L2VPN Pseudowire Redundancy

First Published: April 20, 2005 Last Updated: June 25, 2009

The L2VPN Pseudowire Redundancy feature enables you to configure your network to detect a failure in the network and reroute the Layer 2 (L2) service to another endpoint that can continue to provide service. This feature provides the ability to recover from a failure either of the remote provider edge (PE) router or of the link between the PE and customer edge (CE) routers. This feature also provides the ability to set up multiple backup pseudowires.

Finding Feature Information

For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information for L2VPN Pseudowire Redundancy section on page 14. Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for L2VPN Pseudowire Redundancy, page 2 Restrictions for L2VPN Pseudowire Redundancy, page 2 Information About L2VPN Pseudowire Redundancy, page 2 How to Configure L2VPN Pseudowire Redundancy, page 4 Configuration Examples for L2VPN Pseudowire Redundancy, page 11 Additional References, page 12 Feature Information for L2VPN Pseudowire Redundancy, page 14

Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

L2VPN Pseudowire Redundancy Prerequisites for L2VPN Pseudowire Redundancy

Prerequisites for L2VPN Pseudowire Redundancy

This feature module requires that you understand how to configure basic L2 Virtual Private Networks (VPNs). The L2VPN Pseudowire Redundancy feature requires that the following mechanisms be in place to enable you to detect a failure in the network:
Label-switched paths (LSP) Ping/Traceroute and Any Transport over MPLS Virtual Circuit

Connection Verification (AToM VCCV)

Local Management Interface (LMI) Operation, Administration, and Maintenance (OAM)

Restrictions for L2VPN Pseudowire Redundancy

The default Label Distribution Protocol (LDP) session hold-down timer will enable the software to detect failures in about 180 seconds. That time can be configured so that the software can detect failures more quickly. See the mpls ldp holdtime command for more information. Pseudowire redundancy is not supported for Layer 2 Tunnel Protocol Version 3 (L2TPv3) xconnect configurations. The primary and backup pseudowires must run the same type of transport service. The primary and backup pseudowires must be configured with AToM. Only static, on-box provisioning is supported in this release. If you use L2VPN Pseudowire Redundancy with L2VPN Interworking, the interworking method must be the same for the primary and backup pseudowires. L2VPN Pseudowire Redundancy does support setting the experimental (EXP) bit on the Multiprotocol Label Switching (MPLS) pseudowire. L2VPN Pseudowire Redundancy does not support different pseudowire encapsulation types on the MPLS pseudowire. The mpls l2transport route command is not supported. Use the xconnect command instead. The ability to have the backup pseudowire fully operational at the same time that the primary pseudowire is operational is not supported. The backup pseudowire becomes active only after the primary pseudowire fails. The AToM VCCV feature is supported only on the active pseudowire. In Cisco IOS XE Release 2.3, only one backup pseudowire is supported. In Cisco IOS XE Release 2.4 and later releases, up to three backup pseudowires are supported. A primary pseudowire in L2VPN Pseudowire Redundancy feature cannot be backed up by a Layer 2 local switched interface. In Cisco IOS XE Release 2.4, the L2VPN Pseudowire Redundancy: Multiple Backup Pseudowires feature supports only ATM interfaces.

Information About L2VPN Pseudowire Redundancy

Introduction to L2VPN Pseudowire Redundancy, page 3

L2VPN Pseudowire Redundancy Information About L2VPN Pseudowire Redundancy

Introduction to L2VPN Pseudowire Redundancy

L2VPNs can provide pseudowire resiliency through their routing protocols. When connectivity between end-to-end PE routers fails, an alternative path to the directed LDP session and the user data can take over. However, there are some parts of the network where this rerouting mechanism does not protect against interruptions in service. Figure 1 shows those parts of the network that are vulnerable to an interruption in service.
Figure 1 Points of Potential Failure in an L2VPN Network

X2 X1 CE1 PE1 P1 P2 PE2 X3

X4

CE2

X1 = End-to-end routing failure X2 = PE hardware or software failure X3 = Attachment circuit failure from a line break X4 = CE hardware or software failure

The L2VPN Pseudowire Redundancy feature provides the ability to ensure that the CE2 router in Figure 1 can always maintain network connectivity, even if one or all the failures in the figure occur. The L2VPN Pseudowire Redundancy feature enables you to set up backup pseudowires. You can configure the network with redundant pseudowires (PWs) and redundant network elements, which are shown in Figure 2, Figure 3, and Figure 4. Figure 2 shows a network with redundant pseudowires and redundant attachment circuits.
Figure 2 L2 VPN Network with Redundant PWs and Attachment Circuits

Primary pseudowire

Backup pseudowire

Figure 3 shows a network with redundant pseudowires, attachment circuits, and CE routers.

135058

CE1

PE1

PE2

Redundant attachment CE2 circuits

135057

L2VPN Pseudowire Redundancy How to Configure L2VPN Pseudowire Redundancy

Figure 3

L2 VPN Network with Redundant PWs, Attachment Circuits, and CE Routers

Primary pseudowire

Redundant CE routers

CE2a CE1 PE1 PE2

Redundant attachment circuits Backup pseudowire

CE2b

Figure 4 shows a network with redundant pseudowires, attachment circuits, CE routers, and PE routers.
Figure 4 L2 VPN Network with Redundant PWs, Attachment Circuits, CE Routers, and PE Routers

Primary pseudowire

Redundant PE routers Redundant attachment circuits

Redundant CE routers

PE2a CE1 PE1 PE2b Backup pseudowire

CE2a

How to Configure L2VPN Pseudowire Redundancy

The L2VPN Pseudowire Redundancy feature enables you to configure a backup pseudowire in case the primary pseudowire fails. When the primary pseudowire fails, the PE router can switch to the backup pseudowire. You can have the primary pseudowire resume operation after it comes back up.

Note

In Cisco IOS XE Release 2.3, only one backup pseudowire is supported. In Cisco IOS XE Release 2.4 and later releases, up to three backup pseudowires are supported.

Configuring the Pseudowire Attributes, page 5 (required) Configuring a Single Backup Pseudowire, page 6 (required) Configuring Multiple Backup Pseudowires, page 7 (required) Forcing a Manual Switchover to the Backup Pseudowire VC, page 9 (optional) Verifying the L2VPN Pseudowire Redundancy Configuration, page 10 (optional)

135060

CE2b

135059

L2VPN Pseudowire Redundancy How to Configure L2VPN Pseudowire Redundancy

Configuring the Pseudowire Attributes

The successful transmission of the Layer 2 frames between PE routers is due to the configuration of the PE routers. You set up the connection, called a pseudowire, between the routers. The pseudowire-class configuration group specifies the characteristics of the tunneling mechanism, which are:

Encapsulation type Control protocol Payload-specific options

You must specify the encapsulation mpls command as part of the pseudowire class for the AToM VCs to work properly. If you omit the encapsulation mpls command as part of the xconnect command, you receive the following error:
% Incomplete command.

Perform this task to configure a pseudowire class.

SUMMARY STEPS
1. 2. 3. 4. 5.

enable configure terminal pseudowire-class name encapsulation mpls interworking {ethernet | ip}

DETAILED STEPS
Command or Action
Step 1
enable

Purpose Enables privileged EXEC mode.

Enter your password if prompted.

Example:
Router> enable

Step 2

configure terminal

Enters global configuration mode.

Example:
Router# configure terminal

Step 3

pseudowire-class name

Establishes a pseudowire class with a name that you specify. Enters pseudowire class configuration mode.

Example:
Router(config)# pseudowire-class atom

L2VPN Pseudowire Redundancy How to Configure L2VPN Pseudowire Redundancy

Command or Action
Step 4
encapsulation mpls

Purpose Specifies the tunneling encapsulation. For AToM, the encapsulation type is mpls.

Example:
Router(config-pw-class)# encapsulation mpls

Step 5

interworking {ethernet | ip}

(Optional) Enables the translation between the different Layer 2 encapsulations.

Example:
Router(config-pw-class)# interworking ip

Configuring a Single Backup Pseudowire

In Cisco IOS XE Release 2.3, only one backup pseudowire is supported. In Cisco IOS XE Release 2.4 and later releases, up to three backup pseudowires are supported. Use the following steps to configure a single backup pseudowire.

Prerequisites
For each transport type, the xconnect command is configured slightly differently. The following configuration steps use Ethernet VLAN over MPLS, which is configured in subinterface configuration mode. See Any Transport over MPLS to determine how to configure the xconnect command for other transport types.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.

enable configure terminal interface gigabitethernet slot/subslot/interface.[subinterface] encapsulation dot1q vlan-id xconnect peer-router-id vcid {encapsulation mpls | pw-class pw-class-name} backup peer peer-router-ip-addr vcid [pw-class pw-class-name] backup delay enable-delay {disable-delay | never}

DETAILED STEPS
Command or Action
Step 1
enable

Purpose Enables privileged EXEC mode.

Enter your password if prompted.

Example:
Router> enable

Step 2

configure terminal

Enters global configuration mode.

Example:
Router# configure terminal

L2VPN Pseudowire Redundancy How to Configure L2VPN Pseudowire Redundancy

Command or Action
Step 3
interface gigabitethernet slot/subslot/interface.[subinterface]

Purpose Specifies the Gigabit Ethernet subinterface and enters subinterface configuration mode. Make sure that the subinterface on the adjoining CE router is on the same VLAN as this PE router. Enables the subinterface to accept 802.1Q VLAN packets. The subinterfaces between the CE and PE routers that are running Ethernet over MPLS must be in the same subnet. All other subinterfaces and backbone routers do not. Binds the attachment circuit to a pseudowire VC. The syntax for this command is the same as for all other Layer 2 transports.

Example:
Router(config)# interface gigabitethernet0/0/0.1

Step 4

encapsulation dot1q vlan-id

Example:
Router(config-subif)# encapsulation dot1q 100

Step 5

xconnect peer-router-id vcid {encapsulation mpls | pw-class pw-class-name}

Example:
Router(config-subif)# xconnect 10.0.0.1 123 pw-class atom

Enters xconnect configuration mode. Specifies a redundant peer for the pseudowire VC. The pseudowire class name must match the name you specified when you created the pseudowire class, but you can use a different pw-class in the backup peer command than the name that you used in the primary xconnect command. Specifies how long (in seconds) the backup pseudowire VC should wait to take over after the primary pseudowire VC goes down. The range is 0 to 180. Specifies how long the primary pseudowire should wait after it becomes active to take over for the backup pseudowire VC. The range is 0 to 180 seconds. If you specify the never keyword, the primary pseudowire VC never takes over for the backup.

Step 6

backup peer peer-router-ip-addr vcid [pw-class pw-class-name]

Example:
Router(config-if-xconn)# backup peer 10.0.0.3 125 pw-class atom

Step 7

backup delay enable-delay {disable-delay | never}

Example:
Router(config-if-xconn)# backup delay 5 never

Configuring Multiple Backup Pseudowires

In Cisco IOS XE Release 2.4 and later releases, up to three backup pseudowires are supported. You can assign priorities to the backup pseudowires to specify which pseudowire to use first if the primary pseudowire fails. Use the following steps to configure multiple backup pseudowires.

Restrictions
In Cisco IOS XE Release 2.4, the L2VPN Pseudowire Redundancy: Multiple Backup Pseudowires feature supports only ATM interfaces.

SUMMARY STEPS
1. 2.

enable configure terminal

L2VPN Pseudowire Redundancy How to Configure L2VPN Pseudowire Redundancy

3. 4. 5. 6. 7. 8.

interface atm slot/port pvc vpi/vci l2transport encapsulation layer-type xconnect peer-router-id vcid {encapsulation mpls | pw-class pw-class-name} backup peer peer-router-ip-addr vcid [pw-class pw-class-name] [priority value] backup delay enable-delay {disable-delay | never}

DETAILED STEPS
Command or Action
Step 1
enable

Purpose Enables privileged EXEC mode.

Enter your password if prompted.

Example:
Router> enable

Step 2

configure terminal

Enters global configuration mode.

Example:
Router# configure terminal

Step 3

interface atm slot/port

Specifies the atm interface and enters interface configuration mode.

Example:
Router(config)# interface atm1/0

Step 4

pvc vpi/vci l2transport

Assigns a VPI and VCI and enters L2transport VC configuration mode.

Example:
Router(config-if)# pvc 1/100 l2transport

The l2transport keyword indicates that the PVC is a switched PVC instead of a terminated PVC.

Step 5

encapsulation layer-type

Enables the interface to accept ATM packets.

Example:
Router(config-if-atm-l2trans-pvc)# encapsulation aal5snap

Step 6

xconnect peer-router-id vcid {encapsulation mpls | pw-class pw-class-name}

Binds the attachment circuit to a pseudowire VC. The syntax for this command is the same as for all other Layer 2 transports.

Example:
Router(config-if-atm-l2trans-pvc)# xconnect 10.0.0.1 123 pw-class atom

Enters xconnect configuration mode.

L2VPN Pseudowire Redundancy How to Configure L2VPN Pseudowire Redundancy

Command or Action
Step 7
backup peer peer-router-ip-addr vcid [pw-class pw-class-name] [priority value]

Purpose Specifies a redundant peer for the pseudowire VC and specifies the priority of the backup pseudowire. If you use multiple backup pseudowires, assigning a priority to the backup pseudowires determines which backup pseudowire to use first. The pseudowire class name must match the name you specified when you created the pseudowire class, but you can use a different pseudowire class in the backup peer command than the name that you used in the primary xconnect command. Specifies how long (in seconds) the backup pseudowire VC should wait to take over after the primary pseudowire VC goes down. The range is 0 to 180. Specifies how long the primary pseudowire should wait after it becomes active to take over for the backup pseudowire VC. The range is 0 to 180 seconds. If you specify the never keyword, the primary pseudowire VC never takes over for the backup.

Example:
Router(config-if-xconn)# backup peer 10.0.0.3 125 pw-class atom priority 2

Step 8

backup delay enable-delay {disable-delay | never}

Example:
Router(config-if-xconn)# backup delay 5 never

Forcing a Manual Switchover to the Backup Pseudowire VC

To force the router switch over to the backup or primary pseudowire, you can enter the xconnect backup force switchover command in privileged EXEC mode. You can specify either the interface of the primary attachment circuit (AC) to switch to or the IP-address and VC ID of the peer router. A manual switchover can be made only if the interface or peer specified in the command is actually available and the xconnect will move to the fully active state when the command is entered.

SUMMARY STEPS
1. 2.

enable xconnect backup force-switchover interface {type number| peer ip-address vcid}

DETAILED STEPS
Command or Action
Step 1
enable

Purpose Enables privileged EXEC mode.

Enter your password if prompted.

Example:
Router> enable

Step 2

xconnect backup force-switchover {interface type number| peer ip-address vcid}

Specifies that the router should switch to the backup or to the primary pseudowire.

Example:
Router# xconnect backup force-switchover peer 10.10.10.1 123

L2VPN Pseudowire Redundancy How to Configure L2VPN Pseudowire Redundancy

Verifying the L2VPN Pseudowire Redundancy Configuration

SUMMARY STEPS
1. 2. 3.

show mpls l2transport vc show xconnect all xconnect logging redundancy

DETAILED STEPS
Step 1

show mpls l2transport vc In this example, the primary attachment circuit is up. The backup attachment circuit is available, but not currently selected. The show output displays as follows:
Router# show mpls l2transport vc Local intf ------------Fe0/0/0.1 Fe0/0/0.1 Local circuit ----------------------Fe VLAN 101 Fe VLAN 101 Dest address --------------10.0.0.2 10.0.0.3 VC ID ---------101 201 Status ---------UP STANDBY

Router# show mpls l2transport vc detail Local interface: fe0/0/0.1 up, line protocol up, fe VLAN 101 up Destination address 10.0.0.2 VC ID: 101, VC status UP . . . Local interface: fe0/0/0.1 down, line protocol down, fe VLAN 101 down Destination address 10.0.0.3 VC ID: 201, VC status down . . .

Step 2

show xconnect all In this example, the topology is Attachment Circuit 1 to Pseudowire 1 with a Pseudowire 2 as a backup:
Router# show xconnect all Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 ------+---------------------------------+--+---------------------------------+-UP pri ac fe0/0/0(FastEthernet) UP mpls 10.55.55.2:1000 UP IA sec ac fe0/0/0(FastEthernet) UP mpls 10.55.55.3:1001 DN

In this example, the topology is Attachment Circuit 1 to Attachment Circuit 2 with a Pseudowire backup for Attachment Circuit 2:
Router# show xconnect all Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware XC ST Segment 1 S1 Segment 2 S2 ------+---------------------------------+--+---------------------------------+-UP pri ac Se6/0/0:150(FR DLCI) UP ac Se8/0:150(FR DLCI) UP IA sec ac Se6/0/0:150(FR DLCI) UP mpls 10.55.55.3:7151 DN

10

L2VPN Pseudowire Redundancy Configuration Examples for L2VPN Pseudowire Redundancy

Step 3

xconnect logging redundancy In addition to the show mpls l2transport vc command and the show xconnect command, you can use the xconnect logging redundancy command to track the status of the xconnect redundancy group:
Router(config)# xconnect logging redundancy

When this command is configured, the following messages will be generated during switchover events: Activating the primary member:
00:01:07: %XCONNECT-5-REDUNDANCY: Activating primary member 10.55.55.2:1000

Activating the backup member:

00:01:05: %XCONNECT-5-REDUNDANCY: Activating secondary member 10.55.55.3:1001

Configuration Examples for L2VPN Pseudowire Redundancy

The following sections show the L2VPN Pseudowire Redundancy feature examples. These configuration examples show how the L2VPN Pseudowire Redundancy feature can be configured with the AToM (like-to-like) and L2VPN Interworking features.

Example: L2VPN Pseudowire Redundancy and AToM (Like-to-Like), page 11 Example: L2VPN Pseudowire Redundancy and L2VPN Interworking, page 12 Example: L2VPN Pseudowire RedundancyMultiple Backup Pseudowires, page 12 AToM (like-to-like) pseudowire class:
pseudowire-class mpls encapsulation mpls

Each of the configuration examples refers to one of the following pseudowire classes:

L2VPN IP interworking:
pseudowire-class mpls-ip encapsulation mpls interworking ip

Example: L2VPN Pseudowire Redundancy and AToM (Like-to-Like)

The following example shows a High-Level Data Link Control (HDLC) attachment circuit xconnect with a backup pseudowire:
interface Serial4/0/0 xconnect 10.55.55.2 4000 pw-class mpls backup peer 10.55.55.3 4001 pw-class mpls

The following example shows a Frame Relay attachment circuit xconnect with a backup pseudowire:
connect fr-fr-pw Serial6/0/0 225 l2transport xconnect 10.55.55.2 5225 pw-class mpls backup peer 10.55.55.3 5226 pw-class mpls

11

L2VPN Pseudowire Redundancy Additional References

Example: L2VPN Pseudowire Redundancy and L2VPN Interworking

The following example shows a Fast Ethernet attachment circuit xconnect with L2VPN IP interworking and a backup pseudowire:
interface FastEthernet0/0/0 xconnect 10.55.55.2 1000 pw-class mpls-ip backup peer 10.55.55.3 1001 pw-class mpls-ip

The following example shows an Fast Ethernet VLAN attachment circuit xconnect with L2VPN IP interworking and a backup pseudowire:
interface FastEthernet1/0/0.1 encapsulation dot1Q 200 no ip directed-broadcast xconnect 10.55.55.2 5200 pw-class mpls-ip backup peer 10.55.55.3 5201 pw-class mpls-ip

Example: L2VPN Pseudowire RedundancyMultiple Backup Pseudowires

The following example shows a pseudowire with two backup pseudowires:
interface ATM4/0.1 point-to-point pvc 0/100 l2transport encapsulation aal5snap xconnect 10.1.1.1 100 pw-class mpls backup peer 10.1.1.1 101 backup peer 10.10.1.1 110 priority 2 backup peer 10.20.1.1 111 priority 9

Additional References
Related Documents
Related Topic Cisco IOS commands Description of commands associated with MPLS and MPLS applications Any Transport over MPLS High Availability for AToM Document Title Cisco IOS Master Commands List, All Releases Cisco IOS Multiprotocol Label Switching Command Reference Any Transport over MPLS AToM Graceful Restart

Standards
Standards Title No new or modified standards are supported, and support for existing standards has not been modified by this feature.

12

L2VPN Pseudowire Redundancy Additional References

MIBs
MIBs No new or modified MIBs are supported, and support for existing MIBs has not been modified. MIBs Link To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFCs
RFCs No new or modified RFCs are supported, and support for existing RFCs has not been modified. Title

Technical Assistance
Description Link http://www.cisco.com/cisco/web/support/index.html The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

13

L2VPN Pseudowire Redundancy Feature Information for L2VPN Pseudowire Redundancy

Feature Information for L2VPN Pseudowire Redundancy

Table 1 lists the release history for this feature and provides links to specific configuration information. Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Note

Table 1 lists only the Cisco IOS XE software release that introduced support for a given feature in a given Cisco IOS XE software release train. Unless noted otherwise, subsequent releases of that Cisco IOS XE software release train also support that feature.

Table 1

Feature Information for L2VPN Pseudowire Redundancy

Feature Name L2VPN Pseudowire Redundancy

Releases Cisco IOS XE Release 2.3

Feature Information This feature enables you to set up your network to detect a failure in the network and reroute the Layer 2 service to another endpoint that can continue to provide service. The following sections provide information about this feature:

Introduction to L2VPN Pseudowire Redundancy, page 3 Configuring the Pseudowire Attributes, page 5 Configuring a Single Backup Pseudowire, page 6 Forcing a Manual Switchover to the Backup Pseudowire VC, page 9 Verifying the L2VPN Pseudowire Redundancy Configuration, page 10

The following commands were introduced or modified: backup delay (L2VPN local switching), backup peer, show xconnect, xconnect backup force-switchover, xconnect logging redundancy. L2VPN Pseudowire Redundancy: Multiple Backup Pseudowires Cisco IOS XE Release 2.4 This feature enables multiple backup pseudowires. The following command was modified: backup peer.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. 20052011 Cisco Systems, Inc. All rights reserved.

14