ON THIS PAGE
Example: Configuring H-VPLS Without VLANs
This example shows how to configure the hierarchical virtual private LAN service (H-VPLS). No VLANs are configured in this example.
Requirements
No special configuration beyond device initialization is required before configuring this example.
Overview
H-VPLS uses LDP-based VPLS to signal and establish pseudowires. LDP-based VPLS is defined in RFC 4762, Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling. RFC 4762 also defines a hierarchical mode of operation for LDP VPLS called H-VPLS.
VPLS and H-VPLS are different with respect to scaling. VPLS requires a full mesh of tunnel label-switched paths (LSPs) among all of the provider edge (PE) routers that participate in the VPLS service. For each VPLS service, n*(n-1)/2 pseudowires must be set up between the PE routers. In contrast, H-VPLS partitions the network into several edge domains that are interconnected using an MPLS core. Each edge device only needs to learn of one local PE device and therefore needs less routing table support. This has the potential to allow service providers to use relatively less costly devices (such as EX Series switches) at the customer edge.
As alternatives to H-VPLS, Juniper Networks offers other ways to address VPLS scalability. For more information, see Application Note: Demystifying H-VPLS.
H-VPLS defines two roles or functionalities:
PE-r—PE device that runs VPLS with other PE-r devices, but which also has pseudowires (it can be based on QinQ access) with another device called a multi-tenant unit (MTU), which provides the access layer.
MTU—PE device that represents the access layer on the H-VPLS architecture and establishes pseudowires to one or more PE-r devices through which VPLS traffic is forwarded.
Figure 1 shows the topology used in this example.
The example shows one MTU (Device PE1) connected to two PE-r devices (Device PE2 and Device PE3).
The pseudowire between Device PE1 and Device PE3 is the primary or working path. The pseudowire between Device PE1 and Device PE2 is the backup path.
CLI Quick Configuration shows the configuration for all of the devices in Figure 1. The section Step-by-Step Procedure describes the steps on Device PE1 and Device PE2.
Configuration
Procedure
CLI Quick Configuration
To quickly configure
this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match
your network configuration, and then copy and paste the commands into
the CLI at the [edit] hierarchy level.
Device PE1
set interfaces ge-2/0/5 encapsulation ethernet-ccc set interfaces ge-2/0/5 unit 0 family ccc set interfaces ge-2/0/10 unit 0 family inet address 192.0.2.2/24 set interfaces ge-2/0/10 unit 0 family iso set interfaces ge-2/0/10 unit 0 family mpls set interfaces ge-2/0/11 unit 0 family inet address 192.0.2.3/24 set interfaces ge-2/0/11 unit 0 family iso set interfaces ge-2/0/11 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.14.217/32 set interfaces lo0 unit 0 family iso address 49.0001.0102.5501.4217.00 set protocols mpls interface ge-2/0/10.0 set protocols mpls interface ge-2/0/11.0 set protocols isis level 1 disable set protocols isis interface ge-2/0/10.0 set protocols isis interface ge-2/0/11.0 set protocols isis interface lo0.0 set protocols ldp interface ge-2/0/10.0 set protocols ldp interface ge-2/0/11.0 set protocols ldp interface lo0.0 set protocols l2circuit neighbor 10.255.14.225 interface ge-2/0/5.0 virtual-circuit-id 601 set protocols l2circuit neighbor 10.255.14.225 interface ge-2/0/5.0 backup-neighbor 10.255.14.216 standby set routing-options router-id 10.255.14.217
Device PE2
set interfaces ge-2/0/6 encapsulation ethernet-vpls set interfaces ge-2/0/6 unit 0 family vpls set interfaces ge-2/0/10 unit 0 family inet address 192.0.2.4/24 set interfaces ge-2/0/10 unit 0 family iso set interfaces ge-2/0/10 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.14.216/32 set interfaces lo0 unit 0 family iso address 49.0001.0102.5501.4216.00 set protocols mpls interface ge-2/0/10.0 set protocols isis level 1 disable set protocols isis interface ge-2/0/10.0 set protocols isis interface lo0.0 set protocols ldp interface ge-2/0/10.0 set protocols ldp interface lo0.0 set routing-instances customer instance-type vpls set routing-instances customer interface ge-2/0/6.0 set routing-instances customer protocols vpls vpls-id 601 set routing-instances customer protocols vpls neighbor 10.255.14.217 set routing-options router-id 10.255.14.216
Device PE3
set interfaces ge-2/1/3 encapsulation ethernet-vpls set interfaces ge-2/1/3 unit 0 family vpls set interfaces ge-2/0/10 unit 0 family inet address 192.0.2.5/24 set interfaces ge-2/0/10 unit 0 family iso set interfaces ge-2/0/10 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.14.225/32 set interfaces lo0 unit 0 family iso address 49.0001.0102.5501.4225.00 set protocols mpls interface ge-2/0/10.0 set protocols isis level 1 disable set protocols isis interface ge-2/0/10.0 set protocols isis interface lo0.0 set protocols ldp interface ge-2/0/10.0 set protocols ldp interface lo0.0 set routing-instances customer instance-type vpls set routing-instances customer interface ge-2/1/3.0 set routing-instances customer protocols vpls vpls-id 601 set routing-instances customer protocols vpls neighbor 10.255.14.217 set routing-options router-id 10.255.14.225
Device CE1
set interfaces ge-2/0/8 unit 0 family inet address 172.16.0.3/24 set interfaces lo0 unit 0 family inet address 10.255.14.214/32 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/8.0
Device CE2
set interfaces ge-2/1/5 unit 0 family inet address 172.16.0.4/24 set interfaces lo0 unit 0 family inet address 10.255.14.215/32 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/1/5.0
Device CE3
set interfaces ge-2/0/9 unit 0 family inet address 172.16.0.5/24 set interfaces lo0 unit 0 family inet address 10.255.14.218/32 set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface ge-2/0/9.0
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure H-VPLS on the MTU device:
-
Configure the interfaces.
On the MTU device interface that connects to the customer edge, configure one of the circuit cross-connect (CCC) encapsulation types and the CCC address family. This enables Layer 2 circuits.
On the core-facing interfaces, enable MPLS labels. The ISO address is needed as well on the core-facing interfaces because IS-IS is used in the core.
[edit interfaces] user@PE1# set ge-2/0/5 encapsulation ethernet-ccc user@PE1# set ge-2/0/5 unit 0 family ccc user@PE1# set ge-2/0/10 unit 0 family inet address 192.0.2.2/24 user@PE1# set ge-2/0/10 unit 0 family iso user@PE1# set ge-2/0/10 unit 0 family mpls user@PE1# set ge-2/0/11 unit 0 family inet address 192.0.2.3/24 user@PE1# set ge-2/0/11 unit 0 family iso user@PE1# set ge-2/0/11 unit 0 family mpls user@PE1# set lo0 unit 0 family inet address 10.255.14.217/32 user@PE1# set lo0 unit 0 family iso address 49.0001.0102.5501.4217.00
-
Enable MPLS and LDP on the interfaces.
On the MTU device interfaces that connect to other PE devices, configure MPLS and LDP.
[edit protocols mpls] user@PE1# set interface ge-2/0/10.0 user@PE1# set interface ge-2/0/11.0 [edit protocols ldp ] user@PE1# set interface ge-2/0/10.0 user@PE1# set interface ge-2/0/11.0 user@PE1# set interface lo0.0
-
Enable routing on the interfaces.
On the MTU device interfaces that connect to other PE devices, configure an interior gateway protocol (IGP), such as OSPF or IS-IS.
[edit protocols isis] user@PE1# set level 1 disable user@PE1# set interface ge-2/0/10.0 user@PE1# set interface ge-2/0/11.0 user@PE1# set interface lo0.0
-
Configure the Layer 2 circuit.
The neighbor 10.255.14.225 is Device PE3’s loopback interface address. This sets up the working path.
The neighbor 10.255.14.216 is Device PE2’s loopback interface address. This sets up the backup path.
The virtual circuit ID must match the VPLS ID that is configured on Device PE2 and Device PE3.
[edit protocols l2circuit neighbor 10.255.14.225 interface ge-2/0/5.0] user@PE1# set virtual-circuit-id 601 user@PE1# set backup-neighbor 10.255.14.216 standby
-
Configure the router ID.
[edit routing-options] user@PE1# set router-id 10.255.14.217
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure H-VPLS on the MTU device:
Configure the interfaces.
On the PE-r device interface that connects to the customer edge, configure one of the VPLS encapsulation types and the VPLS address family. This enables VPLS.
On the core-facing interfaces, enable MPLS labels. The ISO address is needed as well on the core-facing interfaces because IS-IS is used in the core.
[edit interfaces] user@PE2# set ge-2/0/6 encapsulation ethernet-vpls user@PE2# set ge-2/0/6 unit 0 family vpls user@PE2# set ge-2/0/10 unit 0 family inet address 192.0.2.4/24 user@PE2# set ge-2/0/10 unit 0 family iso user@PE2# set ge-2/0/10 unit 0 family mpls user@PE2# set lo0 unit 0 family inet address 10.255.14.216/32 user@PE2# set lo0 unit 0 family iso address 49.0001.0102.5501.4216.00
Enable MPLS and LDP on the interfaces.
On the MTU device interfaces that connect to other PE devices, configure MPLS and LDP.
[edit protocols mpls] user@PE2# set interface ge-2/0/10.0 [edit protocols ldp ] user@PE2# set interface ge-2/0/10.0 user@PE2# set interface lo0.0
Enable routing on the interfaces.
On the MTU device interfaces that connect to other PE devices, configure an interior gateway protocol (IGP), such as OSPF or IS-IS.
[edit protocols isis] user@PE2# set level 1 disable user@PE2# set interface ge-2/0/10.0 user@PE2# set interface lo0.0
Configure VPLS.
The
neighbor 10.255.14.217statement points to Device PE1’s loopback interface address.The VPLS ID must match the virtual circuit ID that is configured on the MTU (Device PE1).
[edit routing-instances customer] user@PE2# set instance-type vpls user@PE2# set interface ge-2/0/6.0 user@PE2# set protocols vpls vpls-id 601 user@PE2# set protocols vpls neighbor 10.255.14.217
Configure the router ID.
[edit routing-options] user@PE2# set router-id 10.255.14.216
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols, show routing-instances, and show routing-options commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
Device PE1
user@PE1# show interfaces
ge-2/0/5 {
encapsulation ethernet-ccc;
unit 0 {
family ccc;
}
}
ge-2/0/10 {
unit 0 {
family inet {
address 192.0.2.2/24;
}
family iso;
family mpls;
}
}
ge-2/0/11 {
unit 0 {
family inet {
address 192.0.2.3/24;
}
family iso;
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.14.217/32;
}
family iso {
address 49.0001.0102.5501.4217.00;
}
}
}
user@PE1# show protocols
mpls {
interface ge-2/0/10.0;
interface ge-2/0/11.0;
}
isis {
level 1 disable;
interface ge-2/0/10.0;
interface ge-2/0/11.0;
interface lo0.0;
}
ldp {
interface ge-2/0/10.0;
interface ge-2/0/11.0;
interface lo0.0;
}
l2circuit {
neighbor 10.255.14.225 {
interface ge-2/0/5.0 {
virtual-circuit-id 601;
backup-neighbor 10.255.14.216 {
standby;
}
}
}
}
user@PE1# show routing-options
router-id 10.255.14.217;
Device PE2
user@PE2# show interfaces
ge-2/0/6 {
encapsulation ethernet-vpls;
unit 0 {
family vpls;
}
}
ge-2/0/10 {
unit 0 {
family inet {
address 192.0.2.4/24;
}
family iso;
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.14.216/32;
}
family iso {
address 49.0001.0102.5501.4216.00;
}
}
}
user@PE2# show protocols
mpls {
interface ge-2/0/10.0;
}
isis {
level 1 disable;
interface ge-2/0/10.0;
interface lo0.0;
}
ldp {
interface ge-2/0/10.0;
interface lo0.0;
}
user@PE2# show routing-instances
customer {
instance-type vpls;
interface ge-2/0/6.0;
protocols {
vpls {
vpls-id 601;
neighbor 10.255.14.217;
}
}
}
user@PE2# show routing-options
router-id 10.255.14.216;
If you are done configuring the devices, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
- Verifying the Layer 2 Circuit
- Checking the VPLS Connections
- Checking Connectivity
- Manually Triggering a Switch from the Active Pseudowire to the Redundant Pseudowire
Verifying the Layer 2 Circuit
Purpose
Verify that the Layer 2 circuit is operational on the MTU device.
Action
From operational mode, enter the show l2circuit
connections command.
user@PE1> show l2circuit connections
Layer-2 Circuit Connections:
Legend for connection status (St)
EI -- encapsulation invalid NP -- interface h/w not present
MM -- mtu mismatch Dn -- down
EM -- encapsulation mismatch VC-Dn -- Virtual circuit Down
CM -- control-word mismatch Up -- operational
VM -- vlan id mismatch CF -- Call admission control failure
OL -- no outgoing label IB -- TDM incompatible bitrate
NC -- intf encaps not CCC/TCC TM -- TDM misconfiguration
BK -- Backup Connection ST -- Standby Connection
CB -- rcvd cell-bundle size bad SP -- Static Pseudowire
LD -- local site signaled down RS -- remote site standby
RD -- remote site signaled down XX -- unknown
Legend for interface status
Up -- operational
Dn -- down
Neighbor: 10.255.14.216
Interface Type St Time last up # Up trans
ge-2/0/5.0(vc 601) rmt ST
Neighbor: 10.255.14.225
Interface Type St Time last up # Up trans
ge-2/0/5.0(vc 601) rmt Up Oct 5 19:38:15 2012 1
Remote PE: 10.255.14.225, Negotiated control-word: No
Incoming label: 299872, Outgoing label: 800001
Negotiated PW status TLV: No
Local interface: ge-2/0/5.0, Status: Up, Encapsulation: ETHERNET
Meaning
As expected, the Layer 2 circuit connection to Device PE3 is operational, and the connection to Device PE2 is in standby mode.
Checking the VPLS Connections
Purpose
Verify that the VPLS connections are operational on the PE-r devices.
Action
From operational mode, enter the show vpls connections command.
user@PE2> show vpls connections
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch
Legend for interface status
Up -- operational
Dn -- down
Instance: customer
VPLS-id: 601
Neighbor Type St Time last up # Up trans
10.255.14.217(vpls-id 601) rmt Up Oct 8 14:46:54 2012 1
Remote PE: 10.255.14.217, Negotiated control-word: No
Incoming label: 800001, Outgoing label: 299856
Negotiated PW status TLV: No
Local interface: vt-2/0/10.84934913, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls customer neighbor 10.255.14.217 vpls-id 601
user@PE3> show vpls connections
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor
LB -- Local site not best-site RB -- Remote site not best-site
VM -- VLAN ID mismatch
Legend for interface status
Up -- operational
Dn -- down
Instance: customer
VPLS-id: 601
Neighbor Type St Time last up # Up trans
10.255.14.217(vpls-id 601) rmt Up Oct 8 14:46:54 2012 1
Remote PE: 10.255.14.217, Negotiated control-word: No
Incoming label: 800001, Outgoing label: 299872
Negotiated PW status TLV: No
Local interface: vt-2/0/10.68157697, Status: Up, Encapsulation: ETHERNET
Description: Intf - vpls customer neighbor 10.255.14.217 vpls-id 601Meaning
As expected, the VPLS connections are operational on both PE-r devices.
Checking Connectivity
Purpose
Verify that Device CE1 can ping Device CE3.
Action
user@CE1> ping 10.255.14.218 PING 10.255.14.218 (10.255.14.218): 56 data bytes 64 bytes from 10.255.14.218: icmp_seq=0 ttl=64 time=0.858 ms 64 bytes from 10.255.14.218: icmp_seq=1 ttl=64 time=0.527 ms 64 bytes from 10.255.14.218: icmp_seq=2 ttl=64 time=0.670 ms ^C --- 10.255.14.218 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.527/0.685/0.858/0.136 ms
Meaning
The output shows that H-VPLS is operational.
Manually Triggering a Switch from the Active Pseudowire to the Redundant Pseudowire
Purpose
Make sure that the pseudowire between Device PE1 and Device PE2 becomes operational.
Action
user@CE1> request l2circuit-switchover virtual-circuit-id 601 neighbor 10.255.14.225 user@CE1> ping 10.255.14.215 PING 10.255.14.215 (10.255.14.215): 56 data bytes 64 bytes from 10.255.14.215: icmp_seq=0 ttl=64 time=0.738 ms 64 bytes from 10.255.14.215: icmp_seq=1 ttl=64 time=0.627 ms 64 bytes from 10.255.14.215: icmp_seq=2 ttl=64 time=0.629 ms ^C --- 10.255.14.215 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.627/0.665/0.738/0.052 ms
Meaning
The successful ping from Device CE1 to Device CE2 shows that the pseudowire between Device PE1 and PE2 is operational. Now, if you ping Device CE3 from Device CE1, the ping should fail.