VC 42 Vpls

Implementing Virtual Private LAN Services
This module provides the conceptual and configuration information for Virtual Private LAN Services
(VPLS) on Cisco IOS XR software. VPLS supports Layer 2 VPN technology and provides transparent
multipoint Layer 2 connectivity for customers.
This approach enables service providers to host a multitude of new services such as broadcast TV,
Layer 2 VPNs.
For MPLS Layer 2 virtual private networks (VPNs), see Implementing MPLS Layer 2 VPNs module.
Note For more information about MPLS Layer 2 VPN on Cisco IOS XR software and for descriptions of the
commands listed in this module, see the Related Documents section. To locate documentation for
other commands that might appear while executing a configuration task, search online in the
Cisco IOS XR software master command index.
Feature History for Implementing Virtual Private LAN Services on Cisco IOS XR Configuration Module
Release Modification
Release 3.8.0 This feature was introduced.
Support for the bridging funtionality feature (VPLS based) and pseudowire
redundancy was added.
Release 3.9.0 The following features were added:
Blocking unknown unicast flooding.
Disabling MAC flush.
Release 4.0 The following features were added:
H-VPLS with MPLS Access pseudowire
H-VPLS with Ethernet Access
MAC Address withdrawal
Release 4.0.1 Support for the BGP Autodiscovery with LDP Signaling feature was added.
Release 4.1.0 Support for Pseudowire Headend feature was added.
Cisco IOS XR Virtual Private Network Configuration Guide for the Cisco CRS Router
OL-26113-03 VPC-75
Release 4.2.0 Support was added for:

VPLS pseudowire on LDP over TE and Preferred TE path
VPLS with Traffic Engineering Fast Reroute (TE FRR)
Release 4.2.1 Support was added for:
Pseudowire Headend on Cisco CRS-3 router
IPv6 packets over PWHE interfaces
VPC-76 OL-26113-03
Contents
Contents
Before you configure VPLS, ensure that the network is configured as follows:, page VPC-77
Restrictions for Implementing Virtual Private LAN Services, page VPC-77
Information About Implementing Virtual Private LAN Services, page VPC-78
How to Implement Virtual Private LAN Services, page VPC-90
Configuration Examples for Virtual Private LAN Services, page VPC-145
Additional References, page VPC-158
Prerequisites for Implementing Virtual Private LAN Services

Before you configure VPLS, ensure that the network is configured as follows:
To perform these configuration tasks, your Cisco IOS XR software system administrator must
assign you to a user group associated with a task group that includes the corresponding command
task IDs. All command task IDs are listed in individual command references and in the
Cisco IOS XR Task ID Reference Guide.
If you need assistance with your task group assignment, contact your system administrator.
Configure IP routing in the core so that the provider edge (PE) routers can reach each other through
IP.
Configure MPLS and Label Distribution Protocol (LDP) in the core so that a label switched path
(LSP) exists between the PE routers.
Configure a loopback interface to originate and terminate Layer 2 traffic. Make sure that the PE
routers can access the other router's loopback interface.
Note The loopback interface is not needed in all cases. For example, tunnel selection does not
need a loopback interface when VPLS is directly mapped to a TE tunnel.
Restrictions for Implementing Virtual Private LAN Services

The following restrictions are listed for implementing VPLS:
All attachment circuits in a bridge domain on an Engine 3 line card must be the same type (for
example, port, dot1q, qinq, or qinany), value (VLAN ID), and EtherType (for example, 0x8100,
0x9100, or 0x9200). The Cisco CRS-1 router supports multiple types of attachment circuits in a
bridge domain.
The line card requires ternary content addressable memory (TCAM) Carving configuration. The
Cisco CRS-1 router however, does not require the TCAM Carving configuration.
Virtual Forwarding Instance (VFI) names have to be unique, because a bridge domain can have only
one VFI.
A PW cannot belong to both a peer-to-peer (P2P) cross-connect group and a VPLS bridge-domain.
This means that the neighboring IP address and the pseudowire ID have to be unique on the router,
because the pseudowire ID is signaled to the remote provider edge.
OL-26113-03 VPC-77
Information About Implementing Virtual Private LAN Services
For the Engine 5 line card, version 1 of the Ethernet SPA does not support QinQ mode and QinAny mode.
Note For the Engine 5 line card, version 2 of the Ethernet SPA supports all VLAN modes, such as VLAN
mode, QinQ mode, or QinAny mode. The Cisco CRS-1 router supports only the Ethernet port mode and
the 802.1q VLAN mode.

To implement Virtual Private LAN Services (VPLS), you should understand the following concepts:
Virtual Private LAN Services Overview, page VPC-78
VPLS for an MPLS-based Provider Core, page VPC-79
Hierarchical VPLS, page VPC-79
VPLS Discovery and Signaling, page VPC-81
Bridge Domain, page VPC-84
MAC Address-related Parameters, page VPC-84
LSP Ping over VPWS and VPLS, page VPC-87
Pseudowire Redundancy for P2P AToM Cross-Connects, page VPC-88
Pseudowire Headend, page VPC-88
Virtual Private LAN Services Overview

Virtual Private LAN Service (VPLS) enables geographically separated local-area network (LAN)
segments to be interconnected as a single bridged domain over an MPLS network. The full functions of
the traditional LAN such as MAC address learning, aging, and switching are emulated across all the
remotely connected LAN segments that are part of a single bridged domain. A service provider can offer
VPLS service to multiple customers over the MPLS network by defining different bridged domains for
different customers. Packets from one bridged domain are never carried over or delivered to another
bridged domain, thus ensuring the privacy of the LAN service.
VPLS transports Ethernet 802.3, VLAN 802.1q, and VLAN-in-VLAN (Q-in-Q) traffic across multiple
sites that belong to the same Layer 2 broadcast domain. VPLS offers simple Virtual LAN services that
include flooding broadcast, multicast, and unknown unicast frames that are received on a bridge. The
VPLS solution requires a full mesh of pseudowires that are established among provider edge (PE)
routers. The VPLS implementation is based on Label Distribution Protocol (LDP)-based pseudowire
signaling.
A VFI is a virtual bridge port that is capable of performing native bridging functions, such as forwarding,
based on the destination MAC address, source MAC address learning and aging.
After provisioning attachment circuits, neighbor relationships across the MPLS network for this specific
instance are established through a set of manual commands identifying the end PEs. When the neighbor
association is complete, a full mesh of pseudowires is established among the network-facing provider
edge devices, which is a gateway between the MPLS core and the customer domain.
The service provider network starts switching the packets within the bridged domain specific to the
customer by looking at destination MAC addresses. All traffic with unknown, broadcast, and multicast
destination MAC addresses is flooded to all the connected customer edge devices, which connect to the
VPC-78 OL-26113-03
service provider network. The network-facing provider edge devices learn the source MAC addresses as
the packets are flooded. The traffic is unicasted to the customer edge device for all the learned MAC
addresses.
VPLS requires the provider edge device to be MPLS-capable. The VPLS provider edge device holds all
the VPLS forwarding MAC tables and Bridge Domain information. In addition, it is responsible for all
flooding broadcast frames and multicast replications.
VPLS for an MPLS-based Provider Core

VPLS is a multipoint Layer 2 VPN technology that connects two or more customer devices using
bridging techniques. The VPLS architecture allows for the end-to-end connection between the Provider
Edge (PE) routers to provide Multipoint Ethernet Services.
VPLS requires the creation of a bridge domain (Layer 2 broadcast domain) on each of the PE routers.
The access connections to the bridge domain on a PE router are called attachment circuits (AC).
The attachment circuits can be a set of physical ports, virtual ports, or both that are connected to the
bridge at each PE device in the network.
The MPLS/IP provider core simulates a virtual bridge that connects the multiple attachment circuits on
each of the PE devices together to form a single broadcast domain. A VFI is created on the PE router for
each VPLS instance. The PE routers make packet-forwarding decisions by looking up the VFI of a
particular VPLS instance. The VFI acts like a virtual bridge for a given VPLS instance. More than one
attachment circuit belonging to a given VPLS are connected to the VFI. The PE router establishes
emulated VCs to all the other PE routers in that VPLS instance and attaches these emulated VCs to the
VFI. Packet forwarding decisions are based on the data structures maintained in the VFI.
Hierarchical VPLS
Hierarchical VPLS (H-VPLS) is an extension of basic VPLS that provides scaling and operational
benefits. H-VPLS provides a solution to deliver Ethernet multipoint services over MPLS. H-VPLS
partitions a network into several edge domains that are interconnected using an MPLS core. The use of
Ethernet switches at the edge offers significant technical and economic advantages. H-VPLS also allows
Ethernet point-to-point and multipoint Layer 2 VPN services, as well as Ethernet access to high-speed
Internet and IP VPN services.
Two flavors of H-VPLS are:
Ethernet access in the edge domain
MPLS access in the edge domain
H-VPLS with Ethernet Access QinQ or QinAny

Figure 11 shows Ethernet access for H-VPLS. The edge domain can be built using Ethernet switches and
techniques such as QinQ. Using Ethernet as the edge technology simplifies the operation of the edge
domain and reduces the cost of the edge devices.
OL-26113-03 VPC-79
Figure 11 Ethernet Access for H-VPLS
QinQ/QinAny
ACs Core PWs
CE1 U-PE1 N-PE2
N-PE1
Ethernet Access VPLS Core
Network Network
279529
CE2 U-PE2 N-PE3
H-VPLS with PW-access

Figure 12 shows pseudowire (PW) access for H-VPLS. The edge domain can be an MPLS access
network. In this scenario, the U-PE device carries the customer traffic from attachment circuits (AC)
over the point to point (p2p) pseudowires. The p2p pseudowires terminate in a bridge domain configured
on the N-PE device.
Access PW is configured as a member directly under a bridge domain. A bridge-domain in N-PE1 can
have multiple ACs (physical/VLAN Ethernet ports), multiple access PWs and one VFI (consisting of
core PWs) as members, is depicted in Figure 12.
Figure 12 PW access for H-VPLS
P2P AC1
CE1 U-PE1 N-PE2
N-PE1
Ethernet Access VPLS Core
Network Network
Ethernet
CE2 U-PE2 AC N-PE3
P2P AC2
279534
Access PWs/P2P
CE Core PWs
VPC-80 OL-26113-03
VPLS Discovery and Signaling

VPLS is a Layer 2 multipoint service and it emulates a LAN service across a WAN. VPLS enables
service providers to interconnect several LAN segments over a packet-switched network and make them
behave as a single LAN. Service providers can provide a native Ethernet access connection to customers
using VPLS.
The VPLS control plane consists of two important components, autodiscovery and signaling:
VPLS Autodiscovery eliminates the need to manually provision VPLS neighbors. VPLS
Autodiscovery enables each VPLS PE router to discover other provider edge (PE) routers that are
part of the same VPLS domain.
Once the PEs are discovered, pseudowires (PWs) are signaled and established across pairs of PE
routers, forming a full mesh of PWs across PE routers in a VPLS domain.
Figure 13 VPLS Autodiscovery and Signaling
L2-VPN Multipoint
Discovery BGP
Signaling Protocol LDP BGP
249881
Tunneling Protocol MPLS
BGP-based VPLS Autodiscovery

An important aspect of VPN technologies, including VPLS, is the ability of network devices to
automatically signal information to other devices, about any association with a particular VPN.
Autodiscovery requires this information to be distributed to all members of a VPN. VPLS is a multipoint
mechanism for which BGP is well-suited.
BGP-based VPLS autodiscovery eliminates the need to manually provision VPLS neighbors. VPLS
autodiscovery enables each VPLS PE router to discover other provider edge (PE) routers that are part of
the same VPLS domain. VPLS Autodiscovery also tracks occurrences when PE routers are added to, or
removed from, the VPLS domain. When the discovery process is complete, each PE router has the
information required to setup VPLS pseudowires (PWs).
BGP Auto Discovery With BGP Signaling

The implementation of VPLS in a network requires the establishment of a full mesh of PWs between the
provider edge (PE) routers. The PWs can be signaled using BGP signaling.
OL-26113-03 VPC-81
Figure 14 Discovery and Signaling Attributes
Label Signaling BGP
CE1 PE1 PE2 CE2
MPLS Core
Tunnel LSP = LDP
Payload BGP VC Label LDP IGP Label
249875
Traffic Flow
The BGP signaling and autodiscovery scheme has these components:

A means by which a PE can learn which remote PEs are members of a given VPLS. This process is
known as autodiscovery.
A means by which a PE can learn about the pseudowire label that is expected by a given remote PE
for a given VPLS. This process is known as signaling.
The BGP Network Layer Reachability Information (NLRI) takes care of both these components
simultaneously. The NLRI generated by a given PE contains necessary information required by other
PEs. These components enable the automatic setup of a full mesh of pseudowires for each VPLS, without
having to manually configure those pseudowires on each PE.
NLRI Format for VPLS with BGP AD and Signaling

Figure 15 shows the NLRI format for VPLS with BGP AD and Signaling.
Figure 15 NLRI Format
Length (2 octets)
Route Distinguisher (8 octets)
VE ID (2 octets)
VE Block Offset (2 octets)
VE Block Size (2 octets)

249880
Label Base (3 octets)
BGP Auto Discovery With LDP Signaling

Signaling of pseudowires requires exchange of information between two endpoints. Label Distribution
Protocol (LDP) is better suited for point-to-point signaling. The signaling of pseudowires, between
provider edge devices, uses targeted LDP sessions to exchange label values and attributes, and configure
the pseudowires.
VPC-82 OL-26113-03
Figure 16 Discovery and Signaling Attributes
Label Signaling LDP
CE1 PE1 PE2 CE2
MPLS Core
Tunnel LSP = LDP
Payload LDP VC Label LDP IGP Label
249877
Traffic Flow
A PE router advertises an identifier through BGP for each VPLS instance. This identifier is unique
within the VPLS instance and acts like a VPLS ID. The identifier enables the PE router, receiving the
BGP advertisement, to identify the VPLS associated with the advertisement, and import it to the correct
VPLS instance. In this manner, for each VPLS, a PE router learns which other PE routers are members
of the VPLS.
The LDP protocol is used to configure a pseudowire to all other PE routers. The FEC 129 standard is
used for signaling. The information carried by FEC 129 includes the VPLS ID, the Target Attachment
Individual Identifier (TAII) and the Source Attachment Individual Identifier (SAII).
The LDP advertisement also contains the inner label or VPLS label that is expected for incoming traffic
over the pseudowire. This enables the LDP peer to identify the VPLS instance with which the
pseudowire is to be associated, and the label value that it is expected to use when sending traffic on that
pseudowire.
NLRI and Extended Communities

Figure 15 depicts NLRI and extended communities.
Figure 17 NLRI and Extended Communities
NLRI:
Length (2 octets)
Route Distinguisher (8 octets)
L2VPN Router ID (4 octets)
Ext Comms:
VPLS-ID (8 octets)
249879
Route Target (8 octets)
OL-26113-03 VPC-83
Interoperability Between Cisco IOS XR and Cisco IOS on VPLS LDP Signaling
The Cisco IOS Software encodes the NLRI length in the fist byte in bits format in the BGP Update
message. However, the Cisco IOS XR Software interprets the NLRI length in 2 bytes. Therefore, when
the BGP neighbor with VPLS-VPWS address family is configured between the IOS and the IOS XR,
NLRI mismatch can happen, leading to flapping between neighbors. To avoid this conflict, IOS supports
prefix-length-size 2 command that needs to be enabled for IOS to work with IOS XR. When the
prefix-length-size 2 command is configured in IOS, the NLRI length is encoded in bytes. This
configuration is mandatory for IOS to work with IOS XR.
This is a sample IOS configuration with the prefix-length-size 2 command:
router bgp 1
address-family l2vpn vpls
neighbor 5.5.5.2 activate
neighbor 5.5.5.2 prefix-length-size 2 --------> NLRI length = 2 bytes
exit-address-family
Bridge Domain
The native bridge domain refers to a Layer 2 broadcast domain consisting of a set of physical or virtual
ports (including VFI). Data frames are switched within a bridge domain based on the destination MAC
address. Multicast, broadcast, and unknown destination unicast frames are flooded within the bridge
domain. In addition, the source MAC address learning is performed on all incoming frames on a bridge
domain. A learned address is aged out. Incoming frames are mapped to a bridge domain, based on either
the ingress port or a combination of both an ingress port and a MAC header field.
By default, split horizon is enabled on a bridge domain. In other words, any packets that are coming on
either the attachment circuits or pseudowires are not returned on the same attachment circuits or
pseudowires. In addition, the packets that are received on one pseudowire are not replicated on other
pseudowires in the same VFI.
MAC Address-related Parameters

The MAC address table contains a list of the known MAC addresses and their forwarding information.
In the current VPLS design, the MAC address table and its management are distributed. In other words,
a copy of the MAC address table is maintained on the route processor (RP) card and the line cards.
These topics provide information about the MAC address-related parameters:
MAC Address Flooding, page VPC-85
MAC Address-based Forwarding, page VPC-85
MAC Address Source-based Learning, page VPC-85
MAC Address Aging, page VPC-85
MAC Address Limit, page VPC-86
MAC Address Withdrawal, page VPC-86
VPC-84 OL-26113-03
MAC Address Flooding

Ethernet services require that frames that are sent to broadcast addresses and to unknown destination
addresses be flooded to all ports. To obtain flooding within VPLS broadcast models, all unknown
unicast, broadcast, and multicast frames are flooded over the corresponding pseudowires and to all
attachment circuits. Therefore, a PE must replicate packets across both attachment circuits and
pseudowires.
MAC Address-based Forwarding

To forward a frame, a PE must associate a destination MAC address with a pseudowire or attachment
circuit. This type of association is provided through a static configuration on each PE or through
dynamic learning, which is flooded to all bridge ports.
Note In this case, split horizon forwarding applies; for example, frames that are coming in on an attachment
circuit or pseudowire are not sent out of the same attachment circuit or pseudowire. The pseudowire
frames, which are received on one pseudowire, are replicated on to other attachment circuits, VFI
pseudowires and access pseudowires.
MAC Address Source-based Learning

When a frame arrives on a bridge port (for example, pseudowire or attachment circuit) and the source
MAC address is unknown to the receiving PE router, the source MAC address is associated with the
pseudowire or attachment circuit. Outbound frames to the MAC address are forwarded to the appropriate
pseudowire or attachment circuit.
MAC address source-based learning uses the MAC address information that is learned in the hardware
forwarding path. The updated MAC tables are sent to all line cards (LCs) and program the hardware for
the router.
The number of learned MAC addresses is limited through configurable per-port and per-bridge domain
MAC address limits.
MAC Address Aging

A MAC address in the MAC table is considered valid only for the duration of the MAC address aging
time. When the time expires, the relevant MAC entries are repopulated. When the MAC aging time is
configured only under a bridge domain, all the pseudowires and attachment circuits in the bridge domain
use that configured MAC aging time.
A bridge forwards, floods, or drops packets based on the bridge table. The bridge table maintains both
static entries and dynamic entries. Static entries are entered by the network manager or by the bridge
itself. Dynamic entries are entered by the bridge learning process. A dynamic entry is automatically
removed after a specified length of time, known as aging time, from the time the entry was created or
last updated.
If hosts on a bridged network are likely to move, decrease the aging-time to enable the bridge to adapt
to the change quickly. If hosts do not transmit continuously, increase the aging time to record the
dynamic entries for a longer time, thus reducing the possibility of flooding when the hosts transmit
again.
OL-26113-03 VPC-85
MAC Address Limit

The MAC address limit is used to limit the number of learned MAC addresses. The limit is set at the
bridge domain level and the port level. When the MAC address limit is violated, the system is configured
to take one of the actions that are listed in Table 2.
Table 2 MAC Address Limit Actions
Action Description
Limit flood Discards the new MAC addresses.
Limit no-flood Discards the new MAC addresses. Flooding of unknown unicast packets is
disabled.
Shutdown Disables the bridge domain or bridge port. When the bridge domain is
down, none of the bridging functions, such as learning, flooding,
forwarding, and so forth take place for the bridge domain. If a bridge port
is down as a result of the action, the interface or pseudowire representing
the bridge port remains up but the bridge port is not participating in the
bridge. When disabled, the port or bridge domain is manually brought up
by using an EXEC CLI.
When a limit is exceeded, the system is configured to perform the following notifications:
Syslog (default)
Simple Network Management Protocol (SNMP) trap
Syslog and SNMP trap
None (no notification)
To clear the MAC limit condition, the number of MACs must go below 75 percent of the configured
limit.
Note On the Cisco CRS-1 router, MAC address limit action is supported only on the ACs and not on core
pseudowires.
MAC Address Withdrawal

For faster VPLS convergence, you can remove or unlearn the MAC addresses that are learned
dynamically. The Label Distribution Protocol (LDP) Address Withdrawal message is sent with the list
of MAC addresses, which need to be withdrawn to all other PEs that are participating in the
corresponding VPLS service.
For the Cisco IOS XR VPLS implementation, a portion of the dynamically learned MAC addresses are
cleared by using the MAC addresses aging mechanism by default. The MAC address withdrawal feature
is added through the LDP Address Withdrawal message. To enable the MAC address withdrawal feature,
use the withdrawal command in l2vpn bridge group bridge domain MAC configuration mode. To verify
that the MAC address withdrawal is enabled, use the show l2vpn bridge-domain command with the
detail keyword.
Note By default, the LDP MAC Withdrawal feature is enabled on Cisco IOS XR.
VPC-86 OL-26113-03
The LDP MAC Withdrawal feature is generated due to the following events:
Attachment circuit goes down. You can remove or add the attachment circuit through the CLI.
MAC withdrawal messages are received over a VFI pseudowire and are not propagated over access
pseudowires. RFC 4762 specifies that both wildcards (by means of an empty Type, Length and Value
[TLV]) and a specific MAC address withdrawal. Cisco IOS XR software supports only a wildcard
MAC address withdrawal.
LSP Ping over VPWS and VPLS

For Cisco IOS XR software, the existing support for the Label Switched Path (LSP) ping and traceroute
verification mechanisms for point-to-point pseudowires (signaled using LDP FEC128) is extended to
cover the pseudowires that are associated with the VFI (VPLS). Currently, the support for the LSP ping
and traceroute is limited to manually configured VPLS and access pseudowires (signaled using LDP
FEC128). Virtual Circuit Connection Verification (VCCV) is also supported on access pseudowires. For
information about VCCV support and the ping mpls pseudowire command, see Cisco IOS XR MPLS
Command Reference for the Cisco CRS Router.
VPLS Scalability and Performance Targets

The Cisco CRS-1router employs the ternary content addressable memory (TCAM) to meet the
performance and scalable targets over VPLS.
Table 3 describes the scalability and performance targets for the Cisco CRS-1 router.
Table 3 VPLS Scalability and Performance Targets
Performance Scalability Target

Maximum bridge 1024
domains per Line Card
Maximum bridge 1024
domains per system
Maximum MACs per 15999
bridge domain
Line Card
system
Maximum attachment 4085
circuits per bridge
domain
Maximum pseudowires 256
per bridge domain
Maximum pseudowires 16340
per system
OL-26113-03 VPC-87
Pseudowire Redundancy for P2P AToM Cross-Connects

Backup pseudowires (PW) are associated with the corresponding primary pseudowires. A backup PW is
not programmed to forward data when inactive. It is activated only if a primary PW fails. This is known
as pseudowire redundancy. The primary reason for backing up a PW is to reduce traffic loss when a
primary PW fails. When the primary PW is active again, it resumes its activity.
A primary PW can be associated with only one backup PW. Similarly, a backup PW can be associated
with only one primary PW.
It is recommended to enable pseudowire status time length value (TLV) for optimal switchover
performance.
Note This feature is supported only for an AToM instance on the Cisco XR 12000 Series Router, and for an
EoMPLS instance on the Cisco CRS-1 router.
Pseudowire Headend
Pseudowires (PWs) enable payloads to be transparently carried across IP/MPLS packet-switched
networks (PSNs). Service providers are now extending PW connectivity into the access and aggregation
regions of their networks. PWs are regarded as simple and manageable lightweight tunnels for returning
customer traffic into core networks.
The PW headend (PWHE) feature provides a Layer 3 (L3) virtual interface representation of a PW on
an service provider edge (PE), that allows the backhaul of customer packets over PWs and the
application of L3 features, such as QoS (for example: policing and shaping), and access lists (ACLs) on
customer packets on the PW.
The PWHE virtual interface originates as a PW on an access node (the Layer 2 PW feeder node) and
terminates on a Layer 3 service instance, such as a VRF instance, on the service provider router (Cisco
CRS Router). At the service PE, IP traffic on the PW (from a remote customer PE via the access network)
is forwarded onto the IP/MPLS backbone and traffic from the IP/MPLS backbone, is forwarded onto the
PWHE L3 interface towards the customer PE (via the access network).
Figure 18 PWHE example
L2 PE, e.g.
CPE DSLAM P1 S-PE
Global IP/MPLS
Network
Access Network
AC
282420
PW
Note that the PW is from L2 PE node to the Service PE (S-PE), but the L3 adjacency on each PWHE
interface is configured between the service PE and the customer PE.
VPC-88 OL-26113-03
The PWHE feature allows you to replace a two node solution with a single node. Figure 19 illustrates a
scenario wherein, without PWHE, an L2 PE node is required. The L2 PE node terminates the PW and
connects to the service PE (from the L2 PE) via an attachment circuit (AC) that terminates as an L3
interface on the service PE.
Figure 19 Example without PWHE
CPE L2 PE, e.g. P1 L2 PE S-PE
Global IP/MPLS
Network
Access Network
AC AC
282421
PW
PWHE Interfaces
The virtual circuit (VC) types supported for the PW are types 4, 5 and 11. The PWHE acts as broadcast
interface with VC types 4 (VLAN tagged) and 5 (Ethernet port/Raw), whereas with VC type 11 (IP
Interworking), the PWHE acts as a point-to-point interface.
OL-26113-03 VPC-89
How to Implement Virtual Private LAN Services

This section describes the tasks that are required to implement VPLS:
Configuring a Bridge Domain, page VPC-90
Configuring a Layer 2 Virtual Forwarding Instance, page VPC-106
Configuring the MAC Address-related Parameters, page VPC-118
Configuring VPLS with BGP Autodiscovery and Signaling, page VPC-131
Configuring VPLS with BGP Autodiscovery and LDP Signaling, page VPC-134
Configuring Pseudowire Headend, page VPC-137
Configuring a Bridge Domain

These topics describe how to configure a bridge domain:
Creating a Bridge Domain, page VPC-90
Configuring a Pseudowire, page VPC-92
Associating Members with a Bridge Domain, page VPC-101
Configuring Bridge Domain Parameters, page VPC-103
Disabling a Bridge Domain, page VPC-104
Configuring a Layer 2 Virtual Forwarding Instance, page VPC-106
Creating a Bridge Domain

Perform this task to create a bridge domain.
SUMMARY STEPS
1. configure
2. l2vpn
3. bridge group bridge-group-name
4. bridge-domain bridge-domain-name
5. end
or
commit
VPC-90 OL-26113-03
DETAILED STEPS
Command or Action Purpose

Step 1 configure Enters global configuration mode.
Example:
RP/0/RP0/CPU0:router# configure
Step 2 l2vpn Enters L2VPN configuration mode.
Example:
RP/0/RP0/CPU0:router(config)# l2vpn
RP/0/RP0/CPU0:router(config-l2vpn)#
Step 3 bridge group bridge-group-name Creates a bridge group so that it can contain bridge
domains and then assigns network interfaces to the
bridge domain.
Example:
RP/0/RP0/CPU0:router(config-l2vpn)# bridge group
csco
RP/0/RP0/CPU0:router(config-l2vpn-bg)#
Step 4 bridge-domain bridge-domain-name Establishes a bridge domain and enters L2VPN
bridge group bridge domain configuration mode.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg)# bridge-domain
abc
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)#
Step 5 end Saves configuration changes.
or
When you issue the end command, the system
commit prompts you to commit changes:
Uncommitted changes found, commit them
Example: before exiting(yes/no/cancel)?
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# end [cancel]:
or
Entering yes saves configuration changes to
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# commit the running configuration file, exits the
configuration session, and returns the
router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode
without committing the configuration
changes.
Entering cancel leaves the router in the
current configuration session without
exiting or committing the configuration
changes.
Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
OL-26113-03 VPC-91
Configuring a Pseudowire
Perform this task to configure a pseudowire under a bridge domain.
SUMMARY STEPS
1. configure
2. l2vpn
3. bridge group bridge group name
4. bridge-domain bridge-domain name
5. vfi {vfi name}
6. exit
7. neighbor {A.B.C.D} {pw-id value}
8. end
or
commit
DETAILED STEPS

Example:
Example:
Step 3 bridge group bridge group name Creates a bridge group so that it can contain bridge
bridge domain.
Example:
csco
Step 4 bridge-domain bridge-domain name Establishes a bridge domain and enters L2VPN
Example:
abc
VPC-92 OL-26113-03

Step 5 vfi {vfi-name} Configures the virtual forwarding interface (VFI)
parameters and enters L2VPN bridge group bridge
domain VFI configuration mode.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1 Use the vfi-name argument to configure the
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi)# name of the specified virtual forwarding
interface.
Step 6 exit Exits the current configuration mode.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi)# exit
Step 7 neighbor {A.B.C.D} {pw-id value} Adds an access pseudowire port to a bridge domain
or a pseudowire to a bridge virtual forwarding
interface (VFI).
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# neighbor Use the A.B.C.D argument to specify the IP
10.1.1.2 pw-id 1000 address of the cross-connect peer.
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-pw)#
Use the pw-id keyword to configure the
pseudowire ID and ID value. The range is 1 to
4294967295.
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-pw)# end [cancel]:
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-pw)# commit the running configuration file, exits the
changes.
changes.
OL-26113-03 VPC-93
Enabling Pseudowire Status TLV

When a pseudowire is setup, label distribution protocol (LDP) determines the method for signaling
pseudowire status. Cisco IOS-XR provides a configuration option that allows you to enable pseudowire
status type length value (TLV).
Note Unless pseudowire status TLV is explicitly enabled under L2VPN configuration, the default signaling
method is Label Withdrawal. Pseudowire status TLV must be enabled on both local and remote PEs. If
only one provider edge router is configured with the pw-status tlv command, then label withdrawal
method is used.
Perform this task to enable pseudowire status TLV.
SUMMARY STEPS
1. configure
2. l2vpn
3. pw-status tlv
4. end
or
commit
DETAILED STEPS

Example:
Example:
VPC-94 OL-26113-03

Step 3 pw-status tlv Enables pseudowire status TLV.
Example:
RP/0/RP0/CPU0:router(config-l2vpn)# pw-status tlv
or
RP/0/RP0/CPU0:router(config-l2vpn)#end [cancel]:
or
RP/0/RP0/CPU0:router(config-l2vpn)# commit the running configuration file, exits the
changes.
changes.
OL-26113-03 VPC-95
Configuring a Backup Pseudowire

Perform this task to configure a backup pseudowire for a point-to-point neighbor.
SUMMARY STEPS
1. configure
2. l2vpn
3. xconnect group group name
4. p2p xconnect name
5. neighbor ip-address pw-id number
6. backup neighbor ip-address pw-id number
7. end
or
commit
DETAILED STEPS

Example:
Example:
Step 3 xconnect group group name Enters the name of the cross-connect group.
Example:
RP/0/RP0/CPU0:router(config-l2vpn)# xconnect group A
RP/0/RP0/CPU0:router(config-l2vpn-xc)#
Step 4 p2p xconnect name Enters a name for the point-to-point cross-connect.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-xc)# p2p
rtrX_to_rtrY
RP/0/RP0/CPU0:router(config-l2vpn-xc-p2p)#
Step 5 neighbor ip-address pw-id number Configures the pseudowire segment for the
cross-connect.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-xc-p2p)# neighbor
1.1.1.1 pw-id 2
RP/0/RP0/CPU0:router(config-l2vpn-xc-p2p-pw)#
VPC-96 OL-26113-03

Step 6 backup neighbor ip-address pw-id number Configures the backup pseudowire for the
point-to-point neighbor.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-xc-p2p)# backup
neighbor 1.1.1.1 pw-id 2
RP/0/RP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup)#
or
RP/0/RP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup)# [cancel]:
end
or Entering yes saves configuration changes to
the running configuration file, exits the
commit
changes.
changes.
OL-26113-03 VPC-97
Configuring Backup Disable Delay

The Backup Disable Delay function specifies the time for which the primary pseudowire in active state
waits before it takes over for the backup pseudowire. Perform this task to configure a disable delay.
SUMMARY STEPS
1. configure
2. l2vpn
3. pw-class class name
4. backup disable delay seconds
5. exit
6. xconnect group group name
7. p2p xconnect name
8. neighbor ip-address pw-id number
9. pw-class class name
10. backup neighbor ip-address pw-id number
11. end
or
commit
DETAILED STEPS

Example:
Example:
Step 3 pw-class class_1 Configures the pseudowire class name.
Example:
RP/0/RP0/CPU0:router(config-l2vpn)# pw-class class_1
RP/0/RP0/CPU0:router(config-l2vpn-pwc)#
Step 4 backup disable delay seconds Specifies how long a backup pseudowire virtual
circuit (VC) should wait before resuming operation
after the primary pseudowire VC becomes
Example:
RP/0/RP0/CPU0:router(config-l2vpn-pwc)# backup
nonfunctional.
disable delay 20
RP/0/RP0/CPU0:router(config-l2vpn-pwc)#
VPC-98 OL-26113-03

Step 5 exit Exits the pseudowire class submode.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-pwc)# exit
Step 6 xconnect group group name Enters the name of the cross-connect group.
Example:
RP/0/RP0/CPU0:router(config-l2vpn)# xconnect group A
RP/0/RP0/CPU0:router(config-l2vpn-xc)#
Step 7 p2p xconnect name Enters a name for the point-to-point cross-connect.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-xc)# p2p
rtrX_to_rtrY
RP/0/RP0/CPU0:router(config-l2vpn-xc-p2p)#
Step 8 neighbor ip-address pw-id number Configures the pseudowire segment for the
cross-connect.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-xc-p2p)# neighbor
1.1.1.1 pw-id 2
Step 9 pw-class class_1 Configures the pseudowire class name.
Example:
pw-class class_1
OL-26113-03 VPC-99

Step 10 backup neighbor ip-address pw-id number Configures the backup pseudowire for the
point-to-point neighbor.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-xc-p2p-pw)# backup
or
RP/0/RP0/CPU0:router(config-l2vpn-xc-p2p-pw-backup)# [cancel]:
end
commit
changes.
changes.
VPC-100 OL-26113-03
Associating Members with a Bridge Domain

After a bridge domain is created, perform this task to assign interfaces to the bridge domain. The
following types of bridge ports are associated with a bridge domain:
Ethernet and VLAN
VFI
SUMMARY STEPS
1. configure
2. l2vpn
5. interface type interface-path-id
6. static-mac-address {MAC-address}
7. end
or
commit
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Step 4 bridge-domain bridge-domain-name Establishes a bridge domain and enters L2VPN
Example:
abc
OL-26113-03 VPC-101

Step 5 interface type interface-path-id Enters interface configuration mode and adds an
interface to a bridge domain that allows packets to
be forwarded and received from other interfaces that
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# interface
are part of the same bridge domain.
GigabitEthernet 0/4/0/0
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-ac)#
Step 6 static-mac-address {MAC-address} Configures the static MAC address to associate a
remote MAC address with a pseudowire or any other
bridge interface.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-ac)#
static-mac-address 1.1.1
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-ac)# end [cancel]:
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-ac)# commit the running configuration file, exits the
changes.
changes.
VPC-102 OL-26113-03
Configuring Bridge Domain Parameters

To configure the bridge domain parameters, associate the following parameters with a bridge domain:
Maximum transmission unit (MTU)Specifies that all members of a bridge domain have the same
MTU. The bridge domain member with a different MTU size is not used by the bridge domain even
though it is still associated with a bridge domain.
FloodingEnables or disables flooding on the bridge domain. By default, flooding is enabled.
SUMMARY STEPS
1. configure
2. l2vpn
5. flooding disable
6. mtu bytes
7. end
or
commit
DETAILED STEPS

Example:
Step 2 l2vpn Enters l2vpn configuration mode.
Example:
bridge domain.
Example:
csco
Step 4 bridge-domain bridge-domain name Establishes a bridge domain and enters l2vpn bridge
group bridge domain configuration mode.
Example:
abc
OL-26113-03 VPC-103

Step 5 flooding disable Configures flooding for traffic at the bridge domain
level or at the bridge port level.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# flooding
disable
Step 6 mtu bytes Adjusts the maximum packet size or maximum
transmission unit (MTU) size for the bridge domain.
Example: Use the bytes argument to specify the MTU size,
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# mtu 1000 in bytes. The range is from 64 to 65535.
or
or
changes.
changes.
Disabling a Bridge Domain

Perform this task to disable a bridge domain. When a bridge domain is disabled, all VFIs that are
associated with the bridge domain are disabled. You are still able to attach or detach members to the
bridge domain and the VFIs that are associated with the bridge domain.
SUMMARY STEPS
1. configure
2. l2vpn
5. shutdown
VPC-104 OL-26113-03
6. end
or
commit
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Step 4 bridge-domain bridge-domain-name Establishes a bridge domain and enters l2vpn bridge
Example:
abc
OL-26113-03 VPC-105

Step 5 shutdown Shuts down a bridge domain to bring the bridge and
all attachment circuits and pseudowires under it to
admin down state.
Example:
or
or
changes.
changes.
Configuring a Layer 2 Virtual Forwarding Instance

These topics describe how to configure a Layer 2 virtual forwarding instance (VFI):
Adding the Virtual Forwarding Instance Under the Bridge Domain, page VPC-107
Associating Pseudowires with the Virtual Forwarding Instance, page VPC-108
Associating a Virtual Forwarding Instance to a Bridge Domain, page VPC-110
Attaching Pseudowire Classes to Pseudowires, page VPC-112
Configuring Any Transport over Multiprotocol Pseudowires By Using Static Labels, page VPC-114
Disabling a Virtual Forwarding Instance, page VPC-116
VPC-106 OL-26113-03
Adding the Virtual Forwarding Instance Under the Bridge Domain

Perform this task to create a Layer 2 Virtual Forwarding Instance (VFI) on all provider edge devices
under the bridge domain.
SUMMARY STEPS
1. configure
2. l2vpn
5. vfi {vfi name}
6. end
or
commit
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Example:
abc
OL-26113-03 VPC-107

Step 5 vfi {vfi name} Configures virtual forwarding interface (VFI)
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# vfi v1
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi)#
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-vpn)# [cancel]:
end
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-vpn)#
commit
changes.
changes.
Associating Pseudowires with the Virtual Forwarding Instance

After a VFI is created, perform this task to associate one or more pseudowires with the VFI.
SUMMARY STEPS
1. configure
2. l2vpn
5. vfi {vfi name}
6. neighbor A.B.C.D {pw-id value}
7. end
or
commit
VPC-108 OL-26113-03
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Example:
abc
Example:
OL-26113-03 VPC-109

Step 6 neighbor A.B.C.D {pw-id value} Adds an access pseudowire port to a bridge domain
interface (VFI).
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi)# Use the A.B.C.D argument to specify the IP
neighbor 10.1.1.2 pw-id 1000 address of the cross-connect peer.
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)#
4294967295.
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# end [cancel]:
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-pw)# the running configuration file, exits the
commit
changes.
changes.
Associating a Virtual Forwarding Instance to a Bridge Domain

Perform this task to associate a VFI to be a member of a bridge domain.
SUMMARY STEPS
1. configure
2. l2vpn
5. vfi {vfi name}
VPC-110 OL-26113-03
7. static-mac-address {MAC address}

8. end
or
commit
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Example:
abc
Step 5 vfi vfi name Configures virtual forwarding interface (VFI)
Example:
Step 6 neighbor A.B.C.D {pw-id value} Adds an access pseudowire port to a bridge domain
interface (VFI).
Example:
4294967295.
OL-26113-03 VPC-111

Step 7 static-mac-address {MAC address} Configures the static MAC address to associate a
remote MAC address with a pseudowire or any other
bridge interface.
Example:
static-mac-address 1.1.1
or
or
commit
changes.
changes.
Attaching Pseudowire Classes to Pseudowires

Perform this task to attach a pseudowire class to a pseudowire.
SUMMARY STEPS
1. configure
2. l2vpn
5. vfi {vfi name}
7. pw-class {class name}
8. end
or
commit
VPC-112 OL-26113-03
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Example:
abc
Example:
interface (VFI).
Example:
4294967295.
OL-26113-03 VPC-113

Step 7 pw-class {class name} Configures the pseudowire class template name to
use for the pseudowire.
Example:
pw-class canada
or
or
commit
changes.
changes.
Configuring Any Transport over Multiprotocol Pseudowires By Using Static Labels

Perform this task to configure the Any Transport over Multiprotocol (AToM) pseudowires by using the
static labels. A pseudowire becomes a static AToM pseudowire by setting the MPLS static labels to local
and remote.
SUMMARY STEPS
1. configure
2. l2vpn
5. vfi {vfi name}
VPC-114 OL-26113-03
7. mpls static label {local value} {remote value}

8. end
or
commit
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Example:
abc
Example:
interface (VFI).
Example:
4294967295.
OL-26113-03 VPC-115

Step 7 mpls static label {local value} {remote value} Configures the MPLS static labels and the static
labels for the access pseudowire configuration. You
can set the local and remote pseudowire labels.
Example:
mpls static label local 800 remote 500
or
or
commit
changes.
changes.
Disabling a Virtual Forwarding Instance

Perform this task to disable a VFI. When a VFI is disabled, all the previously established pseudowires
that are associated with the VFI are disconnected. LDP advertisements are sent to withdraw the MAC
addresses that are associated with the VFI. However, you can still attach or detach attachment circuits
with a VFI after a shutdown.
SUMMARY STEPS
1. configure
2. l2vpn
5. vfi {vfi name}
6. shutdown
VPC-116 OL-26113-03
7. end
or
commit
8. show l2vpn bridge-domain [detail]
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Example:
abc
Example:
Step 6 shutdown Disables the virtual forwarding interface (VFI).
Example:
shutdown
OL-26113-03 VPC-117

or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi)# end [cancel]:
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi)# commit the running configuration file, exits the
changes.
changes.
Step 8 show l2vpn bridge-domain [detail] Displays the state of the VFI. For example, if you
shut down the VFI, the VFI is shown as shut down
Example: under the bridge domain.
RP/0/RP0/CPU0:router# show l2vpn bridge-domain
detail
Configuring the MAC Address-related Parameters

These topics describe how to configure the MAC address-related parameters:
Configuring the MAC Address Source-based Learning, page VPC-119
Disabling the MAC Address Withdrawal, page VPC-121
Configuring the MAC Address Limit, page VPC-124
Configuring the MAC Address Aging, page VPC-126
Disabling MAC Flush at the Bridge Port Level, page VPC-129
The MAC table attributes are set for the bridge domains.
VPC-118 OL-26113-03
Configuring the MAC Address Source-based Learning

Perform this task to configure the MAC address source-based learning.
SUMMARY STEPS
1. configure
2. l2vpn
5. mac
6. learning disable
7. end
or
commit
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Example:
abc
Step 5 mac Enters L2VPN bridge group bridge domain MAC
configuration mode.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# mac
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac)#
OL-26113-03 VPC-119

Step 6 learning disable Overrides the MAC learning configuration of a
parent bridge or sets the MAC learning
configuration of a bridge.
Example:
learning disable
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac)# end [cancel]:
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac)# commit the running configuration file, exits the
changes.
changes.
Step 8 show l2vpn bridge-domain [detail] Displays the details that the MAC address
source-based learning is disabled on the bridge.
Example:
detail
VPC-120 OL-26113-03
Disabling the MAC Address Withdrawal

Perform this task to disable the MAC address withdrawal for a specified bridge domain.
SUMMARY STEPS
1. configure
2. l2vpn
5. mac
6. withdraw { access-pw disable | disable }
7. end
or
commit
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Example:
abc
configuration mode.
Example:
OL-26113-03 VPC-121

Step 6 withdraw { access-pw disable | disable } Disables the MAC address withdrawal for the
specified bridge domain.
Example: Note Mac address withdrawal is generated when
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac)# the access pseudowire is not operational.
withdraw access-pw disable
or
or
changes.
changes.
Step 8 show l2vpn bridge-domain [detail] Displays detailed sample output to specify that the
MAC address withdrawal is enabled. In addition, the
sample output displays the number of MAC
Example:
P/0/RP0/CPU0:router# show l2vpn bridge-domain detail
withdrawal messages that are sent over or received
from the pseudowire.
The following sample output shows the MAC address withdrawal fields:
RP/0/0/CPU0:router# show l2vpn bridge-domain detail
Bridge group: siva_group, bridge-domain: siva_bd, id: 0, state: up, ShgId: 0, MSTi: 0
MAC Learning: enabled
MAC withdraw: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown Unicast: enabled
MAC address aging time: 300 s Type: inactivity
MAC address limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
Security: disabled
DHCPv4 Snooping: disabled
MTU: 1500
MAC Filter: Static MAC addresses:
ACs: 1 (1 up), VFIs: 1, PWs: 2 (1 up)
VPC-122 OL-26113-03
List of ACs:
AC: GigabitEthernet0/4/0/1, state is up
Type Ethernet
MTU 1500; XC ID 0x5000001; interworking none; MSTi 0 (unprotected)
MAC Learning: enabled
MAC withdraw: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown Unicast: enabled
MAC address aging time: 300 s Type: inactivity
MAC address limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
Security: disabled
DHCPv4 Snooping: disabled
Static MAC addresses:
Statistics:
packet totals: receive 6,send 0
byte totals: receive 360,send 4
List of Access PWs:
List of VFIs:
VFI siva_vfi
PW: neighbor 1.1.1.1, PW ID 1, state is down ( local ready )
PW class not set, XC ID 0xff000001
Encapsulation MPLS, protocol LDP
PW type Ethernet, control word enabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
MPLS Local Remote
------------ ------------------------------ -------------------------
Label 30005 unknown
Group ID 0x0 0x0
Interface siva/vfi unknown
MTU 1500 unknown
Control word enabled unknown
PW type Ethernet unknown
------------ ------------------------------ -------------------------
Create time: 19/11/2007 15:20:14 (00:25:25 ago)
Last time status changed: 19/11/2007 15:44:00 (00:01:39 ago)
MAC withdraw message: send 0 receive 0
OL-26113-03 VPC-123
Configuring the MAC Address Limit

Perform this task to configure the parameters for the MAC address limit.
Note MAC Address Limit action is supported only on the ACs and not on the core pseudowires.
SUMMARY STEPS
1. configure
2. l2vpn
5. mac
6. limit
7. maximum {value}
8. action {flood | no-flood | shutdown}
9. notification {both | none | trap}
10. end
or
commit
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
VPC-124 OL-26113-03

Example:
abc
configuration mode.
Example:
Step 6 limit Sets the MAC address limit for action, maximum,
and notification and enters L2VPN bridge group
bridge domain MAC limit configuration mode.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac)# limit
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)#
Step 7 maximum {value} Configures the specified action when the number of
MAC addresses learned on a bridge is reached.
Example:
maximum 5000
Step 8 action {flood | no-flood | shutdown} Configures the bridge behavior when the number of
learned MAC addresses exceed the MAC limit
configured.
Example:
action flood
Step 9 notification {both | none | trap} Specifies the type of notification that is sent when
the number of learned MAC addresses exceeds the
configured limit.
Example:
notification both
OL-26113-03 VPC-125

or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac-limit)# [cancel]:
end
commit
changes.
changes.
Step 11 show l2vpn bridge-domain [detail] Displays the details about the MAC address limit.
Example:
detail
Configuring the MAC Address Aging

Perform this task to configure the parameters for MAC address aging.
SUMMARY STEPS
1. configure
2. l2vpn
5. mac
6. aging
7. time {seconds}
8. type {absolute | inactivity}
VPC-126 OL-26113-03
9. end
or
commit
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Example:
abc
configuration mode.
Example:
Step 6 aging Enters the MAC aging configuration submode to set
the aging parameters such as time and type.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac)# aging
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)#
Step 7 time {seconds} Configures the maximum aging time.
Use the seconds argument to specify the
Example: maximum age of the MAC address table entry.
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# The range is from 300 to 30000 seconds. Aging
time 300 time is counted from the last time that the switch
saw the MAC address. The default value is 300
seconds.
OL-26113-03 VPC-127

Step 8 type {absolute | inactivity} Configures the type for MAC address aging.
Use the absolute keyword to configure the
Example: absolute aging type.
type absolute
Use the inactivity keyword to configure the
inactivity aging type.
or
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-mac-aging)# [cancel]:
end
commit
changes.
changes.
Step 10 show l2vpn bridge-domain [detail] Displays the details about the aging fields.
Example:
detail
VPC-128 OL-26113-03
Disabling MAC Flush at the Bridge Port Level

Perform this task to disable the MAC flush at the bridge domain level.
You can disable the MAC flush at the bridge domain, bridge port or access pseudowire levels. By default,
the MACs learned on a specific port are immediately flushed, when that port becomes nonfunctional.
SUMMARY STEPS
1. configure
2. l2vpn
3. bridge group bridge-group name
5. mac
6. port-down flush disable
7. end
or
commit
DETAILED STEPS

Example:
Example:
bridge domain.
Example:
csco
Step 4 bridge-domain bridge-domain-name Establishes a bridge domain and enters l2vpn bridge
Example:
abc
OL-26113-03 VPC-129

Step 5 mac Enters l2vpn bridge group bridge domain MAC
configuration mode.
Example:
Step 6 port-down flush disable Disables MAC flush when the bridge port becomes
nonfunctional.
Example:
port-down flush disable
or
or
changes.
changes.
VPC-130 OL-26113-03
Configuring VPLS with BGP Autodiscovery and Signaling

Perform this task to configure BGP-based autodiscovery and signaling.
SUMMARY STEPS
1. configure
2. l2vpn
5. vfi {vfi-name}
6. vpn-id vpn-id
7. autodiscovery bgp
8. rd {as-number:nn | ip-address:nn | auto}
9. route-target {as-number:nn | ip-address:nn | export | import}
10. route-target import {as-number:nn | ip-address:nn}
11. route-target export {as-number:nn | ip-address:nn}
12. signaling-protocol bgp
13. ve-id {number}
14. ve-range {number}
15. commit
or
end
DETAILED STEPS

Example:
Example:
Step 3 bridge group bridge-group-name Enters configuration mode for the named bridge group.
Example:
metroA
OL-26113-03 VPC-131

Step 4 bridge-domain bridge-domain-name Enters configuration mode for the named bridge domain.
Example:
bridge-domain east
Step 5 vfi {vfi-name} Enters virtual forwarding instance (VFI) configuration
mode.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# vfi
vfi-east
Step 6 vpn-id vpn-id Specifies the identifier for the VPLS service. The VPN ID
has to be globally unique within a PE router; that is the
same VPN ID cannot exist in multiple VFIs on the same
Example:
PE router. In addition, a VFI can have only one VPN ID.
vpn-id 100
Step 7 autodiscovery bgp Enters BGP autodiscovery configuration mode where all
BGP autodiscovery parameters are configured.
Example: This command is not provisioned to BGP until the VPN
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi)# ID and the signaling protocol is configured.
autodiscovery bgp
Step 8 rd {as-number:nn|ip-address:nn|auto} Specifies the route distinguisher (RD) under the VFI.
The RD is used in the BGP NLRI to identify VFI. Only
Example: one RD can be configured for each VFI, and except for rd
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# auto, the same RD cannot be configured in multiple VFIs
rd auto on the same PE.
When rd auto is configured, the RD value is:
{BGP Router ID}:{16 bits auto-generated unique index}.
Step 9 route-target {as-number:nn|ip-address:nn} Specifies the route target (RT) for the VFI.
At least one import and one export route target (or just
Example: one route target with both roles) need to be configured in
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# each PE in order to establish BGP autodiscovery between
route-target 500:99 PEs.
If no export or import keyword is specified, it means that
the RT is both import and export. A VFI can have multiple
export or import RTs. However, the same RT is not
allowed in multiple VFIs in the same PE.
Step 10 route-target import {as-number:nn|ip-address:nn} Specifies the import route target for the VFI.
The PE compares import route target with the RT in the
Example: received NLRI: the RT in the received NLRI must match
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# the import RT to determine that the RTs belong to the
route-target import 200:20 same VPLS service.
Step 11 route-target export {as-number:nn|ip-address:nn} Specifies the export route target for the VFI.
Export route target is the RT that will be in the NLRI
Example: advertised to other PEs.
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)#
route-target export 100:10
VPC-132 OL-26113-03

Step 12 signaling-protocol bgp Enables BGP signaling, and enters the BGP signaling
configuration submode where BGP signaling parameters
are configured.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# This command is not provisioned to BGP until VE ID and
signaling-protocol bgp VE ID range is configured.
Step 13 ve-id {number} Specifies the local PE identifier for the VFI for VPLS
configuration.
Example: The VE ID identifies a VFI within a VPLS service. This
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad- means that VFIs in the same VPLS service cannot share
sig)# ve-id 10 the same VE ID. The scope of the VE ID is only within a
bridge domain. Therefore, VFIs in different bridge
domains within a PE can still use the same VE ID.
Step 14 ve-range {number} Overrides the minimum size of VPLS edge (VE) blocks.
The default minimum size is 10. Any configured VE
Example: range must be higher than 10.
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad-si
g)# ve-range 40
or
Uncommitted changes found, commit them before
Example: exiting(yes/no/cancel)?
RP0RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad [cancel]:
-
sig)# end Entering yes saves configuration changes to the
or running configuration file, exits the
RP0RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad
configuration session, and returns the router to
- EXEC mode.
sig)# commit
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
OL-26113-03 VPC-133
Configuring VPLS with BGP Autodiscovery and LDP Signaling

Perform this task to configure BGP-based Autodiscovery and signaling.
SUMMARY STEPS
1. configure
2. l2vpn
3. route-id
6. vfi {vfi-name}
7. autodiscovery bgp
8. vpn-id vpn-id
9. rd {as-number:nn | ip-address:nn | auto}
10. route-target {as-number:nn | ip-address:nn | export | import}
11. route-target import {as-number:nn | ip-address:nn}
12. route-target export {as-number:nn | ip-address:nn}
13. signaling-protocol ldp
14. vpls-id {as-number:nn | ip-address:nn}
15. commit
or
end
DETAILED STEPS

Example:
Example:
VPC-134 OL-26113-03

Step 3 router-id ip-address Specifies a unique Layer 2 (L2) router ID for the provider
edge (PE) router.
Example: The router ID must be configured for LDP signaling, and
RP/0/RP0/CPU0:router(config-l2vpn)# router-id is used as the L2 router ID in the BGP NLRI, SAII (local
1.1.1.1 L2 Router ID) and TAII (remote L2 Router ID). Any
arbitrary value in the IPv4 address format is acceptable.
Note Each PE must have a unique L2 router ID. This
CLI is optional, because a PE automatically
generates a L2 router ID using the LDP router ID.
Step 4 bridge group bridge-group-name Enters configuration mode for the named bridge group.
Example:
metroA
Step 5 bridge-domain bridge-domain-name Enters configuration mode for the named bridge domain.
Example:
bridge-domain east
Step 6 vfi {vfi-name} Enters virtual forwarding instance (VFI) configuration
mode.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd)# vfi
vfi-east
Step 7 vpn-id vpn-id Specifies the identifier for the VPLS service. The VPN ID
has to be globally unique within a PE router; that is the
same VPN ID cannot exist in multiple VFIs on the same
Example:
PE router. In addition, a VFI can have only one VPN ID.
vpn-id 100
Step 8 autodiscovery bgp Enters BGP autodiscovery configuration mode where all
BGP autodiscovery parameters are configured.
Example: This command is not provisioned to BGP until the VPN
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi)# ID and the signaling protocol is configured.
autodiscovery bgp
Step 9 rd {as-number:nn|ip-address:nn|auto} Specifies the route distinguisher (RD) under the VFI.
The RD is used in the BGP NLRI to identify VFI. Only
Example: one RD can be configured for each VFI, and except for rd
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# auto, the same RD cannot be configured in multiple VFIs
rd auto on the same PE.
When rd auto is configured, the RD value is:
{BGP Router ID}:{16 bits auto-generated unique index}.
OL-26113-03 VPC-135

Step 10 route-target {as-number:nn|ip-address:nn} Specifies the route target (RT) for the VFI.
At least one import route target and one export route
Example: target (or just one route target with both roles) need to be
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# configured in each PE in order to establish BGP
route-target 500:99 autodiscovery between PEs.
If no export or import keyword is specified, it means that
the RT is both import and export. A VFI can have multiple
export or import RTs. However, the same RT is not
allowed in multiple VFIs in the same PE.
Step 11 route-target import {as-number:nn|ip-address:nn} Specifies the import route target for the VFI.
The PE compares the import route target with the RT in
Example: the received NLRI: the RT in the received NLRI must
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# match the import RT to determine that the RTs belong to
route-target import 200:20 the same VPLS service.
Step 12 route-target export {as-number:nn|ip-address:nn} Specifies the export route target for the VFI.
Export route target is the RT that will be in the NLRI
Example: advertised to other PEs.
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)#
route-target export 100:10
Step 13 signaling-protocol bgp Enables BGP signaling, and enters the BGP signaling
configuration submode where BGP signaling parameters
are configured.
Example:
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad)# This command is not provisioned to BGP until VE ID and
signaling-protocol bgp VE ID range is configured.
VPC-136 OL-26113-03

Step 14 vpls-id {as-number:nn|ip-address:nn} Specifies VPLS ID which identifies the VPLS domain
during signaling.
Example: This command is optional in all PEs that are in the same
RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad- Autonomous System (that is, PEs that share the same
sig)# vpls-id 10:20 ASN) because a default VPLS ID is automatically
generated using BGP's ASN and the configured VPN ID
(that is, the default VPLS ID equals ASN:VPN-ID). If an
ASN of 4 bytes is used, the lower two bytes of the ASN
are used to build the VPLS ID. In case of InterAS, the
VPLS ID must be explicitly configured. Only one VPLS
ID can be configured for each VFI, and the same VPLS
ID cannot be used for multiple VFIs.
or
RP0RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad [cancel]:
-
sig)# end Entering yes saves configuration changes to the
or running configuration file, exits the
RP0RP/0/RP0/CPU0:router(config-l2vpn-bg-bd-vfi-ad
configuration session, and returns the router to
- EXEC mode.
sig)# commit
Entering no exits the configuration session and
returns the router to EXEC mode without
configuration session without exiting or
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring Pseudowire Headend

The PWHE is created by configuring interface pw-ether or pw-iw. For the PWHE to be functional, the
xconnect has to be configured completely. Configuring other layer 3 (L3) parameters, such as VRF and
IP addresses, are optional for the PWHE to be functional. However, the L3 features are required for the
layer 3 services to be operational; that is, for PW L3 termination.
This section describes these topics:
PWHE Configuration Restrictions
Configuring PWHE Interfaces
Configuring PWHE Interface Parameters
Configuring PWHE Crossconnect
OL-26113-03 VPC-137
PWHE Configuration Restrictions

These are the configuration restrictions for PWHE:
Up to 4096 PWHE interfaces (a combination of pw-ether and pw-iw).
Up to eight interface lists per peer.
Up to eight L3 links per interface list.
VLAN ID (tag-impose) can be configured only in xconnects which have pw-ether interfaces.
VLAN ID (tag-impose) can only be configured under VC type 4 pw-ether interfaces.
Interface lists can be configured on CRS only.
Interface lists can accept POS, GigabitEthernet, TenGigabitEthernet, SRP, Bundle Ethernet and
Bundle POS; other interfaces are rejected.
No support for features such as pseudowire redundancy, preferred path, local switching or L2TP for
xconnects configured with PWHE.
Ethernet and VLAN transport modes are not allowed for pw-iw xconnects.
Address family, Cisco Discovery Protocol (CDP) and MPLS configurations are not allowed on
PWHE interfaces.
IPv6 configuration is not allowed under pw-iw interfaces.
Configuring PWHE Interfaces

Perform this task to configure PWHE interfaces.
Summary Steps
1. configure
2. interface pw-ether id
3. attach generic-interface-list interface_list_name
4. end
or
commit
VPC-138 OL-26113-03
Detailed Steps

Example:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)#
Step 2 interface pw-ether id Configures the PWHE interface and enters the interface
configuration mode.
Example:
RP/0/0/CPU0:router(config)# interface
pw-ether <id>
Step 3 attach generic-interface-list Attaches the interface to a specified interface list.
interface_list_name
Example:
RP/0/0/CPU0:router(config-if)# attach
generic-interface-list interfacelist1
or
When you issue the end command, the system prompts you to
commit commit changes:
RP/0/RSP0/CPU0:router(config-if)# end [cancel]:
or
Entering yes saves configuration changes to the running
RP/0/RSP0/CPU0:router(config-if)# commit configuration file, exits the configuration session, and
returns the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the
configuration changes.
configuration session without exiting or committing the
Use the commit command to save the configuration changes to
the running configuration file and remain within the
Restrictions for Configuring PWHE Interfaces
These are the restrictions for configuring PWHE interfaces:

Neighbor and pw-ID pair must be unique in L2VPN.
pw-ether interfaces have to be VC type 4 or 5.
pw-iw interfaces cannot have IPv6 address because IPv6 is not supported on pw-iw (VC type 11).
The VC type is set to type 11 if AC is pw-iw even when interworking ipv4 is not configured.
The VLAN ID is allowed only if VC type is 4.
OL-26113-03 VPC-139
MPLS protocols (MPLS-TE, LDP, RSVP) cannot be configured on PW-HE.

No interface list configuration is accepted on non-PWHE platforms.
Configuring PWHE Interface Parameters

Perform this task to configure PWHE interface parameters.
Summary Steps
1. configure
3. attach generic-interface-list interface_list_name
4. l2overhead bytes
5. load-interval seconds
6. dampening decay-life
7. logging events link-status
8. mac-address MAC address
9. mtu interface_MTU
10. end
or
commit
VPC-140 OL-26113-03
Detailed Steps

Example:
Step 2 interface pw-ether id Configures the PWHE interface and enters the interface
configuration mode.
Example:
RP/0/0/CPU0:router(config)# interface
pw-ether <id>
Step 3 attach generic-interface-list Attaches the interface to a specified interface list.
interface_list_name
Example:
RP/0/0/CPU0:router(config-if)# attach
generic-interface-list interfacelist1
Step 4 l2overhead bytes Sets layer 2 overhead size.
Example:
RP/0/0/CPU0:router(config-if)#l2overhead
20
Step 5 load-interval seconds Specifies interval, in seconds, for load calculation for an interface.
The number of seconds:
Example: Can be set to 0 [0 disables load calculation]
RP/0/0/CPU0:router(config-if)#load-interv
al 90 If not 0, interval must be specified in multiples of 30 between
30 and 600.
Step 6 dampening decay-life Configures state dampening on the given interface (in minutes).
Example:
RP/0/0/CPU0:router(config-if)#dampening
10
Step 7 logging events link-status Configures per interface logging.
Example:
RP/0/0/CPU0:router(config-if)#logging
events link-status
Step 8 mac-address MAC address Sets the MAC address (xxxx.xxxx.xxxx) on an interface.
Example:
RP/0/0/CPU0:router(config-if)#mac-address
aaaa.bbbb.cccc
OL-26113-03 VPC-141

Step 9 mtu interface_MTU Sets the MTU on an interface.
Example:
RP/0/0/CPU0:router(config-if)#mtu 128
or
or
Configuring PWHE Crossconnect

Perform this task to configure PWHE crossconnects.
Summary Steps
1. configure
2. l2vpn
3. xconnect group group-name
4. p2p xconnect-name
6. neighbor A.B.C.D pw-id value
7. pw-class class-name
8. end
or
commit
VPC-142 OL-26113-03
Detailed Steps

Example:
Step 2 l2vpn Enters Layer 2 VPN configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 3 xconnect group group-name Configures a cross-connect group name using a free-format
32-character string.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)#
xconnect group MS-PW1
Step 4 p2p xconnect-name Enters P2P configuration submode.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc)#
p2p ms-pw1
Step 5 interface pw-ether id Configures the PWHE interface.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p2p
)# interface pw-ether 100
Step 6 neighbor A.B.C.D pw-id value Configures a pseudowire for a cross-connect.
The IP address is that of the corresponding PE node.
Example: The pw-id must match the pw-id of the PE node.
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p
2p)# neighbor 10.165.200.25 pw-id 100
OL-26113-03 VPC-143

Step 7 pw-class class-name Enters pseudowire class submode, allowing you to define a
pseudowire class template.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-xc-p
2p-pw)# pw-class dynamic_mpls
or
or
VPC-144 OL-26113-03
Configuration Examples for Virtual Private LAN Services

This section includes the following configuration examples:
Virtual Private LAN Services Configuration for Provider Edge-to-Provider Edge: Example,
page VPC-145
Virtual Private LAN Services Configuration for Provider Edge-to-Customer Edge: Example,
page VPC-146
Configuring Backup Disable Delay: Example, page VPC-147
Disabling MAC Flush: Examples, page VPC-147
H-VPLS Configuration: Examples, page VPC-148
H-VPLS with Access-PWs: Examples, page VPC-146
Configuring VPLS with BGP Autodiscovery and Signaling: Example, page VPC-150
Configuring Pseudowire Headend: Example, page VPC-155
Virtual Private LAN Services Configuration for Provider Edge-to-Provider Edge:

Example
These configuration examples show how to create a Layer 2 VFI with a full-mesh of participating VPLS
provider edge (PE) nodes.
The following configuration example shows how to configure PE 1:
configure
l2vpn
bridge group 1
bridge-domain PE1-VPLS-A
GigabitEthernet0/0---AC
exit
vfi 1
neighbor 2.2.2.2 pw-id 1---PW1
!
!
interface loopback 0
ipv4 address 1.1.1.1 255.255.255.25
commit

configure
l2vpn
bridge group 1
interface GigabitEthernet0/0---AC
exit
vfi 1
!
!
ipv4 address 2.2.2.2 255.255.255.25
commit
OL-26113-03 VPC-145

configure
l2vpn
bridge group 1
interface GigabitEthernet0/0---AC
exit
vfi 1
!
!
ipv4 address 3.3.3.3 255.255.255.25
commit
Virtual Private LAN Services Configuration for Provider Edge-to-Customer

Edge: Example
The following configuration shows how to configure VPLS for a PE-to-CE nodes:
configure
interface GigabitEthernet0/0
l2transport---AC interface
exit
no ipv4 address
no ipv4 directed-broadcast
negotiation auto
no cdp enable
end
configure
l2transport
exit
no ipv4 address
negotiation auto
no cdp enable
end
configure
l2transport
exit
no ipv4 address
negotiation auto
no cdp enable
VPC-146 OL-26113-03
Configuring Backup Disable Delay: Example

The following example shows how a backup delay is configured for point-to-point PW where the backup
disable delay is 50 seconds:
l2vpn
pw-class class_1
backup disable delay 20
exit
xconnect group_A
p2p rtrX_to_rtrY
pw-class class_1
backup neighbor 2.2.2.2 pw- id 5
commit
The following example shows how a backup delay is configured for point-to-point PW where the backup
disable delay is never:
l2vpn
pw-class class_1
backup disable never
exit
xconnect group_A
p2p rtrX_to_rtrY
pw-class class_1
backup neighbor 2.2.2.2 pw-id 5
commit
Disabling MAC Flush: Examples

You can disable the MAC flush at the following levels:
bridge domain
bridge port (attachment circuit (AC))
access pseudowire (PW)
The following example shows how to disable the MAC flush at the bridge domain level:
configure
l2vpn
bridge-group group1
bridge-domain domain1
mac
end
The following example shows how to disable the MAC flush at the bridge port level:
configure
l2vpn
bridge-group group1
interface POS 0/1/0/1
mac
end
OL-26113-03 VPC-147
The following example shows how to disable the MAC flush at the access pseudowire level:
configure
l2vpn
bridge-group group1
mac
end
H-VPLS Configuration: Examples

This example shows how to configure hierarchical VPLS (H-VPLS). All examples in this section are
based on the following topology where N-PE1 is the H-VPLS Node:
VPLS with QinQ or QinAny: Example

Global Interface Configuration at N-PE1:
interface GigabitEthernet0/0/0/0
dot1q tunneling ethertype 0x9200
!
!
interface GigabitEthernet0/0/0/0.1 l2transport
dot1q vlan 20 21
!
dot1q vlan 10 any
L2VPN Configuration at N-PE1:

l2vpn
bridge group g1
bridge-domain d1
interface GigabitEthernet0/0/0/0.1
!
VPC-148 OL-26113-03
!
vfi core-pws
Global Interface Configuration at N-PE2:

!
!
dot1q vlan 10 20
!
dot1q vlan 1 2
L2VPN Configuration at N-PE2:

l2vpn
bridge group g1
bridge-domain d1
!
!
vfi core-pws
H-VPLS with Access-PWs: Example

Router Configuration at U-PE1:
l2vpn
pw-class vpls
encapsulation mpls
transport-mode ethernet
!
xconnect group g1
p2p p1
interface GigabitEthernet0/1/1/0.1 --> Local AC
neighbor 5.5.5.5 pw-id 100 --> Access PW to N-PE1
pw-class vpls
dot1q vlan 1
Router Configuration at U-PE2:

l2vpn
pw-class vpls
encapsulation mpls
transport-mode ethernet
mac-withdraw
!
xconnect group g1
p2p p1
neighbor 5.5.5.5 pw-id 100 --> Access PW to N-PE1
OL-26113-03 VPC-149
pw-class vpls

dot1q vlan 1
Router Configuration at N-PE1:

l2vpn
bridge group g1
bridge-domain d1
interface GigabitEthernet0/1/4/0.1 ? Local AC
neighbor 1.1.1.1 pw-id 100 --> Access PW to U-PE1
neighbor 2.2.2.2 pw-id 100 --> Access PW to U-PE2
!
vfi core1
neighbor 6.6.6.6 pw-id 100 --> Core PW to N-PE2

dot1q vlan 1
Router Configuration at N-PE2:

l2vpn
bridge group g1
bridge-domain d1
vfi core1
neighbor 5.5.5.5 pw-id 100 --> Core PW to N-PE1

dot1q vlan 1
Configuring VPLS with BGP Autodiscovery and Signaling: Example

This section contains these configuration examples:
LDP and BGP Configuration
Minimum L2VPN Configuration for BGP Autodiscovery with BGP Signaling
VPLS with BGP Autodiscovery and BGP Signaling
Minimum Configuration for BGP Autodiscovery with LDP Signaling
VPLS with BGP Autodiscovery and LDP Signaling
LDP and BGP Configuration

Figure 20 illustrates an example of LDP and BGP configuration.
Figure 20 LDP and BGP Configuration

GigabitEthernet0/1/0/0 GigabitEthernet0/1/0/0
CE1 PE1 PE2 CE2

249872
MPLS Core
VPC-150 OL-26113-03
Configuration at PE1:
interface Loopback0
ipv4 address 1.1.1.100 255.255.255.255
!
interface Loopback1
ipv4 address 1.1.1.10 255.255.255.255
!
mpls ldp
router-id 1.1.1.1
interface GigabitEthernt0/1/0/0
!
router bgp 120
address-family l2vpn vpls-vpws
!
neighbor 2.2.2.20
remote-as 120
update-source Loopback1
signaling bgp disable
interface Loopback0
ipv4 address 2.2.2.200 255.255.255.255
!
interface Loopback1
ipv4 address 2.2.2.20 255.255.255.255
!
mpls ldp
router-id 2.2.2.2
interface GigabitEthernt0/1/0/0
!
router bgp 120
!
neighbor 1.1.1.10
remote-as 120
update-source Loopback1
OL-26113-03 VPC-151
Minimum L2VPN Configuration for BGP Autodiscovery with BGP Signaling

This example illustrates the minimum L2VPN configuration required for BGP Autodiscovery with BGP
Signaling, where any parameter that has a default value is not configured.
(config)# l2vpn
(config-l2vpn)# bridge group {bridge group name}
(config-l2vpn-bg)# bridge-domain {bridge domain name}
(config-l2vpn-bg-bd)# vfi {vfi name}
(config-l2vpn-bg-bd-vfi)# vpn-id 10
(config-l2vpn-bg-bd-vfi)# autodiscovery bgp
(config-l2vpn-bg-bd-vfi-ad)# rd auto
(config-l2vpn-bg-bd-vfi-ad)# route-target 1.1.1.1:100
(config-l2vpn-bg-bd-vfi-ad)# signaling-protocol bgp
(config-l2vpn-bg-bd-vfi-ad-sig)# ve-id 1
(config-l2vpn-bg-bd-vfi-ad-sig)# commit
VPLS with BGP Autodiscovery and BGP Signaling

Figure 21 illustrates an example of configuring VPLS with BGP autodiscovery (AD) and BGP
Signaling.
Figure 21 VPLS with BGP autodiscovery and BGP signaling

GigabitEthernet0/1/0/1.1 3.3.3.3 1.1.1.1 GigabitEthernet0/1/0/2.1
CE1 PE1 PE2 CE2
249873
MPLS Core
l2vpn
bridge group gr1
bridge-domain bd1
vfi vf1
! AD independent VFI attributes
vpn-id 100
! Auto-discovery attributes
autodiscovery bgp
rd auto
route-target 2.2.2.2:100
! Signaling attributes
signaling-protocol bgp
ve-id 3
l2vpn
bridge group gr1
bridge-domain bd1
vfi vf1
! AD independent VFI attributes
vpn-id 100
! Auto-discovery attributes
autodiscovery bgp
rd auto
VPC-152 OL-26113-03
route-target 2.2.2.2:100
! Signaling attributes
signaling-protocol bgp
ve-id 5
This is an example of NLRI for VPLS with BGP AD and signaling:

GigabitEthernet0/1/0/1.1 3.3.3.3 1.1.1.1 GigabitEthernet0/1/0/2.1
CE1 PE1 PE2 CE2
249878
MPLS Core
Discovery attributes
NLRI sent at PE1:
Length = 19
Router Distinguisher = 3.3.3.3:32770
VE ID = 3
VE Block Offset = 1
VE Block Size = 10
Label Base = 16015
NLRI sent at PE2:

Length = 19
Router Distinguisher = 1.1.1.1:32775
VE ID = 5
VE Block Offset = 1
VE Block Size = 10
Label Base = 16120
Minimum Configuration for BGP Autodiscovery with LDP Signaling

This example illustrates the minimum L2VPN configuration required for BGP Autodiscovery with LDP
Signaling, where any parameter that has a default value is not configured.
(config)# l2vpn
(config-l2vpn)# bridge group {bridge group name}
(config-l2vpn-bg)# bridge-domain {bridge domain name}
(config-l2vpn-bg-bd)# vfi {vfi name}
(config-l2vpn-bg-bd-vfi)# autodiscovery bgp
(config-l2vpn-bg-bd-vfi-ad)# vpn-id 10
(config-l2vpn-bg-bd-vfi-ad)# rd auto
(config-l2vpn-bg-bd-vfi-ad)# route-target 1.1.1.1:100
(config-l2vpn-bg-bd-vfi-ad)# commit
OL-26113-03 VPC-153
VPLS with BGP Autodiscovery and LDP Signaling

Figure 22 illustrates an example of configuring VPLS with BGP autodiscovery (AD) and LDP Signaling.
Figure 22 VPLS with BGP autodiscovery and LDP signaling

CE1 PE1 PE2 CE2
249882
MPLS Core
l2vpn
router-id 10.10.10.10
bridge group bg1
bridge-domain bd1
vfi vf1
vpn-id 100
autodiscovery bgp
rd 1:100
router-target 12:12
l2vpn
router-id 20.20.20.20
bridge group bg1
bridge-domain bd1
vfi vf1
vpn-id 100
autodiscovery bgp
rd 2:200
router-target 12:12
signaling-protocol ldp
vpls-id 120:100
Discovery and Signaling Attributes
CE1 PE1 PE2 CE2
MPLS Core
LDP Router ID - 1.1.1.1
BGP Router ID - 1.1.1.100
Peer Address - 1.1.1.10
L2VPN Router ID - 10.10.10.10
Route Distinguisher - 1:100
VPC-154 OL-26113-03
Common Configuration between PE1 and PE2:

ASN - 120
VPN ID - 100
VPLS ID - 120:100
Route Target - 12:12
LDP Router ID - 2.2.2.2
BGP Router ID - 2.2.2.200
Peer Address - 2.2.2.20
Discovery Attributes
NLRI sent at PE1:

Source Address - 1.1.1.10
Destination Address - 2.2.2.20
Length - 14
VPLS ID - 120:100
NLRI sent at PE2:

Source Address - 2.2.2.20
Destination Address - 1.1.1.10
Length - 14
VPLS ID - 120:100
Configuring Pseudowire Headend: Example

This section provides an example of pseudowire headend configuration.
Figure 23 PWHE Configuration Example
Access MPLS/TP
Network Network
L1, L2
CEs A-PE S-PE PE PE CEx
P1
P2
L3, L4
ACs
PWs
282419
OL-26113-03 VPC-155
Consider the topology in Figure 23.

1. There are many customer edge routers (CEs) connected to a A-PE (each CE is connected using 1
link).
2. There are two P routers between A-PE an S-PE in the access network.
3. S-PE is connected by two links to P1links L1 and L2 (on two separate linecards on P1 and S-PE);
for example, Gig0/1/0/0 and Gig0/2/0/0 respectively.
4. S-PE is connected by two links to P2L3 and L4 (on two separate linecards on P2 and S-PE); for
example, Gig0/1/0/1 and Gig0/2/0/1 respectively.
5. For each CE-APE link, a xconnect (AC-PW) is configured on the A-PE. The PWs are connected to
S-PE; some PWs are connected to [L1 (Gig0/1/0/0), L4 (Gig0/2/0/1)] and others through [L2
(Gig0/1/0/1), L3 (Gig0/2/0/0)].
6. A-PE uses router-id 100.100.100.100 for routing and PW signaling.
7. The two router-ids on S-PE used for PW signaling are 111.111.111.111 and 112.112.112.112 (for
Rx pin-down). 110.110.110.110 is the router-id assigned for routing.
CE Configuration
Consider two CEs connected using GigabitEthernet0/3/0/0 (CE1 and A-PE) and GigabitEthernet0/3/0/1
(CE2 and A-PE).
At CE1:
interface Gig0/3/0/0
ipv4 address 10.1.1.1/24
router static
address-family ipv4 unicast
110.110.110.110 Gig0/3/0/0
A.B.C.D/N 110.110.110.110
At CE2:
router static
110.110.110.110 Gig0/3/0/1
A.B.C.D/N 110.110.110.110
A-PE Configuration
At A-PE, one xconnect is configured for each CE connection. Here, CE connections are L2 links, which
are in xconnects. Each xconnect has a pseudowire connected to S-PE, though connected to different
neighbor addresses, depending on where the pseudowire is to be pin downed: [L1, L4] or [L2, L3].
l2transport
l2transport
l2vpn
xconnect group pwhe
p2p pwhe_spe_1
neighbor 111.111.111.111 pw-id 1
p2p pwhe_spe_2
VPC-156 OL-26113-03
neighbor 112.112.112.112 pw-id 2
P Router Configuration
Static routes are required on P routers for Rx pindown on S-PE to force PWs configured with a specific
address to be transported over certain links.
At P1:
router static
111.111.111.111 Gig0/1/0/0
112.112.112.112 Gig0/2/0/0
At P2:
router static
111.111.111.111 Gig0/2/0/1
112.112.112.112 Gig0/1/0/1
S-PE Configuration
At S-PE, two PWHE interfaces (one for each PW) is configured, and each uses a different interface list
for Tx pin-down. (This must match the static configuration at P routers for Rx pin-down). Each PWHE
has the PW connected to A-PE (The pw-id must match the pw-id at A-PE.)
generic-interface-list il1
interface gig0/1/0/0
generic-interface-list il2
interface pw-ether1
attach generic-interface-list il1
interface pw-ether2
attach generic-interface-list il2
l2vpn
xconnect group pwhe
p2p pwhe1
interface pw-ether1
neighbor 100.100.100.100 pw-id 1
p2p pwhe2
interface pw-ether2
neighbor 100.100.100.100 pw-id 2
OL-26113-03 VPC-157
Additional References
For additional information related to implementing VPLS, refer to the following references:
Related Documents
Related Topic Document Title

Cisco IOS XR L2VPN command reference document MPLS Virtual Private Network Commands on Cisco IOS XR
Software module in Cisco IOS XR MPLS Command Reference
MPLS VPLS-related commands MPLS Virtual Private LAN Services Commands on Cisco IOS XR
Software module in Cisco IOS XR MPLS Command Reference
MPLS Layer 2 VPNs Implementing MPLS Layer 2 VPNs on Cisco IOS XR Software
module in Cisco IOS XR MPLS Configuration Guide
MPLS VPNs over IP Tunnels MPLS VPNs over IP Tunnels on Cisco IOS XR Software module in
Cisco IOS XR MPLS Configuration Guide
Cisco CRS router getting started material Cisco IOS XR Getting Started Guide
Information about user groups and task IDs Configuring AAA Services on Cisco IOS XR Software module of
Cisco IOS XR System Security Configuration Guide
Standards
Standards1 Title
No new or modified standards are supported by this
feature, and support for existing standards has not been
modified by this feature.
1. Not all supported standards are listed.
MIBs
MIBs MIBs Link

To locate and download MIBs using Cisco IOS XR software, use the
Cisco MIB Locator found at the following URL and choose a
platform under the Cisco Access Products menu:
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
VPC-158 OL-26113-03
RFCs
RFCs Title
RFC 3931 Layer Two Tunneling Protocol - Version 3 (L2TPv3)
RFC 4447 Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP), April 2006
RFC 4448 Encapsulation Methods for Transport of Ethernet over MPLS Networks, April 2006
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
OL-26113-03 VPC-159
VPC-160 OL-26113-03

VC 42 Vpls

Uploaded by

Copyright:

Available Formats

VC 42 Vpls

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VC 42 Vpls

Uploaded by

Copyright:

Available Formats

Implementing Virtual Private LAN Services

Release 4.2.0 Support was added for:

Prerequisites for Implementing Virtual Private LAN Services

Restrictions for Implementing Virtual Private LAN Services

Information About Implementing Virtual Private LAN Services

Virtual Private LAN Services Overview

VPLS for an MPLS-based Provider Core

H-VPLS with Ethernet Access QinQ or QinAny

Figure 11 Ethernet Access for H-VPLS

H-VPLS with PW-access

Figure 12 PW access for H-VPLS

VPLS Discovery and Signaling

Figure 13 VPLS Autodiscovery and Signaling

Signaling Protocol LDP BGP

BGP-based VPLS Autodiscovery

BGP Auto Discovery With BGP Signaling

Figure 14 Discovery and Signaling Attributes

Label Signaling BGP

CE1 PE1 PE2 CE2

Tunnel LSP = LDP

Payload BGP VC Label LDP IGP Label

The BGP signaling and autodiscovery scheme has these components:

NLRI Format for VPLS with BGP AD and Signaling

Figure 15 NLRI Format

Route Distinguisher (8 octets)

VE Block Offset (2 octets)

VE Block Size (2 octets)

Label Base (3 octets)

BGP Auto Discovery With LDP Signaling

Figure 16 Discovery and Signaling Attributes

Label Signaling LDP

CE1 PE1 PE2 CE2

Tunnel LSP = LDP

Payload LDP VC Label LDP IGP Label

NLRI and Extended Communities

Figure 17 NLRI and Extended Communities

Route Distinguisher (8 octets)

L2VPN Router ID (4 octets)

Route Target (8 octets)

MAC Address-related Parameters

MAC Address Flooding

MAC Address-based Forwarding

MAC Address Source-based Learning

MAC Address Aging

MAC Address Limit

Table 2 MAC Address Limit Actions

MAC Address Withdrawal

LSP Ping over VPWS and VPLS

VPLS Scalability and Performance Targets

Table 3 VPLS Scalability and Performance Targets

Performance Scalability Target

Pseudowire Redundancy for P2P AToM Cross-Connects

Figure 18 PWHE example

Figure 19 Example without PWHE

CPE L2 PE, e.g. P1 L2 PE S-PE

How to Implement Virtual Private LAN Services

Configuring a Bridge Domain

Creating a Bridge Domain