neighbor 192.168.1.6 20056
interface pseudowire20511
 encapsulation mpls
 neighbor 192.168.1.11 20511

AToM LDP[192.168.1.6]: Received label mapping msg, id 29149, GR instance 2
AToM LDP[192.168.1.6]:   VC Type   5, c-bit, mtu 1500
AToM LDP[192.168.1.6]:   VC ID     20056, label 601
AToM LDP[192.168.1.6]:   Group     0
AToM LDP[192.168.1.6]:   Status    0x28 [PW Status]
AToM LDP[192.168.1.6]:   PW Status 0x0(0x1) [UP]
AToM LDP[192.168.1.11]: Opening, 2 clients
AToM LDP[192.168.1.11]: Session is up
AToM LDP[192.168.1.11]: Sending label mapping msg
AToM LDP[192.168.1.11]:   VC Type   5, c-bit, mtu 1500
AToM LDP[192.168.1.11]:   VC ID     20511, label 510
AToM LDP[192.168.1.11]:   Group     0
AToM LDP[192.168.1.11]:   Status    0x28 [PW Status]
AToM LDP[192.168.1.11]:   PW Status 0x0(0x1) [UP]

The vfi debugs

R5
l2vpn vfi context QinQ_VPLS
 vpn id 200




XC[QinQ_VPLS]: Allocated xconnect context
XC[QinQ_VPLS]: Adding VFI member
XC[QinQ_VPLS]: Unable to find original AC and VFI fwds - informational
XC[04000002:QinQ_VPLS]: deposit fwd, orig_fwd=0x0, red_group=, xc->fwd1=0x7F6D2EAC7960, xc->fwd1->next_fwd=0x0, xc->fwd2=0x7F6D2EAC7828, xc->fwd2->next_fwd=0x0
XC[04000002:QinQ_VPLS]: VFI not yet associated with a bridge-domain/vlan id
XC[04000002:QinQ_VPLS]: Adding fwd_rid 4294967295, fwd_id C8 to xconnect db index tablemem

member pseudowire20035
XC[192.168.1.3:20035]: Adding PW member
XC[04000002:QinQ_VPLS]: deposit fwd, orig_fwd=0x0, red_group=core_pw, xc->fwd1=0x7F6D2EAC7960, xc->fwd1->next_fwd=0x0, xc->fwd2=0x7F6D2EAC7828, xc->fwd2->next_fwd=0x0
 XC[04000002:QinQ_VPLS]: VFI not yet associated with a bridge-domain/vlan id
 XC[04000002:192.168.1.3:20035]: Adding fwd_rid 3232235779, fwd_id 4E43 to xconnect db index table

member pseudowire20056
XC[04000002:192.168.1.6:20056]: Updating PW member
XC[04000002:QinQ_VPLS]: deposit fwd, orig_fwd=0x7F6D2EAC76F0, red_group=core_pw, xc->fwd1=0x7F6D2EAC7960, xc->fwd1->next_fwd=0x0, xc->fwd2=0x7F6D2EAC75B8, xc->fwd2->next_fwd=0x7F6D2EAC76F0
XC[04000002:192.168.1.6:20056]: Adding fwd_rid 3232235782, fwd_id 4E58 to xconnect db index tabl
XC[04000002:QinQ_VPLS]: Adding PW - VFI to xconnect db

AToM LDP[192.168.1.6]: Opening, 2 clients
AToM LDP[192.168.1.6]: Session is up
AToM LDP[192.168.1.6]: Sending label mapping msg
AToM LDP[192.168.1.6]:   VC Type   5, c-bit, mtu 1500
AToM LDP[192.168.1.6]:   VC ID     20056, label 507
AToM LDP[192.168.1.6]:   Group     0
AToM LDP[192.168.1.6]:   Status    0x28 [PW Status]
AToM LDP[192.168.1.6]:   PW Status 0x0(0x1) [UP]

 AToM LDP[192.168.1.6]: Received label mapping msg, id 29149, GR instance 2
AToM LDP[192.168.1.6]:   VC Type   5, c-bit, mtu 1500
AToM LDP[192.168.1.6]:   VC ID     20056, label 601
AToM LDP[192.168.1.6]:   Group     0
AToM LDP[192.168.1.6]:   Status    0x28 [PW Status]
AToM LDP[192.168.1.6]:   PW Status 0x0(0x1) [UP]

 AToM LDP[192.168.1.6]: Received label withdraw msg, id 29156, GR instance
AToM LDP[192.168.1.6]:   VC Type   5, c-bit, mtu 0
AToM LDP[192.168.1.6]:   VC ID     56, label 606
AToM LDP[192.168.1.6]:   Group     0
AToM LDP[192.168.1.6]: Sending label release msg
AToM LDP[192.168.1.6]:   VC Type   5, c-bit, mtu 0
AToM LDP[192.168.1.6]:   VC ID     56, label 606
AToM LDP[192.168.1.6]:   Group     0
AToM LDP[192.168.1.6]: Received label mapping msg, id 29163, GR instance 2
AToM LDP[192.168.1.6]:   VC Type   5, c-bit, mtu 1500
AToM LDP[192.168.1.6]:   VC ID     56, label 602
AToM LDP[192.168.1.6]:   Group     0
AToM LDP[192.168.1.6]:   Status    0x28 [PW Status]
AToM LDP[192.168.1.6]:   PW Status 0x0(0x1) [UP]

member pseudowire20511
XC[192.168.1.11:20511]: Adding PW member
 XC[04000002:QinQ_VPLS]: deposit fwd, orig_fwd=0x0, red_group=core_pw, xc->fwd1=0x7F6D2EAC7960, xc->fwd1->next_fwd=0x0, xc->fwd2=0x7F6D2EAC75B8, xc->fwd2->next_fwd=0x7F6D2EAC7828
XC[04000002:192.168.1.11:20511]: Adding fwd_rid 3232235787, fwd_id 501F to xconnect db index table
XC[04000002:QinQ_VPLS]: Adding PW - VFI to xconnect db

 AToM LDP[192.168.1.11]: Sending label withdraw msg
AToM LDP[192.168.1.11]:   VC Type   5, c-bit, mtu 1500
AToM LDP[192.168.1.11]:   VC ID     20311, label 506
AToM LDP[192.168.1.11]:   Group     0
AToM LDP[192.168.1.11]: Closing, 1 clients
AToM LDP[192.168.1.11]: Received label release msg, id 17887, GR instance 5
AToM LDP[192.168.1.11]:   VC Type   5, c-bit, mtu 0
AToM LDP[192.168.1.11]:   VC ID     20311, label 506
AToM LDP[192.168.1.11]:   Group     0

 AToM LDP[192.168.1.11]: Received label release msg, id 17951, GR instance 5
AToM LDP[192.168.1.11]:   VC Type   5, c-bit, mtu 0
AToM LDP[192.168.1.11]:   VC ID     20511, label 510
AToM LDP[192.168.1.11]:   Group     0
AToM LDP[192.168.1.11]: Received label mapping msg, id 17954, GR instance 5
AToM LDP[192.168.1.11]:   VC Type   5, mtu 1500
AToM LDP[192.168.1.11]:   VC ID     20511, label 24113
AToM LDP[192.168.1.11]:   Group     1
AToM LDP[192.168.1.11]:   Status    0x28 [PW Status]
AToM LDP[192.168.1.11]:   PW Status 0x0(0x1) [UP]
AToM LDP[192.168.1.11]: Sending label withdraw msg
AToM LDP[192.168.1.11]:   VC Type   5, c-bit, mtu 1500
AToM LDP[192.168.1.11]:   VC ID     20511, label 510
AToM LDP[192.168.1.11]:   Group     0
AToM LDP[192.168.1.11]: Sending label mapping msg
AToM LDP[192.168.1.11]:   VC Type   5, mtu 1500
AToM LDP[192.168.1.11]:   VC ID     20511, label 511
AToM LDP[192.168.1.11]:   Group     0
AToM LDP[192.168.1.11]:   Status    0x28 [PW Status]
AToM LDP[192.168.1.11]:   PW Status 0x0(0x1) [UP]
AToM LDP[192.168.1.11]: Received label release msg, id 17959, GR instance 5
AToM LDP[192.168.1.11]:   VC Type   5, c-bit, mtu 0
AToM LDP[192.168.1.11]:   VC ID     20511, label 510
AToM LDP[192.168.1.11]:   Group     0
AToM LDP[192.168.1.11]: Received label request msg, id 17960, GR instance 5
AToM LDP[192.168.1.11]:   VC Type   5, mtu 0
AToM LDP[192.168.1.11]:   VC ID     20511, label 0
AToM LDP[192.168.1.11]:   Group     1
AToM LDP[192.168.1.11]: Sending label mapping msg
AToM LDP[192.168.1.11]:   VC Type   5, mtu 1500
AToM LDP[192.168.1.11]:   VC ID     20511, label 511
AToM LDP[192.168.1.11]:   Group     0
AToM LDP[192.168.1.11]:   Status    0x28 [PW Status]
AToM LDP[192.168.1.11]:   PW Status 0x0(0x1) [UP]


Now it's time to verify the specifics.


R3
R3#sh l2vpn vfi name QinQ_VPLS
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

 VFI name: QinQ_VPLS, state: up, type: multipoint, signaling: LDP
  VPN ID: 200
  Bridge-Domain 200 attachment circuits:
  Pseudo-port interface: pseudowire100018
  Interface          Peer Address     VC ID        S
  pseudowire20311    192.168.1.11     20311        Y
  pseudowire20036    192.168.1.6      20036        Y
  pseudowire20035    192.168.1.5      20035        Y


R5
R5#sh l2vpn vfi name QinQ_VPLS
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: QinQ_VPLS, state: up, type: multipoint, signaling: LDP
  VPN ID: 200
  Bridge-Domain 200 attachment circuits:
  Pseudo-port interface: pseudowire100004
  Interface          Peer Address     VC ID        S
  pseudowire20511    192.168.1.11     20511        Y
  pseudowire20056    192.168.1.6      20056        Y
  pseudowire20035    192.168.1.3      20035        Y


R6
R6#sh l2vpn vfi name QinQ_VPLS
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: QinQ_VPLS, state: up, type: multipoint, signaling: LDP
  VPN ID: 200
  Bridge-Domain 200 attachment circuits:
  Pseudo-port interface: pseudowire100010
  Interface          Peer Address     VC ID        S
  pseudowire20611    192.168.1.11     20611        Y
  pseudowire20056    192.168.1.5      20056        Y
  pseudowire20036    192.168.1.3      20036        Y


RP/0/0/CPU0:XR1#show l2vpn bridge-domain bd-name QinQ_VPLS
Thu Nov 24 19:36:37.458 UTC
Legend: pp = Partially Programmed.
Bridge group: QinQ_VPLS, bridge-domain: QinQ_VPLS, id: 1, state: up, ShgId: 0, MSTi: 0
  Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
  Filter MAC addresses: 0
  ACs: 1 (0 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
  List of ACs:
    Gi0/0/0/2.200, state: down, Static MAC addresses: 0
  List of Access PWs:
  List of VFIs:
    VFI QinQ_VPLS (up)
      Neighbor 192.168.1.3 pw-id 20311, state: up, Static MAC addresses: 0
      Neighbor 192.168.1.5 pw-id 20511, state: up, Static MAC addresses: 0
      Neighbor 192.168.1.6 pw-id 20611, state: up, Static MAC addresses: 0




R3#show bridge-domain 200
Bridge-domain 200 (4 ports in all)
State: UP                    Mac learning: Enabled
Aging-Timer: 300 second(s)
    GigabitEthernet3 service instance 200
    vfi QinQ_VPLS neighbor 192.168.1.5 20035
    vfi QinQ_VPLS neighbor 192.168.1.6 20036
    vfi QinQ_VPLS neighbor 192.168.1.11 20311
   AED MAC address    Policy  Tag       Age  Pseudoport
   0   000C.2994.B818 forward dynamic   291  QinQ_VPLS.1004022
   0   000C.29BB.45EF forward dynamic   290  QinQ_VPLS.1004021
   1   FFFF.FFFF.FFFF flood   static    0    OLIST_PTR:0xe7f86080
   0   000C.29C9.1F5C forward dynamic   293  GigabitEthernet3.EFP200

The pseudoport  is the remote connection we have to the other PEs, in this case R5 and R6 respectively, we know this because XR1 won't propagate any MAC info from R13.

The G3.EFP200 si the Ethernet Flow Point interface configuration tied to service instance 200. You saw the configuration of the physical interfaces at the top. I won't add in the other routers as their outputs are identical. XR1 won't populate anything due to not participating in the data plane.

This proves that we have point to point connectivity to all the PEs.


Now we can check the CEs, They all have very similar configuration, with the exception that the associated router R8 is .8, R9 is .9, R10 is .10 and R13 is .13. Beyond that one output from R8 is shown for simplicity.


R8
interface GigabitEthernet1.200
 encapsulation dot1Q 50 second-dot1q 200
 ip address 10.1.200.8 255.255.255.0
 ipv6 address 2001:1:200::8/64
 ospfv3 2 ipv6 area 0


R8#show ospfv3 2 nei

          OSPFv3 2 address-family ipv6 (router-id 172.16.8.8)

 Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
172.16.9.9        1   FULL/BDR        00:00:30    13              GigabitEthernet1.200
172.16.10.10      1   FULL/DROTHER    00:00:31    14              GigabitEthernet1.200

Thanks for stopping by!
Rob Riker, CCIE #50693

Posted by at
Labels: , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)