No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Feature Description - VPN 01

NE05E and NE08E V300R003C10SPC500

This is NE05E and NE08E V300R003C10SPC500 Feature Description - VPN
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
VPLS Fundamentals

VPLS Fundamentals

Basic VPLS Transport Structure

Figure 8-2 shows an example of a VPLS network. The entire VPLS network is similar to a switch. PWs are established over MPLS tunnels between VPN sites to transparently transmit Layer 2 packets between these sites. When forwarding packets, PEs learn the source MAC addresses of these packets and create MAC entries, mapping MAC addresses to ACs and PWs.

The following table describes the concepts related to VPLS networks.

Table 8-1 Description of VPLS concepts

Name

Description

AC (Attachment Circuit)

A link between a CE and a PE. An AC must be established using Ethernet interfaces.

PW (Pseudo Wire)

A bidirectional virtual connection between two virtual switch instances (VSIs) residing on two PEs. A PW consists of a pair of unidirectional MPLS VCs transmitting traffic in opposite directions.

VSI (Virtual Switch Instance)

A type of instance used to map ACs to PWs. A VSI independently provides VPLS services and forwards Layer 2 packets based on MAC addresses and VLAN tags. A VSI has the Ethernet bridge function and can terminate PWs.

PW signaling

A type of signaling used to create and maintain PWs. PW signaling is the foundation for VPLS implementation. The PW signaling is either LDP or BGP.

Tunnel

A connection between a local PE and a remote PE used to transparently transmit data between PEs. A tunnel can carry multiple PWs and the tunnel type can be MPLS or GRE.

Forwarder

Similar to a VPLS forwarding table. After a PE receives packets from an AC, the forwarder of the PE selects a PW to forward these packets.

Figure 8-2 Basic VPLS transmission process

The forwarding of a packet from CE1 to CE3 on VPN1 is used as an example:

  1. CE1 sends a Layer 2 packet to PE1 over an AC.
  2. After PE1 receives the packet, the forwarder of PE1 selects a PW for forwarding the packet.
  3. PE1 then adds two MPLS labels to the packet based on the PW forwarding entry and tunnel information and sends the packet to PE2. The private network label identifies the PW, and the public network label identifies the tunnel between PE1 and PE2.
  4. After PE2 receives the packet from the public tunnel, PE2 removes the private network label of the packet.
  5. The forwarder of PE2 selects an AC and forwards the packet to CE3 over the AC.

VPLS Implementation Process

Transmission of packets between CEs relies on VSIs configured on PEs, and PWs established between the VSIs. Figure 8-3 shows the transmission of Ethernet frames over full-mesh PWs between PEs.

The Ethernet often uses the Spanning Tree Protocol (STP) to prevent loops. VPLS networks, however, use full-mesh PWs and split horizon to avoid loops:

  • The PEs on a VPLS network must be fully meshed. That is, a PE must create a tree path to every other PE on the VPLS network.
  • Each PE must use split horizon to avoid loops. Split horizon requires that packets received from a PW in a VSI should not be forwarded to other PWs in the VSI. Any two PEs on a VPLS network must communicate over a direct PW, which explains why a VPLS network requires full-mesh PWs between PEs.
Figure 8-3 VPLS forwarding model

A VPLS network consists of a control plane and a forwarding plane.

  • The control plane of a VPLS PE provides the PW establishment function, including:

    • Member discovery: a process in which a PE with a specific VSI ID discovers the other PEs with the same VSI ID. This process can be implemented either manually or automatically using protocols. BGP VPLS and BGP AD VPLS both support automatic member discovery.
    • Signaling mechanism: PWs between PEs with the same VSI ID are established, maintained, or torn down using signaling protocols, such as LDP and BGP.
  • The forwarding plane of a VPLS PE provides the data forwarding function, including:

    • Encapsulation: After receiving Ethernet frames from a CE, a PE encapsulates the frames into packets and sends the packets to a PSN.
    • Forwarding: A PE determines how to forward packets based on the inbound interfaces and destination MAC addresses of the packets.
    • Decapsulation: After receiving packets from a PSN, a PE decapsulates these packets into Ethernet frames and sends the frames to a CE.

VPLS Encapsulation Modes

  • Packet encapsulation on ACs

    Packet encapsulation on ACs depends on the user access mode, which can be VLAN or Ethernet access. The default user access mode is VLAN access.

    Table 8-2 Packet encapsulation on ACs

    Packet Encapsulation Type

    Description

    VLAN

    The header of each Ethernet frame sent between CEs and PEs carries a VLAN tag, known as the provider-tag (P-Tag). This is a service delimiter identifying users on an ISP network.

    Ethernet

    The header of each Ethernet frame sent between CEs and PEs does not carry a P-Tag. If the frame header contains a VLAN tag, it is an inner VLAN tag called the user-tag (U-Tag). A CE does not add the U-Tag to an Ethernet frame; instead, the tag is carried in a packet before the packet is sent to the CE. A U-Tag informs the CE to which VLAN the packet belongs, but is meaningless to PEs.

  • Packet encapsulation on PWs

    The PW ID and PW encapsulation type uniquely identify a PW. The PW IDs and PW encapsulation types configured on the endpoint PEs of a PW must be the same. The packet encapsulation types of packets on PWs can be raw or tagged. By default, packets on PWs are encapsulated in tagged mode.

    Table 8-3 Packet encapsulation on PWs

    Packet Encapsulation Type

    Description

    Raw

    Packets transmitted over a PW cannot carry P-Tags. If a PE receives a packet with the P-Tag from a CE, the PE strips the P-Tag and adds double labels (outer tunnel label and inner VC label) to the packet before forwarding it. If a PE receives a packet with no P-Tag from a CE, the PE directly adds double labels (outer tunnel label and inner VC label) to the packet before forwarding it. A PE determines whether to add the P-Tag to a packet based on actual configurations before sending it to a CE. The PE is not allowed to rewrite or remove an existing U-Tag.

    Tagged

    Packets transmitted over a PW must carry P-Tags. If a PE receives a packet with the P-Tag from a CE, the PE directly adds double labels (outer tunnel label and inner VC label) to the packet before forwarding it. If a PE receives a packet with no P-Tag from a CE, the PE adds a null P-Tag and double labels (outer tunnel label and inner VC label) to the packet before forwarding it. A PE determines whether to rewrite, remove, or preserve the P-Tag of a packet based on actual configurations before forwarding it to a CE.

Encapsulation modes of packets transmitted over ACs and PWs can be used together. The following examples use Ethernet+raw encapsulation (without the U-Tag) and VLAN+tagged encapsulation (with the U-Tag) to describe the packet exchange process.

  • Ethernet+raw encapsulation (without the P-Tag)

    Figure 8-4 Ethernet+raw encapsulation (without the P-Tag)

    As shown in Figure 8-4, ACs use Ethernet encapsulation and PWs use raw encapsulation; packets transmitted from CEs to PEs do not carry U-Tags.

    The packet exchange process is as follows:

    1. CE1 sends a Layer 2 packet without a U-Tag or P-Tag to PE1.

    2. PE1 searches the corresponding VSI for a forwarding entry and selects a tunnel and a PW to forward the packet based on the found forwarding entry.

    3. PE1 adds double labels (outer tunnel label and inner VC label) to the packet based on the selected tunnel and PW, performs Layer 2 encapsulation, and forwards the packet to PE2.

    4. Upon receipt, PE2 removes the Layer 2 encapsulation carried out by PE1 and double labels (outer tunnel label and inner VC label), and sends the original Layer 2 packet to CE2.

    The processing of a packet from CE2 to CE1 is similar to this process.

  • VLAN+tagged encapsulation (with the U-Tag)

    Figure 8-5 VLAN+tagged encapsulation (with the U-Tag)

    As shown in Figure 8-5, ACs use VLAN encapsulation and PWs use tagged encapsulation; packets transmitted from CEs to PEs carry U-Tags and P-Tags.

    The packet exchange process is as follows:

    1. CE1 sends a packet that has Layer 2 encapsulation and carries both a U-Tag and a P-Tag to PE1.

    2. Upon receipt, PE1 does not process the two tags (PE1 retains the U-Tag because it treats the U-tag as service data).

    3. PE1 retains the P-Tag because a packet sent to a PW with the tagged packet encapsulation mode must carry a P-Tag.

    4. PE1 searches the corresponding VSI for a forwarding entry and selects a tunnel and a PW to forward the packet based on the found forwarding entry.

    5. PE1 adds double labels (outer tunnel label and inner VC label) to the packet based on the selected tunnel and PW, performs Layer 2 encapsulation, and forwards the packet to PE2.

    6. Upon receipt, PE2 removes the Layer 2 encapsulation carried out by PE1 and its double labels (outer tunnel label and inner VC label).
    7. PE2 sends the original Layer 2 packet that carries the U-Tag and replaced P-Tag to CE2.

    The processing of a packet from CE2 to CE1 is similar to this process.

Derivative VPLS Functions

Traffic Statistics

Traffic statistics can be collected based on VSIs or VSI peers, and the status of various types of traffic can be viewed in real time.

VPLS Service Isolation

VPLS service isolation allows you to prohibit communication between users that use the same service and bound to the same VSI. For example, high-speed Internet (HSI) users bound to the same VSI cannot communicate with each other.

On the network shown in Figure 8-6, CE1, CE2, and CE3 access the same VSI. With VPLS service isolation, you can configure CE3 to communicate with CE1 or CE2 and prohibit CE1 and CE2 from communicating with each other.

Figure 8-6 VPLS service isolation

Translation
Download
Updated: 2019-01-14

Document ID: EDOC1100058940

Views: 19773

Downloads: 36

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next