L2VPNs are another type of VPNs which Service providers have in their kitty to connect their customers over its MPLS environment. With L2VPNs, service providers extend the Customer LAN over the SP network and customer don’t have any idea that they are connected over the MPLS network. There are many variants of L2VPNs and majority of them use LDP/BGP schemes to configure this. However first method which was implemented for carrying layer 2 traffic over a MPLS network was CCC (Circuit Cross Connect) which we will talk here and still being used by many SPs to connect their customers.
CCC scheme always use an RSVP Signaled LSP which has advantage of taking Traffic Engineering properties of RSVP. For each connection between Customers we need to have a dedicated LSP which is different from LDP/BGP schemes which use same Transport LSP to send the traffic E2E.
As we have dedicated LSP between 2 End Point PEs, there is no concept of VPN Label to associate the corresponding VRF/Customer interface in case of CCC scheme. Also in CCC, as there is only label E2E, we need to disable the PHP (Penultimate Hop Popping) so that Penultimate Hop Router doesn’t Pop the label which would otherwise send plain Ethernet Frame to Egress PE and PE won’t be knowing what to do with this.
For a point-to-point CCC connection, the connection is bidirectional, so an RSVP-signaled LSP is required in each direction between the two PEs.
We will look at configuration of L2VPN via CCC method on Junos where we will use the below Network to configure it.
As the connection needs to be bidirectional, we will only look at the forwarding path from Left to right however other direction would be using the same method.
On Ingress side, Customer CE-1 is connected to ge-0/1/8/.601 interface on MX104 PE and interface config would be:
Re1@Ingress_PE> show configuration interfaces ge-0/1/8 description "Connected to Customer CE-1"; vlan-tagging; mtu 1522; encapsulation vlan-ccc; unit 601 { encapsulation vlan-ccc; vlan-id 601; family ccc; }
Vlans 512-4094 are only reserved for vlan-ccc encapsulation so you need to use vlan greater than equal to 512.
On Egress side, Customer CE-2 is connected to xe-2/0/0.601 interface on MX960 PE and interface config would be:
Re1@Egress_PE> show configuration interfaces xe-2/0/0 description "Connected to Customer CE-2"; vlan-tagging; mtu 1522; encapsulation vlan-ccc; unit 601 { encapsulation vlan-ccc; vlan-id 601; family ccc; }
Next config is to create a Label switched path from Ingress to Egress with an optional strict ‘path’ to fully utilize the TE properties otherwise router will dynamically calculate the path towards Egress.
In our case, we have defined the path
So LSP from Ingress MX104 PE to Egress PE MX960 via Transit PE looks like:
Re1@Ingress_PE > show configuration protocols mpls label-switched-path MX104-MX960 to 10.198.123.205; bandwidth 100m; optimize-timer 900; preference 200; priority 5 0; primary MX104-MX960; <<<<< Path Re1@Ingress_PE > show mpls lsp name MX104-MX960 Ingress LSP: 11 sessions To From State Rt P ActivePath LSPname 10.198.123.205 10.198.123.100 Up 0 * MX104-MX960 MX104-MX960 Total 1 displayed, Up 1
LSP is Up and everything looks fine from Ingress to Egress. In same way we have to configure the LSP from MX960 to MX104 in other direction. Once both LSPs are up, we have to bind these LSPs and Ingress Interface under one connection on MX104 and same way in MX960.
Lets check on MX104 Ingress
Re1@Ingress_PE > show configuration protocols connections remote-interface-switch L2VPN interface ge-0/1/8.601; transmit-lsp MX104-MX960; receive-lsp MX960-MX104;
Once we have configured this on both sides, we should have this connection Up and running. Lets check this.
Re1@Ingress_PE > show connections remote-interface-switch L2VPN CCC and TCC connections [Link Monitoring On] Legend for status (St): Legend for connection types: UN -- uninitialized if-sw: interface switching NP -- not present rmt-if: remote interface switching WE -- wrong encapsulation lsp-sw: LSP switching DS -- disabled tx-p2mp-sw: transmit P2MP switching Dn -- down rx-p2mp-sw: receive P2MP switching -> -- only outbound conn is up Legend for circuit types:
So we have UP state once config is done on both sides. Our L2VPN is ready to accept and switch the traffic to egress. For any chance if there is any issue in config like vlan-mismatch on other end or LSP is down because of any reason like path or Bandwidth issue, connection won’t be up and we can see from the various legend from the command output showing exactly where is the issue.
Now as Control plane is configured, let’s check how Forwarding plane looks like.
Lets see the label which has been allocated by Ingress PE for this LSP.
Re1@Ingress_PE > show rsvp session ingress up name MX104-MX960 Ingress RSVP: 11 sessions To From State Rt Style Labelin Labelout LSPname 10.198.123.205 10.198.123.100 Up 0 1 FF - 307680 MX104-MX960 Total 1 displayed, Up 1, Down 0 Re1@Ingress_PE > show route table mpls.0 label-switched-path MX104-MX960 extensive mpls.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden) Restart Complete ge-0/1/8.601 (1 entry, 1 announced) TSI: KRT in-kernel ge-0/1/8.601.0 /32 -> {Push 307680} *CCC Preference: 200/1 Next hop type: Router, Next hop index: 829 Address: 0x2b4c224 Next-hop reference count: 2 Next hop: 10.0.0.169 via ge-0/0/1.0 weight 0x1, selected Label-switched-path MX104-MX960 Label operation: Push 307680 Label TTL action: no-prop-ttl Session Id: 0x3 State: Local AS: 65004 Age: 19:10 Metric: 328 Validation State: unverified Task: MPLS Announcement bits (1): 0-KRT AS path: I
Lets look at Transit PE-1. As you can see below, Label from MX104 Ingress is being swapped here with 300928.
Re1@Transit-PE-1> show rsvp session transit name MX104-MX960
Transit RSVP: 13 sessions
To From State Rt Style Labelin Labelout LSPname
10.198.123.205 10.198.123.100 Up 0 1 FF 307680 300928 MX104-MX960
Total 1 displayed, Up 1, Down 0
Similarly on Transit PE-2
Re1@Transit-PE-2> show rsvp session transit name MX104-MX960
Transit RSVP: 7 sessions
To From State Rt Style Labelin Labelout LSPname
10.198.123.205 10.198.123.100 Up 0 1 FF 300928 300427 MX104-MX960
Total 1 displayed, Up 1, Down 0
At Egress PE,
Re1@Egress-PE> show rsvp session egress up name MX104-MX960 Egress RSVP: 29 sessions To From State Rt Style Labelin Labelout LSPname 10.198.123.205 10.198.123.100 Up 0 1 FF 300427 - MX104-MX960 Total 1 displayed, Up 1, Down 0 Re1@Egress-PE> show route table mpls.0 label 300427 extensive mpls.0: 81 destinations, 81 routes (81 active, 0 holddown, 0 hidden) Restart Complete 300427 (1 entry, 1 announced) TSI: KRT in-kernel 300427 /52 -> {Pop } *CCC Preference: 7 Next hop type: Router, Next hop index: 1725 Address: 0xe9414fc Next-hop reference count: 2 Next hop: via xe-2/0/0.601, selected Label operation: Pop Load balance label: None; Label element ptr: 0xa7c8780 Label parent element ptr: 0x0 Label element references: 20 Label element child references: 0 Label element lsp id: 0 Session Id: 0x0 State: Local AS: 65004 Age: 2d 2:21:13 Validation State: unverified Task: MPLS global Announcement bits (1): 1-KRT AS path: I
Just to confirm this all, you can use the below command on Ingress/Egress PE which shows what all labels being pushed and used for this LSP via CCC.
Re1@Ingress_PE > show connections remote-interface-switch L2VPN labels CCC and TCC connections [Link Monitoring On] Legend for status (St): Legend for connection types: UN -- uninitialized if-sw: interface switching NP -- not present rmt-if: remote interface switching WE -- wrong encapsulation lsp-sw: LSP switching DS -- disabled tx-p2mp-sw: transmit P2MP switching Dn -- down rx-p2mp-sw: receive P2MP switching -> -- only outbound conn is up Legend for circuit types: Outgoing labels: Push 307680 Re1@Egress_PE > show connections remote-interface-switch L2VPN labels CCC and TCC connections [Link Monitoring On] Legend for status (St): Legend for connection types: UN -- uninitialized if-sw: interface switching NP -- not present rmt-if: remote interface switching WE -- wrong encapsulation lsp-sw: LSP switching DS -- disabled tx-p2mp-sw: transmit P2MP switching Dn -- down rx-p2mp-sw: receive P2MP switching -> -- only outbound conn is up Legend for circuit types: Incoming labels: 300427 Outgoing labels: Push 301040
Others labels shown in above commands are for opposite direction from Egress to Ingress.
So that’s all for L2VPN CCC. I hope I have been able to clear your doubts if you had any. if you have any queries, please let me know. In future blogs, we will discuss other methods of doing L2VPN.
Regards
Mohit
Great Post!!!
LikeLike
Hi! Thanks for your useful article! This LSP will be in routing table. How do the others services know that they shouldn’t use this lsp as NH?
LikeLike
Hi Margo, great question… Other services lets say for L3vpn can use this LSP for next hop where we generally want LDP to resolve the next hop hence we give higher preference like 200 to all RSVP created LSPs so that LDP is preferred over RSVP if not strictly defined in service. I hope this answers ur query
LikeLike
Hi, i am new on juniper world 🙂 Kindly would you please share ce-1 interface config , what does it mean when configure encapsulation on pe router ?
what does vlan ccc and ethernet ccc means , what is the difference ?
thank you in advance
basem
LikeLike