MP l2 Vpns Xe 3s Asr920 Book

MPLS Layer 2 VPNs Configuration Guide, Cisco IOS XE Release 3S
(Cisco ASR 920 Series)

First Published: 2014-07-28
Last Modified: 2017-05-25
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com
go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any
other company. (1721R)
© 2014–2017 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1 L2VPN Protocol-Based CLIs 1

Finding Feature Information 1
Information About L2VPN Protocol-Based CLIs 1
Overview of L2VPN Protocol-Based CLIs 1
Benefits of L2VPN Protocol-Based CLIs 2
L2VPN Protocol-Based CLI Changes 2
MPLS L2VPN Protocol-Based CLI: Examples 6
Additional References 10
Feature Information for L2VPN Protocol-Based CLI 10
CHAPTER 2 Any Transport over MPLS 11

Prerequisites for Any Transport over MPLS 12
General Restrictions 12
ATM AAL5 over MPLS Restrictions 13
Ethernet over MPLS (EoMPLS) Restrictions 13
Tunnel Selection Restrictions 13
Remote Ethernet Port Shutdown Restrictions 13
Restrictions for PPP and Multilink PPP 13
Information About Any Transport over MPLS 14
How AToM Transports Layer 2 Packets 14
How AToM Transports Layer 2 Packets Using Commands Associated with L2VPN Protocol-Based
Feature 15
Benefits of AToM 16
MPLS Traffic Engineering Fast Reroute 17
Maximum Transmission Unit Guidelines for Estimating Packet Size 17
MPLS Layer 2 VPNs Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 920 Series)
iii
Contents
Estimating Packet Size Example 18

QoS Features Supported with AToM 19
Any Transport over MPLS (AToM) Remote Ethernet Port Shutdown 22
Any Transport over MPLS (AToM) Remote Ethernet Port Shutdown Using Commands Associated
with L2VPN Protocol-Based Feature 23
How to Configure Any Transport over MPLS 24
Configuring the Pseudowire Class 25
Configuring the Pseudowire Class Using Commands Associated with L2VPN Protocol-Based
Feature 26
Changing the Encapsulation Type and Removing a Pseudowire 27
Changing the Encapsulation Type and Removing a Pseudowire Using Commands Associated with
the L2VPN Protocol-Based Feature 27
Configuring ATM AAL5 over MPLS 27
Configuring ATM AAL5 over MPLS on PVCs 27
Configuring ATM AAL5 over MPLS on PVCs using the commands associated with the L2VPN
Protocol-Based CLIs feature 29
Configuring ATM AAL5 over MPLS in VC Class Configuration Mode 31
Configuring ATM AAL5 over MPLS in VC Class Configuration Mode using the commands
associated with the L2VPN Protocol-Based CLIs feature 33
Configuring Ethernet over MPLS 36
Configuring Ethernet over MPLS in Port Mode 36
Configuring Ethernet over MPLS in Port Mode Using Commands Associated with the L2VPN
Protocol-Based Feature 37
Configuring Tunnel Selection 39
Troubleshooting Tips 41
Configuring Tunnel Selection Using Commands Associated with L2VPN Protocol-Based Feature
42
Troubleshooting Tips using the commands associated with the L2VPN Protocol-Based CLIs feature
44
Setting Experimental Bits with AToM 44

Enabling the Control Word 46
Enabling the Control Word using the commands associated with the L2VPN Protocol-Based CLIs
feature 47
Configuring MPLS AToM Remote Ethernet Port Shutdown 48
Configuring MPLS AToM Remote Ethernet Port Shutdown using the commands associated with the
L2VPN Protocol-Based CLIs feature 50
iv
Contents
Configuration Examples for Any Transport over MPLS 52

Example: ATM over MPLS 52
Example: ATM over MPLS Using Commands Associated with L2VPN Protocol-Based Feature
53
Example: Configuring ATM AAL5 over MPLS in VC Class Configuration Mode 56

Example: Configuring ATM AAL5 over MPLS in VC Class Configuration Mode Using Commands
Associated with L2VPN Protocol-Based Feature 56
Example: Ethernet over MPLS with MPLS Traffic Engineering Fast Reroute 57
Example: Ethernet over MPLS with MPLS Traffic Engineering Fast Reroute Using Commands
Associated with L2VPN Protocol-Based Feature 59
Example: Configuring Tunnel Selection 63
Example: Configuring Tunnel Selection Using Commands Associated with L2VPN Protocol-Based
Feature 65
Example: Configuring MTU Values in xconnect Configuration Mode for L2VPN Interworking 67
Example: Configuring MTU Values in xconnect Configuration Mode for L2VPN Interworking Using
Commands Associated with L2VPN Protocol-Based Feature 70
Examples: Configuring Any Transport over MPLS (AToM) Remote Ethernet Port Shutdown 72
Examples: Configuring Any Transport over MPLS (AToM) Remote Ethernet Port Shutdown Using
Commands Associated with L2VPN Protocol-Based Feature 73
Additional References for Any Transport over MPLS 74
Feature Information for Any Transport over MPLS 74
CHAPTER 3 Loop-Free Alternate Fast Reroute 77

Prerequisites for Loop-Free Alternate Fast Reroute 77
Restrictions for Loop-Free Alternate Fast Reroute 77
Information About Loop-Free Alternate Fast Reroute 78
Supported Information 78
Benefits of Loop-Free Alternate Fast Reroute 78
LFA FRR and Remote LFA FRR over Bridge Domains Interfaces 79
IS-IS and IP FRR 79
Repair Paths 79
Remote LFA FRR 80
Remote LFA FRR for TDM and ATM Psuedowires 80
Border Gateway Protocol (BGP) Prefix-Independent Convergence (PIC) and LFA FRR Integration
80
v
Contents
Remote LFA FRR with VPLS 81

How to Configure Loop-Free Alternate Fast Reroute 81
Configuring IS-IS Remote Loop-Free Alternate Fast Reroute 81
Recommended Configurations ISIS 82
Example: Configuring IS-IS Remote Loop-Free Alternate Fast Reroute 82
Example: Configuring Remote LFA FRR with VPLS 83
How to Configure OSPF IPv4 Remote Loop-Free Alternate IP Fast Reroute 84
Configuring a Remote LFA Tunnel 84
Configuring the Maximum Distance to a Tunnel Endpoint 85
Verifying Loop-Free Alternate Fast Reroute 86
Example: Verifying LFA FRR with L2VPN 86
Configuration Examples for OSPF IPv4 Remote Loop-Free Alternate IP Fast Reroute 88
Example: Configuring a Remote LFA Tunnel 88
Example: Configuring the Maximum Distance to a Tunnel Endpoint 88
Example: Verifying Tunnel Interfaces Created by OSPF IPv4 Remote LFA IPFRR 89
Verifying Remote Loop-Free Alternate Fast Reroute with VPLS 89
Example: Verifying Remote LFA FRR with VPLS 89
Verifying Tunnel Interfaces Created by OSPF IPv4 Remote LFA IPFRR 92
CHAPTER 4 Configuring Virtual Private LAN Services 95

Prerequisites for Virtual Private LAN Services 95
Restrictions for Virtual Private LAN Services 96
Information About Virtual Private LAN Services 96
VPLS Overview 96
Full-Mesh Configuration 97
Static VPLS Configuration 97
H-VPLS 97
Supported Features 98
Multipoint-to-Multipoint Support 98
Non-Transparent Operation 98
Circuit Multiplexing 98
MAC-Address Learning, Forwarding, and Aging 98
vi
Contents
Jumbo Frame Support 98

Q-in-Q Support and Q-in-Q to EoMPLS Support 98
VPLS Services 99
How to Configure Virtual Private LAN Services 99
Configuring PE Layer 2 Interfaces on CE Devices 100
Configuring 802.1Q Access Ports for Tagged Traffic from a CE Device 100
Configuring 802.1Q Access Ports for Tagged Traffic from a CE Device: Alternate Configuration
101
Configuring Access Ports for Untagged Traffic from a CE Device 103

Configuring Access Ports for Untagged Traffic from a CE Device: Alternate Configuration 105
Configuring Q-in-Q EFP 107
Configuring Q-in-Q EFP: Alternate Configuration 108
Configuring MPLS on a PE Device 110
Configuring a VFI on a PE Device 111
Configuring a VFI on a PE Device: Alternate Configuration 113
Configuring Static Virtual Private LAN Services 114
Configuring a Pseudowire for Static VPLS 114
Configuring VFI for Static VPLS 117
Configuring a VFI for Static VPLS: Alternate Configuration 120
Configuring an Attachment Circuit for Static VPLS 122
Configuring an Attachment Circuit for Static VPLS: Alternate Configuration 123
Configuring an MPLS-TP Tunnel for Static VPLS with TP 125
Configuring a VFI for Static VPLS: Alternate Configuration 128
Configuration Examples for Virtual Private LAN Services 130
Example: Configuring 802.1Q Access Ports for Tagged Traffic from a CE Device 130
Example: Configuring 802.1Q Access Ports for Tagged Traffic from a CE Device: Alternate
Configuration 130
Example: Configuring Access Ports for Untagged Traffic from a CE Device 131
Example: Configuring Access Ports for Untagged Traffic from a CE Device: Alternate Configuration
132
Example: Configuring Q-in-Q EFP 132

Example: Configuring Q-in-Q in EFP: Alternate Configuration 133
Example: Configuring MPLS on a PE Device 133

Example: VFI on a PE Device 133
Example: VFI on a PE Device: Alternate Configuration 134
vii
Contents
Example: Full-Mesh VPLS Configuration 135

Example: Full-Mesh Configuration : Alternate Configuration 138
Feature Information for Configuring Virtual Private LAN Services 140
CHAPTER 5 H-VPLS N-PE Redundancy for MPLS Access 141

Prerequisites for H-VPLS N-PE Redundancy for MPLS Access 141
Restrictions for H-VPLS N-PE Redundancy for MPLS Access 142
Information About H-VPLS N-PE Redundancy for MPLS Access 142
How H-VPLS N-PE Redundancy for MPLS Access 142
H-VPLS N-PE Redundancy with MPLS Access Based on Pseudowire Redundancy 142
How to Configure H-VPLS N-PE Redundancy for MPLS Access 143
Configuring the VPLS Pseudowire Between the N-PE Devices 143
Configuring the SVI for the Native VLAN 144
Configuration Examples for H-VPLS N-PE Redundancy for MPLS Access 146
Example: H-VPLS N-PE Redundancy for MPLS Access 146
Feature Information for H-VPLS N-PE Redundancy for MPLS Access 148
Glossary 148
CHAPTER 6 VPLS MAC Address Withdrawal 151

Information About VPLS MAC Address Withdrawal 151
VPLS MAC Address Withdrawal 151
VPLS MAC Address Withdrawal Using Commands Associated with L2VPN Protocol-Based Feature
152
How MAC Address Withdrawal Works with H-VPLS N-PE Redundancy with MPLS Access 153
How MAC Address Withdrawal Works with H-VPLS N-PE Redundancy with QinQ Access 153
Additional References for Any Transport over MPLS 153
Feature Information for VPLS MAC Address Withdrawal 154
CHAPTER 7 VPLS BGP Signaling 155

Prerequisites for VPLS BGP Signaling 155
viii
Contents
Information About VPLS BGP Signaling 156

Overview of VPLS BGP Signaling 156
How to Configure VPLS BGP Signaling 157
Configuring VPLS BGP Signaling 157
Configuration Examples for VPLS BGP Signaling 160
Example: Configuring and Verifying VPLS BGP Signaling 160
Additional References for VPLS BGP Signaling 160
Feature Information for VPLS BGP Signaling 161
CHAPTER 8 EVPN Virtual Private Wire Service (VPWS) Single Homed 163
Information About EVPN-VPWS 163
Benefits of EVPN-VPWS Single Homed 164
Prerequisites for EVPN-VPWS 164
Restrictions for EVPN-VPWS 164
How to Configure EPVN-VPWS 165
Configuring BGP for EVPN-VPWS 165
Configuring EVPN-VPWS Instance 165
Rewrite for EVI Service Instance 165
Configuring EVPN-VPWS for Logging 165
Verfiying EVPN-VPWS Instance 166
Verifying EVPN-VPWS Configuration 166
Verifying EVPN-VPWS Configuration for Logging 168
Troubleshooting 168
Virtual Circuit (VC) is in Down state 168
VC FSM History 170
Remote-Wait State 170
Configuration Examples for EVPN-VPWS Instance 171
Additional References for EVPN-VPWS 173
CHAPTER 9 N:1 PVC Mapping to PWE with Nonunique VPIs 175

Restrictions for N:1 PVC Mapping to PWE with Nonunique VPIs 175
Information About N:1 PVC Mapping to PWE with Nonunique VPIs 176
N:1 PVC Mapping to PWE with Nonunique VPIs Feature Description 176
How to Configure N:1 PVC Mapping to PWE with Nonunique VPIs 176
ix
Contents
Configuring N:1 PVC Mapping to PWE with Nonunique VPIs 176

Configuration Examples for N:1 PVC Mapping to PWE with Nonunique VPIs 178
Example: Configuring N:1 PVC Mapping to PWE with Nonunique VPIs 178
Verifying the N:1 PVC Mapping to PWE with Nonunique VPIs Configuration 179
CHAPTER 10 Pseudowire Group Switchover 181

Prerequisites for Pseudowire Group Switchover 181
Restrictions for Pseudowire Group Switchover 182

Information About Pseudowire Group Switchover 182
Introduction to Pseudowire Group Switchover 182
How to Configure Predictive Switchover 183
Configuring Predictive Switchover (Global Configuration Mode) 183
Configuring Predictive Switchover (Xconnect Configuration Mode) 184
Verifying a Pseudowire Group Switchover Configuration 184
Troubleshooting a Pseudowire Group Switchover Configuration 186
Configuration Examples for Predictive Switchover 186
Example: Configuring Predictive Switchover (Global Configuration Mode) 186
Example: Configuring Predictive Switchover (Xconnect Configuration Mode) 186
Feature Information for Pseudowire Group Switchover 187
CHAPTER 11 Configuring Routed Pseudowire and VPLS 189

Prerequisites for Routed Pseudowire and VPLS 189
Restrictions for Routed Pseudowire and VPLS 189
Information About Routed Pseudowire and VPLS 190
Routed Pseudowire and VPLS 190
How to Configure Routed Pseudowire and VPLS 190
Assigning IP Addresses For Bridge Domain (BDI) 190
Configuring a VFI on a PE Device 191
Configuration Examples: Routed Pseudowire and VPLS 193
Example: Configuring Routed Pseudowire and VPLS 193
x
CHAPTER 1
L2VPN Protocol-Based CLIs
The L2VPN Protocol-Based CLIs feature provides a set of processes and an improved infrastructure for
developing and delivering Cisco IOS software on various Cisco platforms. This feature introduces new
commands and modifies or replaces existing commands to achieve a consistent functionality across Cisco
platforms and provide cross-Operating System (OS) support.
• Finding Feature Information, on page 1
• Information About L2VPN Protocol-Based CLIs, on page 1
• Additional References, on page 10
• Feature Information for L2VPN Protocol-Based CLI, on page 10
Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information About L2VPN Protocol-Based CLIs

Overview of L2VPN Protocol-Based CLIs
The L2VPN Protocol-Based CLIs feature introduces new commands and modifies or replaces existing
commands to achieve a consistent functionality across Cisco platforms and provide cross-Operating System
(OS) support.
Note The new, updated, and replacement commands are available in Cisco IOS XE Release 3.7S and Cisco IOS
Release 15.3(1)S. However, the legacy commands that are being replaced will be deprecated in later releases.
1
Benefits of L2VPN Protocol-Based CLIs
Benefits of L2VPN Protocol-Based CLIs

The L2VPN Protocol-Based CLIs feature provides the following benefits:
• Consistent user experience across different operating systems.
• Consistent configuration for all Layer 2 VPN (L2VPN) scenarios.
• Enhanced functionality that is achieved by configuring pseudowires as virtual interfaces and monitoring
the pseudowires as physical ports.
• Feature configuration such as quality of service (QoS) service policies on individual pseudowires .
• Redundant pseudowire configuration that is independent of the primary pseudowire to provide enhanced
high availability.
These benefits are achieved through the following enhancements:

• New service contexts can be created for point-to-point and multipoint Layer 2 services by using the new
L2VPN cross connect and L2VPN virtual forwarding interface (VFI) contexts.
• The L2VPN cross connect context is used for configuring point-to-point pseudowires, pseudowire
stitching, and local switching (hair pinning). Ethernet interfaces , Ethernet Flow Points (EFP), ATM
interfaces and WAN interfaces (PPP,HDLC,Serial), and pseudowire interfaces can be defined as
members of an L2VPN cross connect context.
• The L2VPN VFI context instantiates Virtual Private LAN Services (VPLS) VFI for multipoint
scenarios. Pseudowires can be defined as members of an L2VPN VFI context.
• Bridge domains are used for multipoint scenarios. EFPs, pseudowires, or VFIs can be configured
as members of a bridge domain. Pseudowires can be configured as member of a VFI. The VFI can
be configured as a member of a bridge domains.
• New port contexts can be created (dynamically or manually) for pseudowires by using the pseudowire
interface.
• Pseudowire customization can be achieved using interface templates and pseudowire interfaces that are
applied to L2VPN context members. Pseudowire customizations include following features:
• Encapsulation type
• Control word
• Maximum Transmission Unit (MTU)
• Pseudowire signaling type
• Tunnel selection
• Interworking and redundancy group service attributes can be configured under the L2VPN service context.
The redundancy groups are configured independently from the primary pseudowire, which helps achieve
zero traffic interruptions while adding, modifying, or deleting backup pseudowires.
L2VPN Protocol-Based CLI Changes

The following commands are introduced in Cisco IOS XE Release 3.7S, Cisco IOS Release 15.3(1)S, and
Cisco IOS Release 15.4(1)S:
• debug l2vpn pseudowire
• l2vpn
2
• l2vpn pseudowire static-oam class

• monitor event-trace l2vpn
• show interface pseudowire
• show l2vpn service
• shutdown (MPLS)
• vc
The following commands are modified in Cisco IOS XE Release 3.7S and Cisco IOS Release 15.3(1)S:
• auto-route-target
• bridge-domain parameterized vlan
• debug condition xconnect fib
• debug condition xconnect interface
• debug condition xconnect peer
• debug condition xconnect segment
• description
• encapsulation (MPLS)
• forward permit l2protocol all
• interworking
• l2vpn subscriber authorization group
• l2vpn xconnect context
• load-balance flow
• monitor event-trace ac
• monitor event-trace atom
• monitor event-trace l2tp
• monitor peer bfd
• mtu
• preferred-path
• remote circuit id
• rd (VPLS)
• route-target (VPLS)
• sequencing
• status
3
• status admin-down disconnect

• status control-plane route-watch
• status decoupled
• status peer topology dual-homed
• status protocol notification static
• status redundancy
• switching tlv
• tlv
• tlv template
• vccv
• vccv bfd status signaling
• vccv bfd template
• vpls-id
• vpn id (MPLS)
The table below lists the legacy commands that will be replaced in future releases. From Cisco IOS XE Release
3.7S and Cisco IOS Release 15.3(1)S both new and legacy commands will coexist until the legacy commands
are deprecated in future releases.
Table 1: Replacement Commands Introduced in Cisco IOS XE Release 3.7S and Cisco IOS Release 15.3(1)S
Legacy Command Replacement Command Introduced in Cisco IOS XE

Release 3.7S and Cisco IOS Release 15.3(1)S
backup delay redundancy delay (under l2vpn xconnect context)
bridge-domain (service instance) member (bridge-domain)
clear mpls l2transport fsm state transition clear l2vpn atom fsm state transition
clear mpls l2transport fsm event clear l2vpn atom fsm event
clear xconnect clear l2vpn service
connect (L2VPN local switching) l2vpn xconnect context
debug acircuit debug l2vpn acircuit
debug mpls l2transport checkpoint debug l2vpn atom checkpoint
debug mpls l2transport event-trace debug l2vpn atom event-trace
debug mpls l2transport fast-failure-detect debug l2vpn atom fast-failure-detect
debug mpls l2transport signaling debug l2vpn atom signaling
4

debug mpls l2transport static-oam debug l2vpn atom static-oam
debug mpls l2transport vc subscriber debug l2vpn atom vc
debug mpls l2transport vc debug l2vpn atom vc
debug mpls l2transport vc vccv bfd event debug l2vpn atom vc vccv
debug vfi debug l2vpn vfi
debug vfi checkpoint debug l2vpn vfi checkpoint
debug xconnect debug l2vpn xconnect
debug xconnect rib debug l2vpn xconnect rib
description (L2VFI) description (L2VPN)
l2 pseudowire routing pseudowire routing
l2 router-id router-id
l2 vfi l2vpn vfi context
l2 subscriber l2vpn subscriber
l2 vfi autodiscovery autodiscovery
l2 vfi point-to-point l2vpn xconnect context
local interface pseudowire type
monitor event-trace st-pw-oam monitor event-trace pwoam
mpls label label (pseudowire)
mpls control-word control-word (encapsulation mpls under l2vpn

connect context)
neighbor (l2 vfi) member (l2vpn vfi)
protocol signaling protocol
pseudowire-static-oam class l2vpn pseudowire static-oam class
pseudowire tlv template l2vpn pseudowire tlv template
pw-class keyword in the xconnect command source template type pseudowire
remote link failure notification l2vpn remote link failure notification
show mpls l2transport binding show l2vpn atom binding
5
MPLS L2VPN Protocol-Based CLI: Examples

show mpls l2transport checkpoint show l2vpn atom checkpoint
show mpls l2transport hw-capability show l2vpn atom hw-capability
show mpls l2transport static-oam show l2vpn atom static-oam
show mpls l2transport summary show l2vpn atom summary
show mpls l2transport pwid show l2vpn atom pwid
show mpls l2transport vc show l2vpn atom vc
show xconnect pwmib show l2vpn pwmib
show xconnect rib show l2vpn rib
show xconnect show l2vpn service
show vfi show l2vpn vfi
xconnect l2vpn xconnect context and member
xconnect logging pseudowire status global logging pseudowire status
xconnect logging redundancy global logging redundancy
xconnect peer-ip vc-id neighbor peer-ip vc-id (xconnect context)

The examples in this section provide the new configurations that are introduced by the MPLS L2VPN
Protocol-Based CLIs feature that replace the existing (legacy) MPLS L2VPN CLIs.
MPLS L2VPN VPWS Configuration Using Replacement (or New) Commands
The following example shows the configuration for Virtual Private Wired Service (VPWS)—Ethernet over
Multiprotocol Label Switching (EoMPLS). In this example, L2VPN members point to peer ID or virtual
circuit (VC) ID. This configuration is used in most cases except when features like quality of service (QoS),
need to be applied at the pseudowire level.
l2vpn xconnect context foo
member GigabitEthernet2/1/1 service-instance 300
member 10.0.0.1 888 encapsulation mpls
!
interface GigabitEthernet2/1/1
service instance 300 Ethernet
encapsulation dot1q 30
rewrite ingress tag pop 1 symmetric
!
l2vpn xconnect context faa
6

member 10.0.0.1 999 encapsulation mpls
!
MPLS L2VPN Pseudowire Configuration Using Replacement (or New) Commands

In the following example, L2VPN members point to a pseudowire interface. The pseudowire interface is
manually configured and includes peer ID and VC ID. This configuration is used in most cases except when
features like quality of service (QoS), need to be applied at the pseudowire level.
member Pseudowire888
!
interface Pseudowire 888
encapsulation mpls
neighbor 10.0.0.1 888
!
interface Pseudowire 999
encapsulation mpls
neighbor 10.0.0.1 999
!
!
l2vpn xconnect context faa

member Pseudowire 999
!
MPLS L2VPN Pseudowire Redundancy Configuration Using Replacement (or New) Commands
The following example shows the configuration for pseudowire redundancy. The new configuration shows
concise pseudowire redundancy with no submodes or separate groups. This configuration allows the addition
of redundant members to a service without service disruption. This configuration also allows modifying or
deleting redundant service configurations without service disruption.
l2vpn xconnect context sample-pw-redundancy
member 1.1.1.1 180 encap mpls group Denver
member 2.2.2.2 180180 encap mpls group Denver priority 1
member 3.3.3.3 180181 encap mpls group Denver priority 2
redundancy delay 1 20 group Denver
!
MPLS L2VPN Static Pseudowire Configuration Using Replacement (or New) Commands
Note The following configuration is shown for the Provider Edge (PE) 1 router in a network scheme where Customer
Edge (CE) 1 and PE 1 and PE 2 and CE 2 traverse through a Provider core (P) router (CE 1—PE 1—P—PE
2—CE 2).
7
interface g2/1/1
service instance 300 ethernet
no shutdown
!
interface pseudowire 100
neighbor 10.4.4.4 121
encapsulation mpls
label 200 300
signaling protocol none
no shutdown
!
member pseudowire 100
MPLS L2VPN Static Pseudowire Template Configuration Using Replacement (or New) Commands
2—CE 2).
template type pseudowire test

encapsulation mpls
!
interface g2/1/1
no shutdown
!
neighbor 10.4.4.4 121
source template type pseudowire test
label 200 300
no shutdown
!
MPLS L2VPN Dynamic Pseudowire Template Configuration Using Replacement (or New) Commands
2—CE 2).
template type pseudowire test

encapsulation mpls
signaling protocol ldp
!
!
interface g2/1/1
no shutdown
!
8

neighbor 10.4.4.4 121
source template type pseudowire test
no shutdown
!
MPLS L2VPN Multi-segment Static-Dynamic Pseudowire Template Configuration Using Replacement

(or New) Commands
The following PE router configuration is for a multi-segment static-dynamic pseudowire:
l2vpn pseudowire tlv template TLV
tlv mtu 1 4 dec 1500
!
interface pseudowire401
source template type pseudowire staticTempl
encapsulation mpls
neighbor 10.4.4.4 101
label 4401 4301
pseudowire type 4
tlv template TLV
tlv 1 4 dec 1500
tlv vccv-flags C 4 hexstr 0110
!
interface pseudowire501
source template type pseudowire dynTempl
encapsulation mpls
neighbor 10.2.2.2 101
signaling protocol ldp
Displaying MPLS L2VPN Pseudowire Template Configuration Using Replacement (or New) Commands
The following example displays output from the show interface pseudowire command:
PE1#show interface pseudowire 100
pseudowire100 is up
Description: Pseudowire Interface
MTU 1500 bytes, BW 10000000 Kbit
Encapsulation mpls
Peer IP 10.4.4.4, VC ID 121
RX
21 packets 2623 bytes 0 drops
TX
20 packets 2746 bytes 0 drops
The following example displays output from the show template command:
PE1#show template
Template class/type Component(s)

ABC owner interface pseudowire
BOUND: pw1
Sourcing a Template Under an Interface Pseudowire Using Replacement (or New) Commands
The following example configures the interface pseudowire to inherit all attributes defined from a template
on the PE 2 router.
PE2(config-subif)#interface pseudowire 100
PE2(config-if)#source template type pseudowire test
PE2(config-if)#neighbor 10.4.4.4 121
PE2(config-if)#no shutdown
9
Additional References
Related Documents
Related Topic Document Title
Cisco IOS commands Cisco IOS Master Command List, All Releases
MPLS commands Multiprotocol Label Switching Command Reference
Technical Assistance
Description Link
The Cisco Support and Documentation website provides http://www.cisco.com/cisco/web/support/index.html

online resources to download documentation, software,
and tools. Use these resources to install and configure
the software and to troubleshoot and resolve technical
issues with Cisco products and technologies. Access to
most tools on the Cisco Support and Documentation
website requires a Cisco.com user ID and password.
Feature Information for L2VPN Protocol-Based CLI

The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Table 2: Feature Information for L2VPN Protocol-Based CLI
Feature Name Releases Feature Information
L2VPN Protocol-Based Cisco IOS XE Release This feature was introduced on the Cisco ASR 920
CLIs 3.13.0S Routers (ASR-920-12CZ-A, ASR-920-12CZ-D,
ASR-920-4SZ-A, ASR-920-4SZ-D).
10
CHAPTER 2
Any Transport over MPLS
This module describes how to configure Any Transport over MPLS (AToM) transports data link layer (Layer
2) packets over a Multiprotocol Label Switching (MPLS) backbone. AToM enables service providers to
connect customer sites with existing Layer 2 networks by using a single, integrated, packet-based network
infrastructure--a Cisco MPLS network. Instead of using separate networks with network management
environments, service providers can deliver Layer 2 connections over an MPLS backbone. AToM provides
a common framework to encapsulate and transport supported Layer 2 traffic types over an MPLS network
core.
AToM supports the following like-to-like transport types:
• ATM Adaptation Layer Type-5 (AAL5) over MPLS
• ATM Cell Relay over MPLS
• Ethernet over MPLS (port modes)
• Circuit Emulation (CEM)
Note For information on ATM Cell relay and Circuit Emulation(CEM), see Configuring Pseudowire.

• Prerequisites for Any Transport over MPLS, on page 12
• General Restrictions, on page 12
• ATM AAL5 over MPLS Restrictions, on page 13
• Ethernet over MPLS (EoMPLS) Restrictions, on page 13
• Tunnel Selection Restrictions, on page 13
• Remote Ethernet Port Shutdown Restrictions, on page 13
• Restrictions for PPP and Multilink PPP, on page 13
• Information About Any Transport over MPLS, on page 14
• How to Configure Any Transport over MPLS, on page 24
• Configuration Examples for Any Transport over MPLS, on page 52
• Additional References for Any Transport over MPLS, on page 74
• Feature Information for Any Transport over MPLS, on page 74
11

Prerequisites for Any Transport over MPLS

• IP routing must be configured in the core so that the provider edge (PE) routers can reach each other via
IP.
• MPLS must be configured in the core so that a label-switched path (LSP) exists between the PE routers.
• A loopback interface must be configured for originating and terminating Layer 2 traffic. Ensure that the
PE routers can access the other router’s loopback interface. Note that the loopback interface is not needed
in all cases. For example, tunnel selection does not need a loopback interface when AToM is directly
mapped to a traffic engineering (TE) tunnel.
General Restrictions
• Address format--Configure the Label Distribution Protocol (LDP) router ID on all PE routers to be a
loopback address with a /32 mask. Otherwise, some configurations might not function properly.
• For PTPoIP configuration with explicit Null MPLS encapsulation, when a Transparent Clock (TC) is
placed between a PTP master and a PTP slave, the TC does not update the correction field.
• TE-FRR with BGP labels for layer 2 and layer 3 VPNs must terminate on the BGP gateway because of
the four-label limitation.
• If an AToM tunnel spans different service providers that exchange MPLS labels using IPv4 Border
Gateway Protocol (BGP) (RFC 3107), you add a label to the stack. The maximum MPLS label stack is
four (FRR label, TE label, LDP label, VC label).
• Hot standby pseudowire (HSPW) convergence without pseudowire grouping increments linearly. For
example, for a thousand virtual circuits, it requires about 54 seconds of convergence time. This is applicable
only for the Cisco RSP3 Module.
Clear interface is not the recommended way to measure the convergence numbers.
• With two ECMP paths, load sharing on L2VPN traffic occurs based on odd or even MPLS VC labels.
If L2VPN circuits have either odd or even MPLS VC labels, load sharing is not performed. But if L2VPN
circuits have a combination of both odd and even MPLS VC labels, then the odd MPLS VC labels circuits
will select one link whereas the even MPLS VC labels circuits will select another link.
12
ATM AAL5 over MPLS Restrictions
ATM AAL5 over MPLS Restrictions

• AAL5 over MPLS is supported only in SDU mode.
Ethernet over MPLS (EoMPLS) Restrictions

• The subinterfaces between the CE and PE routers that are running Ethernet over MPLS must be in the
same subnet.
• The subinterface on the adjoining CE router must be on the same VLAN as the PE router.
• Ethernet over MPLS supports VLAN packets that conform to the IEEE 802.1Q standard. The 802.1Q
specification establishes a standard method for inserting VLAN membership information into Ethernet
frames. The Inter-Switch Link (ISL) protocol is not supported between the PE and CE routers.
• The AToM control word is supported. However, if the peer PE does not support a control word, the
control word is disabled.
• Ethernet packets with hardware-level cyclic redundancy check (CRC) errors, framing errors, and runt
packets are discarded on input.
Tunnel Selection Restrictions

• The selected path should be an LSP destined to the peer PE router.
• The selected tunnel must be an MPLS TE tunnel.
• If you specify an IP address, that address must be the IP address of the loopback interface on the remote
PE router. The address must have a /32 mask. There must be an LSP destined to that selected address.
The LSP need not be a TE tunnel.
Remote Ethernet Port Shutdown Restrictions

This feature is not symmetrical if the remote PE router is running an older version image or is on another
platform that does not support the EoMPLS remote Ethernet port shutdown feature and the local PE is running
an image which supports this feature.
Remote Ethernet Port Shutdown is supported only on EFP with encapsulation default.
Restrictions for PPP and Multilink PPP

• All member links in a Multilink PPP bundle must be on the same interface module.
• All member links in a Multilink PPP bundle must be of the same bandwidth.
• A maximum of 16 member links per bundle is supported.
13
Information About Any Transport over MPLS
• Perform a shutdown or no shutdown of the Multilink PPP bundle to change the bundle fragmentation
mode between enabled and disabled.
• Link Fragmentation and Interleaving (LFI) is not supported. However, Multilink PPP fragmentation is
supported by default. To disable fragmentation, see Disabling PPP Multilink Fragmentation section.
• Multicast Multilink PPP is not supported.
• PPP compression is not supported.
• IPv6 is not supported for this feature.
• PPP half bridging is not supported.
• To enable an Address-and-Control-Field-Compression (ACFC) or Protocol-Field-Compression (PFC)
configuration, perform a shutdown or no shutdown on the serial interface.
• Fractional timeslots cannot be used as memberlink in a Multilink PPP bundle.
• Frame Relay (FR) and Multilink Frame Relay (MFR) are not supported.
• Compressing IP or UDP or RTP headers are not supported.
• PPP and Multilink PPP are supported on synchronous serial interfaces. Asynchronous serial interfaces,
High-Speed Serial Interfaces (HSSI), and ISDN interfaces are not supported.
• When you configure interfaces on each end of an Multilink PPP connection with different MTU values,
the link drops traffic at high traffic rates. The configuration of the same MTU is recommended.
Information About Any Transport over MPLS

To configure AToM, you must understand the following concepts:
How AToM Transports Layer 2 Packets

AToM encapsulates Layer 2 frames at the ingress PE and sends them to a corresponding PE at the other end
of a pseudowire, which is a connection between the two PE routers. The egress PE removes the encapsulation
and sends out the Layer 2 frame.
The successful transmission of the Layer 2 frames between PE routers is due to the configuration of the PE
routers. You set up the connection, called a pseudowire, between the routers. You specify the following
information on each PE router:
• The type of Layer 2 data that will be transported across the pseudowire, such as Ethernet, Frame Relay,
or ATM
• The IP address of the loopback interface of the peer PE router, which enables the PE routers to
communicate
• A unique combination of peer PE IP address and VC ID that identifies the pseudowire
The following example shows the basic configuration steps on a PE router that enable the transport of Layer
2 packets. Each transport type has slightly different steps.
Step 1 defines the interface or subinterface on the PE router:
14
How AToM Transports Layer 2 Packets Using Commands Associated with L2VPN Protocol-Based Feature
Router# interface
interface-type interface-number
Step 2 configures an ethernet service instance on an interface and enters service instance configuration mode:
Router(config-if)#service instance number ethernet WORD
Router(config-if)# service instance 393 ethernet ethernet1
Step 3 specifies the encapsulation type for the interface, such as dot1q:
Router(config-if-srv)# encapsulation
encapsulation-type
Step 4 does the following:

• Makes a connection to the peer PE router by specifying the LDP router ID of the peer PE router.
• Specifies a 32-bit unique identifier, called the VC ID, which is shared between the two PE routers.
The combination of the peer router ID and the VC ID must be unique on the router. Two circuits cannot use
the same combination of peer router ID and VC ID.
• Specifies the tunneling method used to encapsulate data in the pseudowire. AToM uses MPLS as the
tunneling method.
Router(config-if-srv)# xconnect
peer-router-id vcid
encapsulation mpls
As an alternative, you can set up a pseudowire class to specify the tunneling method and other characteristics.
For more information, see the Configuring the Pseudowire Class, on page 25.
How AToM Transports Layer 2 Packets Using Commands Associated with

L2VPN Protocol-Based Feature
AToM encapsulates Layer 2 frames at the ingress PE and sends them to a corresponding PE at the other end
of a pseudowire, which is a connection between the two PE routers. The egress PE removes the encapsulation
and sends out the Layer 2 frame.
The successful transmission of the Layer 2 frames between PE routers is due to the configuration of the PE
routers. You set up the connection, called a pseudowire, between the routers. You specify the following
information on each PE router:
• The type of Layer 2 data that will be transported across the pseudowire, such as Ethernet, Frame Relay,
or ATM
• The IP address of the loopback interface of the peer PE router, which enables the PE routers to
communicate
• A unique combination of peer PE IP address and VC ID that identifies the pseudowire
The following example shows the basic configuration steps on a PE router that enable the transport of Layer
2 packets. Each transport type has slightly different steps.
Step 1 defines the interface or subinterface on the PE router:
15
Benefits of AToM
Router# interface
interface-type interface-number
Router(config)# interface gi 0/1/0
Step 2 configures an ethernet service instance on an interface and enters service instance configuration mode:
Router(config-if)#service instance number ethernet WORD
Router(config-if)# service instance 393 ethernet ethernet1
Step 3 specifies the encapsulation type for the interface, such as dot1q:
Router(config-if)# encapsulation
encapsulation-type
Router(config-if-srv)# encapsulation dot1q 393
Step 3 does the following:

• Makes a connection to the peer PE router by specifying the LDP router ID of the peer PE router.
• Specifies a 32-bit unique identifier, called the VC ID, which is shared between the two PE routers.
The combination of the peer router ID and the VC ID must be unique on the router. Two circuits cannot use
the same combination of peer router ID and VC ID.
• Specifies the tunneling method used to encapsulate data in the pseudowire. AToM uses MPLS as the
tunneling method.
Router(config)# interface pseudowire 100

Router(config-if)# encapsulation mpls
Router(config-if)# neighbor 10.0.0.1 123
Router(config-if)# exit
!
Router(config)# l2vpn xconnect context A
Router(config-xconnect)# member pseudowire 100
Router (config-xconnect)# member gigabitethernet0/1/0 service instance 393
Router(config-xconnect)# exit
As an alternative, you can set up a pseudowire class to specify the tunneling method and other characteristics.
For more information, see the Configuring the Pseudowire Class, on page 25.
Benefits of AToM
The following list explains some of the benefits of enabling Layer 2 packets to be sent in the MPLS network:
• The AToM product set accommodates many types of Layer 2 packets, including Ethernet and Frame
Relay, across multiple Cisco router platforms. This enables the service provider to transport all types of
traffic over the backbone and accommodate all types of customers.
• AToM adheres to the standards developed for transporting Layer 2 packets over MPLS. This benefits
the service provider that wants to incorporate industry-standard methodologies in the network. Other
Layer 2 solutions are proprietary, which can limit the service provider’s ability to expand the network
and can force the service provider to use only one vendor’s equipment.
16
MPLS Traffic Engineering Fast Reroute
• Upgrading to AToM is transparent to the customer. Because the service provider network is separate
from the customer network, the service provider can upgrade to AToM without disruption of service to
the customer. The customers assume that they are using a traditional Layer 2 backbone.
MPLS Traffic Engineering Fast Reroute

AToM can use MPLS traffic engineering (TE) tunnels with fast reroute (FRR) support. AToM VCs can be
rerouted around a failed link or node at the same time as MPLS and IP prefixes.
Enabling fast reroute on AToM does not require any special commands; you can use standard fast reroute
commands. At the ingress PE, an AToM tunnel is protected by fast reroute when it is routed to an FRR-protected
TE tunnel. Both link and node protection are supported for AToM VCs at the ingress PE.
Maximum Transmission Unit Guidelines for Estimating Packet Size

The following calculation helps you determine the size of the packets traveling through the core network.
You set the maximum transmission unit (MTU) on the core-facing interfaces of the P and PE routers to
accommodate packets of this size. The MTU should be greater than or equal to the total bytes of the items in
the following equation:
Core MTU >= (Edge MTU + Transport header + AToM header + (MPLS label stack * MPLS label
size))
The following sections describe the variables used in the equation.
Edge MTU
The edge MTU is the MTU for the customer-facing interfaces.
Transport Header
The Transport header depends on the transport type. The table below lists the specific sizes of the headers.
Table 3: Header Size of Packets
Transport Type Packet Size
AAL5 0-32 bytes
Ethernet VLAN 18 bytes
Ethernet Port 14 bytes
Frame Relay DLCI 2 bytes for Cisco encapsulation, 8 bytes for Internet Engineering Task Force (IETF)
encapsulation
HDLC 4 bytes
PPP 4 bytes
17
Estimating Packet Size Example
AToM Header
The AToM header is 4 bytes (control word). The control word is optional for Ethernet, PPP, HDLC, and cell
relay transport types. The control word is required for Frame Relay and ATM AAL5 transport types.
MPLS Label Stack

The MPLS label stack size depends on the configuration of the core MPLS network:
• AToM uses one MPLS label to identify the AToM VCs (VC label). Therefore, the minimum MPLS label
stack is one for directly connected AToM PEs, which are PE routers that do not have a P router between
them.
• If LDP is used in the MPLS network, the label stack size is two (the LDP label and the VC label).
• If a TE tunnel instead of LDP is used between PE routers in the MPLS network, the label stack size is
two (the TE label and the VC label).
• If a TE tunnel and LDP are used in the MPLS network (for example, a TE tunnel between P routers or
between P and PE routers, with LDP on the tunnel), the label stack is three (TE label, LDP label, VC
label).
• If you use MPLS fast reroute in the MPLS network, you add a label to the stack. The maximum MPLS
label stack in this case is four (FRR label, TE label, LDP label, VC label).
• If AToM is used by the customer carrier in an MPLS VPN Carrier Supporting Carrier environment, you
add a label to the stack. The maximum MPLS label stack in the provider carrier network is four (FRR
label, TE label, LDP label, VC label).
• If an AToM tunnel spans different service providers that exchange MPLS labels using IPv4 Border
Gateway Protocol (BGP) (RFC 3107), you add a label to the stack. The maximum MPLS label stack is
four (FRR label, TE label, LDP label, VC label)
• TE-FRR with BGP labels for layer 2 and layer 3 VPNs must terminate on the BGP gateway because of
the four-label limitation.
Other circumstances can increase the MPLS label stack size. Therefore, analyze the complete data path between
the AToM tunnel endpoints and determine the maximum MPLS label stack size for your network. Then
multiply the label stack size by the size of the MPLS label.
Estimating Packet Size Example

The estimated packet size in the following example is 1526 bytes, based on the following assumptions:
• The edge MTU is 1500 bytes.
• The transport type is Ethernet VLAN, which designates 18 bytes for the transport header.
• The AToM header is 0, because the control word is not used.
• The MPLS label stack is 2, because LDP is used. The MPLS label is 4 bytes.
Edge MTU + Transport header + AToM header + (MPLS label stack * MPLS label) = Core MTU
1500 + 18 + 0 + (2 * 4 ) = 1526
You must configure the P and PE routers in the core to accept packets of 1526 bytes.
18
QoS Features Supported with AToM

The tables below list the QoS features supported by AToM.
Table 4: QoS Features Supported with Ethernet over MPLS
QoS Feature Ethernet over MPLS
Service policy Can be applied to:

• Interface (input and output)
Classification Supports the following commands:

• match cos (on interfaces)
• match mpls experimental (on interfaces)
• match qos-group (on interfaces) (output policy)
Marking Supports the following commands:

• set cos (output policy)
• set discard-class (input policy)
• set mpls experimental (input policy) (on
interfaces)
• set qos-group (input policy)
Policing Supports the following:

• Color-aware policing
• Multiple-action policing
• Single-rate policing
• Two-rate policing
Queueing and shaping Supports the following:

• Byte-based WRED
• Low Latency Queueing (LLQ)
• Weighted Random Early Detection (WRED)
19
Table 5: QoS Features Supported with Frame Relay over MPLS
QoS Feature Frame Relay over MPLS

• PVC (input and output)

• match fr-de (on interfaces and VCs)
• match fr-dlci (on interfaces)
• match qos-group

• frame-relay congestion management
(output)
• set discard-class
• set fr-de (output policy)
• set fr-fecn-becn (output)
• set mpls experimental
• set qos-group
• threshold ecn (output)

20
QoS Feature Frame Relay over MPLS

• Byte-based WRED
• Class-based weighted fair queueing
(CBWFQ)
• LLQ
• random-detect discard-class-based
command
• Traffic shaping
• WRED
Table 6: QoS Features Supported with ATM Cell Relay and AAL5 over MPLS
QoS Feature ATM Cell Relay and AAL5 over MPLS

• PVC (input and output)
• Subinterface (input and output)

• match mpls experimental (on VCs)
• match qos-group (output)

• random-detect discard-class-based (input)
• set clp (output) (on interfaces, subinterfaces, and VCs)
• set discard-class (input)
• set mpls experimental (input) (on interfaces, subinterfaces, and
VCs)
• set qos-group (input)

21
Any Transport over MPLS (AToM) Remote Ethernet Port Shutdown
QoS Feature ATM Cell Relay and AAL5 over MPLS

• Byte-based WRED
• CBWFQ
• Class-based shaping support on ATM PVCs
• LLQ
• random-detect discard-class-based command
• WRED
Any Transport over MPLS (AToM) Remote Ethernet Port Shutdown

This Cisco IOS XE feature allows a service provider edge (PE) router on the local end of an Ethernet over
MPLS (EoMPLS) pseudowire to detect a remote link failure and cause the shutdown of the Ethernet port on
the local customer edge (CE) router. Because the Ethernet port on the local CE router is shut down, the router
does not lose data by continuously sending traffic to the failed remote link. This is beneficial if the link is
configured as a static IP route.
The figure below illustrates a condition in an EoMPLS WAN, with a down Layer 2 tunnel link between a CE
router (Customer Edge 1) and the PE router (Provider Edge 1). A CE router on the far side of the Layer 2
tunnel (Customer Edge 2), continues to forward traffic to Customer Edge 1 through the L2 tunnel.
Figure 1: Remote Link Outage in EoMPLS WAN
Previous to this feature, the Provider Edge 2 router could not detect a failed remote link. Traffic forwarded
from Customer Edge 2 to Customer Edge 1 would be lost until routing or spanning tree protocols detected
the down remote link. If the link was configured with static routing, the remote link outage would be even
more difficult to detect.
With this feature, the Provider Edge 2 router detects the remote link failure and causes a shutdown of the local
Customer Edge 2 Ethernet port. When the remote L2 tunnel link is restored, the local interface is automatically
restored as well. The possibility of data loss is thus diminished.
With reference to the figure above, the Remote Ethernet Shutdown sequence is generally described as follows:
1. The remote link between Customer Edge 1 and Provider Edge 1 fails.
2. Provider Edge 2 detects the remote link failure and disables the transmit laser on the line card interface
connected to Customer Edge 2.
3. An RX_LOS error alarm is received by Customer Edge 2 causing Customer Edge 2 to bring down the
interface.
4. Provider Edge 2 maintains its interface with Customer Edge 2 in an up state.
22
Any Transport over MPLS (AToM) Remote Ethernet Port Shutdown Using Commands Associated with L2VPN Protocol-Based Feature
5. When the remote link and EoMPLS connection is restored, the Provider Edge 2 router enables the transmit
laser.
6. The Customer Edge 2 router brings up its downed interface.
This feature is enabled by default for Ethernet over MPLS (EoMPLS). You can also enable this feature by
using the remote link failure notification command in xconnect configuration mode as shown in the following
example:
pseudowire-class eompls
encapsulation mpls
!
xconnect 10.13.13.13 1 pw-class eompls
remote link failure notification
!
This feature can be disabled using the no remote link failure notification command in xconnect configuration
mode. Use the show ip interface brief privileged EXEC command to display the status of all remote L2
tunnel links. Use the show interface privileged EXEC command to show the status of the L2 tunnel on a
specific interface.
Note The no remote link failure notification command will not give notification to clients for remote attachment
circuit status down.
Note Remote Ethernet Port Shutdown is supported only on EFP with encapsulation default.
Any Transport over MPLS (AToM) Remote Ethernet Port Shutdown Using
Commands Associated with L2VPN Protocol-Based Feature
This Cisco IOS XE feature allows a service provider edge (PE) router on the local end of an Ethernet over
MPLS (EoMPLS) pseudowire to detect a remote link failure and cause the shutdown of the Ethernet port on
the local customer edge (CE) router. Because the Ethernet port on the local CE router is shut down, the router
does not lose data by continuously sending traffic to the failed remote link. This is beneficial if the link is
configured as a static IP route.
The figure below illustrates a condition in an EoMPLS WAN, with a down Layer 2 tunnel link between a CE
router (Customer Edge 1) and the PE router (Provider Edge 1). A CE router on the far side of the Layer 2
tunnel (Customer Edge 2), continues to forward traffic to Customer Edge 1 through the L2 tunnel.
Figure 2: Remote Link Outage in EoMPLS WAN
23
How to Configure Any Transport over MPLS
Previous to this feature, the Provider Edge 2 router could not detect a failed remote link. Traffic forwarded
from Customer Edge 2 to Customer Edge 1 would be lost until routing or spanning tree protocols detected
the down remote link. If the link was configured with static routing, the remote link outage would be even
more difficult to detect.
With this feature, the Provider Edge 2 router detects the remote link failure and causes a shutdown of the local
Customer Edge 2 Ethernet port. When the remote L2 tunnel link is restored, the local interface is automatically
restored as well. The possibility of data loss is thus diminished.
With reference to the figure above, the Remote Ethernet Shutdown sequence is generally described as follows:
1. The remote link between Customer Edge 1 and Provider Edge 1 fails.
2. Provider Edge 2 detects the remote link failure and disables the transmit laser on the line card interface
connected to Customer Edge 2.
3. An RX_LOS error alarm is received by Customer Edge 2 causing Customer Edge 2 to bring down the
interface.
4. Provider Edge 2 maintains its interface with Customer Edge 2 in an up state.
5. When the remote link and EoMPLS connection is restored, the Provider Edge 2 router enables the transmit
laser.
6. The Customer Edge 2 router brings up its downed interface.
This feature is enabled by default for Ethernet over MPLS (EoMPLS). You can also enable this feature by
using the remote link failure notification command in xconnect configuration mode as shown in the following
example:
l2vpn xconnect context con1
member Pseudowire 100
This feature can be disabled using the no remote link failure notification command in xconnect configuration
mode. Use the show ip interface brief privileged EXEC command to display the status of all remote L2
tunnel links. Use the show interface privileged EXEC command to show the status of the L2 tunnel on a
specific interface.
Note The no remote link failure notification command will not give notification to clients for remote attachment
circuit status down.
How to Configure Any Transport over MPLS

This section explains how to perform a basic AToM configuration and includes the following procedures:
24
Configuring the Pseudowire Class
Configuring the Pseudowire Class
Note In simple configurations, this task is optional. You need not specify a pseudowire class if you specify the
tunneling method as part of the xconnect command.
• You must specify the encapsulation mpls command as part of the pseudowire class or as part of the
xconnect command for the AToM VCs to work properly. If you omit the encapsulation mpls command
as part of the xconnect command, you receive the following error:
% Incomplete command.
SUMMARY STEPS
1. enable
2. configure terminal
3. pseudowire-class name
4. encapsulation mpls
DETAILED STEPS
Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Router> enable
Step 2 configure terminal Enters global configuration mode.

Example:
Router# configure terminal
Step 3 pseudowire-class name Establishes a pseudowire class with a name that you specify
and enters pseudowire class configuration mode.
Example:
Router(config)# pseudowire-class atom
Step 4 encapsulation mpls Specifies the tunneling encapsulation.

Example:
Router(config-pw)# encapsulation mpls
25
Configuring the Pseudowire Class Using Commands Associated with L2VPN Protocol-Based Feature
Configuring the Pseudowire Class Using Commands Associated with L2VPN

Protocol-Based Feature
Note In simple configurations, this task is optional. You need not specify a pseudowire class if you specify the
tunneling method as part of the l2vpn xconnect context command.
• You must specify the encapsulation mpls command as part of the pseudowire class or as part of the
l2vpn xconnect context command for the AToM VCs to work properly. If you omit the encapsulation
mpls command as part of the l2vpn xconnect contextcommand, you receive the following error:
% Incomplete command.
SUMMARY STEPS
1. enable
3. interface pseudowire name
5. neighbor peer-address vcid-value
DETAILED STEPS

Router> enable

Example:
Step 3 interface pseudowire name Establishes an interface pseudowire with a name that you
specify and enters pseudowire class configuration mode.
Example:
Router(config)# interface pseudowire atom

Example:
Router(config-pw-class)# encapsulation mpls
Step 5 neighbor peer-address vcid-value Specifies the peer IP address and virtual circuit (VC) ID
value of a Layer 2 VPN (L2VPN) pseudowire.
Example:
26
Changing the Encapsulation Type and Removing a Pseudowire
Router(config-pw-class)# neighbor 33.33.33.33 1
Changing the Encapsulation Type and Removing a Pseudowire

Once you specify the encapsulation mpls command, you cannot remove it using the no encapsulation mpls
command.
Those methods result in the following error message:
Encapsulation changes are not allowed on an existing pw-class.
To remove the encapsulation mpls command, you must delete the pseudowire with the no pseudowire-class
command.
To change the type of encapsulation, remove the pseudowire using the no pseudowire-class command and
reconfigure the pseudowire to specify the new encapsulation type.
Changing the Encapsulation Type and Removing a Pseudowire Using

Commands Associated with the L2VPN Protocol-Based Feature
Once you specify the encapsulation mpls command, you cannot remove it using the no encapsulation mpls
command.
Those methods result in the following error message:
% Cannot remove encapsulation on existing pseudowire
To remove the encapsulation mpls command, you must delete the pseudowire with the no interface
pseudowire command.
To change the type of encapsulation, remove the pseudowire using the no template type pseudowire command
and reconfigure the pseudowire to specify the new encapsulation type.
Configuring ATM AAL5 over MPLS

Configuring ATM AAL5 over MPLS on PVCs
SUMMARY STEPS
1. enable
3. interface type slot / subslot / port [. subinterface]
4. pvc [name] vpi / vci l2transport
5. encapsulation aal5
6. xconnect peer-router-id vcid encapsulation mpls
7. end
8. show mpls l2transport vc
27
Configuring ATM AAL5 over MPLS on PVCs
DETAILED STEPS

Router> enable

Example:
Step 3 interface type slot / subslot / port [. subinterface] Specifies the interface type and enters interface
configuration mode.
Example:
Router(config)# interface atm1/0/0
Step 4 pvc [name] vpi / vci l2transport Creates or assigns a name to an ATM PVC and enters
L2transport PVC configuration mode.
Example:
• The l2transport keyword indicates that the PVC is a
Router(config-if)# pvc 1/200 l2transport switched PVC instead of a terminated PVC.
Step 5 encapsulation aal5 Specifies ATM AAL5 encapsulation for the PVC. Make
sure you specify the same encapsulation type on the PE and
Example:
customer edge (CE) routers.
Router(config-if-atm-l2trans-pvc)# encapsulation
aal5
Step 6 xconnect peer-router-id vcid encapsulation mpls Binds the attachment circuit to a pseudowire VC.
Example:
Router(config-if-atm-l2trans-pvc)# xconnect
10.13.13.13 100 encapsulation mpls
Step 7 end Exits to privileged EXEC mode.

Example:
Router(config-if-atm-l2trans-pvc)# end
Step 8 show mpls l2transport vc Displays output that shows ATM AAL5 over MPLS is
configured on a PVC.
Example:
Router# show mpls l2transport vc
28
Configuring ATM AAL5 over MPLS on PVCs using the commands associated with the L2VPN Protocol-Based CLIs feature
Examples
The following is sample output from the show mpls l2transport vc command that shows that ATM
AAL5 over MPLS is configured on a PVC:

Local intf Local circuit Dest address VC ID Status
--------- ------------- ------------ ----- ------
ATM1/0 ATM AAL5 1/100 10.4.4.4 100 UP
Configuring ATM AAL5 over MPLS on PVCs using the commands associated with the L2VPN
Protocol-Based CLIs feature
SUMMARY STEPS
1. enable
3. interface type slot / subslot / port[. subinterface]
5. encapsulation aal5
6. end
7. interface pseudowire number
10. exit
11. l2vpn xconnect context context-name
12. member pseudowire interface-number
13. member atm interface-number pvc vpi / vci
14. end
15. show l2vpn atom vc
DETAILED STEPS

Device> enable

Example:
Device# configure terminal
Step 3 interface type slot / subslot / port[. subinterface] Specifies the interface type and enters interface
configuration mode.
Example:
29
Configuring ATM AAL5 over MPLS on PVCs using the commands associated with the L2VPN Protocol-Based CLIs feature
Device(config)# interface atm1/0/0
Example:
• The l2transport keyword indicates that the PVC is
Device(config-if)# pvc 1/200 l2transport a switched PVC instead of a terminated PVC.
Step 5 encapsulation aal5 Specifies ATM AAL5 encapsulation for the PVC. Make
sure you specify the same encapsulation type on the PE
Example:
and customer edge (CE) routers.
Device(config-if-atm-l2trans-pvc)# encapsulation
aal5

Example:
Device(config-if-atm-l2trans-pvc)# end
Step 7 interface pseudowire number Specifies the pseudowire interface and enters interface
configuration mode.
Example:
Device(config)# interface pseudowire 100
Step 8 encapsulation mpls Specifies that Multiprotocol Label Switching (MPLS) is

used as the data encapsulation method.
Example:
Device(config-if)# encapsulation mpls
value of the Layer 2 VPN (L2VPN) pseudowire.
Example:
Device(config-if)# neighbor 10.13.13.13 100
Step 10 exit Exits interface configuration mode.

Example:
Device(config-if)# exit
Step 11 l2vpn xconnect context context-name Creates a Layer 2 VPN (L2VPN) cross connect context
and enters xconnect configuration mode.
Example:
Device(config)# l2vpn xconnect context con1
Step 12 member pseudowire interface-number Specifies a member pseudowire to form a Layer 2 VPN
(L2VPN) cross connect.
Example:
Device(config-xconnect)# member pseudowire 100
30
Configuring ATM AAL5 over MPLS in VC Class Configuration Mode

Step 13 member atm interface-number pvc vpi / vci Specifies the location of the ATM member interface.
Example:
Device(config-xconnect)# member atm 100 pvc 1/200

Example:
Device(config-xconnect)# end
Step 15 show l2vpn atom vc Displays output that shows ATM AAL5 over MPLS is
configured on a PVC.
Example:
Device# show l2vpn atom vc
Examples
The following is sample output from the show l2vpn atom vc command that shows that ATM AAL5
over MPLS is configured on a PVC:

--------- ------------- ------------ ----- ------
ATM1/0 ATM AAL5 1/100 10.4.4.4 100 UP
SUMMARY STEPS
1. enable
3. vc-class atm vc-class-name
4. encapsulation layer-type
5. exit
7. class-int vc-class-name
10. end
11. show atm class-links
DETAILED STEPS

31

Router> enable

Example:
Step 3 vc-class atm vc-class-name Creates a VC class and enters VC class configuration
mode.
Example:
Router(config)# vc-class atm aal5class
Step 4 encapsulation layer-type Configures the AAL and encapsulation type.

Example:
Router(config-vc-class)# encapsulation aal5
Step 5 exit Exits VC class configuration mode.

Example:
Router(config-vc-class)# exit
Step 6 interface type slot / subslot / port [. subinterface] Specifies the interface type enters interface configuration
mode.
Example:
Step 7 class-int vc-class-name Applies a VC class to the ATM main interface or

subinterface.
Example:
Note You can also apply a VC class to a PVC.
Router(config-if)# class-int aal5class
Example:
Router(config-if)# pvc 1/200 l2transport a switched PVC instead of a terminated PVC.
Example:
Router(config-if-atm-l2trans-pvc)# xconnect
10.13.13.13 100 encapsulation mpls

Example:
32
Configuring ATM AAL5 over MPLS in VC Class Configuration Mode using the commands associated with the L2VPN Protocol-Based CLIs feature
Step 11 show atm class-links Displays the type of encapsulation and that the VC class
was applied to an interface.
Example:
Router# show atm class-links
Examples
In the following example, the command output from the show atm class-links command verifies
that ATM AAL5 over MPLS is configured as part of a VC class. The command output shows the
type of encapsulation and that the VC class was applied to an interface.
Router# show atm class-links 1/100

Displaying vc-class inheritance for ATM1/0/0.0, vc 1/100:
no broadcast - Not configured - using default
encapsulation aal5 - VC-class configured on main interface
Configuring ATM AAL5 over MPLS in VC Class Configuration Mode using the commands associated
with the L2VPN Protocol-Based CLIs feature
SUMMARY STEPS
1. enable
3. vc-class atm vc-class-name
4. encapsulation layer-type
5. exit
7. class-int vc-class-name
9. exit
13. exit
16. member atm interface-number
17. end
18. show atm class-links
33
DETAILED STEPS

Router> enable

Example:
Step 3 vc-class atm vc-class-name Creates a VC class and enters VC class configuration
mode.
Example:
Router(config)# vc-class atm aal5class
Step 4 encapsulation layer-type Configures the AAL and encapsulation type.

Example:
Router(config-vc-class)# encapsulation aal5
Step 5 exit Exits VC class configuration mode.

Example:
Router(config-vc-class)# exit
Step 6 interface type slot / subslot / port [. subinterface] Specifies the interface type enters interface configuration
mode.
Example:
Step 7 class-int vc-class-name Applies a VC class to the ATM main interface or

subinterface.
Example:
Note You can also apply a VC class to a PVC.
Router(config-if)# class-int aal5class
Example:
Router(config-if)# pvc 1/200 l2transport a switched PVC instead of a terminated PVC.

Example:
34

configuration mode.
Example:

Example:
Router(config-if)# encapsulation mpls
Example:

Example:
Example:
Router(config)# l2vpn xconnect context con1
Example:
Step 16 member atm interface-number Specifies the location of the ATM member interface.
Example:
Device(config-xconnect)# member atm 100

Example:
Step 18 show atm class-links Displays the type of encapsulation and that the VC class
was applied to an interface.
Example:
Router# show atm class-links
35
Configuring Ethernet over MPLS
Examples
In the following example, the command output from the show atm class-links command verifies
that ATM AAL5 over MPLS is configured as part of a VC class. The command output shows the
type of encapsulation and that the VC class was applied to an interface.
Router# show atm class-links 1/100

Displaying vc-class inheritance for ATM1/0/0.0, vc 1/100:
no broadcast - Not configured - using default
encapsulation aal5 - VC-class configured on main interface
Configuring Ethernet over MPLS

Configuring Ethernet over MPLS in Port Mode
SUMMARY STEPS
1. enable
3. interface gigabitethernet slot / subslot / port
4. no ip address
5. negotiation auto
6. service instance id ethernet
8. end
9. show mpls l2transport vc
DETAILED STEPS

Router> enable

Example:
Step 3 interface gigabitethernet slot / subslot / port Specifies the Gigabit Ethernet interface and enters interface
configuration mode.
Example:
Router(config)# interface gigabitethernet 0/2/4
36
Configuring Ethernet over MPLS in Port Mode Using Commands Associated with the L2VPN Protocol-Based Feature

Step 4 no ip address Specifies that there is no IP address assigned to the interface.
Example:
Router(config-if)# no ip address
Step 5 negotiation auto Enables the auto negotiation protocol.

Example:
Router(config-if)# negotiation auto
Step 6 service instance id ethernet Configures an ethernet service instance on an interface and
enters service instance configuration mode.
Example:
Router(config-if)# service instance 100 ethernet
Example:
Router(config-if)# xconnect 10.0.0.1 123

encapsulation mpls

Example:
Router(config-if)# end
Step 9 show mpls l2transport vc Displays information about Ethernet over MPLS port mode.
Example:
Configuring Ethernet over MPLS in Port Mode Using Commands Associated with the L2VPN
SUMMARY STEPS
1. enable
3. interface gigabitethernet slot / subslot / port[. subinterface]
4. end
8. exit
37
Configuring Ethernet over MPLS in Port Mode Using Commands Associated with the L2VPN Protocol-Based Feature
11. member gigabitethernet interface-number

12. end
13. end
14. show l2vpn atom vc
DETAILED STEPS

Device> enable

Example:
Step 3 interface gigabitethernet slot / subslot / port[. Specifies the Gigabit Ethernet interface and enters interface
subinterface] configuration mode.
Example: • Make sure the interface on the adjoining CE router
is on the same VLAN as this PE router.
Device(config)# interface gigabitethernet4/0/0

Example:
Device(config-if)# end
configuration mode.
Example:

Example:
Example:

Example:
38
Configuring Tunnel Selection

Example:
Example:
Device(config-xconnect)# member pseudowire 100
Step 11 member gigabitethernet interface-number Specifies the location of the Gigabit Ethernet member
interface.
Example:
Device(config-xconnect)# member
GigabitEthernet0/0/0.1

Example:

Example:
Step 14 show l2vpn atom vc Displays information about Ethernet over MPLS port
mode.
Example:

SUMMARY STEPS
1. enable
3. pseudowire-class name
5. preferred-path {interface tunnel tunnel-number | peer{ip-address | host-name}} [disable-fallback]
6. exit
7. interface type slot / subslot / port
8. encapsulation encapsulation-type
9. xconnect peer-router-id vcid pw-class name
39
DETAILED STEPS

Router> enable

Example:
Step 3 pseudowire-class name Establishes a pseudowire class with a name that you specify
and enters pseudowire configuration mode.
Example:
Router(config)# pseudowire-class ts1
Step 4 encapsulation mpls Specifies the tunneling encapsulation. For AToM, the
encapsulation type is mpls.
Example:
Step 5 preferred-path {interface tunnel tunnel-number | Specifies the MPLS traffic engineering tunnel or IP address
peer{ip-address | host-name}} [disable-fallback] or hostname to be used as the preferred path.
Example:
Router(config-pw)# preferred path peer 10.18.18.18
Step 6 exit Exits from pseudowire configuration mode and enables the
Tunnel Selection feature.
Example:
Router(config-pw)# exit
Step 7 interface type slot / subslot / port Specifies an interface type and enters interface configuration
mode.
Example:
Step 8 encapsulation encapsulation-type Specifies the encapsulation for the interface.

Example:
Router(config-if)# encapsulation aal5
Step 9 xconnect peer-router-id vcid pw-class name Binds the attachment circuit to a pseudowire VC.
Example:
Router(config-if)# xconnect 10.0.0.1 123 pw-class

ts1
40
Troubleshooting Tips
Examples
In the following sample output from the show mpls l2transport vc command includes the following
information about the VCs:
• VC 101 has been assigned a preferred path called Tunnel1. The default path is disabled, because
the preferred path specified that the default path should not be used if the preferred path fails.
• VC 150 has been assigned an IP address of a loopback address on PE2. The default path can
be used if the preferred path fails.
Command output that is in boldface font shows the preferred path information.
Router# show mpls l2transport vc detail

Local interface: Gi0/0/0.1 up, line protocol up, Eth VLAN 222 up
Destination address: 10.16.16.16, VC ID: 101, VC status: up
Preferred path: Tunnel1, active
Default path: disabled
Tunnel label: 3, next hop point2point
Output interface: Tu1, imposed label stack {17 16}
Create time: 00:27:31, last status change time: 00:27:31
Signaling protocol: LDP, peer 10.16.16.16:0 up
MPLS VC labels: local 25, remote 16
Group ID: local 0, remote 6
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 10, send 10
byte totals: receive 1260, send 1300
packet drops: receive 0, send 0
Local interface: ATM1/0/0 up, line protocol up, ATM AAL5 0/50 up
Preferred path: 10.18.18.18, active
Default path: ready
Tunnel label: 3, next hop point2point
Output interface: Tu2, imposed label stack {18 24}
VC statistics:
Troubleshooting Tips
To debug ATM cell packing, issue the debug atm cell-packing command.
41
Configuring Tunnel Selection Using Commands Associated with L2VPN

SUMMARY STEPS
1. enable
3. template type pseudowire name
5. preferred-path {interface tunnel tunnel-number | peer {ip-address | hostname}} [disable-fallback]
6. exit
7. interface type slot / subslot / port[. subinterface]
8. encapsulation encapsulation-type
9. end
11. source template type pseudowire name
13. end
16. member ip-address vc-id encapsulation mpls
17. end
DETAILED STEPS

Router> enable

Example:
Step 3 template type pseudowire name Creates a template pseudowire with a name that you specify
and enters pseudowire configuration mode.
Example:
Router(config)# template type pseudowire ts1
Step 4 encapsulation mpls Specifies the tunneling encapsulation. For AToM, the
encapsulation type is mpls.
Example:
42

Step 5 preferred-path {interface tunnel tunnel-number | peer Specifies the MPLS traffic engineering tunnel or IP address
{ip-address | hostname}} [disable-fallback] or hostname to be used as the preferred path.
Example:
Router(config-pw)# preferred path peer 10.18.18.18
Step 6 exit Exits from pseudowire configuration mode and enables

the Tunnel Selection feature.
Example:
Step 7 interface type slot / subslot / port[. subinterface] Specifies an interface type and enters interface
configuration mode.
Example:
Step 8 encapsulation encapsulation-type Specifies the encapsulation for the interface.

Example:
Router(config-if)# encapsulation aal5

Example:
configuration mode.
Example:
Step 11 source template type pseudowire name Configures the source template of type pseudowire named
ts1.
Example:
Router(config-if)# source template type pseudowire

ts1
Example:

Example:
43

Example:
Router(config)# l2vpn xconnect context con1
Example:
Step 16 member ip-address vc-id encapsulation mpls Creates the VC to transport the Layer 2 packets.
Example:
Router(config-xconnect)# member 10.0.0.1 123

encapsulation mpls

Example:
Router(config-xconnect)# end
You can use the debug l2vpn atom vc event command to troubleshoot tunnel selection. For example, if the
tunnel interface that is used for the preferred path is shut down, the default path is enabled. The debug l2vpn
atom vc event command provides the following output:
AToM SMGR [10.2.2.2, 101]: Processing imposition update, vc_handle 62091860, update_action
3, remote_vc_label 16
AToM SMGR [10.2.2.2, 101]: selected route no parent rewrite: tunnel not up
AToM SMGR [10.2.2.2, 101]: Imposition Programmed, Output Interface: Et3/2
Setting Experimental Bits with AToM
Note Only EoMPLS and CEM is supported .
SUMMARY STEPS
1. enable
3. class-map class-name
4. match any
5. policy-map policy-name
6. class class-name
44
Setting Experimental Bits with AToM
7. set mpls experimental value

8. exit
9. exit
11. service-policy input policy-name
12. end
13. show policy-map interface interface-name [vc [vpi /] vci] [dlci dlci] [input | output]
DETAILED STEPS

Router> enable

Example:
Step 3 class-map class-name Specifies the user-defined name of the traffic class and
enters class map configuration mode.
Example:
Router(config)# class-map class1
Step 4 match any Specifies that all packets will be matched. Use only the
any keyword. Other keywords might cause unexpected
Example:
results.
Router(config-cmap)# match any
Step 5 policy-map policy-name Specifies the name of the traffic policy to configure and
enters policy-map configuration mode.
Example:
Router(config-cmap)# policy-map policy1
Step 6 class class-name Specifies the name of a predefined traffic class, which was
configured with the class-map command, used to classify
Example:
traffic to the traffic policy and enters policy-map class
configuration mode.
Router(config-pmap)# class class1
Step 7 set mpls experimental value Designates the value to which the MPLS bits are set if the
packets match the specified policy map.
Example:
Router(config-pmap-c)# set mpls experimental 7
Step 8 exit Exits policy-map class configuration mode.

Example:
45
Enabling the Control Word
Router(config-pmap-c)# exit
Step 9 exit Exits policy-map configuration mode.

Example:
Router(config-pmap)# exit
Step 10 interface type slot / subslot / port Specifies the interface type and enters interface
configuration mode.
Example:
Step 11 service-policy input policy-name Attaches a traffic policy to an interface.

Example:
Router(config-if)# service-policy input policy1

Example:
Step 13 show policy-map interface interface-name [vc [vpi /] Displays the traffic policy attached to an interface.
vci] [dlci dlci] [input | output]
Example:
Router# show policy-map interface serial3/0/0
Enabling the Control Word

SUMMARY STEPS
1. enable
3. pseudowire-class cw_enable
5. control-word
6. end
DETAILED STEPS

46
Enabling the Control Word using the commands associated with the L2VPN Protocol-Based CLIs feature
Router> enable

Example:
Step 3 pseudowire-class cw_enable Enters pseudowire class configuration mode.

Example:
Router(config)# pseudowire-class cw_enable

Example: • For AToM, the encapsulation type is MPLS.
Router(config-pw-class)# encapsulation mpls
Step 5 control-word Enables the control word.

Example:
Router(config-pw-class)# control-word

Example:
Router(config-pw-class)# end
Enabling the Control Word using the commands associated with the L2VPN
Protocol-Based CLIs feature
SUMMARY STEPS
1. enable
5. control-word include
7. end
DETAILED STEPS

47
Configuring MPLS AToM Remote Ethernet Port Shutdown

Router> enable

Example:
Step 3 interface pseudowire number Creates an interface pseudowire with a value that you
specify and enters pseudowire configuration mode.
Example:

Example: • For AToM, the encapsulation type is mpls.
Step 5 control-word include Enables the control word.

Example:
Router(config-pw)# control-word include
Example:
Router(config-pw)# neighbor 10.0.0.1 123

Example:
Router(config-pw)# end
Note The Any Transport over MPLS (AToM): Remote Ethernet Port Shutdown feature is automatically enabled
by default when an image with the feature supported is loaded on the router.
SUMMARY STEPS
1. enable
3. pseudowire-class [pw-class-name]
48
5. exit
7. service instance number ethernet number
8. encapsulation default
9. xconnect peer-ip-address vc-id pw-class pw-class-name
10. no remote link failure notification
11. remote link failure notification
12. end
DETAILED STEPS

Router> enable

Example:
Step 3 pseudowire-class [pw-class-name] Specifies the name of a Layer 2 pseudowire class and
enters pseudowire class configuration mode.
Example:
Router(config)# pseudowire-class eompls
Step 4 encapsulation mpls Specifies that MPLS is used as the data encapsulation
method for tunneling Layer 2 traffic over the pseudowire.
Example:
Step 5 exit Exits to global configuration mode.

Example:
Step 6 interface type slot / subslot / port Configures an interface type and enters interface
configuration mode.
Example:
Router (config)# interface GigabitEthernet1/0/0
Step 7 service instance number ethernet number Configures an ethernet service instance on an interface
and enters service instance configuration mode.
Example:
Router(config-if)# service instance 393 ethernet
49
Configuring MPLS AToM Remote Ethernet Port Shutdown using the commands associated with the L2VPN Protocol-Based CLIs feature

Step 8 encapsulation default Specifies the encapsulation type for the interface, such as
dot1q.
Example:
Router(config-if-srv)# encapsulation default Note Remote ethernet port shutdown is supported
only with encapsulation default.
Step 9 xconnect peer-ip-address vc-id pw-class Binds an attachment circuit to a pseudowire, and configures
pw-class-name an Any Transport over MPLS (AToM) static pseudowire.
Example:
Router(config-if)# xconnect 10.1.1.1 1 pw-class

eompls
Step 10 no remote link failure notification Disables MPLS AToM remote link failure notification and
shutdown.
Example:
Router(config-if-xconn)# remote link failure

notification
Step 11 remote link failure notification Enables MPLS AToM remote link failure notification and
shutdown.
Example:
Router(config-if-xconn)# remote link failure

notification

Example:
Router(config-if-xconn)# end
Configuring MPLS AToM Remote Ethernet Port Shutdown using the commands
associated with the L2VPN Protocol-Based CLIs feature
Note The Any Transport over MPLS (AToM): Remote Ethernet Port Shutdown feature is automatically enabled
by default when an image with the feature supported is loaded on the router.
SUMMARY STEPS
1. enable
3. template type pseudowire [pseudowire-name]
5. exit
50
Configuring MPLS AToM Remote Ethernet Port Shutdown using the commands associated with the L2VPN Protocol-Based CLIs feature

8. source template type pseudowire
10. end
12. no remote link failure notification
13. remote link failure notification
14. end
DETAILED STEPS

Device> enable

Example:
Step 3 template type pseudowire [pseudowire-name] Specifies the name of a Layer 2 pseudowire class and
Example:
Device(config)# template type pseudowire eompls
Step 4 encapsulation mpls Specifies that MPLS is used as the data encapsulation
method for tunneling Layer 2 traffic over the pseudowire.
Example:
Device(config-pw)# encapsulation mpls
Step 5 exit Exits to global configuration mode.

Example:
Device(config-pw)# exit
Step 6 interface type slot / subslot / port Configures an interface type and enters interface
configuration mode.
Example:
Device(config)# interface GigabitEthernet1/0/0
Step 7 interface pseudowire number Specifies the pseudowire interface.

Example:
Device(config-if)# interface pseudowire 100
51
Configuration Examples for Any Transport over MPLS

Step 8 source template type pseudowire Configures the source template of type pseudowire named
eompls.
Example:
Device(config-if)# source template type pseudowire

eompls
Example:

Example:
Example:
Step 12 no remote link failure notification Disables MPLS AToM remote link failure notification and
shutdown.
Example:
Device(config-xconnect)# no remote link failure

notification
Step 13 remote link failure notification Enables MPLS AToM remote link failure notification and
shutdown.
Example:
Device(config-xconnect)# remote link failure

notification

Example:
Configuration Examples for Any Transport over MPLS

Example: ATM over MPLS
The table below shows the configuration of ATM over MPLS on two PE routers.
52
Table 7: ATM over MPLS Configuration Example
PE1 PE2
mpls label protocol ldp mpls label protocol ldp
mpls ldp router-id Loopback0 force mpls ldp router-id Loopback0 force
! !
interface Loopback0 interface Loopback0
ip address 10.16.12.12 255.255.255.255 ip address 10.13.13.13 255.255.255.255
interface ATM4/0/0 interface ATM4/0/0
pvc 0/100 l2transport pvc 0/100 l2transport
encapsulation aal0 encapsulation aal0
xconnect 10.13.13.13 100 encapsulation mpls xconnect 10.16.12.12 100 encapsulation

mpls
!
!
interface ATM4/0/0.300 point-to-point
interface ATM4/0/0.300 point-to-point
no ip directed-broadcast
no atm enable-ilmi-trap
pvc 0/300 l2transport
encapsulation aal0
encapsulation aal0
xconnect 10.13.13.13 300 encapsulation mpls
Example: ATM over MPLS Using Commands Associated with L2VPN

The table below shows the configuration of ATM over MPLS on two PE routers.
53
Table 8: ATM over MPLS Configuration Example
PE1 PE2
54
PE1 PE2
mpls label protocol ldp mpls label protocol ldp
mpls ldp router-id Loopback0 force mpls ldp router-id Loopback0 force
! !
interface Loopback0 interface Loopback0
ip address 10.16.12.12 255.255.255.255 ip address 10.13.13.13 255.255.255.255
interface ATM4/0/0 interface ATM4/0/0
pvc 0/100 l2transport pvc 0/100 l2transport
encapsulation aal0 encapsulation aal0
interface pseudowire 100 interface pseudowire 100
encapsulation mpls encapsulation mpls
neighbor 10.0.0.1 123 neighbor 10.0.0.1 123
! !
l2vpn xconnect context A l2vpn xconnect context A
member pseudowire 100 member pseudowire 100
member atm 100 member atm 100
! !
interface ATM4/0/0.300 point-to-point interface ATM4/0/0.300 point-to-point
no atm enable-ilmi-trap no ip directed-broadcast
pvc 0/300 l2transport no atm enable-ilmi-trap
encapsulation aal0 pvc 0/300 l2transport
interface pseudowire 300 encapsulation aal0
encapsulation mpls interface pseudowire 300
neighbor 10.0.0.1 123 encapsulation mpls
55
Example: Configuring ATM AAL5 over MPLS in VC Class Configuration Mode
PE1 PE2
! neighbor 10.0.0.1 123
l2vpn xconnect context A !
member pseudowire 300 l2vpn xconnect context A
member atm 300 member pseudowire 300
member atm 300

The following example configures ATM AAL5 over MPLS in VC class configuration mode. The VC class
is then applied to an interface.
enable
configure terminal
vc-class atm aal5class
encapsulation aal5
interface atm1/0/0
class-int aal5class
is then applied to a PVC.
enable
configure terminal
encapsulation aal5
interface atm1/0/0
class-vc aal5class

Using Commands Associated with L2VPN Protocol-Based Feature
is then applied to an interface.
enable
configure terminal
encapsulation aal5
interface atm1/0/0
class-int aal5class
encapsulation mpls
56
Example: Ethernet over MPLS with MPLS Traffic Engineering Fast Reroute
neighbor 10.0.0.1 123

exit
l2vpn xconnect context A
member atm 100
exit
The following configuration example and the figure show the configuration of Ethernet over MPLS with fast
reroute on AToM PE routers.
Routers PE1 and PE2 have the following characteristics:
• A TE tunnel called Tunnel41 is configured between PE1and PE2, using an explicit path through a link
called L1. AToM VCs are configured to travel through the FRR-protected tunnel Tunnel41.
• The link L1 is protected by FRR, the backup tunnel is Tunnel1.
• PE2 is configured to forward the AToM traffic back to PE1 through the L2 link.
Figure 3: Fast Reroute Configuration
PE1 Configuration
mpls label protocol ldp

mpls traffic-eng tunnels
mpls ldp router-id Loopback1 force
!
pseudowire-class T41
encapsulation mpls
preferred-path interface Tunnel41 disable-fallback
!
pseudowire-class IP1
encapsulation mpls
preferred-path peer 10.4.0.1 disable-fallback
!
interface Loopback1
ip address 10.0.0.27 255.255.255.255
!
interface Tunnel1
ip unnumbered Loopback1
tunnel destination 10.0.0.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng priority 1 1
tunnel mpls traffic-eng bandwidth 10000
tunnel mpls traffic-eng path-option 1 explicit name FRR
!
interface Tunnel41
57
tunnel mpls traffic-eng path-option 1 explicit name name-1

tunnel mpls traffic-eng fast-reroute
!
interface POS0/0/0
description pe1name POS8/0/0
ip address 10.1.0.2 255.255.255.252
mpls traffic-eng backup-path Tunnel1
crc 16
clock source internal
pos ais-shut
pos report lrdi
ip rsvp bandwidth 155000 155000
!
interface POS0/3/0
ip address 10.1.0.14 255.255.255.252
crc 16
!
interface gigabitethernet3/0/0.1
encapsulation dot1Q 203
xconnect 10.0.0.4 2 pw-class IP1
!
xconnect 10.0.0.4 4 pw-class T41
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
mpls traffic-eng router-id Loopback1
mpls traffic-eng area 0
!
ip classless
ip route 10.4.0.1 255.255.255.255 Tunnel41
!
ip explicit-path name xxxx-1 enable
next-address 10.4.1.2
P Configuration
ip cef
!
interface Loopback1
ip address 10.0.0.1 255.255.255.255
!
interface FastEthernet1/0/0
ip address 10.4.1.2 255.255.255.0
!
interface POS8/0/0
description xxxx POS0/0
ip address 10.1.0.1 255.255.255.252
pos ais-shut
pos report lrdi
!
58
Example: Ethernet over MPLS with MPLS Traffic Engineering Fast Reroute Using Commands Associated with L2VPN Protocol-Based Feature
interface POS10/1/0
ip address 10.1.0.13 255.255.255.252
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
PE2 Configuration
ip cef
!
interface Loopback1
ip address 10.0.0.4 255.255.255.255
!
interface loopback 2
ip address 10.4.0.1 255.255.255.255
!
interface Tunnel27
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 explicit name xxxx-1
!
interface FastEthernet0/0/0.2
!
!
ip address 10.4.1.1 255.255.255.0
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
!
Using Commands Associated with L2VPN Protocol-Based Feature
The following configuration example and the figure show the configuration of Ethernet over MPLS with fast
reroute on AToM PE routers.
59
Routers PE1 and PE2 have the following characteristics:

• A TE tunnel called Tunnel41 is configured between PE1and PE2, using an explicit path through a link
called L1. AToM VCs are configured to travel through the FRR-protected tunnel Tunnel41.
• The link L1 is protected by FRR, the backup tunnel is Tunnel1.
• PE2 is configured to forward the AToM traffic back to PE1 through the L2 link.
Figure 4: Fast Reroute Configuration
PE1 Configuration

!
template type pseudowire T41
encapsulation mpls
!
template type pseudowire IP1
encapsulation mpls
preferred-path peer 10.4.0.1 disable-fallback
!
interface Loopback1
ip address 10.0.0.27 255.255.255.255
!
interface Tunnel1
tunnel mpls traffic-eng path-option 1 explicit name FRR
!
interface Tunnel41
tunnel mpls traffic-eng path-option 1 explicit name name-1
tunnel mpls traffic-eng fast-reroute
!
interface POS0/0/0
ip address 10.1.0.2 255.255.255.252
mpls traffic-eng backup-path Tunnel1
crc 16
pos ais-shut
pos report lrdi
60
!
interface POS0/3/0
ip address 10.1.0.14 255.255.255.252
crc 16
!
source template type pseudowire T41
neighbor 10.0.0.4 2
!
!
source template type pseudowire IP1
neighbor 10.0.0.4 4
!
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
!
ip classless
ip route 10.4.0.1 255.255.255.255 Tunnel41
!
P Configuration
ip cef
!
interface Loopback1
ip address 10.0.0.1 255.255.255.255
!
ip address 10.4.1.2 255.255.255.0
!
interface POS8/0/0
ip address 10.1.0.1 255.255.255.252
pos ais-shut
pos report lrdi
!
interface POS10/1/0
ip address 10.1.0.13 255.255.255.252
61
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
PE2 Configuration
ip cef
!
interface Loopback1
ip address 10.0.0.4 255.255.255.255
!
interface loopback 2
ip address 10.4.0.1 255.255.255.255
!
interface Tunnel27
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 explicit name xxxx-1
!
encapsulation mpls
neighbor 10.0.0.1 123
!
member gigabitethernet 0/0/0.1
!
encapsulation mpls
neighbor 10.0.0.1 123
!
member gigabitethernet 0/0/0.1
!
ip address 10.4.1.1 255.255.255.0
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
!
62
Example: Configuring Tunnel Selection

The following example shows how to set up two preferred paths for PE1. One preferred path specifies an
MPLS traffic engineering tunnel. The other preferred path specifies an IP address of a loopback address on
PE2. There is a static route configured on PE1 that uses a TE tunnel to reach the IP address on PE2.
PE1 Configuration

tag-switching tdp router-id Loopback0
pseudowire-class pw1
encapsulation mpls
!
pseudowire-class pw2
encapsulation mpls
preferred-path peer 10.18.18.18
!
interface Loopback0
ip address 10.2.2.2 255.255.255.255
no ip mroute-cache
!
interface Tunnel1
tunnel mpls traffic-eng path-option 1 explicit name path-tu1
!
interface Tunnel2
tunnel mpls traffic-eng path-option 1 dynamic
!
interface gigabitethernet0/0/0
no ip address
no negotiation auto
!
xconnect 10.16.16.16 101 pw-class pw1
!
interface ATM1/0/0
no ip address
no atm ilmi-keepalive
encapsulation aal5
xconnect 10.16.16.16 150 pw-class pw2
!
63
ip address 10.0.0.1 255.255.255.0
tag-switching ip
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.0.0.255 area 0
network 10.2.2.2 0.0.0.0 area 0
!
ip route 10.18.18.18 255.255.255.255 Tunnel2
!
ip explicit-path name path-tu1 enable
index 3 next-address 10.0.0.1
PE2 Configuration

mpls ldp router-id Loopback0
interface Loopback0
ip address 10.16.16.16 255.255.255.255
no ip mroute-cache
!
interface Loopback2
ip address 10.18.18.18 255.255.255.255
!
ip address 10.0.0.2 255.255.255.0
mpls ip
no cdp enable
!
no ip address
no cdp enable
!
no cdp enable
mpls l2transport route 10.2.2.2 101
!
interface ATM5/0/0
no ip address
encapsulation aal5
!
router ospf 1
64
Example: Configuring Tunnel Selection Using Commands Associated with L2VPN Protocol-Based Feature
network 10.0.0.0 0.0.0.255 area 0
network 10.16.16.16 0.0.0.0 area 0
Example: Configuring Tunnel Selection Using Commands Associated with

L2VPN Protocol-Based Feature
The following example shows how to set up two preferred paths for PE1. One preferred path specifies an
MPLS traffic engineering tunnel. The other preferred path specifies an IP address of a loopback address on
PE2. There is a static route configured on PE1 that uses a TE tunnel to reach the IP address on PE2.
PE1 Configuration

tag-switching tdp router-id Loopback0
template type pseudowire pw1
encapsulation mpls
!
template type pseudowire pw2
encapsulation mpls
preferred-path peer 10.18.18.18
!
interface Loopback0
ip address 10.2.2.2 255.255.255.255
no ip mroute-cache
!
interface Tunnel1
tunnel mpls traffic-eng path-option 1 explicit name path-tu1
!
interface Tunnel2
tunnel mpls traffic-eng path-option 1 dynamic
!
interface gigabitethernet0/0/0
no ip address
no negotiation auto
!
source template type pseudowire pw1
65
Example: Configuring Tunnel Selection Using Commands Associated with L2VPN Protocol-Based Feature
neighbor 10.16.16.16 101

!
!
interface ATM1/0/0
no ip address
encapsulation aal5
source template type pseudowire pw2
neighbor 10.16.16.16 150
!
!
ip address 10.0.0.1 255.255.255.0
tag-switching ip
!
router ospf 1
network 10.0.0.0 0.0.0.255 area 0
network 10.2.2.2 0.0.0.0 area 0
!
ip route 10.18.18.18 255.255.255.255 Tunnel2
!
ip explicit-path name path-tu1 enable
index 3 next-address 10.0.0.1
PE2 Configuration

interface Loopback0
ip address 10.16.16.16 255.255.255.255
no ip mroute-cache
!
interface Loopback2
ip address 10.18.18.18 255.255.255.255
!
ip address 10.0.0.2 255.255.255.0
mpls ip
no cdp enable
!
no ip address
no cdp enable
66
Example: Configuring MTU Values in xconnect Configuration Mode for L2VPN Interworking
!
no cdp enable
mpls l2transport route 10.2.2.2 101
!
interface ATM5/0/0
no ip address
encapsulation aal5
encapsulation mpls
neighbor 10.2.2.2 150
!
member GigabitEthernet0/0/0.1
!
router ospf 1
network 10.0.0.0 0.0.0.255 area 0
network 10.16.16.16 0.0.0.0 area 0
Example: Configuring MTU Values in xconnect Configuration Mode for L2VPN

Interworking
The following example shows an L2VPN Interworking example. The PE1 router has a serial interface configured
with an MTU value of 1492 bytes. The PE2 router uses xconnect configuration mode to set a matching MTU
of 1492 bytes, which allows the two routers to form an interworking VC. If the PE2 router did not set the
MTU value in xconnect configuration mode, the interface would be set to 1500 bytes by default and the VC
would not come up.
Note L2VPN interworking is not supported on Cisco ASR 900 RSP3 Module.
PE1 Configuration
pseudowire-class atom-ipiw
encapsulation mpls
interworking ip
!
interface Loopback0
ip address 10.1.1.151 255.255.255.255
!
interface Serial2/0/0
mtu 1492
no ip address
encapsulation ppp
no fair-queue
serial restart-delay 0
67
xconnect 10.1.1.152 123 pw-class atom-ipiw

!
ip address 10.151.100.1 255.255.255.252
encapsulation ppp
mpls ip
!
router ospf 1
network 10.1.1.151 0.0.0.0 area 0
network 10.151.100.0 0.0.0.3 area 0
!
PE2 Configuration
pseudowire-class atom-ipiw
encapsulation mpls
interworking ip
!
interface Loopback0
ip address 10.1.1.152 255.255.255.255
!
no ip address
xconnect 10.1.1.151 123 pw-class atom-ipiw
mtu 1492
!
ip address 10.100.152.2 255.255.255.252
encapsulation ppp
mpls ip
!
router ospf 1
network 10.1.1.152 0.0.0.0 area 0
network 10.100.152.0 0.0.0.3 area 0
!
The show mpls l2transport binding command shows that the MTU value for the local and remote routers
is 1492 bytes.
PE1
Router# show mpls l2transport binding

Destination Address: 10.1.1.152, VC ID: 123
Local Label: 105
Cbit: 1, VC Type: PPP, GroupID: 0
MTU: 1492, Interface Desc: n/a
VCCV: CC Type: CW [1], RA [2]
CV Type: LSPV [2]
Remote Label: 205
Cbit: 1, VC Type: FastEthernet, GroupID: 0
VCCV: CC Type: RA [2]
CV Type: LSPV [2]
Local interface: Serial2/0/0 up, line protocol up, PPP up
68
MPLS VC type is PPP, interworking type is IP

Output interface: Serial4/0/0, imposed label stack {1003 205}
Preferred path: not configured
Default path: active
Next hop: point2point
Targeted Hello: 10.1.1.151(LDP Id) -> 10.1.1.152
Status TLV support (local/remote) : enabled/supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: no fault
Group ID: local n/a, remote 0
VC statistics:
PE2
Router# show mpls l2transport binding

Local Label: 205
CV Type: LSPV [2]
Remote Label: 105
CV Type: LSPV [2]
Local interface: Fe0/0/0 up, line protocol up, FastEthernet up
MPLS VC type is FastEthernet, interworking type is IP
Output interface: Se4/0/0, imposed label stack {1002 105}
69
Example: Configuring MTU Values in xconnect Configuration Mode for L2VPN Interworking Using Commands Associated with L2VPN Protocol-Based Feature
VC statistics:
Example: Configuring MTU Values in xconnect Configuration Mode for L2VPN

InterworkingUsingCommandsAssociatedwithL2VPNProtocol-BasedFeature
The following example shows an L2VPN Interworking example. The PE1 router has a serial interface configured
with an MTU value of 1492 bytes. The PE2 router uses xconnect configuration mode to set a matching MTU
of 1492 bytes, which allows the two routers to form an interworking VC. If the PE2 router did not set the
MTU value in xconnect configuration mode, the interface would be set to 1500 bytes by default and the VC
would not come up.
PE1 Configuration
template type pseudowire atom-ipiw

encapsulation mpls
interworking ip
!
interface Loopback0
ip address 10.1.1.151 255.255.255.255
!
mtu 1492
no ip address
encapsulation ppp
no fair-queue
source template type pseudowire atom-ipiw
neighbor 10.1.1.152 123
!
member <ac_int>
!
ip address 10.151.100.1 255.255.255.252
encapsulation ppp
mpls ip
!
router ospf 1
network 10.1.1.151 0.0.0.0 area 0
network 10.151.100.0 0.0.0.3 area 0
!
PE2 Configuration
template type pseudowire atom-ipiw

encapsulation mpls
interworking ip
!
interface Loopback0
ip address 10.1.1.152 255.255.255.255
70
Example: Configuring MTU Values in xconnect Configuration Mode for L2VPN Interworking Using Commands Associated with L2VPN Protocol-Based Feature
!
no ip address
source template type pseudowire atom-ipiw
neighbor 10.1.1.151 123
!
member <ac_int>
member pseudowire1
!
ip address 10.100.152.2 255.255.255.252
encapsulation ppp
mpls ip
!
router ospf 1
network 10.1.1.152 0.0.0.0 area 0
network 10.100.152.0 0.0.0.3 area 0
!
The show l2vpn atom binding command shows that the MTU value for the local and remote routers is 1492
bytes.
PE1
Device# show l2vpn atom binding

Local Label: 105
Cbit: 1, VC Type: PPP, GroupID: 0
CV Type: LSPV [2]
Remote Label: 205
CV Type: LSPV [2]
Device# show l2vpn atom vc detail
Local interface: Serial2/0/0 up, line protocol up, PPP up
MPLS VC type is PPP, interworking type is IP
Output interface: Serial4/0/0, imposed label stack {1003 205}
71
Examples: Configuring Any Transport over MPLS (AToM) Remote Ethernet Port Shutdown

VC statistics:
PE2
Device# show l2vpn atom binding

Local Label: 205
CV Type: LSPV [2]
Remote Label: 105
CV Type: LSPV [2]
Local interface: Fe0/0/0 up, line protocol up, FastEthernet up
MPLS VC type is FastEthernet, interworking type is IP
Output interface: Se4/0/0, imposed label stack {1002 105}
VC statistics:
Examples: Configuring Any Transport over MPLS (AToM) Remote Ethernet Port
Shutdown
The following example shows how to enable remote Ethernet port shutdown:
configure terminal
!
encapsulation mpls
!
72
Examples: Configuring Any Transport over MPLS (AToM) Remote Ethernet Port Shutdown Using Commands Associated with L2VPN Protocol-Based Feature

The following example shows how to disable remote Ethernet port shutdown:
configure terminal
!
encapsulation mpls
!
no remote link failure notification
The related show command output reports operational status for all remote L2 Tunnels by interface.
Router# show interface G1/0/0

GigabitEthernet1/0/0 is L2 Tunnel remote down, line protocol is up
Hardware is GigMac 4 Port GigabitEthernet, address is 0003.ff4e.12a8 (bia 0003.ff4e.12a8)
Internet address is 10.9.9.2/16
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
Router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet2/0/0 unassigned YES NVRAM L2 Tunnel remote down up
GigabitEthernet2/1/0 unassigned YES NVRAM administratively down down
Note Remote Ethernet port shutdown is enabled by default when EVC "default encapsulation" is configured.
Examples: Configuring Any Transport over MPLS (AToM) Remote Ethernet Port
Shutdown Using Commands Associated with L2VPN Protocol-Based Feature
The following example shows how to enable remote Ethernet port shutdown:
configure terminal
!
template type pseudowire eompls
encapsulation mpls
!
source template type pseudowire eompls
neighbor 10.1.1.1 1
!
The following example shows how to disable remote Ethernet port shutdown:
configure terminal
!
template type pseudowire eompls
encapsulation mpls
!
source template type pseudowire eompls
73
Additional References for Any Transport over MPLS
neighbor 10.1.1.1 1
!
no remote link failure notification
The related show command output reports operational status for all remote L2 Tunnels by interface.
Router# show interface G1/0/0

GigabitEthernet1/0/0 is L2 Tunnel remote down, line protocol is up
Hardware is GigMac 4 Port GigabitEthernet, address is 0003.ff4e.12a8 (bia 0003.ff4e.12a8)
Internet address is 10.9.9.2/16
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
Router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet2/0/0 unassigned YES NVRAM L2 Tunnel remote down up
GigabitEthernet2/1/0 unassigned YES NVRAM administratively down down

Related Documents
MPLS commands Cisco IOS Multiprotocol Label Switching Command

Reference
Description Link

Feature Information for Any Transport over MPLS

74
Table 9: Feature Information for Any Transport over MPLS
Any Transport over MPLS Cisco IOS XE Release This feature was introduced on the Cisco ASR 920
3.13.0S Routers (ASR-920-12CZ-A, ASR-920-12CZ-D,
75
76
CHAPTER 3
Loop-Free Alternate Fast Reroute
Loop-Free Alternate (LFA) Fast Reroute (FRR) is a mechanism that provides local protection for unicast
traffic in order to rapidly converge traffic flows around link and/or node failures.
• Prerequisites for Loop-Free Alternate Fast Reroute, on page 77
• Restrictions for Loop-Free Alternate Fast Reroute, on page 77
• Information About Loop-Free Alternate Fast Reroute, on page 78
• How to Configure Loop-Free Alternate Fast Reroute, on page 81
• Verifying Loop-Free Alternate Fast Reroute, on page 86
• Verifying Remote Loop-Free Alternate Fast Reroute with VPLS, on page 89
• Verifying Tunnel Interfaces Created by OSPF IPv4 Remote LFA IPFRR, on page 92
Prerequisites for Loop-Free Alternate Fast Reroute

• Any of the following protocols must be supported for Loop-Free Alternate Fast Reroute:
• Intermediate System-to-Intermediate System (IS-IS)
• Open Shortest Path First (OSPF)
• While configuring ISIS protocol, isis network point-to-point must be configured.
Restrictions for Loop-Free Alternate Fast Reroute

• Logical interfaces namely Port-channel (PoCH) support LFA FRR and remote LFA-FRR, with a single
member link. Port-channel can be used as a backup path.
• Micro loops may form due to traffic congestion.
• A Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel cannot be used as a protected
interface. However, an MPLS-TE tunnel can be a protecting (repair) interface as long as the TE tunnel
is used as a primary path.
• For TDM psuedowires, the interfaces supported are CEM (CESoP, SAToP) and IMA (PVC,PVP);
supported both on OC-3 and T1/E1 controllers. A maximum of 500 VCs can be configured per OC-3
controller.
77
Information About Loop-Free Alternate Fast Reroute
• Each bridge domain interface (BDI) protected by FRR can have only one EFP.
• Remote LFA FRR provides better convergence with SFP ports rather than copper ports. As a workaround
for copper ports, BFD triggered FRR can be used.
• FRR is not supported with POS and serial interfaces.
• Scale limit for FRR-protected global prefixes is 1500 and for layer 3 VPNs, scale limit is 4000.
Information About Loop-Free Alternate Fast Reroute

The Loop-Free Alternate (LFA) Fast Reroute (FRR) feature offers an alternative to the MPLS Traffic
Engineering Fast Reroute feature to minimize packet loss due to link or node failure.
LFA FRR enables a backup route to avoid traffic loss if a network fails. The backup routes (repair paths) are
precomputed and installed in the router as the backup for the primary paths. After the router detects a link or
adjacent node failure, it switches to the backup path to avoid traffic loss.
LFA is a node other than the primary neighbor. Traffic is redirected to an LFA after a network failure. An
LFA makes the forwarding decision without any knowledge of the failure. An LFA must neither use a failed
element nor use a protecting node to forward traffic. An LFA must not cause loops. By default, LFA is enabled
on all supported interfaces as long as the interface can be used as a primary path.
Advantages of using per-prefix LFAs are as follows:
• The repair path forwards traffic during transition when the primary path link is down.
• All destinations having a per-prefix LFA are protected. This leaves only a subset (a node at the far side
of the failure) unprotected.
Supported Information
• LFA FRR is supported with equal cost multipath (ECMP).
• Fast Reroute triggered by Bidirectional Forwarding (BFD) is supported.
• Remote LFA tunnels are High Availability aware; hence, Stateful Switchover (SSO) compliant.
Benefits of Loop-Free Alternate Fast Reroute

• Same level of protection from traffic loss
• Simplified configuration
• Link and node protection
• Link and path protection
• LFA (loop-free alternate) paths
• Support for both IP and Label Distribution Protocol (LDP) core
• LFA FRR is supported with equal cost multipath (ECMP).
78
LFA FRR and Remote LFA FRR over Bridge Domains Interfaces
• Fast Reroute triggered by Bidirectional Forwarding (BFD).

• Remote LFA tunnels are High Availability aware; hence, Stateful Switchover (SSO) compliant.
LFA FRR and Remote LFA FRR over Bridge Domains Interfaces
The router supports bridge domain interfaces (BDI). For information on configuring bridge domains, see
Configuring Ethernet Virtual Connections on the Cisco ASR 903 Router.
LFA FRR and remote LFA FRR is supported on bridge domain interfaces on the router. For information on
configuring Remote LFA FRR on BDI, see How to Configure Loop-Free Alternate Fast Reroute, on page 81.
IS-IS and IP FRR

When a local link fails in a network, IS-IS recomputes new primary next-hop routes for all affected prefixes.
These prefixes are updated in the RIB and the Forwarding Information Base (FIB). Until the primary prefixes
are updated in the forwarding plane, traffic directed towards the affected prefixes are discarded. This process
can take hundreds of milliseconds.
In IP FRR, IS-IS computes LFA next-hop routes for the forwarding plane to use in case of primary path
failures. LFA is computed per prefix.
When there are multiple LFAs for a given primary path, IS-IS uses a tiebreaking rule to pick a single LFA
for a primary path. In case of a primary path with multiple LFA paths, prefixes are distributed equally among
LFA paths.
Repair Paths
Repair paths forward traffic during a routing transition. When a link or a router fails, due to the loss of a
physical layer signal, initially, only the neighboring routers are aware of the failure. All other routers in the
network are unaware of the nature and location of this failure until information about this failure is propagated
through a routing protocol, which may take several hundred milliseconds. It is, therefore, necessary to arrange
for packets affected by the network failure to be steered to their destinations.
A router adjacent to the failed link employs a set of repair paths for packets that would have used the failed
link. These repair paths are used from the time the router detects the failure until the routing transition is
complete. By the time the routing transition is complete, all routers in the network revise their forwarding
data and the failed link is eliminated from the routing computation.
Repair paths are precomputed in anticipation of failures so that they can be activated the moment a failure is
detected.
The IPv4 LFA FRR feature uses the following repair paths:
• Equal Cost Multipath (ECMP) uses a link as a member of an equal cost path-split set for a destination.
The other members of the set can provide an alternative path when the link fails.
• LFA is a next-hop route that delivers a packet to its destination without looping back. Downstream paths
are a subset of LFAs.
79
Remote LFA FRR
Remote LFA FRR

Some topologies (for example the commonly used ring-based topology) require protection that is not afforded
by LFA FRR alone. Consider the topology shown in the figure below:
Figure 5: Remote LFA FRR with Ring Topology
The red looping arrow represents traffic that is looping immediately after a failure between node A and C
(before network reconvergence). Device A tries to send traffic destined to F to next-hop B. Device B cannot
be used as an LFA for prefixes advertised by nodes C and F. The actual LFA is node D. However, node D is
not directly connected to the protecting node A. To protect prefixes advertised by C, node A must tunnel the
packet around the failed link A-C to node D, provided that the tunnel does not traverse the failing link.
Remote LFA FRR enables you to tunnel a packet around a failed link to a remote loop-free alternate that is
more than one hop away. In the figure above, the green arrow between A and D shows the tunnel that is
automatically created by the remote LFA feature to bypass looping.
Remote LFA FRR for TDM and ATM Psuedowires

The Router supports two pseudowire types that utilize CEM transport: Structure-Agnostic TDM over Packet
(SAToP) and Circuit Emulation Service over Packet-Switched Network (CESoPSN).
•
•
•
Border Gateway Protocol (BGP) Prefix-Independent Convergence (PIC) and LFA FRR Integration
Both the Labeled Border Gateway Protocol (BGP) Prefix-Independent Convergence (PIC) feature and the
Loop-Free Alternate (LFA) Fast Reroute (FRR) feature can be configured together on the router.
BGP PIC is supported for bridge domain interfaces (BDI) with FRR.
Note Each bridge domain interface (BDI) protected by FRR can have only one EFP.
80
Remote LFA FRR with VPLS
For information on configuring BGP PIC, see BGP PIC Edge for IP and MPLS-VPN.
Remote LFA FRR with VPLS

VPLS (Virtual Private LAN Service) enables enterprises to link together their Ethernet-based LANs from
multiple sites via the infrastructure provided by their service provider. For information on configuring VPLS,
see Configuring Virtual Private LAN Services. Starting With Cisco IOS XE Release 3.10S, Remote LFA
FRR is supported with VPLS.
For information on configuring remote LFA FRR with VPLS, see How to Configure Loop-Free Alternate
Fast Reroute, on page 81.
How to Configure Loop-Free Alternate Fast Reroute

To enable loop-free alternate fast reroute support for L2VPNs, VPLS, TDM pseudowires and VPWS, you
must configure LFA FRR for the routing protocol. You can enable LFA FRR using ISIS or OSFP configurations.
• For information on configuring LFA FRR using OSPF, see OSPFv2 Loop-Free Alternate Fast Reroute
in the IP Routing: OSPF Configuration Guide.
• For information on configuring Remote LFA FRR using OSPF, seeOSPF IPv4 Remote Loop-Free
Alternate IP Fast Reroute in the IP Routing: OSPF Configuration Guide.
• For information on configuring Remote LFA FRR using ISIS on the Cisco ASR 903, see Configuring
IS-IS Remote Loop-Free Alternate Fast Reroute, on page 81.
Configuring IS-IS Remote Loop-Free Alternate Fast Reroute

The following additional configurations are mandatory:
• mpls ldp discovery targeted-hello accept
SUMMARY STEPS
1. enable
3. router isis [area-tag]
4. fast-reroute per-prefix {level-1 | level-2} {all | route-map route-map-name}
5. fast-reroute remote-lfa {level-1 | level-2} mpls-ldp [maximum-metric metric-value]
6. end
DETAILED STEPS

Device> enable
81
Recommended Configurations ISIS

Example:
Step 3 router isis [area-tag] Enables the IS-IS routing protocol and specifies an IS-IS
process.
Example:
• Enters router configuration mode.
Device(config)# router isis ipfrr
Step 4 fast-reroute per-prefix {level-1 | level-2} {all | route-map Enables per-prefix FRR.
route-map-name}
• Configure the all keyword to protect all prefixes.
Example:
Device (config-router)# fast-reroute per-prefix

level-1 all
Step 5 fast-reroute remote-lfa {level-1 | level-2} mpls-ldp Configures an FRR path that redirects traffic to a remote
[maximum-metric metric-value] LFA tunnel for either level 1 or level 2 packets.
Example: • Use the maximum-metric metric-value
keyword-argument pair to specify the maximum metric
Device(config-router)# fast-reroute remote-lfa value required to reach the release node.
level-1 mpls-ldp
Step 6 end Exits router configuration mode and enters privileged EXEC
mode.
Example:
Device(config-router)# end
Recommended Configurations ISIS

For optimal results with remote LFA FRR, it is recommended that you use the following SFP timers:
• ISIS
• spf-interval 5 50 200
• prc-interval 5 50 200
• sp-gen-interval 5 50 200
• fast-flood 10
• Globally configure the MPLS IGP hold-down timer to avoid an indefinite wait by IGP for synchronization
using the mpls ldp igp sync holdown 2000 command.
Example: Configuring IS-IS Remote Loop-Free Alternate Fast Reroute

The following example shows how to enable remote LFA FRR:
82
Example: Configuring Remote LFA FRR with VPLS
Router(config)# router isis

Router(config)# fast-reroute per-prefix level-1 all
Router(config)# fast-reroute per-prefix level-2 all
Router(router-config)# fast-reroute remote-lfa level-1 mpls-ldp
Router(router-config)# fast-reroute remote-lfa level-2 mpls-ldp
Example: Configuring Remote LFA FRR with VPLS

Example: Configuration of Remote LFA FRR with Interior Gateway Protocol (IGP)
router isis hp
net 49.0101.0000.0000.0802.00
is-type level-2-only
ispf level-2
metric-style wide
fast-flood
set-overload-bit on-startup 180
max-lsp-lifetime 65535
lsp-refresh-interval 65000
spf-interval 5 50 200
prc-interval 5 50 200
lsp-gen-interval 5 5 200
no hello padding
nsf cisco
fast-reroute per-prefix level-1 all
fast-reroute per-prefix level-2 all
fast-reroute remote-lfa level-1 mpls-ldp
fast-reroute remote-lfa level-2 mpls-ldp
passive-interface Loopback0
mpls ldp sync
mpls traffic-eng level-2
Example: Configuration of Remote LFA FRR with VPLS at the interface level.
!
ip address 198.51.100.1 255.255.255.0
ip router isis hp
logging event link-status
load-interval 30
negotiation auto
mpls ip
isis network point-to-point
end
!
Example: Configuration of remote LFA FRR with VPLS at the global level.
!
l2 vfi Test-2000 manual
vpn id 2010
bridge-domain 2010
neighbor 192.0.2.1 encapsulation mpls
!
83
How to Configure OSPF IPv4 Remote Loop-Free Alternate IP Fast Reroute
Example: Configuration of remote LFA FRR with VPLS at Access side.

!
interface TenGigabitEthernet0/2/0
no ip address
service instance trunk 1 ethernet
encapsulation dot1q 12-2012
bridge-domain from-encapsulation
!
How to Configure OSPF IPv4 Remote Loop-Free Alternate IP Fast Reroute

Configuring a Remote LFA Tunnel
Perform this task to configure a per-prefix LFA FRR path that redirects traffic to a remote LFA tunnel.
SUMMARY STEPS
1. enable
3. router ospf process-id
4. fast-reroute per-prefix remote-lfa [area area-id] tunnel mpls-ldp
DETAILED STEPS

Device> enable

Example:
Step 3 router ospf process-id Enables OSPF routing and enters router configuration mode.
Example:
Device(config)# router ospf 10
Step 4 fast-reroute per-prefix remote-lfa [area area-id] tunnel Configures a per-prefix LFA FRR path that redirects traffic
mpls-ldp to a remote LFA tunnel via MPLS-LDP.
Example: • Use the area area-id keyword and argument to specify
an area in which to enable LFA FRR.
Device(config-router)# fast-reroute per-prefix
remote-lfa area 2 tunnel mpls-ldp
84
Recommended Configurations OSPF
Recommended Configurations OSPF

For optimal results with remote LFA FRR, it is recommended that you use the following SFP timers:
• timers throttle spf 50 200 5000
• timers throttle lsa 50 200 5000
• timers lsa arrival 100
• timers pacing flood 33
Note ISPF should be disabled.
Configuring the Maximum Distance to a Tunnel Endpoint

Perform this task to configure the maximum distance to the tunnel endpoint in a per-prefix LFA FRR path
that redirects traffic to a remote LFA tunnel.
SUMMARY STEPS
1. enable
3. router ospf process-id
4. fast-reroute per-prefix remote-lfa [area area-id] maximum-cost distance
DETAILED STEPS

Device> enable

Example:
Step 3 router ospf process-id Enables OSPF routing and enters router configuration mode.
Example:
Device(config)# router ospf 10
Step 4 fast-reroute per-prefix remote-lfa [area area-id] Configures the maximum distance to the tunnel endpoint
maximum-cost distance in a per-prefix LFA FRR path that redirects traffic to a
remote LFA tunnel.
Example:
• Use the area area-id keyword and variable to specify
an area in which to enable LFA FRR.
85
Verifying Loop-Free Alternate Fast Reroute
Device(config-router)# fast-reroute per-prefix

remote-lfa area 2 maximum-cost 30
Verifying Loop-Free Alternate Fast Reroute

Use one or more of the following commands to verify the LFA FRR configuration
• show ip cef network-prefix internal
• show mpls infrastructure lfd pseudowire internal
• show platform hardware pp active feature cef database ipv4 network-prefix
Example: Verifying LFA FRR with L2VPN
show ip cef internal

The following is sample output from the show ip cef internal command:
Device# show ip cef 16.16.16.16 internal
16.16.16.16/32, epoch 2, RIB[I], refcount 7, per-destination sharing
sources: RIB, RR, LTE
feature space:
IPRM: 0x00028000
Broker: linked, distributed at 1st priority
LFD: 16.16.16.16/32 1 local label
local label info: global/17
contains path extension list
disposition chain 0x3A3C1DF0
label switch chain 0x3A3C1DF0
subblocks:
1 RR source [no flags]
non-eos chain [16|44]
ifnums:
GigabitEthernet0/0/2(9): 7.7.7.2
GigabitEthernet0/0/7(14): 7.7.17.9
path 35D61070, path list 3A388FA8, share 1/1, type attached nexthop, for IPv4, flags
has-repair
MPLS short path extensions: MOI flags = 0x20 label 16
nexthop 7.7.7.2 GigabitEthernet0/0/2 label [16|44], adjacency IP adj out of
GigabitEthernet0/0/2, addr 7.7.7.2 35E88520
repair: attached-nexthop 7.7.17.9 GigabitEthernet0/0/7 (35D610E0)
path 35D610E0, path list 3A388FA8, share 1/1, type attached nexthop, for IPv4, flags
repair, repair-only
nexthop 7.7.17.9 GigabitEthernet0/0/7, repair, adjacency IP adj out of GigabitEthernet0/0/7,
addr 7.7.17.9 3A48A4E0
output chain: label [16|44]
FRR Primary (0x35D10F60)
<primary: TAG adj out of GigabitEthernet0/0/2, addr 7.7.7.2 35E88380>
<repair: TAG adj out of GigabitEthernet0/0/7, addr 7.7.17.9 3A48A340>
Rudy17#show mpls infrastructure lfd pseudowire internal
PW ID: 1VC ID: 4, Nexthop address: 16.16.16.16
SSM Class: SSS HW
Segment Count: 1
86
Example: Verifying LFA FRR with L2VPN
VCCV Types Supported: cw ra ttl

Imposition details:
Label stack {22 16}, Output interface: Gi0/0/2
Control Word: enabled, Sequencing: disabled
FIB Non IP entry: 0x35D6CEEC
Output chain: AToM Imp (locks 4) label 22 label [16|44]
Disposition details:
Local label: 16
SSS Switch: 3976200193
Output chain: mpls_eos( connid router-alert AToM Disp (locks 5)/ drop)
show mpls infrastructure lfd pseudowire internal

The following is sample output from the show mpls infrastructure lfd pseudowire internal
command:
Device# show mpls infrastructure lfd pseudowire internal
PW ID: 1VC ID: 4, Nexthop address: 16.16.16.16
SSM Class: SSS HW
Segment Count: 1
VCCV Types Supported: cw ra ttl
Imposition details:
Label stack {22 16}, Output interface: Gi0/0/2
FIB Non IP entry: 0x35D6CEEC
Output chain: AToM Imp (locks 4) label 22 label [16|44]
Disposition details:
Local label: 16
SSS Switch: 3976200193
Output chain: mpls_eos( connid router-alert AToM Disp (locks 5)/ drop)
show platform hardware pp active feature cef database

The following is sample output from the show platform hardware pp active feature cef database
command:
Device# show platform hardware pp active feature cef database ipv4 16.16.16.16/32
=== CEF Prefix ===
16.16.16.16/32 -- next hop: UEA Label OCE (PI:0x104abee0, PD:0x10e6b9c8)
Route Flags: (0)
Handles (PI:0x104ab6e0) (PD:0x10e68140)
HW Info:
TCAM handle: 0x0000023f TCAM index: 0x0000000d
FID index : 0x0000f804 EAID : 0x0000808a
MET : 0x0000400c FID Count : 0x00000000
=== Label OCE ===

Label flags: 4
Num Labels: 1
Num Bk Labels: 1
Out Labels: 16
87
Configuration Examples for OSPF IPv4 Remote Loop-Free Alternate IP Fast Reroute
Out Backup Labels: 44

Next OCE Type: Fast ReRoute OCE; Next OCE handle: 0x10e6f428
=== FRR OCE ===

FRR type : IP FRR
FRR state : Primary
Primary IF's gid : 3
Primary FID : 0x0000f801
FIFC entries : 32
PPO handle : 0x00000000
Next OCE : Adjacency (0x10e63b38)
Bkup OCE : Adjacency (0x10e6e590)
=== Adjacency OCE ===

Adj State: COMPLETE(0) Address: 7.7.7.2
Interface: GigabitEthernet0/0/2 Protocol: TAG
mtu:1500, flags:0x0, fixups:0x0, encap_len:14
Handles (adj_id:0x00000039) (PI:0x1041d410) (PD:0x10e63b38)
Rewrite Str: d0:c2:82:17:8a:82:d0:c2:82:17:f2:02:88:47
HW Info:
FID index: 0x0000f486 EL3 index: 0x00001003 EL2 index: 0x00000000
El2RW : 0x00000107 MET index: 0x0000400c EAID : 0x00008060
HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: d0:c2:82:17:8a:82:08:00:40:00:0d:02

Handles (adj_id:0x00000012) (PI:0x104acbd0) (PD:0x10e6e590)
Rewrite Str: d0:c2:82:17:c9:83:d0:c2:82:17:f2:07:88:47
HW Info:
FID index: 0x0000f49d EL3 index: 0x00001008 EL2 index: 0x00000000
El2RW : 0x00000111 MET index: 0x00004017 EAID : 0x0000807d
HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: d0:c2:82:17:c9:83:08:00:40:00:0d:07
Configuration Examples for OSPF IPv4 Remote Loop-Free Alternate IP Fast

Reroute
Example: Configuring a Remote LFA Tunnel
The following example shows how to configure a remote per-prefix LFA FRR in area 2. The remote
tunnel type is specified as MPLS-LDP:
Router(config-router)# fast-reroute per-prefix remote-lfa area 2 tunnel mpls-ldp
Example: Configuring the Maximum Distance to a Tunnel Endpoint

The following example shows how to set a maximum cost of 30 in area 2:
Router(config-router)# fast-reroute per-prefix remote-lfa area 2 maximum-cost 30
88
Example: Verifying Tunnel Interfaces Created by OSPF IPv4 Remote LFA IPFRR
Example: Verifying Tunnel Interfaces Created by OSPF IPv4 Remote LFA IPFRR
The following example displays information about about tunnel interfaces created by OSPF IPv4
LFA IPFRR:
Router# show ip ospf fast-reroute remote-lfa tunnels
OSPF Router with ID (192.168.1.1) (Process ID 1)

Area with ID (0)
Base Topology (MTID 0)
Interface MPLS-Remote-Lfa3
Tunnel type: MPLS-LDP
Tailend router ID: 192.168.3.3
Termination IP address: 192.168.3.3
Outgoing interface: Ethernet0/0
First hop gateway: 192.168.14.4
Tunnel metric: 20
Protects:
192.168.12.2 Ethernet0/1, total metric 30
Verifying Remote Loop-Free Alternate Fast Reroute with VPLS

Example: Verifying Remote LFA FRR with VPLS
show ip cef internal

The following is sample output from the show ip cef internal command:
Router# show ip cef 198.51.100.2/32 internal
198.51.100.2/32, epoch 2, RIB[I], refcount 7, per-destination sharing

sources: RIB, RR, LTE
feature space:
IPRM: 0x00028000
Broker: linked, distributed at 1st priority
LFD: 198.51.100.2/32 1 local label
contains path extension list
disposition chain 0x46764E68
label switch chain 0x46764E68
subblocks:
1 RR source [heavily shared]
non-eos chain [explicit-null|70]
ifnums:
TenGigabitEthernet0/1/0(15): 192.0.2.10
MPLS-Remote-Lfa2(46)
path 44CE1290, path list 433CF8C0, share 1/1, type attached nexthop, for IPv4, flags
has-repair
MPLS short path extensions: MOI flags = 0x21 label explicit-null
nexthop 192.0.2.10 TenGigabitEthernet0/1/0 label [explicit-null|70], adjacency IP adj out
of TenGigabitEthernet0/1/0, addr 192.0.2.10 404B3960
repair: attached-nexthop 192.0.2.1 MPLS-Remote-Lfa2 (44CE1300)
path 44CE1300, path list 433CF8C0, share 1/1, type attached nexthop, for IPv4, flags
repair, repair-only
nexthop 192.0.2.1 MPLS-Remote-Lfa2, repair, adjacency IP midchain out of MPLS-Remote-Lfa2
404B3B00
89
output chain: label [explicit-null|70]

FRR Primary (0x3E25CA00)
<primary: TAG adj out of TenGigabitEthernet0/1/0, addr 192.168.101.22 404B3CA0>
<repair: TAG midchain out of MPLS-Remote-Lfa2 404B37C0 label 37 TAG adj out of
GigabitEthernet0/3/3, addr 192.0.2.14 461B2F20>
show ip cef detail

The following is sample output from the show ip cef detail command:
Router# show ip cef 198.51.100.2/32 detail
198.51.100.2/32, epoch 2
1 RR source [heavily shared]
nexthop 192.0.2.14 TenGigabitEthernet0/1/0 label [explicit-null|70]
repair: attached-nexthop 192.0.2.1 MPLS-Remote-Lfa2
nexthop 192.0.2.1 MPLS-Remote-Lfa2, repair
!
show platform hardware pp active feature cef databas

The following is sample output from the show platform hardware pp active feature cef database
command:
Router# show platform hardware pp active feature cef database ipv4 198.51.100.2/32
=== CEF Prefix ===

198.51.100.2/32 -- next hop: UEA Label OCE (PI:0x10936770, PD:0x12dd1cd8)
Route Flags: (0)
Handles (PI:0x109099c8) (PD:0x12945968)
HW Info:
TCAM handle: 0x00000266 TCAM index: 0x00000015
FID index : 0x00008e7f EAID : 0x0001d7c4
MET : 0x0000401c FID Count : 0x00000000
=== Label OCE ===
Label flags: 4
Num Labels: 1
Num Bk Labels: 1
Out Labels: 0
=== FRR OCE ===
FRR type : IP FRR
FRR state : Primary
Primary IF's gid : 52
Primary FID : 0x00008cb6
FIFC entries : 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0
PPO handle : 0x00000000
Next OCE : Adjacency (0x130e0df0)
Bkup OCE : Adjacency (0x130de608)

Interface: TenGigabitEthernet0/1/0 Protocol: TAG
Handles (adj_id:0x000016ac) (PI:0x1090cc10) (PD:0x130e0df0)
Rewrite Str: 18:33:9d:3d:83:10:c8:f9:f9:8d:04:10:88:47
HW Info:
FID index: 0x00008e7e EL3 index: 0x00001034 EL2 index: 0x00000000
90
El2RW : 0x0000010d MET index: 0x00004012 EAID : 0x0001d7c1

HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: 18:33:9d:3d:83:10:08:00:40:00:0d:10
Adj State: COMPLETE(0) Address: 0
Interface: MPLS-Remote-Lfa2 Protocol: TAG
Handles (adj_id:0xf80002e8) (PI:0x10da2150) (PD:0x130de608)
Rewrite Str:
HW Info:
FID index: 0x00008ca8 EL3 index: 0x0000101c EL2 index: 0x00000000
El2RW : 0x00000003 MET index: 0x00004024 EAID : 0x0001d7cb
HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: 00:00:00:00:00:00:00:00:00:00:00:00
=== Label OCE ===

Label flags: 4
Num Labels: 1
Num Bk Labels: 1
Out Labels: 37
Next OCE Type: Adjacency; Next OCE handle: 0x12943a00
Handles (adj_id:0x0000378e) (PI:0x10909738) (PD:0x12943a00)
Rewrite Str: c8:f9:f9:8d:01:b3:c8:f9:f9:8d:04:33:88:47
HW Info:
FID index: 0x00008c78 EL3 index: 0x0000101c EL2 index: 0x00000000
El2RW : 0x00000109 MET index: 0x0000400e EAID : 0x0001cf4b
HW ADJ FLAGS: 0x40
Hardware MAC Rewrite Str: c8:f9:f9:8d:01:b3:08:00:40:00:0d:33
show mpls l2transport detail

The following is sample output from the show mpls l2transport detail command:
Router# show mpls l2transport vc 2000 detail
Local interface: VFI Test-1990 vfi up

Interworking type is Ethernet
Output interface: Te0/1/0, imposed label stack {0 2217}
Next hop: 192.51.100.22
Create time: 1d08h, last status change time: 1d08h
Last label FSM state change time: 1d08h
Targeted Hello: 192.51.100.2(LDP Id) -> 192.51.100.200, LDP is UP
Graceful restart: configured and enabled
Non stop routing: not configured and not enabled
LDP route watch : enabled
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
91
Verifying Tunnel Interfaces Created by OSPF IPv4 Remote LFA IPFRR
Last local AC circuit status rcvd: No fault

Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Verifying Tunnel Interfaces Created by OSPF IPv4 Remote LFA

IPFRR
SUMMARY STEPS
1. enable
2. show ip ospf fast-reroute remote-lfa tunnels
DETAILED STEPS

Device> enable
Step 2 show ip ospf fast-reroute remote-lfa tunnels Displays information about the OSPF per-prefix LFA FRR
configuration.
Example:
Device# show ip ospf fast-reroute remote-lfa
tunnels
Related Documents
MPLS commands Multiprotocol Label Switching Command Reference
92
Description Link

93
94
CHAPTER 4
Configuring Virtual Private LAN Services
Virtual Private LAN Services (VPLS) enables enterprises to link together their Ethernet-based LANs from
multiple sites via the infrastructure provided by their service provider.
This module explains VPLS and how to configure it.
• Prerequisites for Virtual Private LAN Services, on page 95
• Restrictions for Virtual Private LAN Services, on page 96
• Information About Virtual Private LAN Services, on page 96
• How to Configure Virtual Private LAN Services, on page 99
• Configuration Examples for Virtual Private LAN Services, on page 130
• Feature Information for Configuring Virtual Private LAN Services, on page 140

Prerequisites for Virtual Private LAN Services

Before your configure Virtual Private LAN Services (VPLS), ensure that the network is configured as follows:
• Configure IP routing in the core so that provider edge (PE) devices can reach each other via IP.
• Configure Multiprotocol Label Switching (MPLS) in the core so that a label switched path (LSP) exists
between PE devices.
• Configure a loopback interface for originating and terminating Layer 2 traffic. Ensure that PE devices
can access the loopback interface of the other device. Note that the loopback interface is not required in
all cases. For example, tunnel selection does not need a loopback interface when VPLS is directly mapped
to a traffic engineering (TE) tunnel.
95
Restrictions for Virtual Private LAN Services
• Identify peer PE devices and attach Layer 2 circuits to VPLS at each PE device.
Restrictions for Virtual Private LAN Services

The following general restrictions apply to all transport types under Virtual Private LAN Services (VPLS):
• Split horizon is the default configuration to avoid broadcast packet looping and to isolate Layer 2 traffic.
Split horizon prevents packets received from an emulated virtual circuit (VC) from being forwarded into
another emulated VC. This technique is important for creating loop-free paths in a full-meshed network.
• Supported maximum values:
• Total number of virtual forwarding instances (VFIs): 4096 (4 K)
• Software-based data plane is not supported.

• The Border Gateway Protocol (BGP) autodiscovery process does not support dynamic, hierarchical
VPLS.
• Load sharing and failover on redundant customer-edge-provider-edge (CE-PE) links are not supported.
Information About Virtual Private LAN Services

VPLS Overview
Virtual Private LAN Services (VPLS) enables enterprises to link together their Ethernet-based LANs from
multiple sites via the infrastructure provided by their service provider. From the enterprise perspective, the
service provider’s public network looks like one giant Ethernet LAN. For the service provider, VPLS provides
an opportunity to deploy another revenue-generating service on top of the existing network without major
capital expenditures. Operators can extend the operational life of equipment in their network.
VPLS uses the provider core to join multiple attachment circuits together to simulate a virtual bridge that
connects the multiple attachment circuits together. From a customer point of view, there is no topology for
VPLS. All customer edge (CE) devices appear to connect to a logical bridge emulated by the provider core
(see the figure below).
Figure 6: VPLS Topology
96
Full-Mesh Configuration
Full-Mesh Configuration
A full-mesh configuration requires a full mesh of tunnel label switched paths (LSPs) between all provider
edge (PE) devices that participate in Virtual Private LAN Services (VPLS). With a full mesh, signaling
overhead and packet replication requirements for each provisioned virtual circuit (VC) on a PE can be high.
You set up a VPLS by first creating a virtual forwarding instance (VFI) on each participating PE device. The
VFI specifies the VPN ID of a VPLS domain, the addresses of other PE devices in the domain, and the type
of tunnel signaling and encapsulation mechanism for each peer PE device.
The set of VFIs formed by the interconnection of the emulated VCs is called a VPLS instance; it is the VPLS
instance that forms the logic bridge over a packet switched network. After the VFI has been defined, it needs
to be bound to an attachment circuit to the CE device. The VPLS instance is assigned a unique VPN ID.
PE devices use the VFI to establish a full-mesh LSP of emulated VCs to all other PE devices in the VPLS
instance. PE devices obtain the membership of a VPLS instance through static configuration using the Cisco
IOS CLI.
A full-mesh configuration allows the PE device to maintain a single broadcast domain. When the PE device
receives a broadcast, multicast, or unknown unicast packet on an attachment circuit (AC), it sends the packet
out on all other ACs and emulated circuits to all other CE devices participating in that VPLS instance. The
CE devices see the VPLS instance as an emulated LAN.
To avoid the problem of a packet looping in the provider core, PE devices enforce a “split-horizon” principle
for emulated VCs. In a split horizon, if a packet is received on an emulated VC, it is not forwarded on any
other emulated VC.
The packet forwarding decision is made by looking up the Layer 2 VFI of a particular VPLS domain.
A VPLS instance on a particular PE device receives Ethernet frames that enter on specific physical or logical
ports and populates a MAC table similarly to how an Ethernet switch works. The PE device can use the MAC
address to switch these frames into the appropriate LSP for delivery to the another PE device at a remote site.
If the MAC address is not available in the MAC address table, the PE device replicates the Ethernet frame
and floods it to all logical ports associated with that VPLS instance, except the ingress port from which it just
entered. The PE device updates the MAC table as it receives packets on specific ports and removes addresses
not used for specific periods.
Static VPLS Configuration

Virtual Private LAN Services (VPLS) over Multiprotocol Label Switching-Transport Profile (MPLS-TP)
tunnels allows you to deploy a multipoint-to-multipoint layer 2 operating environment over an MPLS-TP
network for services such as Ethernet connectivity and multicast video. To configure static VPLS, you must
specify a static range of MPLS labels using the mpls label range command with the static keyword.
H-VPLS
Hierarchical VPLS (H-VPLS) reduces signaling and replication overhead by using full-mesh and hub-and-spoke
configurations. Hub-and-spoke configurations operate with split horizon to allow packets to be switched
between pseudowires (PWs), effectively reducing the number of PWs between provider edge (PE) devices.
Note Split horizon is the default configuration to avoid broadcast packet looping.
97
Supported Features
Note Single Split-horizon group (SH 0) is supported.
Supported Features
Multipoint-to-Multipoint Support
In a multipoint-to-multipoint network, two or more devices are associated over the core network. No single
device is designated as the Root node; all devices are considered as Root nodes. All frames can be exchanged
directly between the nodes.
Non-Transparent Operation
A virtual Ethernet connection (VEC) can be transparent or non-transparent with respect to Ethernet protocol
data units (PDUs). The VEC non-transparency allows users to have a Frame Relay-type service between Layer
3 devices.
Circuit Multiplexing
Circuit multiplexing allows a node to participate in multiple services over a single Ethernet connection. By
participating in multiple services, the Ethernet connection is attached to multiple logical networks. Some
examples of possible service offerings are VPN services between sites, Internet services, and third-party
connectivity for intercompany communications.
MAC-Address Learning, Forwarding, and Aging

Provider edge (PE) devices must learn remote MAC addresses and directly attached MAC addresses on ports
that face the external network. MAC address learning accomplishes this by deriving the topology and forwarding
information from packets originating at customer sites. A timer is associated with stored MAC addresses.
After the timer expires, the entry is removed from the table.
Jumbo Frame Support

Jumbo frame support provides support for frame sizes between 1548 and 9216 bytes. You use the CLI to
establish the jumbo frame size for any value specified in the above range. The default value is 1500 bytes in
any Layer 2/VLAN interface. You can configure jumbo frame support on a per-interface basis.
Q-in-Q Support and Q-in-Q to EoMPLS Support

With 802.1Q tunneling (Q-in-Q), the customer edge (CE) device issues VLAN-tagged packets and VPLS
forwards these packets to a far-end CE device. Q-in-Q refers to the fact that one or more 802.1Q tags may be
located in a packet within the interior of the network. As packets are received from a CE device, an additional
VLAN tag is added to incoming Ethernet packets to segregate traffic from different CE devices. Untagged
packets originating from a CE device use a single tag within the interior of the VLAN switched network,
whereas previously tagged packets originating from the CE device use two or more tags.
98
VPLS Services
VPLS Services
Transparent LAN Service
Transparent LAN Service (TLS) is an extension to the point-to-point port-based Ethernet over Multiprotocol
Label Switching (EoMPLS), which provides bridging protocol transparency (for example, bridge protocol
data units [BPDUs]) and VLAN values. Bridges see this service as an Ethernet segment. With TLS, the PE
device forwards all Ethernet packets received from the customer-facing interface (including tagged and
untagged packets, and BPDUs) as follows:
• To a local Ethernet interface or an emulated virtual circuit (VC) if the destination MAC address is found
in the Layer 2 forwarding table.
• To all other local Ethernet interfaces and emulated VCs belonging to the same VPLS domain if the
destination MAC address is a multicast or broadcast address or if the destination MAC address is not
found in the Layer 2 forwarding table.
Note You must enable Layer 2 protocol tunneling to run the Cisco Discovery Protocol (CDP), the VLAN Trunking
Protocol (VTP), and the Spanning-Tree Protocol (STP).
Ethernet Virtual Connection Service

Ethernet Virtual Connection Service (EVCS) is an extension to the point-to-point VLAN-based Ethernet over
MPLS (EoMPLS) that allows devices to reach multiple intranet and extranet locations from a single physical
port. With EVCS, the provider edge (PE) device forwards all Ethernet packets with a particular VLAN tag
received from the customer-facing interface (excluding bridge protocol data units [BPDUs]) as follows:
• To a local Ethernet interface or to an emulated virtual circuit (VC) if the destination MAC address is
found in the Layer 2 forwarding table.
• To all other local Ethernet interfaces and emulated VCs belonging to the same Virtual Private LAN
Services (VPLS) domain if the destination MAC address is a multicast or a broadcast address or if the
destination MAC address is not found in the Layer 2 forwarding table.
Note Because it has only local significance, the demultiplexing VLAN tag that identifies a VPLS domain is removed
before the packet is forwarded to the outgoing Ethernet interfaces or emulated VCs.
How to Configure Virtual Private LAN Services

Provisioning a Virtual Private LAN Services (VPLS) link involves provisioning the associated attachment
circuit and a virtual forwarding instance (VFI) on a provider edge (PE) device.
In Cisco IOS XE Release 3.7S, the L2VPN Protocol-Based CLIs feature was introduced. This feature provides
a set of processes and an improved infrastructure for developing and delivering Cisco IOS software on various
Cisco platforms. This feature introduces new commands and modifies or replaces existing commands to
achieve a consistent functionality across Cisco platforms and provide cross-Operating System (OS) support.
99
Configuring PE Layer 2 Interfaces on CE Devices
This section consists of tasks that use the commands existing prior to Cisco IOS XE Release 3.7S and a
corresponding task that uses the commands introduced or modified by the L2VPN Protocol-Based CLIs
feature.
Configuring PE Layer 2 Interfaces on CE Devices

You can configure the Ethernet flow point (EFP) as a Layer 2 virtual interface. You can also select tagged or
untagged traffic from a customer edge (CE) device.
Configuring 802.1Q Access Ports for Tagged Traffic from a CE Device
Note When Ethernet Virtual Connection Service (EVCS) is configured, a provider edge (PE) device forwards all
Ethernet packets with a particular VLAN tag to a local Ethernet interface or emulated virtual circuit (VC) if
the destination MAC address is found in the Layer 2 forwarding table.
SUMMARY STEPS
1. enable
3. interface type number
4. no ip address [ip-address mask] [secondary]
5. negotiation auto
6. service instance si-id ethernet
7. encapsulation dot1q vlan-id
8. bridge-domain bd-id
9. end
DETAILED STEPS

Device> enable

Example:
Step 3 interface type number Specifies an interface and enters interface configuration
mode.
Example:
Device(config)# interface gigabitethernet 0/0/1
100

Step 4 no ip address [ip-address mask] [secondary] Disables IP processing.
Example:
Device(config-if)# no ip address
Step 5 negotiation auto Enables the autonegotiation protocol to configure the speed,
duplex, and automatic flow control of the Gigabit Ethernet
Example:
interface.
Device(config-if)# negotiation auto
Step 6 service instance si-id ethernet Specifies the service instance ID and enters service instance
configuration mode.
Example:
Device(config-if)# service instance 10 ethernet
Step 7 encapsulation dot1q vlan-id Defines the matching criteria to map 802.1Q frames ingress
on an interface to the appropriate service instance.
Example:
Ensure that the interface on the adjoining customer edge
Device(config-if-srv)# encapsulation dot1q 200 (CE) device is on the same VLAN as this PE device.
Step 8 bridge-domain bd-id Binds a service instance to a bridge domain instance.

Example:
Device(config-if-srv)# bridge-domain 100
Step 9 end Exits service instance configuration mode and returns to

privileged EXEC mode.
Example:
Device(config-if-srv)# end
Note When Ethernet Virtual Connection Service (EVCS) is configured, the PE device forwards all Ethernet packets
with a particular VLAN tag to a local Ethernet interface or an emulated virtual circuit (VC) if the destination
MAC address is found in the Layer 2 forwarding table.
SUMMARY STEPS
1. enable
5. negotiation auto
101

8. exit
9. exit
11. member interface-type-number service-instance service-id [split-horizon group group-id ]
12. end
DETAILED STEPS

Device> enable

Example:
mode.
Example:

Example:
Step 5 negotiation auto Enables the autonegotiation protocol to configure the

speed, duplex, and automatic flow control of the Gigabit
Example:
Ethernet interface.
Step 6 service instance si-id ethernet Specifies a service instance ID and enters service instance
configuration mode.
Example:
Example:
• Ensure that the interface on the adjoining customer
Device(config-if-srv)# encapsulation dot1q 200 edge (CE) device is on the same VLAN as this
provider edge (PE) device.
102
Configuring Access Ports for Untagged Traffic from a CE Device

Step 8 exit Exits service instance configuration mode and returns to
interface configuration mode.
Example:
Device(config-if-srv)# exit
Step 9 exit Exits interface configuration mode and returns to global

configuration mode.
Example:
Step 10 bridge-domain bd-id Specifies the bridge domain ID and enters bridge-domain
configuration mode.
Example:
Device(config)# bridge-domain 100
Step 11 member interface-type-number service-instance service-id Binds a service instance to a bridge domain instance.
[split-horizon group group-id ]
Example:
Device(config-bdomain)# member
gigabitethernet0/0/1 service-instance 1000
Step 12 end Exits bridge-domain configuration mode and returns to

Example:
Device(config-bdomain)# end
SUMMARY STEPS
1. enable
5. negotiation auto
7. encapsulation untagged
9. end
103
DETAILED STEPS

Device> enable

Example:
mode.
Example:

Example:
Example:
interface.
configuration mode.
Example:
Step 7 encapsulation untagged Defines the matching criteria to map untagged ingress
Ethernet frames on an interface to the appropriate service
Example:
instance.
Device(config-if-srv)# encapsulation untagged • Ensure that the interface on the adjoining customer
edge (CE) device is on the same VLAN as this provider
edge (PE) device.
Step 8 bridge-domain bd-id Binds a service instance or MAC tunnel to a bridge domain
instance.
Example:

Example:
104
Configuring Access Ports for Untagged Traffic from a CE Device: Alternate Configuration
SUMMARY STEPS
1. enable
5. negotiation auto
7. encapsulation untagged
8. exit
9. exit
11. member interface-type-number service-instance service-id [split-horizon group group-id]
12. end
DETAILED STEPS

Device> enable

Example:
mode.
Example:

Example:
105

Example:
Ethernet interface.
configuration mode.
Example:
Step 7 encapsulation untagged Defines the matching criteria to map untagged ingress
Ethernet frames on an interface to the appropriate service
Example:
instance.
Device(config-if-srv)# encapsulation untagged • Ensure that the interface on the adjoining customer
edge (CE) device is on the same VLAN as this
provider edge (PE) device.

Example:

configuration mode.
Example:
configuration mode.
Example:
[split-horizon group group-id]
Example:

Example:
106
Configuring Q-in-Q EFP
Configuring Q-in-Q EFP
Note When a thread-local storage (TLS) is configured, the provider edge (PE) device forwards all Ethernet packets
received from the customer edge (CE) device to all local Ethernet interfaces and emulated virtual circuits
(VCs) that belong to the same Virtual Private LAN Services (VPLS) domain if the MAC address is not found
SUMMARY STEPS
1. enable
5. negotiation auto
7. encapsulation dot1q vlan-id second-dot1q vlan-id
9. end
DETAILED STEPS

Device> enable

Example:
mode.
Example:

Example:
Example:
interface.
107
Configuring Q-in-Q EFP: Alternate Configuration

configuration mode.
Example:
Step 7 encapsulation dot1q vlan-id second-dot1q vlan-id Defines the matching criteria to map Q-in-Q ingress frames
Example:
• Ensure that the interface on the adjoining CE device
Device(config-if-srv)# encapsulation dot1q 200 is on the same VLAN as this PE device.
second-dot1q 400
Step 8 bridge-domain bd-id Binds a service instance or a MAC tunnel to a bridge

domain instance.
Example:

Example:
Note When a thread-local storage (TLS) is configured, the provider edge (PE) device forwards all Ethernet packets
received from the customer edge (CE) device to all local Ethernet interfaces and emulated virtual circuits
(VCs) belonging to the same Virtual Private LAN Services (VPLS) domain if the MAC address is not found
SUMMARY STEPS
1. enable
5. negotiation auto
7. encapsulation dot1q vlan-id second-dot1q vlan-id
8. exit
9. exit
12. end
108
DETAILED STEPS

Device> enable

Example:
mode.
Example:

Example:

Example:
Ethernet interface.
configuration mode.
Example:
Step 7 encapsulation dot1q vlan-id second-dot1q vlan-id Defines the matching criteria to map Q-in-Q ingress frames
Example:
second-dot1q 400

Example:

configuration mode.
Example:
109
Configuring MPLS on a PE Device

configuration mode.
Example:
[split-horizon group group-id]
Example:

Example:
Configuring MPLS on a PE Device

To configure Multiprotocol Label Switching (MPLS) on a provider edge (PE) device, configure the required
MPLS parameters.
Note Before configuring MPLS, ensure that IP connectivity exists between all PE devices by configuring Interior
Gateway Protocol (IGP), Open Shortest Path First (OSPF), or Intermediate System to Intermediate System
(IS-IS) between PE devices.
SUMMARY STEPS
1. enable
3. mpls label protocol {ldp | tdp}
4. mpls ldp logging neighbor-changes
5. mpls ldp discovery hello holdtime seconds
6. mpls ldp router-id interface-type-number [force]
7. end
DETAILED STEPS

Device> enable
110
Configuring a VFI on a PE Device

Example:
Step 3 mpls label protocol {ldp | tdp} Specifies the label distribution protocol for the platform.
Example:
Device(config)# mpls label protocol ldp
Step 4 mpls ldp logging neighbor-changes (Optional) Generates system error logging (syslog)
messages when LDP sessions go down.
Example:
Device(config)# mpls ldp logging neighbor-changes
Step 5 mpls ldp discovery hello holdtime seconds Configures the interval between the transmission of
consecutive LDP discovery hello messages or the hold time
Example:
for an LDP transport connection.
Device(config)# mpls ldp discovery hello holdtime
5
Step 6 mpls ldp router-id interface-type-number [force] Specifies a preferred interface for the LDP router ID.
Example:
Device(config)# mpls ldp router-id loopback0 force
Step 7 end Exits global configuration mode and returns to privileged

EXEC mode.
Example:
Device(config)# end

The virtual forwarding interface (VFI) specifies the VPN ID of a Virtual Private LAN Services (VPLS)
domain, the addresses of other provider edge (PE) devices in the domain, and the type of tunnel signaling and
encapsulation mechanism for each peer.
Note Only Multiprotocol Label Switching (MPLS) encapsulation is supported.
Note You must configure BDI on the bridge domain that has the association with the VFI.
111
SUMMARY STEPS
1. enable
3. l2 vfi name manual
4. vpn id vpn-id
5. neighbor remote-router-id vc-id {encapsulation encapsulation-type | pw-class pw-name}
[no-split-horizon]
7. end
DETAILED STEPS

Device> enable

Example:
Step 3 l2 vfi name manual Establishes a Layer 2 VPN (L2VPN) virtual forwarding
interface (VFI) between two or more separate networks and
Example:
enters VFI configuration mode.
Device(config)# l2 vfi vfi110 manual
Step 4 vpn id vpn-id Configures a VPN ID for a VPLS domain.

Example: • The emulated VCs bound to this Layer 2 virtual routing
and forwarding (VRF) instance use this VPN ID for
Device(config-vfi)# vpn id 110 signaling.
Step 5 neighbor remote-router-id vc-id {encapsulation Specifies the type of tunnel signaling and encapsulation
encapsulation-type | pw-class pw-name} [no-split-horizon] mechanism for each VPLS peer.
Example: Note Split horizon is the default configuration to avoid
broadcast packet looping and to isolate Layer 2
Device(config-vfi)# neighbor 172.16.10.2 4 traffic. Use the no-split-horizon keyword to
encapsulation mpls disable split horizon and to configure multiple
VCs per spoke into the same VFI.
Step 6 bridge-domain bd-id Specifies a bridge domain.

Example:
Device(config-vfi)# bridge-domain 100
112
Configuring a VFI on a PE Device: Alternate Configuration

Step 7 end Exits VFI configuration mode and returns to privileged
EXEC mode.
Example:
Device(config-vfi)# end
Configuring a VFI on a PE Device: Alternate Configuration

SUMMARY STEPS
1. enable
3. l2vpn vfi context name
4. vpn id id
5. member ip-address [vc-id] encapsulation mpls
6. exit
8. member vfi vfi-name
9. end
DETAILED STEPS

Device> enable

Example:
Step 3 l2vpn vfi context name Establishes a L2VPN VFI between two or more separate
networks, and enters VFI configuration mode.
Example:
Device(config)# l2vpn vfi context vfi110
Step 4 vpn id id Configures a VPN ID for a Virtual Private LAN Services

(VPLS) domain. The emulated virtual circuits (VCs) bound
Example:
to this Layer 2 virtual routing and forwarding (VRF)
instance use this VPN ID for signaling.
Device(config-vfi)# vpn id 110
Step 5 member ip-address [vc-id] encapsulation mpls Specifies the devices that form a point-to-point Layer 2
VPN (L2VPN) virtual forwarding interface (VFI)
Example:
113
Configuring Static Virtual Private LAN Services

connection and Multiprotocol Label Switching (MPLS) as
Device(config-vfi)# member 172.16.10.2 4
the encapsulation type.
encapsulation mpls
Step 6 exit Exits VFI configuration mode and returns to global

configuration mode.
Example:
Device(config-vfi)# exit
Step 7 bridge-domain bd-id Specifies a bridge domain and enters bridge-domain

configuration mode.
Example:
Step 8 member vfi vfi-name Binds a VFI instance to a bridge domain instance.
Example:
Device(config-bdomain)# member vfi vfi110

Example:
Configuring Static Virtual Private LAN Services

To configure static Virtual Private LAN Services (VPLS), perform the following tasks:
• Configuring a Pseudowire for Static VPLS
• Configuring VFI for Static VPLS
• Configuring a VFI for Static VPLS: Alternate Configuration
• Configuring an Attachment Circuit for Static VPLS
• Configuring an Attachment Circuit for Static VPLS: Alternate Configuration
• Configuring an MPLS-TP Tunnel for Static VPLS with TP
• Configuring a VFI for Static VPLS: Alternate Configuration
Configuring a Pseudowire for Static VPLS

The configuration of pseudowires between provider edge (PE) devices helps in the successful transmission
of the Layer 2 frames between PE devices.
Use the pseudowire template to configure the virtual circuit (VC) type for the virtual path identifier (VPI)
pseudowire. In the following task, the pseudowire will go through a Multiprotocol Label Switching
(MPLS)-Tunneling Protocol (TP) tunnel.
114
The pseudowire template configuration specifies the characteristics of the tunneling mechanism that is used
by the pseudowires, which are:
• Encapsulation type
• Control protocol
• Payload-specific options
• Preferred path
Perform this task to configure a pseudowire template for static Virtual Private LAN Services (VPLS).
Note Ensure that you perform this task before configuring the virtual forwarding instance (VFI) peer. If the VFI
peer is configured before the pseudowire class, the configuration is incomplete until the pseudowire class is
configured. The show running-config command displays an error stating that configuration is incomplete.
Device# show running-config | sec vfi
l2 vfi config manual

vpn id 1000
! Incomplete point-to-multipoint vfi config
SUMMARY STEPS
1. enable
3. template type pseudowire name
5. signaling protocol none
6. preferred-path interface Tunnel-tp interface-number
7. exit
9. source template type pseudowire name
11. label local-pseudowire-label remote-pseudowire-label
12. end
DETAILED STEPS

Device> enable

Example:
115
Step 3 template type pseudowire name Specifies the template type as pseudowire and enters
template configuration mode.
Example:
Device(config)# template type pseudowire

static-vpls

Example: • For Any Transport over MPLS (AToM), the
encapsulation type is MPLS.
Device(config-template)# encapsulation mpls
Step 5 signaling protocol none Specifies that no signaling protocol is configured for the
pseudowire class.
Example:
Device(config-template)# signaling protocol none
Step 6 preferred-path interface Tunnel-tp interface-number (Optional) Specifies the path that traffic uses: an MPLS
Traffic Engineering (TE) tunnel or destination IP address
Example:
and Domain Name Server (DNS) name.
Device(config-template)# preferred-path interface
Tunnel-tp 1
Step 7 exit Exits template configuration mode and returns to global

configuration mode.
Example:
Device(config-template)# exit
Step 8 interface pseudowire number Establishes a pseudowire interface and enters interface
configuration mode.
Example:
Step 9 source template type pseudowire name Configures the source template type of the configured
pseudowire.
Example:
Device(config-if)# source template type pseudowire

static-vpls
Step 10 neighbor peer-address vcid-value Specifies the peer IP address and VC ID value of a Layer
2 VPN (L2VPN) pseudowire.
Example:
116
Configuring VFI for Static VPLS

Step 11 label local-pseudowire-label remote-pseudowire-label Configures an Any Transport over MPLS (AToM) static
pseudowire connection by defining local and remote circuit
Example:
labels.
Device(config-if)# label 301 17
Step 12 end Exits interface configuration mode and returns to privileged

EXEC mode.
Example:
Note Ensure that you perform this task after configuring the pseudowire. If the VFI peer is configured before the
pseudowire, the configuration is incomplete until the pseudowire is configured. The output of the show
running-config command displays an error stating that configuration is incomplete.

vpn id 1000
SUMMARY STEPS
1. enable
3. mpls label range minimum-value maximum-value [static minimum-static-value maximum-static-value]
4. pseudowire-class [pw-class-name]
6. protocol {l2tpv2 | l2tpv3 | none} [l2tp-class-name]
7. exit
8. l2 vfi vfi-name manual
9. vpn id vpn-id
10. neighbor ip-address pw-class pw-name
11. mpls label local-pseudowire-label remote-pseudowire-label
12. mpls control-word
13. neighbor ip-address pw-class pw-name
14. mpls label local-pseudowire-label remote-pseudowire-label
15. mpls control-word
16. end
117
DETAILED STEPS

Device> enable

Example:
Step 3 mpls label range minimum-value maximum-value [static Configures the range of local labels available for use with
minimum-static-value maximum-static-value] Multiprotocol Label Switching (MPLS) applications on
packet interfaces.
Example:
Device(config)# mpls label range 16 200 static

300 500
Step 4 pseudowire-class [pw-class-name] Specifies the name of a Layer 2 pseudowire class and
Example:
Device(config)# pseudowire-class static_vpls
Step 5 encapsulation mpls Specifies the tunneling encapsulation as MPLS.

Example:
Device(config-pw-class)# encapsulation mpls
Step 6 protocol {l2tpv2 | l2tpv3 | none} [l2tp-class-name] Specifies that no signaling protocol will be used in Layer
2 Tunneling Protocol Version 3 (L2TPv3) sessions.
Example:
Device(config-pw-class)# protocol none
Step 7 exit Exits pseudowire class configuration mode and returns to

global configuration mode.
Example:
Device(config-pw-class)# exit
Step 8 l2 vfi vfi-name manual Establishes a Layer 2 VPN (L2VPN) virtual forwarding
interface (VFI) between two or more separate networks,
Example:
and enters Layer 2 VFI manual configuration mode.
Device(config)# l2 vfi static-vfi manual
Step 9 vpn id vpn-id Specifies the VPN ID.

Example:
118

Step 10 neighbor ip-address pw-class pw-name Specifies the IP address of the peer and the pseudowire
class.
Example:
Device(config-vfi)# neighbor 10.3.4.4 pw-class

static_vpls
Step 11 mpls label local-pseudowire-label Configures an Any Transport over MPLS (AToM) static
remote-pseudowire-label pseudowire connection by defining local and remote circuit
labels.
Example:
Device(config-vfi)# mpls label 301 17
Step 12 mpls control-word (Optional) Enables the MPLS control word in an AToM
static pseudowire connection.
Example:
Device(config-vfi)# mpls control-word
Step 13 neighbor ip-address pw-class pw-name Specifies the IP address of the peer and the pseudowire
class.
Example:
Device(config-vfi)# neighbor 2.3.4.3 pw-class

static_vpls
Step 14 mpls label local-pseudowire-label Configures an AToM static pseudowire connection by

remote-pseudowire-label defining local and remote circuit labels.
Example:
Device(config-vfi)# mpls label 302 18
Step 15 mpls control-word (Optional) Enables the MPLS control word in an AToM
static pseudowire connection.
Example:
Device(config-vfi)# mpls control-word
Step 16 end Exits Layer 2 VFI manual configuration mode and returns
to privileged EXEC mode.
Example:
119
Configuring a VFI for Static VPLS: Alternate Configuration

vpn id 1000
SUMMARY STEPS
1. enable
3. l2vpn vfi context vfi-name
4. vpn id vpn-id
5. exit
8. neighbor ip-address vc-id
10. control-word {include | exclude}
11. exit
14. end
DETAILED STEPS

Device> enable

Example:
Step 3 l2vpn vfi context vfi-name Establishes a Layer 2 VPN (L2VPN) virtual forwarding
interface (VFI) between two or more separate networks
Example:
and enters VFI configuration mode.
Device(config)# l2vpn vfi context vpls1
120

Example:

configuration mode.
Example:
mode.
Example:
Step 7 encapsulation mpls Specifies an encapsulation type for tunneling Layer 2

traffic over a pseudowire.
Example:
Step 8 neighbor ip-address vc-id Specifies the peer IP address and virtual circuit (VC) ID
Example:
Example:
labels.
Step 10 control-word {include | exclude} (Optional) Enables the Multiprotocol Label Switching
(MPLS) control word in an AToM dynamic pseudowire
Example:
connection.
Device(config-if)# control-word include

configuration mode.
Example:
configuration mode.
Example:
Step 13 member vfi vfi-name Binds a service instance to a bridge domain instance.
Example:
121
Configuring an Attachment Circuit for Static VPLS
Device(config-bdomain)# member vfi vpls1

Example:
Configuring an Attachment Circuit for Static VPLS
SUMMARY STEPS
1. enable
3. interface gigabitethernet slot/interface
6. rewrite ingress tag pop number [symmetric]
8. end
DETAILED STEPS

Device> enable

Example:
Step 3 interface gigabitethernet slot/interface Specifies an interface and enters interface configuration
mode.
Example:
• Ensure that the interfaces between the customer edge
Device(config)# interface gigabitethernet 0/0/1 (CE) and provider edge (PE) devices that run Ethernet
over MPLS (EoMPLS) are in the same subnet. All
other interfaces and backbone devices do not need to
be in the same subnet.
Step 4 service instance si-id ethernet Configures an Ethernet service instance on an interface and
enters service instance configuration mode.
Example:
122
Configuring an Attachment Circuit for Static VPLS: Alternate Configuration

Example:
Step 6 rewrite ingress tag pop number [symmetric] (Optional) Specifies the encapsulation adjustment to be
performed on a frame ingressing a service instance and the
Example:
tag to be removed from a packet.
Device(config-if-srv)# rewrite ingress tag pop 1
symmetric
Step 7 bridge-domain bd-id (Optional) Binds a service instance or a MAC tunnel to a

bridge domain instance.
Example:

Example:
SUMMARY STEPS
1. enable
3. interface gigabitethernet slot/interface
6. rewrite ingress tag pop number [symmetric]
7. exit
8. exit
11. end
DETAILED STEPS

Device> enable
123

Example:
Step 3 interface gigabitethernet slot/interface Specifies an interface and enters interface configuration
mode.
Example:
• Ensure that the interfaces between the customer edge
Device(config)# interface gigabitethernet 0/0/1 (CE) and provider edge (PE) devices that are running
Ethernet over MPLS (EoMPLS) are in the same
subnet. All other interfaces and backbone devices do
not need to be in the same subnet.
configuration mode.
Example:
Example:
Step 6 rewrite ingress tag pop number [symmetric] (Optional) Specifies the encapsulation adjustment to be
performed on a frame ingressing a service instance and
Example:
the tag to be removed from a packet.
Device(config-if-srv)# rewrite ingress tag pop 1
symmetric

Example:

configuration mode.
Example:
configuration mode.
Example:
124
Configuring an MPLS-TP Tunnel for Static VPLS with TP

Step 10 member interface-type-number service-instance service-id (Optional) Binds a service instance to a bridge domain
[split-horizon group group-id] instance.
Example:

Example:
SUMMARY STEPS
1. enable
3. interface Tunnel-tp number
4. no ip address
5. no keepalive
6. tp destination ip-address
7. bfd bfd-template
8. working-lsp
9. out-label number out-link number
10. lsp-number number
11. exit
12. protect-lsp
13. out-label number out-link number
14. in-label number
15. lsp-number number
16. exit
17. exit
19. ip address ip-address ip-mask
20. mpls tp link link-num {ipv4 ip-address | tx-mac mac-address}
21. end
DETAILED STEPS

125
Device> enable

Example:
Step 3 interface Tunnel-tp number Configures a Multiprotocol Label Switching (MPLS)

transport profile tunnel and enters interface configuration
Example:
mode.
Device(config)# interface Tunnel-tp 4 • Use the same interface as you configured for the
pseudowire class.
Step 4 no ip address Disables the IP address configuration.

Example:
Step 5 no keepalive Disables the keepalive configuration.

Example:
Device(config-if)# no keepalive
Step 6 tp destination ip-address Configures the tunnel destination.

Example:
Device(config-if)# tp destination 10.22.22.22
Step 7 bfd bfd-template Binds a single-hop Bidirectional Forwarding Detection

(BFD) template to an interface.
Example:
Device(config-if)# bfd tp
Step 8 working-lsp Configures the working label switched path (LSP) and
enters working interface configuration mode.
Example:
Device(config-if)# working-lsp
Step 9 out-label number out-link number Configures the out link and out label for the working LSP.
Example:
Device(config-if-working)# out-label 16 out-link

100
Step 10 lsp-number number Configures the ID number for the working LSP.
Example:
126
Device(config-if-working)# lsp-number 0
Step 11 exit Exits working interface configuration mode and returns to

Example:
Device(config-if-working)# exit
Step 12 protect-lsp Enters protection configuration mode for the label switched
path (LSP) and enters protect interface configuration mode.
Example:
Device(config-if)# protect-lsp
Step 13 out-label number out-link number Configures the out link and out label for the protect LSP.
Example:
Device(config-if-protect)# out-label 11 out-link

500
Step 14 in-label number Configures the in label for the protect LSP.
Example:
Device(config-if-protect)# in-label 600
Step 15 lsp-number number Configures the ID number for the working protect LSP.
Example:
Device(config-if-protect)# lsp-number 1
Step 16 exit Exits protect interface configuration mode and returns to

Example:
Device(config-if-protect)# exit

configuration mode.
Example:
Step 18 interface type number Configures a interface and enters interface configuration
mode.
Example:
Device(config-if)# interface GigabitEthernet 0/1/0
Step 19 ip address ip-address ip-mask (Optional) Configures the IP address and mask if not using
an IP-less core.
Example:
Device(config)# ip address 10.0.0.1 255.255.255.0
127

Step 20 mpls tp link link-num {ipv4 ip-address | tx-mac Configures Multiprotocol Label Switching (MPLS)
mac-address} transport profile (TP) link parameters.
Example:
Device(config-if)# mpls tp link 10 tx-mac

0100.0c99.8877
Step 21 end Exits interface configuration mode and returns to privileged

EXEC mode.
Example:

vpn id 1000
SUMMARY STEPS
1. enable
3. l2vpn vfi context vfi-name
4. vpn id vpn-id
5. exit
8. neighbor ip-address vc-id
10. control-word {include | exclude}
11. exit
14. end
DETAILED STEPS

128

Device> enable

Example:
Step 3 l2vpn vfi context vfi-name Establishes a Layer 2 VPN (L2VPN) virtual forwarding
interface (VFI) between two or more separate networks
Example:
and enters VFI configuration mode.
Device(config)# l2vpn vfi context vpls1

Example:

configuration mode.
Example:
mode.
Example:
Step 7 encapsulation mpls Specifies an encapsulation type for tunneling Layer 2

traffic over a pseudowire.
Example:
Step 8 neighbor ip-address vc-id Specifies the peer IP address and virtual circuit (VC) ID
Example:
Example:
labels.
Step 10 control-word {include | exclude} (Optional) Enables the Multiprotocol Label Switching
(MPLS) control word in an AToM dynamic pseudowire
Example:
connection.
Device(config-if)# control-word include
129
Configuration Examples for Virtual Private LAN Services

configuration mode.
Example:
configuration mode.
Example:
Step 13 member vfi vfi-name Binds a service instance to a bridge domain instance.
Example:
Device(config-bdomain)# member vfi vpls1

Example:
Configuration Examples for Virtual Private LAN Services

Example: Configuring 802.1Q Access Ports for Tagged Traffic from a CE Device
This example shows how to configure the tagged traffic:
Device(config)# interface GigabitEthernet 0/0/1

Device(config-if-srv)# encapsulation dot1q 200
Example: Configuring 802.1Q Access Ports for Tagged Traffic from a CE Device:
Alternate Configuration
The following example shows how to configure the tagged traffic:

Device(config-if-srv)# encapsulation dot1q 200
130
Example: Configuring Access Ports for Untagged Traffic from a CE Device
Device(config-bdomain)# member gigabitethernet0/0/1 service-instance 1000
Example: Configuring Access Ports for Untagged Traffic from a CE Device

The following example shows how to configure access ports for untagged traffic:
Device(config-if-srv)# encapsulation untagged
The following example shows a virtual forwarding interface (VFI) configuration:
Device(config)# l2 vfi VPLSA manual

Device(config-vfi)# neighbor 10.11.11.11 encapsulation mpls
The following example shows a VFI configuration for hub and spoke.
Device(config)# l2 vfi VPLSB manual

Device(config-vfi)# neighbor 10.13.13.13 encapsulation mpls no-split-horizon
The output of the show mpls 12transport vc command displays various information related to a provide edge
(PE) device. The VC ID in the output represents the VPN ID; the VC is identified by the combination of the
destination address and the VC ID as shown in the command output. The output of the show mpls l2transport
vc detail command displays detailed information about virtual circuits (VCs) on a PE device.
Device# show mpls l2transport vc 201

------------- -------------------- --------------- ---------- ----------
VFI VPLSA VFI 10.11.11.11 110 UP
The following sample output from the show vfi command displays the VFI status:
Device# show vfi VPLSA
131
Example: Configuring Access Ports for Untagged Traffic from a CE Device: Alternate Configuration
VFI name: VPLSA, state: up

Local attachment circuits:
Vlan2
Neighbors connected via pseudowires:
Peer Address VC ID Split-horizon
10.11.11.11 110 Y
10.33.33.33 110 Y
10.44.44.44 110 Y
Device# show vfi VPLSB
VFI name: VPLSB, state: up

Vlan2
10.99.99.99 111 Y
10.12.12.12 111 Y
10.13.13.13 111 N
Example: Configuring Access Ports for Untagged Traffic from a CE Device:

Alternate Configuration
The following example shows how to configure the untagged traffic.

Device(config-if-srv)# encapsulation untagged
Device(config-bdomain)# member GigabitEthernet0/4/4 service-instance 10
Example: Configuring Q-in-Q EFP

The following example shows how to configure the tagged traffic.

Device(config-if)# negotiate auto
Device(config-if-srv)# encapsulation dot1q 200 second-dot1q 400
Use the show spanning-tree vlan command to verify that the ports are not in a blocked state. Use the show
vlan id command to verify that a specific port is configured to send and receive specific VLAN traffic.
132
Example: Configuring Q-in-Q in EFP: Alternate Configuration
Example: Configuring Q-in-Q in EFP: Alternate Configuration

The following example shows how to configure the tagged traffic:

Device(config-if)# nonegotiate auto
Device(config-if-srv)# encapsulation dot1q 200 second-dot1q 400
Use the show spanning-tree vlan command to verify that the port is not in a blocked state. Use the show
vlan id command to verify that a specific port is configured to send and receive a specific VLAN traffic.
Example: Configuring MPLS on a PE Device

The following example shows a global Multiprotocol Label Switching (MPLS) configuration:
Device(config)# mpls label protocol ldp

Device(config)# mpls ldp logging neighbor-changes
Device(config)# mpls ldp discovery hello holdtime 5
Device(config)# mpls ldp router-id Loopback0 force
The following sample output from the show ip cef command displays the Label Distribution Protocol (LDP)
label assigned:
Device# show ip cef 192.168.17.7
192.168.17.7/32, version 272, epoch 0, cached adjacency to POS4/1

0 packets, 0 bytes
tag information set
local tag: 8149
fast tag rewrite with PO4/1, point2point, tags imposed: {4017}
via 10.3.1.4, POS4/1, 283 dependencies
next hop 10.3.1.4, POS4/1
valid cached adjacency
tag rewrite with PO4/1, point2point, tags imposed: {4017}
Example: VFI on a PE Device

The following example shows a virtual forwarding instance (VFI) configuration:

Device(config-vfi)# neighbor 172.16.10.2 4 encapsulation mpls
133
Example: VFI on a PE Device: Alternate Configuration
The following example shows a VFI configuration for a hub-and-spoke configuration:
Device(config)# l2 vfi VPLSA manual

Device(config-vfi)# neighbor 203.0.113.4 encapsulation mpls no-split-horizon
The show mpls 12transport vc command displays information about the provider edge (PE) device. The
show mpls l2transport vc detail command displays detailed information about the virtual circuits (VCs) on
a PE device.
Device# show mpls l2transport vc 201

------------- -------------------- --------------- ---------- ----------
VFI test1 VFI 209.165.201.1 201 UP
VFI test1 VFI 209.165.201.2 201 UP
VFI test1 VFI 209.165.201.3 201 UP
The show vfi vfi-name command displays VFI status. The VC ID in the output represents the VPN ID; the
VC is identified by the combination of the destination address and the VC ID as in the example below.
Device# show vfi VPLS-2
VFI name: VPLS-2, state: up

Vlan2
10.1.1.1 2 Y
10.1.1.2 2 Y
10.2.2.3 2 N
Example: VFI on a PE Device: Alternate Configuration

The following example shows how to configure a virtual forwarding interface (VFI) on a provider edge (PE)
device:

Device(config-vfi)# member 172.16.10.2 4 encapsulation mpls
Device(config-vfi)# member 10.33.33.33 encapsulation mpls
134
Example: Full-Mesh VPLS Configuration
The following example shows how to configure a hub-and-spoke VFI configuration:.
Device(config)# l2vpn vfi context VPLSA

Device(config-bdomain)# member vfi VPLSA
Device(config-bdomain)# member 10.33.33.33 10 encapsulation mpls
The show l2vpn atom vc command displays information about the PE device. The command also displays
information about Any Transport over MPLS (AToM) virtual circuits (VCs) and static pseudowires that are
enabled to route Layer 2 packets on a device.

------------- ----------------------- --------------- ---------- ----------
Et0/0.1 Eth VLAN 101 10.0.0.2 101 UP
Et0/0.1 Eth VLAN 101 10.0.0.3 201 DOWN
The show l2vpn vfi command displays the VFI status. The VC ID in the output represents the VPN ID; the
VC is identified by the combination of the destination address and the VC ID as in the example below.
Device# show l2vpn vfi VPLS-2
Legend: RT= Route-target
VFI name: serviceCore1, State: UP, Signaling Protocol: LDP

VPN ID: 100, VPLS-ID: 9:10, Bridge-domain vlan: 100
RD: 9:10, RT: 10.10.10.10:150
Pseudo-port Interface: Virtual-Ethernet1000

Interface Peer Address VC ID Discovered Router ID Next Hop
Pw2000 10.0.0.1 10 10.0.0.1 10.0.0.1
Pw2001 10.0.0.2 10 10.1.1.2 10.0.0.2
Pw2002 10.0.0.3 10 10.1.1.3 10.0.0.3
Pw5 10.0.0.4 10 - 10.0.0.4

In a full-mesh configuration, each provider edge (PE) device creates a multipoint-to-multipoint forwarding
relationship with all other PE devices in the Virtual Private LAN Services (VPLS) domain using a virtual
forwarding interface (VFI). An Ethernet or a VLAN packet received from the customer network can be
forwarded to one or more local interfaces and/or emulated virtual circuits (VCs) in the VPLS domain. To
avoid a broadcast packet loop in the network, packets received from an emulated VC cannot be forwarded to
any emulated VC in the VPLS domain on a PE device. Ensure that Layer 2 split horizon is enabled to avoid
a broadcast packet loop in a full-mesh network.
135
Figure 7: Full-Mesh VPLS Configuration
PE 1 Configuration
The following examples shows how to create virtual switch instances (VSIs) and associated VCs:
l2 vfi PE1-VPLS-A manual

vpn id 100
bridge domain 100
!
interface Loopback 0
ip address 10.1.1.1 255.255.0.0
The following example shows how to configure the customer edge (CE) device interface (there can be multiple
Layer 2 interfaces in a VLAN):
interface GigabitEthernet 0/0/0

no ip address
negotiation auto
bridge-domain 100
PE 2 Configuration
The following example shows how to create VSIs and associated VCs.

vpn id 100
bridge domain 100
!
ip address 10.2.2.2 255.255.0.0
The following example shows how to configure the CE device interface (there can be multiple Layer 2
interfaces in a VLAN):

no ip address
negotiation auto
136

bridge-domain 100
PE 3 Configuration
The following example shows how to create VSIs and associated VCs:

vpn id 112
bridge domain 100
!
ip address 10.3.3.3 255.255.0.0
The following example shows how to configure the CE device interface (there can be multiple Layer 2
interfaces in a VLAN).

no ip address
negotiation auto
bridge-domain 100
!
The following sample output from the show mpls l2 vc command provides information about the status of
the VC:
Device# show mpls l2 vc

------------- -------------------- --------------- ---------- ----------
VFI PE1-VPLS-A VFI 10.2.2.2 100 UP
The following sample output from the show vfi command provides information about the VFI:
Device# show vfi PE1-VPLS-A
VFI name: VPLSA, state: up

Vlan200
10.2.2.2 10.3.3.3
The following sample output from the show mpls 12transport vc command provides information about
virtual circuits:
Device# show mpls l2transport vc detail
Local interface: VFI PE1-VPLS-A up

Tunnel label: imp-null, next hop point2point
137
Example: Full-Mesh Configuration : Alternate Configuration
Output interface: Se2/0, imposed label stack {18}

VC statistics:

In a full-mesh configuration, each provider edge (PE) router creates a multipoint-to-multipoint forwarding
relationship with all other PE routers in the Virtual Private LAN Services (VPLS) domain using a virtual
forwarding interface (VFI). An Ethernet or virtual LAN (VLAN) packet received from the customer network
can be forwarded to one or more local interfaces and/or emulated virtual circuits (VCs) in the VPLS domain.
To avoid broadcasted packets looping in the network, no packet received from an emulated VC can be
forwarded to any emulated VC of the VPLS domain on a PE router. That is, Layer 2 split horizon should
always be enabled as the default in a full-mesh network.
Figure 8: VPLS Configuration Example
PE 1 Configuration
The following example shows how to create virtual switch instances (VSIs) and associated VCs and to
configure the CE device interface (there can be multiple Layer 2 interfaces in a VLAN):
interface gigabitethernet 0/0/0

encap dot1q 100
no shutdown
!
l2vpn vfi context PE1-VPLS-A
vpn id 100
!
bridge-domain 100
member gigabitethernet0/0/0 service-instance 100
member vfi PE1-VPLS-A
138
PE 2 Configuration
The following example shows how to create VSIs and associated VCs and to configure the CE device interface
(there can be multiple Layer 2 interfaces in a VLAN):

encap dot1q 100
no shutdown
!
vpn id 100
!
bridge-domain 100
PE 3 Configuration
The following example shows how to create of the VSIs and associated VCs and to configure the CE device
interface (there can be multiple Layer 2 interfaces in a VLAN):

encap dot1q 100
no shutdown
!
vpn id 100
!
bridge-domain 100
The following sample output from the show mpls l2 vc command provides information on the status of the
VC:
Device# show mpls l2 vc

------------- -------------- --------------- ---------- ----------
The following sample output from the show l2vpn vfi command provides information about the VFI:
Device# show l2vpn vfi VPLS-2
Legend: RT= Route-target
VFI name: serviceCore1, State: UP, Signaling Protocol: LDP

VPN ID: 100, VPLS-ID: 9:10, Bridge-domain vlan: 100
RD: 9:10, RT: 10.10.10.10:150
139
Feature Information for Configuring Virtual Private LAN Services
Pseudo-port Interface: Virtual-Ethernet1000

Interface Peer Address VC ID Discovered Router ID Next Hop
Pw2000 10.0.0.1 10 10.0.0.1 10.0.0.1
Pw2001 10.0.0.2 10 10.1.1.2 10.0.0.2
Pw2002 10.0.0.3 10 10.1.1.3 10.0.0.3
Pw5 10.0.0.4 10 - 10.0.0.4
The following sample output from the show l2vpn atom vc command provides information on the virtual
circuits:

------------- ----------------------- --------------- ---------- ----------
Et0/0.1 Eth VLAN 101 10.0.0.2 101 UP
Et0/0.1 Eth VLAN 101 10.0.0.3 201 DOWN
FeatureInformationforConfiguringVirtualPrivateLANServices
Table 10: Feature Information for Configuring Virtual Private LAN Services
Configuring Virtual Private Cisco IOS XE Release This feature was introduced on the Cisco ASR 920
LAN Services 3.13.0S Routers (ASR-920-12CZ-A, ASR-920-12CZ-D,
140
CHAPTER 5
H-VPLS N-PE Redundancy for MPLS Access
The H-VPLS N-PE Redundancy for MPLS Access feature enables two network provider edge (N-PE) devices
to provide failover services to a user provider edge (U-PE) device in a hierarchical virtual private LAN service
(H-VPLS). Having redundant N-PE devices provides improved stability and reliability against link and node
failures.
• Prerequisites for H-VPLS N-PE Redundancy for MPLS Access, on page 141
• Restrictions for H-VPLS N-PE Redundancy for MPLS Access, on page 142
• Information About H-VPLS N-PE Redundancy for MPLS Access, on page 142
• How to Configure H-VPLS N-PE Redundancy for MPLS Access, on page 143
• Configuration Examples for H-VPLS N-PE Redundancy for MPLS Access, on page 146
• Feature Information for H-VPLS N-PE Redundancy for MPLS Access, on page 148
• Glossary, on page 148

Prerequisites for H-VPLS N-PE Redundancy for MPLS Access

• Before configuring this feature, configure your hierarchical virtual private LAN service (H-VPLS)
network and make sure it is operating correctly.
• To provide faster convergence, you can enable the MPLS Traffic Engineering—Fast Reroute feature in
the Multiprotocol Label Switching (MPLS) core.
• Enable the L2VPN Pseudowire Redundancy feature on the user provider edge (U-PE) devices for MPLS
access.
141
Restrictions for H-VPLS N-PE Redundancy for MPLS Access
Restrictions for H-VPLS N-PE Redundancy for MPLS Access

• This feature cannot be used with the VPLS Autodiscovery feature on pseudowires that attach to user
provider edge (U-PE) devices. When you create the virtual private LAN service (VPLS), you can manually
create the virtual forwarding interface (VFI).
• You cannot configure more than one pseudowire to carry the bridge protocol data unit (BPDU) information
between the network provider edge (N-PE) devices.
• You cannot configure a local loopback address as a neighbor when you configure the H-VPLS N-PE
Redundancy feature on N-PE devices.
• Only two N-PE devices can be connected to each U-PE device.
Information About H-VPLS N-PE Redundancy for MPLS Access

How H-VPLS N-PE Redundancy for MPLS Access
In a network configured with the H-VPLS N-PE Redundancy feature, the user provider edge (U-PE) device
is connected to two network provider edge (N-PE) devices. This feature provides a level of redundancy that
can tolerate both link and device faults. If a failure occurs in the network that disables one N-PE device from
transmitting data, the other N-PE device takes over.
H-VPLS N-PE Redundancy with MPLS Access Based on Pseudowire

Redundancy
For the H-VPLS Redundancy with MPLS Access feature based on pseudowire redundancy, the Multiprotocol
Label Switching (MPLS) network has pseudowires to the virtual private LAN service (VPLS) core network
provider edge (N-PE) devices.
As shown in the figure below, one pseudowire transports data between the user provider edge (U-PE) device
and its peer N-PE devices. When a failure occurs along the path of the U-PE device, the backup pseudowire
and the redundant N-PE device become active and start transporting data.
142
How to Configure H-VPLS N-PE Redundancy for MPLS Access
Figure 9: H-VPLS N-PE Redundancy for MPLS Access Based on Pseudowire Redundancy
How to Configure H-VPLS N-PE Redundancy for MPLS Access

Configuring the VPLS Pseudowire Between the N-PE Devices
Configuring network provider edge (N-PE) redundancy in a hierarchical Virtual Private LAN service (H-VPLS)
network requires that you define the VPLS pseudowire for transporting bridge protocol data unit (BPDU)
packets (described here) and that you connect that pseudowire to the native VLAN (described in the next
task). This configuration provides a redundancy that provides improved reliability against link and node
failures.
SUMMARY STEPS
1. enable
4. vpn id id-number
5. bridge-domain bridge-id
[no-split-horizon]
7. end
DETAILED STEPS

Device> enable

Example:
143
Configuring the SVI for the Native VLAN
Step 3 l2 vfi name manual Creates a Layer 2 virtual forwarding interface (VFI) and
enters Layer 2 VFI manual configuration mode.
Example:
Device(config)# l2 vfi vfitest1 manual
Step 4 vpn id id-number Specifies the VPN ID.

Example:
Step 5 bridge-domain bridge-id Configures the router to derive bridge domains from the
encapsulation VLAN list.
Step 6 neighbor remote-router-id vc-id {encapsulation Specifies the peer IP address of the redundant N-PE device
encapsulation-type | pw-class pw-name} [no-split-horizon] and the type of tunnel signaling and encapsulation
mechanism.
Example:
Device(config-vfi)# neighbor 10.2.2.2 3

encapsulation mpls
Step 7 end Exits Layer 2 VFI manual configuration mode and returns
to privileged EXEC mode.
Example:
Example
You can also configure the VPLS pseudowire between the N-PE devices using this alternate method.
RoutDeviceer> enable

Perform this task to configure the switched virtual interface (SVI) for the native VLAN and verify that it is
correctly configured.
SUMMARY STEPS
1. enable
144
3. interface vlan vlan-id
4. xconnect vfi vfi-name
5. end
6. show vfi vfi-name
7. end
DETAILED STEPS

Device> enable

Example:
Step 3 interface vlan vlan-id Creates a dynamic SVI.

Example: • To make the SVI active when you create a VLAN, you
must configure the VLAN with at least one physical
Device(config)# interface vlan 23 interface that is in the “up” state. Use the show vfi
command to display the status of the SVI. The state
field will display “up” when the SVI is active.
Step 4 xconnect vfi vfi-name Specifies the Layer 2 virtual forwarding interface (VFI)
that you are binding to the VLAN port.
Example:
Device(config)# xconnect vfi vfitest1
Step 5 end Ends the current configuration session and returns to

Example:
Step 6 show vfi vfi-name (Optional) Displays information about the pseudowire
between the two network provider edge (N-PE) devices so
Example:
that you can verify that the H-VPLS N-PE Redundancy
feature is correctly configured.
Device# show vfi VPLS-2
Step 7 end Exits privileged EXEC mode and returns to user EXEC
mode.
Example:
Device# end
145
Configuration Examples for H-VPLS N-PE Redundancy for MPLS Access
Configuration Examples for H-VPLS N-PE Redundancy for MPLS

Access
Example: H-VPLS N-PE Redundancy for MPLS Access
The figure below shows a configuration that is set up for the H-VPLS N-PE Redundancy with MPLS Access
feature.
Figure 10: H-VPLS N-PE Redundancy with MPLS Access Topology
The table below shows the configuration of two network provider edge (N-PE) devices.
Table 11: Example: H-VPLS N-PE Redundancy for MPLS Access
N-PE1 N-PE4
l2 vfi l2trunk manual l2 vfi l2trunk manual

vpn id 10 vpn id 10
bridge-domain 10 bridge-domain 10
neighbor 10.4.4.4 encapsulation mpls neighbor 10.2.2.2 encapsulation mpls

! !
spanning-tree mode mst spanning-tree mode mst

spanning-tree extend system-id spanning-tree extend system-id
! !
spanning-tree mst configuration spanning-tree mst configuration
revision 10 revision 10
instance 1 vlan 20 instance 1 vlan 20
! !
spanning-tree mst 1 priority 0
interface GigabitEthernet 0/5/2 !
encapsulation dot1q 10 interface GigabitEthernet 0/5/2
bridge-domain 10 service instance 5 ethernet
bridge-domain 10
146
Related Documents
MPLS commands Cisco IOS Multiprotocol Label Switching Command Reference
L2VPN pseudowire redundancy “L2VPN Pseudowire Redundancy” feature module in the MPLS Layer 2
VPNs Configuration Guide.
H-VPLS “Configuring VPLS” in the “Configuring Multiprotocol Label Switching

on the Optical Services Modules” chapter in the Optical Services Modules
Installation and Configuration Notes, 12.2SR document.
MPLS traffic engineering “MPLS Traffic Engineering Fast Reroute Link and Node Protection” feature
module in the MPLS Traffic Engineering: Path, Link, and Node Protection
Configuration Guide (part of the Multiprotocol Label Switching
Configuration Guide Library)
Standards
Standard Title
http://www.ietf.org/rfc/rfc4447.txt Pseudowire Setup and

Maintenance Using the Label
Distribution Protocol (LDP)
http://www3.ietf.org/proceedings/06mar/IDs/draft-ietf-l2vpn-vpls-ldp-08.txt Virtual Private LAN Services

over MPLS
http://www.ietf.org/internet-drafts/draft-ietf-pwe3-segmented-pw-02.txt Segmented Pseudo Wire
draft-ietf-pwe3-vccv-10.txt Pseudo Wire Virtual Circuit

Connectivity Verification
(VCCV)
draft-ietf-pwe3-oam-msg-map-03.txt Pseudo Wire (PW) OAM

Message Mapping
147
Feature Information for H-VPLS N-PE Redundancy for MPLS Access
MIBs
MIB MIBs Link
Pseudowire Emulation Edge-to-Edge MIBs To locate and download MIBs for selected platforms, Cisco
for Ethernet, Frame Relay, and ATM software releases, and feature sets, use Cisco MIB Locator
Services found at the following URL:
http://www.cisco.com/go/mibs
Description Link

Feature Information for H-VPLS N-PE Redundancy for MPLS

Access
Table 12: Feature Information for H-VPLS N-PE Redundancy for MPLS Access
H-VPLS N-PE Redundancy for Cisco IOS XE Release This feature was introduced on the Cisco ASR
MPLS Access 3.13.0S 920 Routers (ASR-920-12CZ-A,
ASR-920-12CZ-D, ASR-920-4SZ-A,
ASR-920-4SZ-D).
Glossary
CE device—customer edge device. A device that belongs to a customer network, which connects to a PE
device to utilize MPLS VPN network services.
148
Glossary
LAN—local-area network. High-speed, low-error data network covering a relatively small geographic area.
LANs connect workstations, peripherals, terminals, and other devices in a single building or other geographically
limited areas.
MPLS—Multiprotocol Label Switching. A packet-forwarding technology, used in the network core, that
applies data link layer labels to tell switching nodes how to forward data, resulting in faster and more scalable
forwarding than network layer routing normally can do.
MSTP—Multiple Spanning Tree Protocol. MSTP enables multiple VLANs to be mapped to the same
spanning-tree instance, reducing the number of spanning-tree instances needed to support a large number of
VLANs.
N-PE—network provider edge device. This device acts as a gateway between the MPLS core and edge
domains.
PE device—provider edge device. The PE device is the entry point into the service provider network. The
PE device is typically deployed on the edge of the network and is administered by the service provider.
pseudowire—A pseudowire is a virtual connection that, in the context of VPLS, connects two SVIs. It is a
mechanism that carries the elements of an emulated service from one PE device to one or more PE devices
over a packet switched network (PSN). A pseudowire is bidirectional and consists of a pair of unidirectional
MPLS virtual circuits (VCs). A pseudowire can be used to connect a point-to-point circuit.
QinQ—An IEEE 802.1Q VLAN tunnel. A mechanism for constructing multipoint Layer 2 VPN using Ethernet
switches.
redundancy—The duplication of devices, services, or connections so that, in the event of a failure, they can
perform the work of those that failed.
router—A network layer device that uses one or more metrics to determine the optimal path along which
network traffic should be forwarded. Routers forward packets from one network to another based on network
layer information.
spanning tree—Loop-free subset of a network topology.
U-PE—user provider edge device. This device connects CE devices to the service.
VFI—virtual forwarding instance. A VFI is a collection of data structures used by the data plane, software-based
or hardware-based, to forward packets to one or more VCs.
VLAN—Virtual LAN. Group of devices on one or more LANs that are configured (using management
software) so that they can communicate as if they were attached to the same wire, when in fact they are located
on a number of different LAN segments.
VPLS—Virtual Private LAN Service. VPLS describes an architecture that delivers Layer 2 service that
emulates an Ethernet LAN across a wide-area network (WAN) and inherits the scaling characteristics of a
LAN.
VPLS redundancy—Also called N-PE redundancy. Allows U-PEs to be dual-honed (to their N-PEs) in a
loop-free topology with MPLS or QinQ as the access or aggregation domain.
VPN—Virtual Private Network. Allows IP traffic to travel securely over public TCP/IP networks and the
Internet by encapsulating and encrypting all IP packets. VPN uses a tunnel to encrypt all information at the
IP level.
149
Glossary
150
CHAPTER 6
VPLS MAC Address Withdrawal
The VPLS MAC Address Withdrawal feature provides faster convergence by removing (or unlearning) MAC
addresses that have been dynamically learned. A Label Distribution Protocol (LDP)-based MAC address
withdrawal message is used for this purpose. A MAC list Type Length Value (TLV) is part of the MAC
address withdrawal message. No configuration is needed.
• Information About VPLS MAC Address Withdrawal, on page 151
• Additional References for Any Transport over MPLS, on page 153
• Feature Information for VPLS MAC Address Withdrawal, on page 154

Information About VPLS MAC Address Withdrawal

address withdrawal message.
The debug mpls ldp messages and debug mpls ldp session io commands support monitoring of MAC address
withdrawal messages being exchanged between LDP peers. Any Transport over Multiprotocol Label Switching
(AToM) might provide other means to display or monitor MAC address withdrawal messages. The Tag
Distribution Protocol (TDP) is not supported because AToM uses only LDP for the MAC address withdrawal
message.
151
VPLS MAC Address Withdrawal Using Commands Associated with L2VPN Protocol-Based Feature
PE devices learn the remote MAC addresses and directly attached MAC addresses on customer-facing ports
by deriving the topology and forwarding information from packets originating at customer sites. To display
the number of MAC address withdrawal messages, enter the show mpls l2transport vc detail command, as
shown in the following example:
Device# show mpls l2transport vc detail
Local interface: VFI TEST VFI up

MPLS VC type is VFI, interworking type is Ethernet
MAC Withdraw: sent 5, received 3
VC statistics:
VPLS MAC Address Withdrawal Using Commands Associated with L2VPN

address withdrawal message.
The debug mpls ldp messages and debug mpls ldp session io commands support monitoring of MAC address
withdrawal messages being exchanged between LDP peers. Any Transport over Multiprotocol Label Switching
(AToM) might provide other means to display or monitor MAC address withdrawal messages. The Tag
Distribution Protocol (TDP) is not supported because AToM uses only LDP for the MAC address withdrawal
message.
PE devices learn the remote MAC addresses and directly attached MAC addresses on customer-facing ports
by deriving the topology and forwarding information from packets originating at customer sites. To display
the number of MAC address withdrawal messages, enter the show l2vpn atom vc detail command, as shown
in the following example:
Local interface: VFI TEST VFI up

MPLS VC type is VFI, interworking type is Ethernet
152
How MAC Address Withdrawal Works with H-VPLS N-PE Redundancy with MPLS Access

MAC Withdraw: sent 5, received 3
VC statistics:
How MAC Address Withdrawal Works with H-VPLS N-PE Redundancy with
MPLS Access
If the pseudowire between the user provider edge (U-PE) device and network provider edge (N-PE) device
fails, the L2VPN Pseudowire Redundancy feature on the U-PE device activates the standby pseudowire. In
addition, the U-PE device sends a Label Distribution Protocol (LDP) MAC address withdrawal request to the
new N-PE device, which forwards the message to all pseudowires in the virtual private LAN service (VPLS)
core and flushes its MAC address table.
If a bridge domain interface (BDI) on the N-PE device fails, the L2VPN Pseudowire Redundancy feature
activates the standby pseudowire and the U-PE device sends a MAC withdrawal message to the newly active
N-PE device.
How MAC Address Withdrawal Works with H-VPLS N-PE Redundancy with
QinQ Access
If a failure occurs in the customer-switched network, a spanning-tree Topology Change Notification (TCN)
is issued to the network provider edge (N-PE) device, which issues a Label Distribution Protocol (LDP)-based
MAC address withdrawal message to the peer N-PE devices and flushes its MAC address table.

Related Documents
MPLS commands Cisco IOS Multiprotocol Label Switching Command

Reference
153
Feature Information for VPLS MAC Address Withdrawal
Description Link

Feature Information for VPLS MAC Address Withdrawal

Table 13: Feature Information for VPLS MAC Address Withdrawal
VPLS MAC Address Cisco IOS XE Release This feature was introduced on the Cisco ASR 920
Withdrawal 3.13.0S Routers (ASR-920-12CZ-A, ASR-920-12CZ-D,
154
CHAPTER 7
VPLS BGP Signaling
The two primary functions of the Virtual Private LAN Service (VPLS) control plane are autodiscovery and
signaling. The VPLS BGP Signaling feature enables you to use BGP as both an autodiscovery and a signaling
protocol for VPLS, in accordance with RFC 4761.
• Prerequisites for VPLS BGP Signaling, on page 155
• Information About VPLS BGP Signaling, on page 156
• How to Configure VPLS BGP Signaling, on page 157
• Configuration Examples for VPLS BGP Signaling, on page 160
• Additional References for VPLS BGP Signaling, on page 160
• Feature Information for VPLS BGP Signaling, on page 161

feature is supported, see the feature information table at the end of this module.
Prerequisites for VPLS BGP Signaling

You are familiar with the concepts in the “Configuring Virtual Private LAN Services” and the “VPLS
Autodiscovery BGP Based” modules of the MPLS Layer 2 VPNs Configuration Guide.
155
VPLS BGP Signaling
Information About VPLS BGP Signaling
Information About VPLS BGP Signaling

Overview of VPLS BGP Signaling
Prior to the VPLS BGP Signaling feature, BGP was used for autodiscovery and Label Distribution Protocol
(LDP) for signaling in accordance with RFC 6074. The VPLS BGP Signaling feature enables you to use BGP
as the control plane protocol for both autodiscovery and signaling in accordance with RFC 4761.
As specified in RFC 4761, internal BGP (iBGP) peers will exchange update messages of the L2VPN AFI/SAFI
with L2VPN information to perform both autodiscovery and signaling. The BGP multiprotocol Network Layer
Reachability Information (NLRI) consists of a Route Distinguisher (RD), VPLS Endpoint ID (VE ID), VE
Block Offset (VBO), VE Block Size (VBS), and Label Base (LB).
The figure below shows the format of the NLRI for RFC 4761.
Figure 11: RFC 4761 NLRI
Additional information, such as next-hop, route target (specified for a VPLS instance), and other Layer 2 data
are carried in the BGP extended community attributes. A route target-based import/export mechanism similar
to L3VPN is performed by BGP to filter L2VPN NLRIs of a particular VPLS instance.
Whether you use BGP signaling (RFC 4761) or LDP signaling (RFC 6074) depends on the commands you
specify. To enable the VPLS BGP Signaling feature, use the autodiscovery bgp signaling bgp command in
L2 VFI configuration mode. This command is supported on a per VPLS instance basis.
If a BGP session receives an invalid (that is, not matching the configuration) BGP update advertisement
(update or withdraw), it is ignored.
BGP’s main task in supporting VPLS is route distribution via the L2VPN address family and interactions
with L2VPN. Interactions between BGP and other components remain the same. Basic BGP functionalities
like best-path selection, next-hop handling, and update generation, continue to operate in the same manner
with VPLS BGP signaling. BGP RT constraint works seamlessly with the BGP VPLS Signaling feature.
156
VPLS BGP Signaling
How to Configure VPLS BGP Signaling
How to Configure VPLS BGP Signaling

Configuring VPLS BGP Signaling
Before you begin
Note For more information, see Configuring Virtual Private Lan Services.
SUMMARY STEPS
1. enable
3. l2vpn vfi context name
4. vpn id vpn-id
5. autodiscovery bgp signaling {bgp | ldp} [template template-name]
6. ve id ve-id
7. ve range ve-range
8. exit
9. exit
10. router bgp autonomous-system-number
11. bgp graceful-restart
12. neighbor ip-address remote-as autonomous-system-number
13. address-family l2vpn [vpls]
14. neighbor ip-address activate
15. neighbor ip-address send-community [both | standard | extended]
16. neighbor ip-address suppress-signaling-protocol ldp
17. end
18. show bgp l2vpn vpls {all | rd route-distinguisher}
DETAILED STEPS

Device> enable

Example:
157
VPLS BGP Signaling

Step 3 l2vpn vfi context name Establishes a L2VPN virtual forwarding interface (VFI)
between two or more separate networks and enters Layer
Example:
2 VFI configuration mode.
Step 4 vpn id vpn-id Configures a VPN ID for the VPLS domain.

Example:
Step 5 autodiscovery bgp signaling {bgp | ldp} [template Enables BGP signaling and discovery or LDP signaling
template-name] and enters L2VPN VFI autodiscovery configuration mode.
Example: Note For the VPLS BGP Signaling feature use the
autodiscovery bgp signaling bgp command.
Device(config-vfi)# autodiscovery bgp signaling
bgp
Step 6 ve id ve-id Specifies the VPLS endpoint (VE) device ID value. The
VE ID identifies a VFI within a VPLS service. The VE
Example:
device ID value is from 1 to 16384.
Device(config-vfi-autodiscovery)# ve id 1001
Step 7 ve range ve-range Specifies the VE device ID range value. The VE range
overrides the minimum size of VE blocks. The default
Example:
minimum size is 10. Any configured VE range must be
higher than 10.
Device(config-vfi-autodiscovery)# ve range 12
Step 8 exit Exits L2VPN VFI autodiscovery configuration mode and

enters L2VPN VFI configuration mode.
Example:
Device(config-vfi-autodiscovery)# exit
Step 9 exit Exits L2VPN VFI configuration mode and enters global
configuration mode.
Example:
Step 10 router bgp autonomous-system-number Enters router configuration mode to create or configure a
BGP routing process.
Example:
Device(config)# router bgp 100
Step 11 bgp graceful-restart Enables the BGP graceful restart capability and BGP
nonstop forwarding (NSF) awareness.
Example:
Device(config-router)# bgp graceful-restart
158
VPLS BGP Signaling

Step 12 neighbor ip-address remote-as Configures peering with a BGP neighbor in the specified
autonomous-system-number autonomous system.
Example:
Device(config-router)# neighbor 10.10.10.1

remote-as 100
Step 13 address-family l2vpn [vpls] Specifies the L2VPN address family and enters address
family configuration mode.
Example:
• The optional vpls keyword specifies that VPLS
Device(config-router)# address-family l2vpn vpls endpoint provisioning information is to be distributed
to BGP peers.
In this example, an L2VPN VPLS address family session

is created.
Step 14 neighbor ip-address activate Enables the neighbor to exchange information for the
L2VPN VPLS address family with the local device.
Example:
Device(config-router-af)# neighbor 10.10.10.1

activate
Step 15 neighbor ip-address send-community [both | standard Specifies that a communities attribute should be sent to a
| extended] BGP neighbor.
Example: • In this example, an extended communities attribute
is sent to the neighbor at 10.10.10.1.
Device(config-router-af)# neighbor 10.10.10.1
send-community extended
Step 16 neighbor ip-address suppress-signaling-protocol ldp Suppresses LDP signaling and enables BGP signaling.
Example: • In this example LDP signaling is suppressed (and
BGP signaling enabled) for the neighbor at
Device(config-router-af)# neighbor 10.10.10.1 10.10.10.1.
suppress-signaling-protocol ldp
Step 17 end Exits address family configuration mode and returns to

Example:
Device(config-router-af)# end
Step 18 show bgp l2vpn vpls {all | rd route-distinguisher} (Optional) Displays information about the L2VPN VPLS
address family.
Example:
Device# show bgp l2vpn vpls all
159
VPLS BGP Signaling
Configuration Examples for VPLS BGP Signaling
Configuration Examples for VPLS BGP Signaling

Example: Configuring and Verifying VPLS BGP Signaling
l2vpn vfi context vfi1

vpn id 100
autodiscovery bgp signaling bgp
ve id 1001
ve range 10
!
!
router bgp 100
bgp graceful-restart
neighbor 209.165.200.224 remote-as 100
neighbor 209.165.200.224 update-source Loopback1
!
address-family l2vpn vpls
neighbor 209.165.200.224 activate
neighbor 209.165.200.224 send-community extended
neighbor 209.165.200.224 suppress-signaling-protocol ldp
exit-address-family
!
show bgp l2vpn vpls all
Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:100
*>100:100:VEID-1001:Blk-1001/136 0.0.0.0 32768 ?
*>i 100:100:VEID-1003:Blk-1000/136 209.165.200.224 0 100 0 ?
Additional References for VPLS BGP Signaling

Related Documents
Cisco IOS commands Cisco IOS Master Command List,

All Releases
BGP commands: complete command syntax, command mode, defaults, Cisco IOS IP Routing: BGP
command history, usage guidelines, and examples. Command Reference
Configuring Virtual Private LAN Services MPLS Layer 2 VPNs Configuration

Guide
Configuring Access Port Configuring Virtual Private LAN

Services, MPLS Layer 2 VPNs
Configuration Guide
160
VPLS BGP Signaling
Feature Information for VPLS BGP Signaling
VPLS Autodiscovery BGP Based MPLS Layer 2 VPNs Configuration

Guide
Standards and RFCs
Standard/RFC Title
RFC 4761 Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling
RFC 6074 Provisioning, Auto-Discovery, and Signaling in Layer 2 Virtual Private Networks (L2VPNs)
Description Link


161
VPLS BGP Signaling
Table 14: Feature Information for VPLS BGP Signaling
VPLS BGP Signaling The VPLS BGP Signaling feature

enables you to use BGP as both an
autodiscovery and signaling
protocol for VPLS, in accordance
with RFC 4761.
The following commands were
introduced or modified:
autodiscovery (MPLS), neighbor
suppress-signaling-protocol, show
bgp l2vpn vpls, and ve.
In Cisco IOS XE Release 3.8S,
support was added for the Cisco
ASR 903 router.
162
CHAPTER 8
EVPN Virtual Private Wire Service (VPWS) Single
Homed
Effective Release Cisco IOS XE 3.18, this feature is now supported on Cisco ASR 920 Series Aggregation
Services Router, EVPN-VPWS single homed is a BGP control plane solution for point-to-point services. It
has the ability to forward traffic from or to one network to another using the Ethernet Segment without MAC
lookup.
EVPN VPWS single homed technology works on IP and MPLS core. IP core to support BGP and MPLS core
for switching packets between the endpoints.
• Information About EVPN-VPWS, on page 163
• Prerequisites for EVPN-VPWS, on page 164
• Restrictions for EVPN-VPWS, on page 164
• How to Configure EPVN-VPWS, on page 165
• Configuration Examples for EVPN-VPWS Instance, on page 171
• Additional References for EVPN-VPWS, on page 173
Information About EVPN-VPWS

The EVPN-VPWS solution supports per EVI Ethernet Auto Discovery route. EVPN defines a new BGP
Network Layer Reachability Information (NLRI) used to carry all EVPN routes. BGP Capabilities
Advertisement used to ensure that two speakers support EVPN NLRI (AFI 25, SAFI 70) as per RFC 4760.
The architecture for EVPN VPWS is that the PEs run Multi-Protocol BGP in control-plane. The following
image describes the EVPN-VPWS configuration:
163
EVPN Virtual Private Wire Service (VPWS) Single Homed
Benefits of EVPN-VPWS Single Homed
Benefits of EVPN-VPWS Single Homed

• Scalability is achieved without signaling pseudowires.
• There is ease of provisioning.
• Pseudowires (PWs) are not used.
• EVPN-VPWS Single Homed leverages BGP best-path selection (optimal forwarding).
Scaling Information for EVPN-VPWS Single Homed

2000 PWs are supported on the Cisco ASR 920 Series Aggregation Services Router.
Prerequisites for EVPN-VPWS

• Ensure BGP is configured for EVPN SAFI.
• MPLS LDP core is used for MPLS LSP between PE. MPLS LDP core is required when Segement Routing
is not used.
• CE-facing interface, such as service instance, is Ethernet family without IP address on PE.
• BGP session between PEs with 'address-family l2vpn evpn' to exchange EVPN routes.
• A BGP Route Reflector is supported.
• IGP, such as ISIS, core for IP reachability between PEs and BGP next-hop reachability.
Restrictions for EVPN-VPWS

• The combination of EVPN ID and VPWS Instance ID must be unique according to ASN.
• MPLS TE core is not supported.
• InterAS Option B is not supported.
• NSR is not supported for l2vpn family.
• Ensure NSF is configured on BGP, OSPF(iBGP), and MPLS.
• NSF is supported, you should see neigh flap, but not traffic drop.
• Without NSF, if you are doing Stateful SwitchOver (SSO), then you would see traffic drop for l2vpn
evpn traffic.
• ELB is not supported on EVPN
Scaling Information
Number of pseudowires supported for EVPN-VPWS is 2000 on Cisco ASR 920 Series Aggregation Services
Router.
164
How to Configure EPVN-VPWS
How to Configure EPVN-VPWS

The following steps are performed to configure EVPN-VPWS
• Configuring BGP for EVPN-VPWS
• Configuring EVPN-VPWS Instance
Configuring BGP for EVPN-VPWS

To configure EVPN-VPWS in BGP, follow these steps:
Procedure
router bgp 1
address-family l2vpn evpn
exit-address-family
Configuring EVPN-VPWS Instance

To configure EVPN VPWS instance, follow these steps:
Procedure
enable
configure terminal
l2vpn evpn instance 11 point-to-point
vpws context test
service target 100 source 100
no shut
end
Rewrite for EVI Service Instance

You need to have the rewrite command when the VLANs are mismatched on the remote ACs. This allows
ingress traffic movement. To configure EVPN-VPWS service instance for rewrite, follow these steps:
Procedure
end
Configuring EVPN-VPWS for Logging

To configure EVPN-VPWS for logging, follow these steps:
165
Verfiying EVPN-VPWS Instance
Procedure
enable
configure terminal
l2vpn evpn logging vc-state
end
Verfiying EVPN-VPWS Instance

Verifying EVPN-VPWS Configuration
You can verify the configuration using the following show commands:
• show l2vpn evpn summary
• show l2vpn evpn evi (<evpn-id> | all) [detail]
• show l2vpn evpn rib ead [detail] |evi
• show l2vpn evpn checkpoint
• show l2vpn evpn route-target [<rt>]
• show bgp l2vpn evpn
• show l2vpn evpn memory [detail]
This command displays a summary of L2VPN EVPN with total number of EVIs, VCs and routes.
show l2vpn evpn summary
L2VPN EVPN VPWS:

EVIs (point-to-point): 1
Total VCs: 1
1 up, 0 down, 0 admin-down, 0 hot-standby, 0 other
Total EVPN EAD routes: 2
1 local, 1 remote
Total EVI EAD routes: 2
1 local, 1 remote (1 in-use)
BGP: ASN 1, address-family l2vpn evpn configured
Router ID: 192.168.0.2
This command displays brief or detail info for EVIs.

show l2vpn evpn evi 100 det
EVPN instance: 100 (point-to-point)

RD: 192.168.0.2:100 (auto)
Import-RTs: 1:100
Export-RTs: 1:100
Total VCs: 1
1 up, 0 down, 0 admin-down, 0 hot-standby, 0 other
Total EAD routes: 2
1 local, 1 remote (1 in-use)
This command displays the contents of the global EVPN route.

show l2vpn evpn rib ead
+- Origin of entry (i=iBGP/e=eBGP/L=Local)

| +- Best path (Yes/No)?
| |
166
Verifying EVPN-VPWS Configuration
v v
O B RD Ethernet Segment Id Eth Tag Next Hop
-+-+---------------------+------------------------+--------+---------------
i Y 192.168.0.3:100 0000.0000.0000.0000.0000 2 192.168.0.3
L - 192.168.0.2:100 0000.0000.0000.0000.0000 1
show l2vpn evpn rib ead evi
+- Origin of entry (i=iBGP/e=eBGP/L=Local)

| +- Provisioned (Yes/No)?
| | +- Best path (Yes/No)?
| | |
v v v
O P B EVI Ethernet Segment Id Eth Tag Next Hop Label
-+-+-+-----+------------------------+--------+---------------+--------
i Y Y 100 0000.0000.0000.0000.0000 2 192.168.0.3 16
L - - 100 0000.0000.0000.0000.0000 1 16
show l2vpn evpn checkpoint
EVPN Checkpoint info for active RP

Checkpointing is allowed
Bulk-sync checkpointed state for 0 VC
ISSU Context:95, Compatible:1, Negotiated L2HW types: 0
This command displays the contents of the global route-target (RT).

show l2vpn evpn route-target
Route Target EVPN Instances

1:100 100
show bgp l2vpn evpn
BGP table version is 4, local router ID is 192.168.0.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 192.168.0.2:100
*> [1][192.168.0.2:100][00000000000000000000][5]/23
:: 32768 ?
Route Distinguisher: 192.168.0.3:100
*>i [1][192.168.0.3:100][00000000000000000000][6]/23
192.168.0.3 0 100 0 ?
This command displays brief or detail EVPN memory usage.

show l2vpn evpn memory
Allocator-Name In-use/Allocated Count

----------------------------------------------------------------------------
EVPN DB : 648/65632 ( 0%) [ 9] Chunk
EVPN EAD DB : 432/65632 ( 0%) [ 6] Chunk
EVPN EAD Handle Table : 21856/22040 ( 99%) [ 2]
EVPN EAD Paths : 104/65632 ( 0%) [ 1] Chunk
EVPN EAD Routes : 96/65648 ( 0%) [ 2] Chunk
EVPN RIB MGR : 976/1344 ( 72%) [ 4]
EVPN RIB NHs : 0/10096 ( 0%) [ 0] Chunk
EVPN RIB RTs : 96/10096 ( 0%) [ 2] Chunk
EVPN RIB msg : 0/10096 ( 0%) [ 0] Chunk
EVPN Thread : 1684/2144 ( 78%) [ 5]
EVPN context chunk : 768/32864 ( 2%) [ 1] Chunk
167
Verifying EVPN-VPWS Configuration for Logging
EVPN context handle table : 70968/71152 ( 99%) [ 2]

EVPN dtrace elem per-cont : 1280/65632 ( 1%) [ 20] Chunk
EVPN dtrace stridx : 1194876/1194968 ( 99%) [ 1]
EVPN dtrace stridx freeli : 132764/132856 ( 99%) [ 1]
EVPN dtrace stridx hash : 76/168 ( 45%) [ 1]
EVPN dtrace stridx slots : 265532/265624 ( 99%) [ 1]
EVPN dtrace stridx2slot : 132764/132856 ( 99%) [ 1]
EVPN instance chunk : 168/10096 ( 1%) [ 1] Chunk
EVPN rt-db ee : 124/216 ( 57%) [ 1]
EVPN rt-db rte : 204/296 ( 68%) [ 1]
Total allocated: 2.121 Mb, 2172 Kb, 2225088 bytes
Verifying EVPN-VPWS Configuration for Logging

You can verify the logging using the show l2vpn evpn vc command.
This command displays brief information for VCs.
show l2vpn evpn vc all
EVPN ID Source Target Type Name/Interface Status

------- -------- -------- ------ -------------------------------- ----------
100 1 2 p2p vc100 up
Et0/0 up
This command displays detail information for VCs.

show l2vpn evpn vc all detail
EVPN name: vc100, state: up, type: point-to-point

EVPN ID: 100
VPWS Service Instance ID: Source 1, Target 2
Labels: Local 16, Remote 16
Next Hop Address: 192.168.0.3
Associated member Et0/0 is up, status is up
Dataplane:
SSM segment/switch IDs: 4098/4097 (used), PWID: 1
Rx Counters
78 input transit packets, 26425 bytes
0 drops
Tx Counters
79 output transit packets, 28240 bytes
0 drops
5 VC FSM state transitions, Last 5 shown
Prov: Idle -> Prov, Tue Sep 29 13:15:37.848 (00:52:21 ago)
AdmUp: Prov -> LocWait, Tue Sep 29 13:15:40.287 (00:52:18 ago)
LocUp: LocWait -> RemWait, Tue Sep 29 13:15:40.287 (00:52:18 ago)
RemUp: RemWait -> Act, Tue Sep 29 13:17:19.368 (00:50:39 ago)
DpUp: Act -> Est, Tue Sep 29 13:17:19.371 (00:50:39 ago)
Troubleshooting
Virtual Circuit (VC) is in Down state
EVPN VPWS protocol has no communication of VC state between endpoints. Furthemore LDP transport
LSP is unidirectional and there is no end-to-end checking for connectivity. VC can be up on one end and
down on the other end in the following cases:
• Core-facing mpls dataplane down on one side only. For example, if loopback configured with /24 on
one-end and configured correctly with /32 at other end.
168
Virtual Circuit (VC) is in Down state
• UUT has no remote EVPN EAD route from peer. Several variants:
• Peer never sent it.
• Peer sent it, but RT mismatch: No intersection between UUT Import-RT and peer Export-RT.
• Peer sent it, RT matches, but etag mismatch: For service etags tgt/src, UUT has x/y, peer has y/z.
Problem VC is in down state.
Possible Cause None
Solution Perform these steps to check whether the VC is not active:
Solution
• Solution Check if any VC is not active.

• Solution Identify EVIs that has not got an active VCs
• Solution Gather information for the EVIs that has not got an active VCs
• Solution Locate the not active VCs for the EVI
• Solution Display detail information of the not active VC
Solution
show l2vpn evpn vc all detail
EVPN name: vc100, state: up, type: point-to-point
EVPN ID: 100
VPWS Service Instance ID: Source 1, Target 2
Labels: Local 16, Remote 16
// Must have a valid Local Label. If missing, contact support.
// Must have valid Remote Label. If missing, then there is no matching remote route.
Cross-check with BGP: 'show bgp l2vpn evpn [...] detail'.
Next Hop Address: 192.168.0.3
// Must have valid Next Hop Address. If missing, then there is no matching remote route.
Cross-check with BGP: 'show bgp l2vpn evpn [...] detail'.
Associated member Et0/0 is up, status is up
// AC must be up. If not up, check why.
Dataplane:
Rx Counters
0 drops
Tx Counters
0 drops
5 VC FSM state transitions, Last 5 shown
Prov: Idle -> Prov, Tue Sep 29 13:15:37.848 (00:52:21 ago)
AdmUp: Prov -> LocWait, Tue Sep 29 13:15:40.287 (00:52:18 ago)
LocUp: LocWait -> RemWait, Tue Sep 29 13:15:40.287 (00:52:18 ago)
RemUp: RemWait -> Act, Tue Sep 29 13:17:19.368 (00:50:39 ago)
DpUp: Act -> Est, Tue Sep 29 13:17:19.371 (00:50:39 ago)
169
VC FSM History
// Pay close attention to last line of VC FSM history. The format is:
// <Event>: <OldState> -> <NewState>
// Troubleshooting info appears below.
VC FSM History
Problem The state of the VC is Prov — Provisioned: VC is disabled.
Possible Cause None
Solution Perform these steps for a solution to the state:
Solution
• Check BGP is running.

• Check BGP 'address-family l2vpn evpn' is configured.
• Check VC is not shutdown.
Problem The state of the VC is LocWait — Local-Wait: Waiting for local AC information to come up.
Possible Cause None
Solution Check AC is up.
Problem The state of the VC is Act — Activating: Control plane ok. Trying to activate dataplane.
Possible Cause None
Solution
• Check core facing information is up.

• Check LDP on core facing information.
Remote-Wait State
Problem The state of the VC is RemWait — Remote-Wait: Waiting for matching remote route.
Possible Cause This state occurs due to no matching remote route for the VC. A matching remote route
means all of the following are true:
• Route is present in BGP. Requires a local EVI to have route target in the route.
• Remote path is best path.
• Route is present in global EVPN route.
• Route is present in EVI route. Requires the EVI to have route target in the route.
• Route has ETag which matches the VC source identity. (service target <tgt-id> source <src-id>).
Solution Perform these steps to check whether the VC is in remote wait state:
Solution
• Check for EVI configuration mismatch.

• Check for VC configuration mismatch.
• Check if the remote route is present in BGP.
• If no remote route then check if
• remote route was discarded by BGP due to RT filter
• peer did not send route to UUT
• EVI or VC configuration mismatch
• all the prerequisites are satisfied
170
Configuration Examples for EVPN-VPWS Instance
• If a remote route is present in global EVPN then check if the remote route is present in EVI route.
• Solution Check for EVI or VC configuration mismatch.

The following example is for configuration for an EVPN-VPWS instance.
Example: EVPN-VPWS Instance Configuration

Router(config)#l2vpn evpn instance 11 point-to-point
Router(config-evpn-evi)#rd 1:1
Router(config-evpn-evi)#vpws context test
Router(config-evpn-vpws)#service target 100 source 100
Router(config-evpn-vpws)#member GigabitEthernet0/0/0 service-instance 10
Router(config-evpn-vpws)#no shut
The following example has running configurations on PE1 and PE2
Example: EVPN-VPWS PE1 configuration

interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
description CE1 facing
no ip address
!

!
vpws context vc100
!
description Core facing
ip address 10.0.1.1 255.255.255.0
ip ospf 1 area 0
mpls ip
!
router ospf 1
router-id 1.1.1.1
!
router bgp 1
bgp router-id 1.1.1.1
!
address-family ipv4
exit-address-family
!
171

exit-address-family
!
!
vpws context vc100
member GigabitEthernet0/0/0
!
!
Example: EVPN-VPWS PE2 configuration

interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
description CE2 facing
no ip address
!

!
vpws context vc100
description Core facing
ip address 10.0.1.2 255.255.255.0
ip ospf 1 area 0
mpls ip
!
router ospf 1
router-id 2.2.2.2
!
router bgp 1
bgp router-id 2.2.2.2
!
address-family ipv4
exit-address-family
!
exit-address-family
!
!
vpws context vc100
member GigabitEthernet0/0/0
!
172
Additional References for EVPN-VPWS

!

Related Documents
Cisco IOS commands Cisco IOS Master Commands List, All Releases
Standards and RFCs
Standard/RFC Title
RFC 7432 BGP MPLS-Based Ethernet VPN
Standard VPWS support in EVPN
MIBs
MIB MIBs Link
•—
—
Description Link
The Cisco Support website provides extensive online http://www.cisco.com/cisco/web/support/index.html

resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter, and
Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
173
174
CHAPTER 9
N:1 PVC Mapping to PWE with Nonunique VPIs
The N:1 PVC Mapping to PseudoWire Emulation (PWE) with Nonunique virtual path identifiers (VPIs)
feature maps one or more ATM permanent virtual circuits (PVCs) to a single pseudowire (PW). There are
two modes of AAL0 encapsulation, N:1 and 1:1 mapping. In N:1 mapping, multiple unrelated virtual path
identifier/virtual channel identifier (VPI/VCI) are carried over a single Multiprotocol Label Switching (MPLS)
PW. This is an efficient mapping method because less resources are used from the MPLS network. In 1:1
mapping, a single VPI/VCI is carried over a single MPLS PW. Benefits of this feature include the following:
• Aggregate quality of service (QoS) can be applied to related PVCs.
• Bandwidth is conserved with the reduction in the number of pseudowires that are used.
• Restrictions for N:1 PVC Mapping to PWE with Nonunique VPIs, on page 175
• Information About N:1 PVC Mapping to PWE with Nonunique VPIs, on page 176
• How to Configure N:1 PVC Mapping to PWE with Nonunique VPIs, on page 176
• Configuration Examples for N:1 PVC Mapping to PWE with Nonunique VPIs, on page 178
• Verifying the N:1 PVC Mapping to PWE with Nonunique VPIs Configuration, on page 179
Restrictions for N:1 PVC Mapping to PWE with Nonunique VPIs

• N:1 permanent virtual circuits (PVC) mapping configuration is supported only on multipoint subinterfaces;
it is not supported on main interfaces or point-to-point subinterfaces.
• N:1 PVC mapping mode is not supported on Access Circuit Redundancy subinterfaces.
• Preconfigured PVCs cannot exist on the multipoint subinterface on which you want to configure N:1
PVC mapping.
• An attachment circuit that has been bound to a pseudowire cannot be removed unless all Layer 2 virtual
circuits (VCs) have been removed.
• Layer 3 PVCs cannot be configured on N:1 subinterfaces.
• Cell packing values configured under a VC class attached to the PVC, main interface, or subinterface
will not be inherited by N:1 PVCs.
• Operation, Administration, and Maintenance (OAM) functionality is not supported on N:1 Layer 2 PVCs.
OAM cells coming from the customer edge (CE) network will be treated as normal data traffic and will
traverse through the pseudowire.
175
Information About N:1 PVC Mapping to PWE with Nonunique VPIs
• Only ATM adaptation layer type 0 (AAL0) encapsulation is supported for N:1 PVCs.
• The service policy configuration can be configured only at the subinterface level for N:1 PVCs.
• ATM N:1 and PVP modes cannot be configured on different subinterfaces that belong to a physical
interface.
• You cannot change the ATM interface mode from point-to-point to multipoint or from multipoint to
point-to-point.
• If you change a layer 2 ATM interface to a layer 3 ATM interface, traffic will not flow.
Information About N:1 PVC Mapping to PWE with Nonunique

VPIs
N:1 PVC Mapping to PWE with Nonunique VPIs Feature Description
To transport ATM cells over Multiprotocol Label Switching (MPLS), a VC is established between the provider
edge (PE) routers on both ends of the MPLS backbone. With the N:1 permanent virtual circuit (PVC) Mapping
to PseudoWire Emulation (PWE) with Nonunique VPIs feature, multiple PVCs irrespective of their Virtual
Path Identifiers (VPIs), are transported over a single pseudowire configured on a subinterface. (“N:1” refers
to the number of PVCs transported over one pseudowire). ATM cells are packed together in a single frame
and sent over the single pseudowire. The ATM cell header information is packed together with the cell payload
on a per-cell basis in the packets so that packets received at the egress end are unpacked and the ATM cells
are mapped to the respective PVCs.
In N:1 PVC mapping mode, the device can pack cells only from a single PVC in an MPLS packet to transmit
over a pseudowire; cells from multiple PVCs cannot be packed in a single MPLS packet and mapped to a
single pseudowire for transmission. However, if a device receives an MPLS packet that is packed with cells
from multiple PVCs, then those cells will be unpacked and sent to the respective PVCs.
How to Configure N:1 PVC Mapping to PWE with Nonunique

VPIs
Configuring N:1 PVC Mapping to PWE with Nonunique VPIs
SUMMARY STEPS
1. enable
3. interface atm slot/subslot/port
4. atm mcpt-timers timer1 timer2 timer3
5. exit
176
Configuring N:1 PVC Mapping to PWE with Nonunique VPIs
7. interface atm slot/subslot/port.subslot multipoint

8. no ip address
9. atm enable-ilmi-trap
10. cell-packing maxcells mcpt-timer timer-number
11. xconnect peer-ipaddress vc-id encapsulation mpls
12. pvc vpi/vci l2transport
13. Repeat Step 12 for the number of PVCs that you want to configure.
14. end
DETAILED STEPS

Device> enable

Example:
Step 3 interface atm slot/subslot/port Enables the ATM interface and enters interface
configuration mode.
Example:
Device(config)# interface atm 9/1/1
Step 4 atm mcpt-timers timer1 timer2 timer3 Sets the Maximum Cell Packing Timeout (MCPT) values
in microseconds.
Example:
Device(config-if)# atm mcpt-timers 100 200 300 • The MCPT timer sets the time for which the device
waits for the raw cells (AAL0 encapsulation) to be
packed into a single packet for punting to the
pseudowire.

Example:

Example:
Step 7 interface atm slot/subslot/port.subslot multipoint Enters subinterface configuration mode and creates a
multipoint subinterface on the given port on the specified
Example:
ATM Shared Port Adapter (SPA).
Device(config)# interface atm 9/1/1.1 multipoint
Step 8 no ip address Removes the interface IP address.

Example:
Device(config-subif)# no ip address
177
Configuration Examples for N:1 PVC Mapping to PWE with Nonunique VPIs

Step 9 atm enable-ilmi-trap Generates an Integrated Local Management Interface
(ILMI) atmfVccChange trap when an ATM interface or
Example:
subinterface is enabled or shut down.
Device(config-subif)# atm enable-ilmi-trap
Step 10 cell-packing maxcells mcpt-timer timer-number Enables ATM over MPLS to pack multiple ATM cells into
each MPLS packet within the MCPT timing.
Example:
Device(config-subif)# cell-packing 20 mcpt-timer
2
Step 11 xconnect peer-ipaddress vc-id encapsulation (Optional) Enables the attachment circuit and specifies the
mpls IP address of the peer, a VC ID, and the data encapsulation
method.
Example:
Device(config-subif)# xconnect 10.1.1.1 100
encapsulation mpls
Step 12 pvc vpi/vci l2transport Assigns a VPI and virtual channel identifier (VCI).
Example:
Device(config-subif)# pvc 10/100 l2transport
Step 13 Repeat Step 12 for the number of PVCs that you want to —
configure.
Step 14 end Exits subinterface configuration mode and returns to
Example:
Device(config-subif)# end
Configuration Examples for N:1 PVC Mapping to PWE with

Nonunique VPIs
Example: Configuring N:1 PVC Mapping to PWE with Nonunique VPIs
The following example shows how to configure the N:1 ATM permanent virtual circuit (PVC) mapping to
pseudowires with non unique virtual path identifiers ( VPIs):
Device> enable
Device(config)# interface atm 0/1/0
Device(config-if)# atm mcpt-timers 500 5000 50000
Device(config)# interface atm 0/1/0.1 multipoint
Device(config-subif)# no ip address
Device(config-subif)# atm enable-ilmi-trap
Device(config-subif)# cell packing 20 mcpt-timer 2
Device(config-subif)# xconnect 10.1.1.1 100 encapsulation mpls
178
Verifying the N:1 PVC Mapping to PWE with Nonunique VPIs Configuration

Device(config-subif)# end
Verifying the N:1 PVC Mapping to PWE with Nonunique VPIs

Configuration
To verify the N:1 PVC Mapping to PWE with Nonunique VPIs Configuration, use the show mpls
l2transport vc command in user EXEC or privileged EXEC mode.
------------ ------------------------ -------------- ------- --------
AT0/1/1.1 ATM CELL ATM0/1/1.1 2.2.2.2 100 UP
interface ATM0/0/0.1/1/1/1
atm mcpt-timers 20 30 40
interface ATM0/0/0.1/1/1/1.1 multipoint

no ip address
cell-packing 2 mcpt-timer 1
Related Documents
Cisco IOS commands Master Command List
ATM commands Asynchronous Transfer Mode Command Reference
179
Description Link

180
CHAPTER 10
Pseudowire Group Switchover
The Pseudowire Group Switchover feature allows all pseudowires in a group to be quickly switched over to
backup pseudowires. This group switchover is triggered by a single “group down” status message received
from a remote peer.
• Prerequisites for Pseudowire Group Switchover , on page 181
• Restrictions for Pseudowire Group Switchover, on page 182
• Information About Pseudowire Group Switchover, on page 182
• How to Configure Predictive Switchover, on page 183
• Verifying a Pseudowire Group Switchover Configuration, on page 184
• Troubleshooting a Pseudowire Group Switchover Configuration, on page 186
• Configuration Examples for Predictive Switchover, on page 186
• Feature Information for Pseudowire Group Switchover, on page 187

Prerequisites for Pseudowire Group Switchover

• The remote provider edge (PE) router must be capable of sending group status messages.
• Label Distribution Protocol (LDP) must be implemented on the network.
• Each xconnect must have a backup pseudowire configured.
181
Restrictions for Pseudowire Group Switchover
Restrictions for Pseudowire Group Switchover

This feature is supported on the following attachment circuits:
• Ethernet VLAN
• Asynchronous Transfer Mode (ATM)
• Circuit Emulation (CEM) over MPLS
• The pseudowire group switch over convergence number increments linearly with thousand virtual circuits
taking 16 seconds of convergence time.
Information About Pseudowire Group Switchover

Introduction to Pseudowire Group Switchover
The Pseudowire Group Switchover feature allows you to reduce the switchover time from main pseudowires
to backup pseudowires when a fault is encountered. The reduced switchover time is achieved by grouping
Label Distribution Protocol (LDP) status messages and internal interprocess communication (IPC) messages.
When the remote peer detects an attachment circuit failure, it sends an LDP status message. When this status
message is received, the designated backup pseudowires take over. Packets are then routed through the backup
pseudowires.
Pseudowires can be grouped together by assigning a group ID. When an LDP status message is received by
a pseudowire group, the entire group switches over, thus reducing switchover time.
Note The Pseudowire Group Switchover feature is enabled by default and cannot be disabled.
Figure 12: Primary and Backup Pseudowire Groups
182
How to Configure Predictive Switchover
How to Configure Predictive Switchover

Predictive switchover allows switchovers from a main pseudowire to a backup pseudowire with a remote
"standby" status, without waiting for an “up” status from the remote peer.
Predictive switchover is configured by enabling redundancy predictive mode in global configuration mode
or xconnect configuration mode.
Configuring Predictive Switchover (Global Configuration Mode)

SUMMARY STEPS
1. enable
3. l2vpn
4. redundancy predictive enabled
5. end
DETAILED STEPS

Device> enable

Example:
Step 3 l2vpn Enters l2vpn configuration mode.

Example:
Device(config)# l2vpn
Step 4 redundancy predictive enabled Enables redundancy predictive mode.

Example: • By default, redundancy predictive mode is disabled.
Device(config-l2vpn)# redundancy predictive enabled
Step 5 end Exits l2vpn configuration mode and returns to privileged

EXEC mode.
Example:
Device(config-l2vpn)# end
183
Configuring Predictive Switchover (Xconnect Configuration Mode)
Configuring Predictive Switchover (Xconnect Configuration Mode)

SUMMARY STEPS
1. enable
4. redundancy predictive enabled
5. end
DETAILED STEPS

Device> enable

Example:
Step 3 l2vpn xconnect context context-name Creates an L2VPN cross-connect context and enters
xconnect configuration mode.
Example:
Step 4 redundancy predictive enabled Enables redundancy predictive mode.

Example:
Device(config-xconnect)# redundancy predictive
enabled
Step 5 end Exits xconnect configuration mode and returns to privileged

EXEC mode.
Example:
Verifying a Pseudowire Group Switchover Configuration

You can use show commands to view information about a pseudowire group switchover configuration.
The following example shows how to display information about Any Transport over MPLS (AToM) virtual
circuits (VCs):
Device# show l2vpn atom vc destination 2.1.1.2 group remote 6
Service
Interface Dest Address VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100001 2.1.1.2 1234000 p2p Et1/0.1-1001 UP
184
Verifying a Pseudowire Group Switchover Configuration
The following example shows how to display the status of the pseudowire switching point:
Device# show l2vpn atom vc destination 2.1.1.2 group remote 6 detail
pseudowire100001 is up, VC status is up PW type: Ethernet

Last label FSM state change time: 5d20h
Destination address: 2.1.1.2 VC ID: 1234000
Output interface: Et0/0, imposed label stack {2001}
Next hop: 20.0.0.2
Member of xconnect service Et1/0.1-1001, group right
Associated member Et1/0.1 is up, status is up
Interworking type is Ethernet
Service id: 0x6d000002
Targeted Hello: 1.1.1.1(LDP Id) -> 2.1.1.2, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
PWid FEC (128), VC ID: 1234000
LDP route watch : enabled
Local dataplane status received : No fault
BFD dataplane status received : Not sent
BFD peer monitor status received : No fault
Status received from access circuit : No fault
Status sent to access circuit : No fault
Status received from pseudowire i/f : No fault
Status sent to network peer : No fault
Status received from network peer : No fault
Adjacency status of remote peer : No fault
Bindings
Parameter Local Remote
------------ ------------------------------ ------------------------------
Label 2007 2001
Group ID 0 6
Interface
MTU 1500 1500
Control word on (configured: autosense) on
PW type Ethernet Ethernet
VCCV CV type 0x12 0x12
LSPV [2], BFD/Raw [5] LSPV [2], BFD/Raw [5]
VCCV CC type 0x07 0x07
CW [1], RA [2], TTL [3] CW [1], RA [2], TTL [3]
Status TLV enabled supported
Dataplane:
Rx Counters
0 drops, 0 seq err
Tx Counters
0 drops
The following example lists the active and standby segment pairs associated with each peer IP address and
group identifier:
Device# show ssm group
Active Standby
IP Address Group ID Segment/Switch Segment/Switch
185
Troubleshooting a Pseudowire Group Switchover Configuration
=========================================================================
2.1.1.2 6 8215/4115 4116/8210
The following example displays the number of active and standby segment pairs associated with each peer
IP address and group identifier:
Device# show ssm group 2.1.1.2 6 summary
IP Address Group ID Group Members

=============================================
2.1.1.2 6 1
The following example displays the number of pseudowires programmed in the hardware, with grouping
information:
Device# show platform hardware pp active pw eompls group brief
Brief L2VPN EoMPLS Pseudo Wire Group Info
IP address Group ID Count

------------------------------------------------------
0x47474747 100695488 90
TroubleshootingaPseudowireGroupSwitchoverConfiguration
Use the debug platform software atom brief command to view information about the following configurations:
• Add Group
• Delete From Group
• Group Switchovers
Note We recommend that you use the debug platform software atom brief command only under Cisco Technical
Assistance Center (TAC) supervision.
Configuration Examples for Predictive Switchover

Example: Configuring Predictive Switchover (Global Configuration Mode)
Device> enable
Device(config)# l2vpn
Device(config-l2vpn)# redundancy predictive enabled
Device(config-l2vpn)# end
Example: Configuring Predictive Switchover (Xconnect Configuration Mode)

Device> enable
186
Device(config-xconnect)# redundancy predictive enabled

Related Documents

Cisco IOS Cisco IOS Master Command List, All Releases
commands
MPLS commands Cisco IOS Multiprotocol Label Switching Command Reference
Standards and RFCs
Standard/RFC Title
RFC 4447 Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)
Description Link
Feature Information for Pseudowire Group Switchover

Table 15: Feature Information for Pseudowire Group Switchover
Pseudowire Group Cisco IOS XE Release This feature was introduced on the Cisco ASR 920
Switchover 3.13.0S Routers (ASR-920-12CZ-A, ASR-920-12CZ-D,
187
Feature Information for Pseudowire Group Switchover
188
CHAPTER 11
Configuring Routed Pseudowire and VPLS
Routed Pseudowire and VPLS feature routes Layer 3 traffic and Layer 2 frames for pseudowire connections
between provider edge (PE) devices using Virtual Private LAN Services (VPLS) multipoint PE.
• Prerequisites for Routed Pseudowire and VPLS, on page 189
• Restrictions for Routed Pseudowire and VPLS, on page 189
• Information About Routed Pseudowire and VPLS, on page 190
• How to Configure Routed Pseudowire and VPLS, on page 190
• Configuration Examples: Routed Pseudowire and VPLS, on page 193
Prerequisites for Routed Pseudowire and VPLS

• MTU must be manually configured for MPLS enabled interfaces.
Restrictions for Routed Pseudowire and VPLS

• Maximum number of routed VPLS supported per system is 128.
• Maximum number of pseudowires supported per bridge domain is 62.
• Layer 2 and Layer 3 multicast are not supported.
• ACL on the core network is not supported.
• PBR is not supported.
• MTU check is not supported. MTU must be manually configured for MPLS enabled interfaces.
• MPLS is not supported on routed VPLS.
189
Information About Routed Pseudowire and VPLS
Information About Routed Pseudowire and VPLS

Routed Pseudowire and VPLS
Routed Pseudowire and VPLS configuration can route Layer 3 traffic as well as Layer 2 frames for pseudowire
connections between provider edge (PE) devices using Virtual Private LAN Services (VPLS) multipoint PE.
The ability to route frames to and from these interfaces supports termination of pseudowires into the Layer 3
network (VPN or global) on the same switch, or to the tunnel Layer 3 frames over a Layer 2 tunnel (VPLS).
To configure routing support for a pseudowire, configure the IP address and other Layer 3 features for the
Layer 3 domain in interface configuration mode.
Note BFD over BDI is supported with routed VPLS configuration.
How to Configure Routed Pseudowire and VPLS

Assigning IP Addresses For Bridge Domain (BDI)
SUMMARY STEPS
1. enable
3. interface bdi bdi-number
4. ip address ip address subnet mask
5. no shut
6. end
DETAILED STEPS

Device> enable

Example:
190

Step 3 interface bdi bdi-number Configures the bridge domain interface.
Example:
Router(config)# interface bdi 3000
Step 4 ip address ip address subnet mask Specifies the IP address for the bridge domain.
Example:
Router(config-if)# ip address 24.24.24.24
255.255.255.0
Step 5 no shut Enables the bridge domain interface.

Example:
Router(config-if)# no shutdown
Step 6 end Exits interface configuration mode.

Example:

The virtual forwarding interface (VFI) specifies the VPN ID of a Virtual Private LAN Services (VPLS)
domain, the addresses of other provider edge (PE) devices in the domain, and the type of tunnel signaling and
encapsulation mechanism for each peer.
Note Only Multiprotocol Label Switching (MPLS) encapsulation is supported.
Note You must configure BDI on the bridge domain that has the association with the VFI.
SUMMARY STEPS
1. enable
4. vpn id vpn-id
[no-split-horizon]
7. end
191
DETAILED STEPS

Device> enable

Example:
Step 3 l2 vfi name manual Establishes a Layer 2 VPN (L2VPN) virtual forwarding
interface (VFI) between two or more separate networks and
Example:
enters VFI configuration mode.
Step 4 vpn id vpn-id Configures a VPN ID for a VPLS domain.

Example: • The emulated VCs bound to this Layer 2 virtual routing
and forwarding (VRF) instance use this VPN ID for
Device(config-vfi)# vpn id 110 signaling.
Step 5 neighbor remote-router-id vc-id {encapsulation Specifies the type of tunnel signaling and encapsulation
encapsulation-type | pw-class pw-name} [no-split-horizon] mechanism for each VPLS peer.
Example: Note Split horizon is the default configuration to avoid
broadcast packet looping and to isolate Layer 2
Device(config-vfi)# neighbor 172.16.10.2 4 traffic. Use the no-split-horizon keyword to
encapsulation mpls disable split horizon and to configure multiple
VCs per spoke into the same VFI.
Step 6 bridge-domain bd-id Specifies a bridge domain.

Example:
Step 7 end Exits VFI configuration mode and returns to privileged

EXEC mode.
Example:
192
Configuration Examples: Routed Pseudowire and VPLS
Configuration Examples: Routed Pseudowire and VPLS

Example: Configuring Routed Pseudowire and VPLS
The example configures the IP address on a BDI interface and associates the interface to a VFI.
!
bridge-domain 100
!
interface BDI100
ip address 24.24.24.24 255.255.255.0
no shut
!
l2 vfi TEST manual
vpn id 100
bridge-domain 100
!
193
Example: Configuring Routed Pseudowire and VPLS
194

MP l2 Vpns Xe 3s Asr920 Book

Uploaded by

Copyright:

Available Formats

MP l2 Vpns Xe 3s Asr920 Book

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MP l2 Vpns Xe 3s Asr920 Book

Uploaded by

Copyright:

Available Formats

MPLS Layer 2 VPNs Configuration Guide, Cisco IOS XE Release 3S

(Cisco ASR 920 Series)

CHAPTER 1 L2VPN Protocol-Based CLIs 1

CHAPTER 2 Any Transport over MPLS 11

Estimating Packet Size Example 18

Setting Experimental Bits with AToM 44

Configuration Examples for Any Transport over MPLS 52

Example: Configuring ATM AAL5 over MPLS in VC Class Configuration Mode 56

CHAPTER 3 Loop-Free Alternate Fast Reroute 77

Remote LFA FRR with VPLS 81

CHAPTER 4 Configuring Virtual Private LAN Services 95

Jumbo Frame Support 98

Configuring Access Ports for Untagged Traffic from a CE Device 103

Example: Configuring Q-in-Q EFP 132

Example: Configuring MPLS on a PE Device 133

Example: Full-Mesh VPLS Configuration 135

CHAPTER 5 H-VPLS N-PE Redundancy for MPLS Access 141

CHAPTER 6 VPLS MAC Address Withdrawal 151

CHAPTER 7 VPLS BGP Signaling 155

Information About VPLS BGP Signaling 156

CHAPTER 9 N:1 PVC Mapping to PWE with Nonunique VPIs 175

Configuring N:1 PVC Mapping to PWE with Nonunique VPIs 176

CHAPTER 10 Pseudowire Group Switchover 181

Finding Feature Information 181

Restrictions for Pseudowire Group Switchover 182

CHAPTER 11 Configuring Routed Pseudowire and VPLS 189

Finding Feature Information

Information About L2VPN Protocol-Based CLIs

Benefits of L2VPN Protocol-Based CLIs

These benefits are achieved through the following enhancements:

L2VPN Protocol-Based CLI Changes

• l2vpn pseudowire static-oam class

• status admin-down disconnect

Legacy Command Replacement Command Introduced in Cisco IOS XE

backup delay redundancy delay (under l2vpn xconnect context)

bridge-domain (service instance) member (bridge-domain)

clear xconnect clear l2vpn service

connect (L2VPN local switching) l2vpn xconnect context

debug acircuit debug l2vpn acircuit

debug mpls l2transport checkpoint debug l2vpn atom checkpoint

debug mpls l2transport event-trace debug l2vpn atom event-trace

debug mpls l2transport fast-failure-detect debug l2vpn atom fast-failure-detect

debug mpls l2transport signaling debug l2vpn atom signaling

Legacy Command Replacement Command Introduced in Cisco IOS XE

debug mpls l2transport static-oam debug l2vpn atom static-oam

debug mpls l2transport vc subscriber debug l2vpn atom vc

debug mpls l2transport vc debug l2vpn atom vc

debug vfi debug l2vpn vfi

debug vfi checkpoint debug l2vpn vfi checkpoint

debug xconnect debug l2vpn xconnect

debug xconnect rib debug l2vpn xconnect rib

description (L2VFI) description (L2VPN)

l2 pseudowire routing pseudowire routing

l2 vfi l2vpn vfi context

l2 subscriber l2vpn subscriber

l2 vfi autodiscovery autodiscovery

l2 vfi point-to-point l2vpn xconnect context

local interface pseudowire type

monitor event-trace st-pw-oam monitor event-trace pwoam