Evc

Using Cisco Ethernet Virtual Circuit (EVC) FrameworkConcepts, Configuration and Verification

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 2

Agenda

Introduction

Cisco EVC Fundamentals

Operation and Packet Flow

Configuration

Platform Support


Introduction


What Is Cisco EVC Framework?

Cisco Ethernet Virtual Circuit (EVC) is the next-generation cross-platform Carrier Ethernet Software Infrastructure

Addresses Flexible Ethernet Edge requirements

Supports service convergence over Ethernet

Complies with MEF, IEEE, IETF standards


Service Abstraction

FlexibleServiceMapping

Standards Alignment

MultiplexedForwarding

ServicesTechnology

EVC Framework

Support mix of Layer 2 and Layer 3 services on same physical port

Concurrent support of different flavors of Layer 2 services: Pt-to-Pt and Mpt

Ethernet Service Instances Model Ethernet Service Layer Transport agnostic

Alignment with emerging standards: MEF 6, 10.1, 11 IEEE 802.1ad IEEE 802.1ah

Flexible definition of service delimiters based on Ethernet header fields

Selective EVC Mapping

Advanced VLAN tag manipulation

Introducing Cisco EVC FrameworkFunctional Highlights

AdvancedFrame

Manipulation


Cisco EVC Fundamentals


Cisco EVC Building Blocks

Cisco EVC uses the following new concepts:

Ethernet Service InstanceTransport-agnostic abstraction of an Ethernet service on an interface

Ethernet Virtual Circuit (EVC)Device local object (container) for network-wide service parameters

Bridge Domain (BD)Ethernet Broadcast Domain local to a device

Bridge Domain Interface (BDI)–Logical Layer 3 interface associated with a BD to perform integrated routing and bridging


CE A1CE A2

CE A3

CE B1CE B2

EVC Blue

EVC Red

EFP

Service Instance

EFP

EFP

Interface


Instance of a MEF EVC on a port

Also defined as Ethernet Flow Point (EFP)

Classify frames belonging to a particular Ethernet Service

Apply features selectively to service frames

Define forwarding actions and behavior

Ethernet Service Instance



Representation of a MEF EVC on the device

Management Plane container

Hosts global EVC attributes

One-to-many mapping from EVC to Service Instance

Ethernet Virtual Circuit

Management Plane

Service Instance

EFP EFP

EFP

Interface

EVCEVC



Broadcast Domain internal to the device

Allows decoupling broadcast domain from VLAN

Per port VLAN significance

One-to-many mapping from BD to Service Instances

Bridge Domain

Management Plane

Service Instance

EFPEFP

EFP

Interface

EVCEVC

Bridge Domain



VLAN bridge has 1:1 mapping between VLAN and internal Broadcast Domain

–VLAN has global per-device significance

EVC bridge decouples VLAN from Broadcast Domain–VLAN treated as encapsulation on a wire

VLAN on a wire mapped to internal Bridge Domain via Service Instances

–Net result: per-port VLAN significance

Bridge Domain vs. VLAN Bridge

VLAN Bridge EVC Bridge

VLANVLAN

VLAN

Service InstanceBridge

Domain


Multiplexed Forwarding Services

Cisco EVC supports flexible access VLAN to forwarding service mapping

–1-to-1 access VLAN to a service

–Same port, multiple access VLANs to a service

–Multiple ports, multiple access VLANs to a service

Forwarding services include:–L2 point-to-point local connect

–L2 point-to-point xconnect

–L2 multipoint bridging

–L2 multipoint VPLS

–L2 point-to-multipoint bridging

–L3 termination



Layer 2 P2Plocal services

–No MAC learning–Two Service Instances (EFP) on same interface (hair-pin)–Two EFPs on different interfaces

Layer 2 MP bridged services

–MAC based fwd and learning–Local VLAN significance–Bridge Domain (BD)—different access VLANs in the same broadcast domain–Split-horizon—prevent communication between service instances

Local and Bridged P2P and MP Forwarding Services

BD

BD = Bridge Domain VFI = Virtual Fwd InstancePW = Pseudowire SVI = Switch Virtual Instance

Layer 2 Multipointbridged

Layer 2 Point-to-Point

Split

Horizon

Service Instances

Local Hair-Pin



Layer 2 P2P services using Ethernet over MPLS

–EFP to EoMPLS PW

Layer 2 MP services using VPLS

–Extends ethernet multipoint bridging over a full mesh of PWs

–Split horizon support over attachment circuits (configurable) and PWs

MPLS-Based P2P and MP Forwarding Services

BD VFI PW

PW

BD = Bridge Domain VFI = Virtual Fwd InstancePW = Pseudowire SVI = Switch Virtual Instance

PW

Layer 2 MultipointVPLS

Layer 2 Point-to-PointEoMPLS



BD with Split Horizon Group can be used to implement rooted-multipoint forwarding service:

–Place all Leaf EFPs in Split Horizon Group

–Keep Root EFP outside the Split Horizon Group

Net effect: –Bidirectional connectivity between Root and all Leaf EFPs

–Leaf EFPs cannot communicate to each other

Rooted-Multipoint Forwarding Services (E-TREE)

Leaf EFP

Interface

BD

Bridge Domain

Split Horizon Group

Root Service Instance

LeafEFP

LeafEFP



Co-existence with Routed sub-interfaces

Layer 3 termination through SVI/BDI interface

Layer 3 termination through Routed sub-interfaces

Layer 3 Forwarding Services

BD = Bridge Domain VFI = Virtual Fwd InstancePW = PseudowireSVI = Switch Virtual InstanceBDI = Bridge Domain Interface

BD

Layer 3IP / L3VPN via sub-int

BD

BD

Layer 3IP / L3VPN via SVI or BDI

SVI/BDI



Multiplexed Service Interface

Mix of L2 and L3 services on same port

Different types of L2 services

–Point-to-Point

–Multipoint

Putting It All Together

Service Instances

BD

BD VFI

BD

PW

PW

PW

SVI/BDI

BD = Bridge Domain VFI = Virtual Fwd InstancePW = PseudowireSVI = Switch Virtual InstanceBDI = Bridge Domain Interface


FlexibleServiceMapping

Packet Flow Pipeline

Ingress Encapsulation

Adjustment

Input Features

Frame FilteringEgress

Encapsulation Adjustment

OutputFeatures

Ingress Interface

Inbound EFP

Outbound EFP

Egress Interface

Forwarder


Flexible Service Mapping

Service Instance construct classifies L2 flows on Ethernet interfaces

Single Tagged

Double Tagged

Header/Payload

Comprehensive Matching Capabilities

70

200

10

11

12

300

70

80

9010

100

30

50

40

19 12

10 1120

22

21

PORTGE / 10GE

S-VLAN C-VLAN

Un-tagged

Ethernet Service Instances

COS5

400COS2-5

500

PPPoE

600



Cisco EVC follows a Loose Match classification model

Unspecified fields are treated as wildcard

encapdot1q 10 matches any frame with outer tag equal to 10

encapdot1q 10 sec 50 matches any frame with outer-most tag as 10 and second tag as 50

Loose Match Classification Rule

10

5010

50

450

10

10



Cisco EVC follows a Longest Match classification model

Frames are mapped to Service Instance with longest matching set of classification fields

Longest Match Classification Rule

Inte

rfac

e

10

20010

10010

13010

VLAN 10

S-VLAN 10

C-VLAN 100

S-VLAN 10

C-VLAN 128-133

EFP



Matches all frames unmatched by any other EFP on a port

If default Service Instance is the only one configured on a port, it matches all traffic on the port (tagged and untagged)

Service Instance with ‘Default’ Encapsulation

VLAN 10VLAN 20

Default

VLAN 10VLAN 20

VLAN 50Untagged

Interface EFP

Default

VLAN 10VLAN 20

VLAN 50Untagged

Interface

EFP


Flexible Frame Matching Examples

Provide classification of L2 flows on Ethernet interfaces

Are also referred to as EVC service-instances

Support dot1q and Q-in-Q

Support VLAN lists

Support VLAN ranges

Support VLAN Lists and Ranges combined

Coexist with routed subinterfaces

Ethernet Flow PointsEFPs on Interface

100

101

102

Match VLAN range:

100-102

200

203

210

Match

VLAN list: 200, 203, 210

300,100

Match

VLAN: 300,100

400,1

400,2

400,3

Match

outer VLAN 400,

inner VLAN range: 1-3

400,11

400,17

400,34

Match

outer 400,

inner VLAN list:

11,17,34

14Match

VLAN: 14

Physical Ethernet interface (GE/10GE)



Advanced Frame Manipulation


2025SADA20SADA

3125SADASADA


Add one VLAN tag

Add two VLAN tags

PUSH Operations


SADA2010SADA

20SADA2010SADA

2025SADA20SADA

3125SADASADA


Remove one VLAN tag

Remove two VLAN tags

POP Operations


3125SADA2010SADA

31SADA2010SADA

3125SADA10SADA

25SADA10SADA

2025SADA20SADA

3125SADASADA

SADA2010SADA

20SADA2010SADA


1:1 VLAN Translation




Translation Operations


3125SADA2010SADA

31SADA2010SADA

3125SADA10SADA

2025SADA20SADA

3125SADASADA

25SADA10SADA

SADA2010SADA

20SADA2010SADA


PUSH operations

POP operations

TRANSLATION operations

VLAN Tag Manipulation


Configuration


interface

Cisco EVC Configuration Anatomy

Per Port Per EVC Features

Per Port Per EVC Features Per Sub-interface

Features (L3)

Layer 2 Services Bridging (VPLS via SVI)

xconnect (EoMPLS) Local Connect

L3 VRF

Global

ethernet evc <evc-name>

service instance <id> ethernet <evc-name> service instance <id> ethernet <evc-name> sub-interface

EFP

EVC


Encapsulation

Encapsulation matching is done on a most to least specific basis.

If a packet entering a port, does not match any of the Encapsulations on that port, then that packet is dropped. This “filtering” happens both on Ingress and Egress.

The Encapsulation matches the packet on the wire to determine filtering criteria.

“On the wire” is defined as packets ingressing the switch prior to any rewrites, and packets egressing the switch after all rewrites.


Configuring Flexible Service Mapping

Single-Tagged Frame

encapsulation dot1q {any | “<vlan-id>[,<vlan-id>[-<vlan-id>]]”}

VLAN tag can be single, multiple or range or any (1-4094)

Double-Tagged Frame

encapsulation dot1q <vlan-id> second-dot1q {any | “<vlan-id>[,<vlan-id>[-<vlan-id>]]”}

First vlan tag must be unique, second vlan tag can be any, unique, range or multiple

Untagged Frame

encapsulation untagged

Match un-tagged frames, for example control traffic

Default

encapsulation default

Match all frames (tagged/untagged) not matched by more specific service instances

interface GigabitEthernet 2/1 service instance 1 ethernet encapsulation ? default catch-all unconfigured encapsulation dot1q IEEE 802.1Q Virtual LAN or S-VLAN untagged Untagged encapsulation


Configuring Flexible Service Mapping (cont.)

Single-Tagged Frame and payload Ether-Typeencapsulation dot1q {“<vlan-id>[,<vlan-id>[-<vlan-id>]]” | etype [IPv4|IPv6|pppoe-all]}

Double-Tagged Frame and payload Ether-Typeencapsulation dot1q<vlan-id> second-dot1q {“<vlan-id>[,<vlan-id>[-<vlan-id>]]” | etype

[IPv4|IPv6|pppoe-all]}

Single-Tagged Frame and COSencapsulation dot1q {“<vlan-id>[,<vlan-id>[-<vlain-id>]]” | cos<cos-id>[,<cos-id>[-<cos-

id>]]}

Double-Tagged Frame and Inner COSencapsulation dot1q<vlan-id> second-dot1q {“<vlan-id>[,<vlan-id>[-<vlan-id>]]” |

cos<cos-id>[,<cos-id>[-<cos-id>]]}

Double-Tagged Frame and Outer COSencapsulation dot1q<vlan-id>{cos<cos-id>[,<cos-id>[-<cos-id>]]} second-dot1q {“<vlan-

id>[,<vlan-id>[-<vlan-id>]]”}

interface GigabitEthernet 2/1 service instance 1 ethernet encapsulation ? default catch-all unconfigured encapsulation dot1q IEEE 802.1Q Virtual LAN or S-VLAN untagged Untagged encapsulation


Rewrite

The “Rewrite” command allows for packet vlan tag modifications.

This command can be used to emulate traditional dot1q tagging, where packets going into a switch travel native, and vlan tagging properties are added on egress.

This can also be used to facilitate vlan translation, and Q-in-Q.


Configuring Advanced Frame Manipulation

interface GigabitEthernet 2/1 service instance 1 ethernet encapsulation dot1q 10 rewrite ingress tag ? pop Pop the tag push Rewrite Operation of push translate Translate Tag

POP Operations

rewrite ingress tag pop 1 symmetric


PUSH Operations

rewrite ingress tag push dot1q 10 symmetric

rewrite ingress tag push dot1q 10 second-dot1q 20 symmetric

TRANSLATION Operations

rewrite ingress tag translate 1-to-1 dot1q 100 symmetric

rewrite ingress tag translate 1-to-2 dot1q 100 second-dot1q 200 symmetric

rewrite ingress tag translate 2-to-1 dot1q 100 symmetric

rewrite ingress tag translate 2-to-2 dot1q 100 second-dot1q 200 symmetric

Automatic mirror egress operation


EVC Configuration Example

interface GigabitEthernet0/2

switchport trunk allowed vlan none

switchport mode trunk

service instance 10 ethernet

encapsulation dot1q 10


bridge-domain 10

Required for EFP Configuration

Required for EFP Configuration

Service Instance

Frame Matching

Rewrite Operation

Forwarding


Configuring Point-to-Point Services

Point-to-point local connect

connect <name><interface-type/slot/port><EFP-id><ethernet-type/slot/port><EFP-id>

Point-to-point xconnect

xconnect<peer-add><VC-ID> encapsulation mpls

interface GigabitEthernet4/1/0 service instance 3 ethernet encapsulation dot1q 51 rewrite ingress tag translate 1-to-2 dot1q 52 second-dot1q 52 symmetric

interface GigabitEthernet4/1/1 service instance 4 ethernet encapsulation dot1q 52 second-dot1q 52

connect eline-sample GigabitEthernet4/1/0 3 GigabitEthernet4/1/1 4

interface GigabitEthernet4/1/1 service instance 11 ethernet encapsulation dot1q 101 second-dot1q 60-70xconnect 10.0.0.3 101 encapsulation mpls


IP/MPLS

PE-1 PE-2

VLAN ModeInterface GigabitEthernet 1/1.1 encap dot1q 20 xconnect 1.1.1.1 100 encap mpls

service instance 3 ethernet encapsulation dot1q 10 xconnect 1.1.1.2 100 encap mpls

20

PW Type 4

20

10 10tag 10 20

PROBLEM - VLAN tag mismatch on attachment circuits !!!

In most cases, EVC device must be configured to POP EVC’s context service delimiter VLAN

Encapsulation Adjustment ConsiderationsPW VC Type and EVC VLAN rewrites (cont.)

Dummy VLAN

service instance 3 ethernet encapsulation dot1q 10 rewrite ingress tag pop 1 symmetric xconnect 1.1.1.2 100 encap mpls

Correct Configuration

Incorrect Configuration


Configuring Multipoint Services

Multipoint Native Ethernet Bridging and VPLS

bridge-domain <global-vlan-id> [split-horizon]

Split-horizon to disable L2 communication between two Service Instances (optional)

Local Bridging

interface GigabitEthernet4/1/0 service instance 2 ethernet encapsulation dot1q 101-1000bridge-domain 100



VPLS

interface GigabitEthernet4/1/0 service instance 2 ethernet encapsulation dot1q 60 bridge-domain 20

interface GigabitEthernet4/1/1 service instance 3 ethernet encapsulation dot1q 61 bridge-domain 20

interface Vlan20 xconnect vfi vpls-sample


Configuring Point-to-Multipoint Services

Multipoint Native Ethernet Bridging and VPLS

bridge-domain <global-vlan-id> [split-horizon]

Disables communication between leaf Service Instances in Split Horizon GroupLocal Bridging

interface GigabitEthernet4/1/0 service instance 2 ethernet encapsulation dot1q 101-1000bridge-domain 100 split-horizon

interface GigabitEthernet4/1/1 service instance 3 ethernet encapsulation dot1q 101-1000bridge-domain 100 split-horizon


Leaf

Leaf

Root

Gig3/1/2

BD

Bridge Domain

Split Horizon Group

Root

Leaf

Leaf

X

Gig4/1/1

Gig4/1/0


Single tag termination

Option 1

interface GigabitEthernet4/1/1service instance 666 ethernet encapsulation dot1q 200 rewrite ingress tag pop 1 symmetric bridge-domain 100

interface Vlan100 ip address 100.1.100.1 255.255.255.0

Option 2

interface GigabitEthernet4/1/1.200encapsulation dot1q 200 ip address 100.1.100.1 255.255.255.0

Double tag termination

Option 1

interface GigabitEthernet4/1/1service instance 666 ethernet encapsulation dot1q 200 second 300 rewrite ingress tag pop 2 symmetric bridge-domain 100

interface Vlan100 ip address 100.1.100.1 255.255.255.0

Option 2

interface GigabitEthernet4/1/1.200encapsulation dot1q 200 second 300 ip address 100.1.100.1 255.255.255.0

Configuring Layer 3 Services

POP mandatory for IP termination


Forwarding, Learning and Aging on EFPs

Layer 2 forwarding is based on the bridge domain ID and the destination MAC address.

The frame is forwarded to an EFP if the binding between the bridge domain, destination MAC address, and EFP is known;

MAC address learning is based on bridge domain ID, source MAC addresses, and logical port number.

If there is no matching entry in the Layer 2 forwarding table for the ingress frame, the frame is flooded to all the ports within the bridge domain.


Forwarding, Learning and Aging on EFPs (cont.)

You can disable learning on a bridge domain by entering the global configuration command

–“no mac address-table learning bridge-domain <bridge-id>”

Dynamic addresses are aged out if there is no frame from the host with the MAC address.

The default for aging dynamic addresses is 5 minutes.


Forwarding, Learning and Aging on EFPs (cont.)

You can configure dynamic address aging time per VLAN by entering the command. The range is in seconds.

– mac address-table aging time [0 | 10-1000000] bridge-domain bridge-id

An aging time of 0 means that the address aging is disabled.

MAC address movement is detected when the host moves from one port to another.


Etherchannel/L2 Protocols

EVC on etherchannels–EVC can be configured under bundle interface.

–Load-balancing is performed based on MAC address or IP address of the traffic flow on the bundle interface.


Etherchannel/L2 Protocols

To enable L2PT, the command to do this is: “l2protocol tunnel “



encapsulation untagged, dot1q 200 second-dot1q 300

l2protocol tunnel cdp stp vtp dtp page lacp

bridge-domain 10

Valid <protocols> include: cdp, dtp, lacp, pagp, stp, vtp

If a protocol is not listed in <protocols>, then it is dropped at the interface.

CSCtf72829 UDLD & LLDP tunneling option is missing for L2PT


Split-Horizon

The split-horizon feature allows service instances in a bridge domain to join groups.

Service instances in the same bridge domain and split-horizon group

–They cannot forward data between each other

–They can forward data between other service instances that are in the same bridge domain, but in different split-horizon group

If a service instance does not belong to a group, it can send and receive from all ports within the bridge domain.

A service instance cannot join more than one split-horizon group

Enter the bridge-domain bridge-id split-horizon group group_id service-instance configuration mode command to configure a split-horizon group


Split-Horizon contd..

Interface Gi0/1

Service Instance 1 EthernetEncapsulation dot1q 10Rewrite ingress pop 1 symmetricBridge-Domain 8000 Split-Horizon Group 1

Service Instance 2 EthernetEncapsulation dot1q 99Rewrite ingress pop 1 symmetric Bridge-Domain 8000 Split-Horizon Group 1

Interface Gi0/2


Service Instance 4 EthernetEncapsulation dot1q 99Rewrite ingress pop 1 symmetricBridge-Domain 8000

In this example, Service Instances 1 and 2 cannot forward and receive packets from each other.

Service Instance 3 can talk to everyone in Bridge-Domain 8000 since no one is in Split-Horizon Group 2.

Service Instance 4 can talk to everyone in Bridge-Domain 8000 since it has not joined any Split-Horizon Groups.


L2 Protocol Tunneling

Layer 2 protocol tunneling converts the customer BPDU to a Cisco-known MAC destination address (0100.0CCD.CDD0) upon network entry and exit

Cisco’s Layer 2 protocol tunneling address is treated as unknown multicast data.

ME3800X and ME3600X switches, Layer 2 protocol tunneling is supported on EFPs, but not on switchports.


L2 Protocol Tunneling contd...

To enable L2PT, the command to do this is: “l2protocol tunnel “



encapsulation untagged, dot1q 200 second-dot1q 300

l2protocol tunnel cdp stp vtp dtp page lacp

bridge-domain 10

Valid <protocols> include: cdp, dtp, lacp, pagp, stp, vtp

If a protocol is not listed in <protocols>, then it is dropped at the interface.


EFPs and MSTP

EFP bridge domains are supported by MSTP.

These restrictions apply when running STP with bridge domains.

All incoming VLANs (outer-most or single) mapped to a bridge domain must belong to the same MST instance or loops could occur.

For all EFPs that are mapped to the same MST instance, you must configure backup EFPs on every redundant path to prevent loss of connectivity due to STP blocking a port.

When STP mode is PVST+ or PVRST, EFP information is not passed to the protocol.

EVC only supports only MSTP.

Changing STP mode from MST to PVST+ or PVRST for a multicast port is not allowed.



EVC Interaction with Switchport


Untagged to Tagged Packet

INGRESS UNIinterface GigabitEthernet0/1 port-type nni switchport access vlan 10

interface GigabitEthernet0/1 port-type nni switchport trunk native vlan 10 switchport mode trunk

*By defalult untagged goes to vlan 1, to change the behavior use the command “native vlan 10” under trunk

EGRESS NNIinterface GigabitEthernet0/2 switchport mode trunk

Untagged Packet

VLAN 10 (C-TAG)

Ingress Switchport

PUSH TAG 10Egress Switchport

Gig 0/1 Gig 0/2

Traffic Direction

Bridged to VLAN 10

Switchport: Implicit push on egress & implicit pop on ingress


Untagged to Tagged Packet

INGRESS UNIinterface GigabitEthernet0/1 switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation untagged bridge-domain 10


Untagged Packet

VLAN 10 (C-TAG)

SwitchUnder Test

INGRESS EFP

Gig 0/1 Gig 0/2

Traffic Direction


Egress Switchport PUSH


QinQ Configuration (EFP to Switchport)

INGRESS UNIinterface GigabitEthernet0/1 switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation dot1q 10 bridge-domain 100


VLAN 10(C-TAG)

VLAN 100 (S-TAG)VLAN 10 (C-TAG)Switch

Under Test

INGRESS EFP

Gig 0/1 Gig 0/2

Traffic Direction

TAG 10




Selective QinQ Configuration

INGRESS UNIinterface GigabitEthernet0/1switchport trunk allowed vlan noneswitchport mode trunk service instance 10 ethernet encapsulation dot1q 10-20 bridge-domain 100

service instance 20 ethernet encapsulation dot1q 20-30 bridge-domain 200


VLAN 10-20 (C-TAG)

VLAN 20-30 (C-TAG)

VLAN 100, 10-20

VLAN 200, 20-30SwitchUnder Test

INGRESS EFP

Gig 0/1 Gig 0/2

Traffic Direction

TAG 10-20TAG 20-30




QinQ Configuration (EFP to EFP)

INGRESS UNIinterface GigabitEthernet0/1 switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation dot1q 1-50 bridge-domain 5000

EGRESS UNIinterface GigabitEthernet0/2 switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation dot1q 100 rewrite ingress tag pop 1 symmetric bridge-domain 5000

VLAN 1-50(C-TAG)

VLAN 100 (S-TAG)VLAN 1-50 (C-

TAG)SwitchUnder Test

INGRESS EFP

Gig 0/1 Gig 0/2

Traffic Direction

BD 5000

Egress EFP


1:1 VLAN Mapping Layer 2 VPN Service Offering

Multi-Tenant Unit

Customer AHeadquarters

CustomerCPE

CustomerCPE UNI

UNI 0/1

Customer BHeadquarters

CustomerCPE

UNI

UNI 0/2

CustomerCPE

Customer-A VLAN - 10

Customer-B VLAN - 10

Problem: Customer-A and Customer-B have the overlapping VLANs configured on their networks and the service provider does NOT want to deploy QinQ.

Why is it Important: This removes the need for coordinate the CVLANs with customers. Allowing more Flexible Service Delivery

Service Provider Network

MPLS Core withdot1Q Ethernet Access Domain


UNI with 1:1 Translation (EFP to EFP)

INGRESS UNIinterface GigabitEthernet0/1 switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation dot1q 10 rewrite ingress tag pop 1 symmetric bridge-domain 10


VLAN 10 VLAN 20SwitchUnder Test

INGRESS EFP POP

EGRESS EFP PUSH

Gig 0/1 Gig 0/2

Traffic Direction

UNTAG


1:2 VLAN Mapping / Selective QinQLayer 2 VPN Service Offering: MEF- EVPL

Customer AHeadquarters

Customer ARemote Branch # 1

Customer ARemote Branch # 2

CustomerCPEService Provider

Network

MPLS Core withQinQ Ethernet

Access Domain

CustomerCPE

CustomerCPE

UNI

UNI

UNI

Push QinQ Tag

Pop QinQ Tag

Pop QinQ Tag

Ethernet Virtual Private Line Service

•Leverages Selective QinQ (1:2 VLAN Mapping) on ME ME3800X/ME3600X with multiplexed UNI

•Uses EVC (Flexible UNI) infrastructure

•Adds / Removes Service Provider VLAN (S-VLAN) based upon the Customer (CE-VLAN) mapping

•EVPL serves as a replacement for lower speed Frame Relay service offerings

•The New ME3800X/ME3600X ASIC allows the user full flexibility of marking the SVLAN Tag COS marking based on the Customer CoS / DSCP / IP Prec marking



INGRESS UNIinterface GigabitEthernet0/1 switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation dot1q 10 rewrite ingress tag pop 1 symmetric bridge-domain 10

EGRESS UNIinterface GigabitEthernet0/2 switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation dot1q 20 second-dot1q 30 rewrite ingress tag pop 2 symmetric bridge-domain 10

VLAN 10VLAN 20, VLAN 30 (C-VLAN)

SwitchUnder

Gig 0/1 Gig 0/2

Traffic Direction

UNTAG

INGRESS POP EGRESS PUSH


QinQ with 2:1 Translation

Customer A

Customer ACustomer B

Dot1Q Tunnel

Customer B

Dot1Q Tunnel

• Provides Port Isolation allowing multiple customers single switch to have same internal Vlans

• Flexibility for Service Provider to choose Vlans to pass over Core

• Does NOT require mixing of Customer and Provider Vlans

L2 VPNL2 VPN



INGRESS UNIinterface GigabitEthernet0/1 switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation dot1q 10 second-dot1q 20 rewrite ingress tag pop 2 symmetric bridge-domain 10


VLAN 10, VLAN 20 (C-VLAN) Gig 0/1 Gig 0/2

Traffic Direction

VLAN 30

UNTAG




INGRESS UNIinterface GigabitEthernet0/1 switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation dot1q 10 second-dot1q 20 rewrite ingress tag pop 2 symmetric bridge-domain 10

EGRESS UNIinterface GigabitEthernet0/2 switchport trunk allowed vlan none switchport mode trunk service instance 10 ethernet encapsulation dot1q 30 second-dot1q 40 rewrite ingress tag pop 2 symmetric bridge-domain 10

VLAN 10, VLAN 20 (C-VLAN)

SwitchUnder

Gig 0/1 Gig 0/2

Traffic Direction

VLAN 30, VLAN 40 (C-VLAN)

UNTAG



Bridge Domain Routing

The bridge-domain can only be between 1-4K range since SVI interfaces can be configured in that range only.

We need SVI interfaces for bridge-domain routing

There can only be one EFP in the bridge-domain.

There can not be any switchport as well in the same VLAN/bridge-domain.

The EFP must make the packet native for Bridge-domain routing to work.

This is fundamental for IP routing purposes since IP router routes a IP datagram

Only IP is supported. MPLS is not supported.

L3VPN/L2VPN configuration is supported

Multicast is supported


One/ Two Tag EFP

int gi0/1

switchport trunk allowed vlan none



encapsulation dot1q 10 second-dot1q 20


bridge-domain 100

int vlan 100

ip address 20.1.1.1 255.255.255.255



Monitoring EFP


Monitoring EFP

show ethernet service [id evc-id | interface interface-id] [detail]

Displays information about EVC

show bridge-domain [n] Displays all the members of the specified bridge-domain

show bridge-domain n split-horizon [group {group_id | all}]

Displays all the members of bridge-domain n that belong to split horizon group

show mac address-table Displays dynamically learned or statically configured MAC security addresses

•show mac address-table bridge-domain bridge-domain id •show mac address-table count bridge-domain bridge-domain id •show mac address-table learning bridge-domain bridge-domain id

Displays MAC address table information for the specified bridge domain.


Monitoring EFP

3600-HL-1#sh ethernet service instance id 10 interface gigabitEthernet 0/7 detail Service Instance ID: 10Associated Interface: GigabitEthernet0/7Associated EVC: L2protocol drop

CE-Vlans: Encapsulation: dot1q 10 vlan protocol type 0x8100Rewrite: ingress tag pop 1 symmetricInterface Dot1q Tunnel Ethertype: 0x8100State: Down

EFP Statistics: Pkts In Bytes In Pkts Out Bytes Out 0 0 0 0

EFP Microblocks:

****************

Microblock type: Bridge-domain

Bridge-domain: 10


Monitoring EFP

3600-HL-1#sh bridge-domain 10 Bridge-domain 10 (1 ports in all)State: UP GigabitEthernet0/7 service instance 10

3600-HL-1#show mac address-table bridge-domain 10

Mac Address Table-------------------------------------------BD Mac Address Type Ports---- ----------- -------- ----- All 0100.0000.0000 STATIC CPU All 0100.0ccc.cccc STATIC CPU All 0100.0ccc.cccd STATIC CPU All 0100.0ccc.ccce STATIC CPU



Service Migration


UNI Service

In order to do UNI functionality, we would need a way to drop protocol packets and also a way to create traffic isolation across UNI ports in same bridge domain/VLAN.

Split-horizon needs to be configured per bridge-domain instead of per port

Interface Gi0/1Service Instance 1 Ethernet

Encapsulation dot1q 10Rewrite ingress pop 1 symmetricBridge-Domain 8000 Split-Horizon Group 1


Interface Gi0/2Service Instance 3 Ethernet

Encapsulation dot1q 10Rewrite ingress pop 1 symmetric Bridge-Domain 8000 Split-Horizon Group 2

Service Instance 4 EthernetEncapsulation dot1q 99Rewrite ingress pop 1 symmetricBridge-Domain 8000

* In this example, Service Instances 1 and 2 cannot forward and receive packets from each other. * Service Instance 3 can talk to everyone in Bridge-Domain 8000 since no one is in Split-Horizon Group 2. * Service Instance 4 can talk to everyone in Bridge-Domain 8000 since it has not joined any Split-Horizon Groups.


ENI Service

The ENI service is similar to UNI except that it provides flexibility of understanding customer protocol packets instead of dropping them.


NNI Service

The NNI service is standard dot1q trunking.

The NNI interface can communicate with any other NNI and also any UNI ports (split-horizon enabled).

int gi0/3 NNI (EVC model)switchport trunk allowed vlan noneswitchport mode trunkservice instance 1 ethernet encapsulation 100 bridge-domain 100

int gi0/4 NNI (switchport model)



Private VLAN Service

The private VLAN service is typically deployed using two VLANs where one VLAN is used for down interfaces (UNI) and other VLAN is used for uplink interface (NNI).

This service can be deployed using EVC configuration model in conjunction with split-horizon and we would need only one VLAN/bridge-domain.


Protected port Service

The protected port feature allows UNI kind of functionality.

This service can be deployed using EVC configuration model in conjunction with split-horizon.

The only drawback is that split-horizon need to be enabled per bridge-domain instead of per port but because of this reason it is more flexible.


Platform Support


Cisco EVC FrameworkPlatform Support

Cisco ASR 9000Cisco 7600 SIP-400 ES-20 and ES+ linecards

Catalyst 6500 Supervisor 2T

Cisco ME3600XCisco ME3800X

Cisco ASR 1000

Aggregation

Access

Cisco ONS 15454 ML-MR linecard


EVC Configuration Comparison (IOS XR & IOS) – L2VPN P2P service

ASR 9000 ME3800X/ME3600X

EoMPLS interface GigabitEthernet4/1/1 service instance 11 ethernet encapsulation dot1q 101 second-dot1q 60-70 xconnect 10.0.0.3 101 encapsulation mpls

EFP configuration under interface

Including VLAN tag encapsulation, tag rewrite, Qo/ACL features, etc

Interface gig 0/0/0/1.101 l2transportencapsulation dot1q 101 second 10rewrite ingress tag pop 2 Symmetric

Interface gig 0/0/0/2.101 l2transportencapsulation dot1q 101rewrite ingress tag pop 1 Symmetric

Service configuration under “l2vpn”

l2vpn xconnect group cisco p2p service1 local connect interface gig 0/0/0/1.101 interface gig 0/0/0/2.101 p2p service2 EoMPLS interface gig 0/0/0/3.101 neighbor 1.1.1.1 pw-id 22 p2p service3 PW stitching neighbor 2.2.2.2 pw-id 100 neighbor 3.3.3.3 pw-id 101


EVC Configuration Comparison (IOS XR & IOS) – L2VPN MP bridging

ASR 9000 7600

Local Bridging interface GigabitEthernet4/1/0 service instance 101 ethernet encapsulation dot1q 101-1000 bridge-domain 100 split-horizon

interface GigabitEthernet4/1/1 service instance 101 ethernet encapsulation dot1q 101-1000 bridge-domain 100 split-horizon

(H-)VPLS & SVI based EoMPLS

interface GigabitEthernet4/1/0 service instance 2 ethernet encapsulation dot1q 20 bridge-domain 20 split-horizon

interface GigabitEthernet4/1/1 service instance 2 ethernet encapsulation dot1q 20 bridge-domain 20 split-horizon

l2 vfi vpls-20 manual VPLS vpn id 120 neighbor 10.0.0.1 encapsulation mpls core PW neighbor 10.0.0.2 encapsulation mpls no-split-horizon spoke PW neighbor 10.0.0.4 encapsulation mpls

interface Vlan20 (H-)VPLS xconnect vfi vpls-20

interface Vlan20 SVI EoMPLS xconnect 10.0.0.1 101 encap mpls

EFP configuration under interface

Including VLAN tag encapsulation, tag rewrite, Qo/ACL features, etc

Same as L2VPN P2P services

Service configuration under “l2vpn”

l2vpn bridge group cisco bridge-domain domain1 local bridging Interface gig 0/0/0/1.101 split-horizon group Interface gig 0/0/0/2.101 split-horizon group

bridge-domain domain2 SVI EoMPLS Interface gig 0/0/0/1.101 Interface gig 0/0/0/2.101 neighbor 192.0.0.1 pw-id 100 bridge-domain domain3 vpls & h-vpls Interface gig 0/0/0/1.101 neighbor 192.0.0.3 pw-id 100 spoke PW vfi cisco core PWs under VFI config neighbor 192.0.0.1 pw-id 100 neighbor 192.0.0.2 pw-id 100


AcronymsAcronymACL Access Control List

BD Bridge Domain

BRAS Broadband Access Server

CE Customer Equipment (Edge)

C-VLAN / CE-VLAN

Customer VLAN

CoS Class of Service

DSLAM DSL Access Modulator

E-LAN Ethernet LAN service (multipoint)

E-Line Ethernet Line service (point-to-point)

E-Tree Ethernet Tree service (rooted multipoint)

EFP Ethernet Flow Point

EoMPLS Ethernet over MPLS

EPL Ethernet Private Line

EVC Ethernet Virtual Connection

EVPL Ethernet Virtual Private Line

IEEEInstitute of Electrical and Electronics Engineers

IETF Internet Engineering Task Force

AcronymIPoETV TV on IP over Ethernet

IPTV Television over IP

MEF Metro Ethernet Forum

MEN Metro Ethernet Network

MPLS Multi-protocol Label Switching

OAMOperations, Administration and Maintenance

PE Provider Edge device

PW Pseudowire

Q-in-Q VLAN tunneling using two 802.1Q tags

QoS Quality of Service

SVI Switch Virtual Interface (interface vlan)

S-VLAN Service VLAN (Provider VLAN)

UNI User to Network Interface

VLAN Virtual LAN

VoD Video on Demand

VoIP Voice over IP

VPLS Virtual Private LAN Service


Thank you.


Introduction to Metro Ethernet Forum (MEF) Ethernet ServicesAppendix


MEF Concepts and TerminologyCE, MEN and UNI

CE: –Customer Equipment (Edge)

–Router or IEEE 802.1 bridge/switch

MEN:–Metro Ethernet Network

–Provide Ethernet service to CE

–May employ various transports/media

UNI:–User-Network Interface

–Demarcation between Customer and Provider

–IEEE 802.3 PHY/MAC

CE

CE

CEUNI

UNI

UNI

MEN


MEF Service Attributes at a Glance

UNI Identifier

Physical Medium

Speed

Mode

MAC Layer

UNI MTU

Service Multiplexing

CE-VLAN for untagged/priority tagged Service Frames

Maximum Number of EVCs

Bundling

All to One Bundling

Ingress Bandwidth Profile Per Ingress UNI

Egress Bandwidth Profile Per Egress UNI

Layer 2 Control Protocols Processing

EVC Type

EVC ID

UNI List

Maximum Number of UNIs

EVC Maximum Transmission Unit Size

CE-VLAN ID Preservation

CE-VLAN CoS Preservation

Unicast Service Frame Delivery

Multicast Service Frame Delivery

Broadcast Service Frame Delivery

Layer 2 Control Protocols Processing

EVC Performance

UNI AttributesEVC AttributesUNI EVC ID

CE-VLAN ID/EVC Map

Ingress Bandwidth Profile Per EVC

Ingress Bandwidth Profile Per COS ID

Egress Bandwidth Profile Per EVC

Egress Bandwidth Profile Per COS ID

EVC Per UNI Attributes

MEF 10.1Ethernet Services Attributes


MEF Concepts and TerminologyEthernet Virtual Connection (EVC)

Ethernet Virtual Connection (or Circuit)

Conceptual visualization of an Ethernet Service

“An association of two or more UNIs”

Three types:–Point-to-Point EVC (E-Line)

–Multipoint-to-Multipoint EVC (E-LAN)

–Rooted-Multipoint EVC (E-Tree)

CE

CE

CEUNI

UNI

UNI

CE

CE

CEUNI

UNI

UNI

CE

CE

CEUNI

UNI

UNI

Point-to-PointMultipoint-to-Multipoint Rooted-Multipoint


MEF Concepts and Terminology Service Visualization

E-LINE: Ethernet Private Line (EPL) E-LAN: Ethernet Private LAN

E-LINE: Ethernet Virtual Private Line (EVPL) E-LAN: Ethernet Virtual Private LAN


MEF Concepts and TerminologyHighlight of UNI Attributes

Bundling: More than one CE-VLAN on a UNI mapped to an EVC

All-to-one Bundling: All CE-VLANs on a UNI mapped to a single EVC

Service Multiplexing: Support multiple EVCs over a UNI; EVC selection is based on CE-VLAN value

CE

CE

UNIUNI

UNI


CE

CEUNI

UNI

UNI

All-to-One Bundling

All

CE-VLANs

CE

CEUNI

UNI

UNI

Bundling

CE-VLAN subset


Mapping MEF Services to Cisco EVCSupport for Various EVC Types

E-Line: –Associate a point-to-point forwarding service to a Service Instance

–Native Transport: Ethernet to Ethernet Local Switching (connect)

–MPLS Transport: EoMPLS (xconnect)

E-LAN: –Associate a multipoint forwarding service (Bridge Domain) with EFPs

–Native Transport: Ethernet multipoint bridging

–MPLS Transport: VPLS

E-Tree: –Associate a rooted-multipoint forwarding service (Bridge Domain

with Split Horizon) with Service Instances

–Native Transport: Service Instances

–MPLS Transport: Service Instances and Pseudowires


Mapping MEF Services to Cisco EVCSupport for Bundling and Service Multiplexing

CE

CE

UNIUNI

UNI


CE

CEUNI

UNI

UNI

All-to-One Bundling

All

CE-VLANs

CE

CEUNI

UNI

UNI

Bundling

CE-VLAN subset

PE PE PE

EFPmatch multiple CE-VLANs

EFPmatch all CE-VLANs

Different EFPsmatch different CE-VLANs


Configuring MEF Attributes

Configuring EVC Identifier–PE(config)# ethernet evc <evc-name>

CE-VLAN ID/EVC Map–PE(config-if-srv)# ethernet lmi ce-vlan map {<vlan-id>[,<vlan-id>[-<vlain-id>]] | any | default | untagged}

UNI Count–PE(config-evc)# uni count {2 [multipoint] to 1024}

UNI Type–PE(config-if)# ethernet uni {bundle [all-to-one] | multiplex}

UNI Name–PE(config-if)# ethernet uni id <uni-name>


Configuring MEF UNI Variants

Configuring All-to-One Bundling

interface GigabitEthernet 1/0/2

service instance 1 ethernet ServiceXYZ Instantiate an EVC on this port

encapsulation default Maps all traffic on interface to single EVC

bridge-domain 3

Configuring Bundling


service instance 1 ethernet ServiceXYZ Instantiate an EVC on this port

encapsulation dot1q 30-50, 83, 100 Map multiple C-VLANs to single EVC

bridge-domain 3


Configuring MEF UNI Variants (cont.)

Configuring Service Multiplexing


service instance 1 ethernet ServiceABC Instantiate first EVC on this port

encapsulation dot1q 20-50 This service has bundling as well

bridge-domain 3

!

service instance 2 ethernet ServiceXYZ Instantiate second EVC on this port

encapsulation dot1q 100 No bundling for this service

bridge-domain 40

Evc

Documents

Transcript of Evc