No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

S7700 and S9700 V200R013C00

This document describes the configurations of VPN, including GRE, IPSec, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, VPLS, L2VPN Access to L3VPN.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
VLL Modes

VLL Modes

VLL in CCC Mode

Introduction

A VLL connection in Circuit Cross Connect (CCC) mode is configured manually.

A CCC connection does not require signaling negotiation or exchange of control packets; therefore, it requires few resources and is easy to configure. This mode is best applied to small MPLS networks with simple topologies.

Topology

The CCC mode supports both local and remote connections. Figure 5-3 shows the topology of a network using CCC.

Figure 5-3  CCC connections

Local connection: Site1 and Site2 of VPN2 connect through a CCC local connection. PE3 acts as a Layer 2 switch for Site1 and Site2, and no LSP is required between the CE devices connected to PE3.

Remote connection: Site1 and Site2 of VPN1 connect through a CCC remote connection. Site1 and Site2 require two static LSPs, one from PE1 to PE2 and one from PE2 to PE1. The two orange dashed lines represent a bidirectional PW, or CCC remote connection. This CCC remote connection is similar to a traditional L2VPN connection.

A CCC remote connection uses static VCs and maps L2PDUs received on one end of a VC to a static LSP. The L2PDUs are forwarded along the static LSP hop by hop based on the MPLS configuration and finally reach the other end of the VC. Unlike other VLL modes, the CCC mode uses a single label to transmit data. This label is swapped on each label switching router (LSR). Therefore, each LSP is used exclusively, and two LSPs in forward and reverse directions must be configured for each CCC connection. The LSPs associated with a CCC connection can only transmit the data of this connection and cannot be used for other MPLS L2VPN connections. In addition, the LSPs cannot be used to set up a BGP/MPLS IP VPN connection or transmit common IP packets.

VLL in Martini Mode

Introduction

VLL in Martini mode uses the Label Distribution Protocol (LDP) as the signaling protocol to transmit VC information. It complies with RFC4906 and extends LDP by adding a forwarding equivalence class (FEC), VC FEC, for VC label switching. A PE device allocates a VC label to each connection between CE devices. VC labels are carried in L2VPN information and forwarded to a remote PE device through an LDP LSP over the public network. As VLL connections are identified using VC labels, multiple VC LSPs can be created on an LSP on the public network. Mappings between VC labels and LSPs are saved only on PE devices, while the P devices do not need to maintain any L2VPN information. Therefore, Martini mode is highly scalable. It also allows multiple VLL connections to use the same public tunnel, which is not supported by the CCC mode.

In Martini mode, a VC is identified by its VC type and VC ID.

  • VC type: indicates the encapsulation type of a VC, VLAN encapsulation or Ethernet encapsulation.

  • VC ID: identifies a VC. VCs of the same type must have different VC IDs on a PE device.

Topology

VLL in Martini mode supports only remote connections. Figure 5-4 shows the topology in Martini mode.

Figure 5-4  Topology in Martini mode
Implementation

Martini implementation involves VLL establishment and VLL packet forwarding. PW establishment is central to VLL establishment. If a PW is established, packets can be forwarded.

The Martini mode uses extended LDP to exchange VC labels. For details about LDP, see VC Information Exchange.

PW Establishment and Teardown

  • Establishing a PW

    The downstream unsolicited (DU) label distribution mode and liberal label retention mode are used to establish a PW. For details, see LDP LSP Establishment in "MPLS LDP Configuration" in the S7700 and S9700 V200R013C00 Configuration Guide - MPLS.

    Figure 5-5 shows the process of establishing a PW using LDP.

    Figure 5-5  Establishing a PW using LDP
    1. PE1 sends a Request packet to PE2 and sends a Label Mapping message to PE2 in DU mode. The Label Mapping message carries information including the VC label, VC type, VC ID, and interface parameters.

    2. After PE2 receives the Request packet, it sends a Label Mapping message to PE1. After PE2 receives the Label Mapping message, it compares VC information carried in the message with its own VC information. If they match, PE1 and PE2 are in the same VLL. PE2 accepts the Label Mapping message, and a unidirectional VC1 is established. PE2 knows the inner VC label to add to packets to send them to PE1.

    3. After PE1 receives the Label Mapping message from PE2, it processes the message in the same way to establish VC2 in the reverse direction. The two unidirectional VCs constitute a PW.

  • Tearing down a PW

    When the AC or tunnel goes Down or a VC is deleted, the PW is torn down. Figure 5-6 shows the process of tearing down a PW.

    Figure 5-6  Tearing down a PW using LDP
    1. When PE1 detects that the AC or tunnel has gone down or a VC has been deleted, it sends a Withdraw message to PE2 to instruct PE2 to delete the VC label. To tear down the PW more quickly, PE1 sends a Withdraw and a Release message consecutively. The Release message notifies PE2 that PE1 has deleted the VC label.

    2. After receiving the Withdraw and Release messages, PE2 deletes the VC1 label and tears down VC1. PE2 then sends a Release message to PE1 to instruct PE1 to delete the VC2 label.

    3. After receiving the Release message, PE1 deletes the VC2 label and tears down VC2. The PW is now torn down.

Packet Forwarding

Once a VLL is established, packets can now be forwarded. The following describes the packet forwarding process in Martini mode. Figure 5-7 shows two VLL networks: VPN1 and VPN2, and packet forwarding in two directions: from Site1 to Site2 and from Site2 to Site1.

Figure 5-7  Packet forwarding process in Martini mode
  • From Site1 to Site2

    When a packet of VLAN 10 is sent from Site1 of VPN1 to PE1, PE1 adds a VC label 3000 and an outbound label 1000 of LSP1 to the packet. Then the packet enters LSP1 (the orange dashed line). When a packet of VLAN 100 is sent from Site1 of VPN2 to PE1, PE1 adds a VC label 4000 and an outbound label 1000 of LSP1 to the packet. Then the packet enters LSP1 (the orange dashed line).

    When packets sent from Site1 reach PE2, PE2 removes the inbound label 1002 of LSP1 and selects the outbound interface based on the inner VC label. If the inner VC label is 3000, PE2 forwards the packet to the outbound interface connected to Site2 of VPN1. If the inner VC label is 4000, PE2 forwards the packet to the outbound interface connected to Site2 of VPN2. PE2 transmits VC labels 3000 and 4000 to PE1 using LDP when they set up the VCs.

  • From Site2 to Site1

    When a packet of VLAN 10 is sent from Site2 of VPN1 to PE2, PE2 adds a VC label 3500 and an outbound label 2000 of LSP2 to the packet. Then the packet enters LSP2 (the blue dashed line). When a packet of VLAN 100 is sent from Site2 of VPN2 to PE2, PE2 adds a VC label 4500 and an outbound label 2000 of LSP2 to the packet. Then the packet enters LSP2 (the blue dashed line).

    When packets sent from Site2 reach PE1, PE1 removes the inbound label 2002 of LSP2 and selects the outbound interface according to the inner VC label. If the inner VC label is 3500, PE1 forwards the packet to the outbound interface connected to Site1 of VPN1. If the inner VC label is 4500, PE1 forwards the packet to the outbound interface connected to Site1 of VPN2. PE1 transmits VC labels 3500 and 4500 to PE2 using LDP when they set up the VCs.

In the transmission process, the outer labels specify the LSP for data transmission on the ISP network, and the inner VC labels identify data from different users. Data from multiple VCs can be transmitted over the same LSP.

To deploy VLL in Martini mode, the ISP network must support MPLS forwarding and MPLS LDP.

VC Information Exchange

Martini VLL extends the standard LDP by adding a VC FEC (type 128) to a Label Mapping message to carry VC information during PW establishment.

Figure 5-8 shows the format of a Label Mapping message. You can see the VC FEC in the Label Mapping message.

Figure 5-8  LDP Label Mapping message

VC FEC contains the inner VC label and interface parameters.

Table 5-4  Description of fields in the VC FEC (Type 128)

Field

Description

Bits

Remarks

VC TLV

Type, Length, and Value (TLV) of a VC

8

The value is 0x80, or 128 in decimal notation.

C

Control word

1

If the value is 1, control word is supported. If the value is 0, control word is not supported.

VC Type

Type of a VC

15

The value can be Ethernet or VLAN.

VC Info Length

Length of VC information

8

The value is the total length of the VC ID and the Interface Parameters field.

Group ID

ID of a VC group

32

Multiple VCs can constitute a VC group and information about all VCs in the group can be deleted together.

VC ID

ID of a VC

32

-

Interface Parameters

Interface parameters

Variable, smaller than the value of VC Info Length

The frequently used interface parameters include MTU and interface description.

VLL in SVC Mode

Introduction

The static virtual circuit (SVC) mode is a simplified version of Martini. Unlike the Martini mode, which uses LDP to exchange VC labels, the SVC mode uses VC labels that are manually configured on PE devices.

An SVC VLL uses static VC labels and does not need VC label mapping. Therefore, LDP is not required for transmitting VC labels.

Topology

The SVC mode sets up a public tunnel (outer label) in the same way as the Martini mode. The inner label is manually configured during VC setup, and PE devices do not need to exchange VC labels using any signaling protocol. The SVC mode does not support local connections. The network topology and packet exchange process in SVC mode are the same as those in Martini mode.

Figure 5-9 shows packet exchange between a VPN's two sites through SVC VLL.

Figure 5-9  Packet exchange in SVC mode

As shown in this example, PE1's label setting for sent packets is 4000 and the label for received packets is 3500. On PE2, the label for sent packets is 3500 and the label for received packets is 4000. When a packet travels from Site1 to Site2 of VPN1, PE1 adds the inner VC label 4000 to the packet. After PE2 receives the packet with the inner VC label 4000, it sends the packet to the CE device through the AC mapping the inner VC label.

VLL in Kompella Mode

Introduction

Kompella VLL uses the Border Gateway Protocol (BGP) as the signaling protocol to transmit Layer 2 information and VC labels between PE devices.

Similar to BGP/MPLS IP VPN technology, Kompella VLL also uses VPN targets to control advertisement and acceptance of VPN routes, which allows flexible networking. Kompella VLL differs from Martini VLL in inner label distribution. The Kompella mode allocates a label block to each CE device. The label block size determines the number of connections that a local CE device can set up with other CE devices. This label distribution mode can allocate additional labels to VPNs for future capacity expansion. PE devices calculate inner labels based on these label blocks and use the inner labels to transmit packets. To set up a connection between two CE devices, set the local and remote CE IDs on the PE devices connected to the CE devices.

For example, an enterprise VPN has 10 CE devices, and the number may increase to 20 in the future. Here, the CE range (block size) can be set to 20, with 10 labels reserved for new CE devices. When adding CE devices to the VPN, the enterprise only needs to modify the configuration on the PE devices that are directly connected to the new CE devices.

Topology

Kompella VLL supports local and remote connections. Figure 5-10 shows the topology in Kompella mode.

Figure 5-10  Topology in Kompella mode

As shown in Figure 5-10, Site1 and Site2 of VPN1 are interconnected through a Kompella remote connection. Site1 and Site2 of VPN2 are interconnected through a Kompella local connection.

BGP auto-discovery enables the Kompella mode to support more complex topologies.

Implementation

Kompella VLL implementation involves VLL establishment and VLL packet forwarding. PW establishment is central to VLL establishment. If a PW is established, packets can be forwarded.

The PW establishment process requires complex VC label calculation.

The Kompella mode uses extended MP-BGP as the signaling protocol to exchange VC information. For details about the signaling protocol, see VC Information Exchange.

PW Establishment and Teardown

Like the Martini mode, the Kompella mode uses double labels in packet forwarding. The two modes use different signaling protocols to exchange inner label information. The Martini mode uses LDP extensions, whereas the Kompella mode uses MP-BGP. The VC information formats used in the two modes are also different.

MP-BGP carries VC label information in either the MP-reach or MP-unreach attribute. MP-BGP also carries interface parameters, route distinguisher (RD), and VPN targets in the extended community attribute. RD and VPN targets determine VPN membership.

  • Figure 5-11 shows the PW establishment process using BGP.

    Figure 5-11  Establishing a PW using BGP

    1. After a BGP session is established between PE1 and PE2, PE1 sends an Update message with the MP-reach attribute to PE2. The message carries a site ID and label block.
    2. PE2 calculates a unique label value based on its own site ID and label block information carried in the PE1's Update message. PE2 uses the calculated label value as the VC label to establish a unidirectional VC1, and sends an Update message to PE1. (For details on how the label value is calculated, see VC Label Calculation.) After receiving the Update message, PE1 processes the message in the same way to establish VC2 in the reverse direction.
  • Figure 5-12 shows the PW teardown process using BGP.

    Figure 5-12  Tearing down a PW using BGP

    1. If PE2 is no longer the peer of PE1, PE1 sends an Update message with the MP-unreach attribute to PE2. After receiving the Update message, PE2 deletes the VC label, tears down VC1, and sends an Update message with the MP-unreach attribute to PE1.
    2. After receiving the Update message, PE1 deletes the VC label and tears down VC2.

Packet Forwarding

The packet transmission process in Kompella mode is the same as that in Martini mode. For details, see Packet Forwarding in "VLL in Martini Mode."

VC Label Calculation

VC label calculation in Kompella mode is complex.

The Kompella mode uses MP-BGP as the signaling protocol to exchange label blocks. A label block is a range of consecutive labels.

The following values are defined to describe a label block:

  • Label base (LB): start label in a label block

  • Label range (LR): size of the label block

  • Label-block offset (LO)

Figure 5-13  Calculation of VC labels in Kompella mode

The LO defines the relationship between multiple labels. It identifies the total size of label blocks preceding the current label block on a local CE device.

  1. As shown in Figure 5-13, the first label block is CE1's Block1, with the LR of 3 and LO of 0.
  2. The second label block is CE2's Block1, with the LR of 3 and LO of 0. The LO is 0 because there is no label block for CE2 preceding this block.
  3. The third label block is CE1's Block2, with the LR of 3 and LO of 3 The LO is 3 because the LR of CE1's Block1 is 3.

The LO is used to calculate VC labels. Each label block can be clearly defined by these parameters: LB, LR, and LO.

When adding the configuration of a CE device on a PE device, you must specify the LR of the label block. The PE device then automatically allocates the LB. This label block is transmitted to other PE devices as a network layer reachable information (NLRI) entry through BGP. When the configuration of this CE device is deleted or the CE device disconnects from the PE device, the PE device deletes the label block and sends a Withdraw message to notify other PE devices.

For example, if CE1 needs to set up two VCs with remote CE devices, the label range for CE1 must be greater than or equal to 2. To allow for future expansion, the label range can be set to 10.

Labels may be insufficient as the number of VCs on the network increases. When this occurs, the label range must be expanded to allow for a larger label space. However, the original label block has been transmitted through the BGP NLRI and used to calculate VC labels and forward data. To protect the original VCs, the CE device can be assigned a new label block, which is then advertised as a new NLRI through BGP. In this way, a CE device can have multiple label blocks, so that the label space can be increased for future network expansion.

CE ID uniquely identifies a CE device in a VPN. Each CE device in a VPN must have a unique CE ID. Each NLRI carries a CE ID so that different label blocks can be associated with corresponding CE devices.

CE IDs can also be used to calculate VC labels, so CE IDs must be set properly. If the CE range configured for a local CE is x and the CE ID of a remote CE is y, x must be larger than y for the connection to work.

NOTE:

If multiple label blocks exist, the range equals the total size of all label blocks.

Figure 5-14  Calculating the label block
Item Definition Item Definition
Label block allocated by PE-A to CE-m Lm Label block allocated by PE-B to CE-n Ln
Block offset of Lm LOm Block offset of Ln LOn
Label base of Lm LBm Label base of Ln LBn
Label range of Lm LRm Label range of Ln LRn

The following describes the VC label calculation process on the network, as shown in Figure 5-14.

PE-A and PE-B set up a VC for CE-m and CE-n located in the same VPN (m and n are CE IDs).

PE-A receives a label block LBn/LRn/LOn from PE-B.

  1. PE-A checks whether the encapsulation type of CE-n received from PE-B is the same as that of CE-m. If not, PE-A stops the process.

  2. PE-A checks whether the CE IDs m and n are the same. If so, PE-A reports an error and stops the process.

  3. If CE-m has multiple label blocks, PE-A checks whether these label blocks meet the condition of LOm <= n < LOm + LRm. If this condition is not met, PE-A reports an error and stops the process.

  4. PE-A checks whether all the label blocks of CE-n meet the condition of LOn <= m < LOn + LRn. If this condition is not met, PE-A reports an error and stops the process.

  5. PE-A checks whether an outer tunnel has been set up between PE-A and PE-B. If not, PE-A stops the process. In this example, the outer tunnel is an LSP tunnel with the label Z.

  6. PE-A allocates an inner label (LBn + m - LOn) to CE-n (outbound label of the VC), and allocates an inner label (LBm + n - LOm) to CE-m (inbound label of the VC).

  7. The label of the outer tunnel from PE-B to PE-A is Z.

  8. After the inner and outer labels are calculated and the VC is established, Layer 2 packets can be transmitted.

VC Information Exchange

Kompella VLL uses extended MP-BGP NLRI to carry VC information. Similar to L3VPN, Kompella VLL uses RD and VPN targets to identify L2VPN information. It should be noted that VLL technology establishes P2P VCs. To establish VCs from one CE device to multiple CE devices, you must configure multiple interfaces or sub-interfaces. Even if two CE devices are in the same VPN, they can directly communicate only after VCs are established between them.

Figure 5-15 shows the label block in an NLRI. The Variable TLVs contain a Circuit Status Vector (CSV) to specify the LR and tunnel status of the label block.

Figure 5-15  Extended MP-BGP information

As shown in Figure 5-16, an extended community attribute is defined to carry more L2VPN information.

Figure 5-16  Extended community attribute

Table 5-5 describes each field shown in Figure 5-16.

Table 5-5  Fields in the extended community attribute

Field

Description

Bits

Remarks

Extended Community Type

Type of the extended community

16

-

Encaps Type

Encapsulation type

8

It is a Layer 2 encapsulation type.

Control Flags

Control word

8

-

Layer-2 MTU

Layer 2 MTU

16

-

Reserved

Reserved field

16

-

Comparison of VLL Modes

Table 5-6 compares four VLL modes.

Table 5-6  Comparison of VLL modes

Implementation

VC Label Distribution Mode

PW Signaling Protocol

Characteristics

CCC

Manually specified

None

This mode establishes one-layer static LSP tunnels for VC information transmission.

Martini

Randomly distributed by the system

LDP

This mode establishes two layers of tunnels. The outer tunnel is a public network tunnel used to transparently transmit data, and the inner tunnels are identified by VC labels distributed by the system.

SVC

Manually specified

None

This mode establishes two layers of tunnels. The outer tunnel is a public network tunnel used to transparently transmit data, and the inner tunnels are identified by VC labels that are manually specified.

Kompella

Distributed by the system after label block calculation

BGP

This mode establishes two layers of tunnels. The outer tunnel is a public network tunnel used to transparently transmit data, and the inner tunnels are identified by VC labels.

Translation
Download
Updated: 2019-04-08

Document ID: EDOC1100065751

Views: 39047

Downloads: 50

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next