CCIE SPv5.1 Labs
  • Page
  • Intro
    • Setup
  • MVPN
    • Start
    • Topology
    • Profile 0
    • Profile 0 with data MDTs
    • Profile 1
    • Profile 1 w/ Redundant Roots
    • Profile 1 with data MDTs
    • Profile 6
    • Profile 7
    • Profile 3
    • Profile 3 with S-PMSI
    • Profile 11
    • Profile 11 with S-PMSI
    • Profile 11 w/ Receiver-only Sites
    • Profile 9 with S-PMSI
    • Profile 12
    • Profile 13
    • UMH (Upstream Multicast Hop) Challenge
    • Profile 13 w/ Configuration Knobs
    • Profile 13 w/ PE RP
    • Profile 12 w/ PE Anycast RP
    • Profile 14 (Partitioned MDT)
    • Profile 14 with Extranet option #1
    • Profile 14 with Extranet option #2
    • Profile 14 w/ IPv6
    • Profile 17
    • Profile 19
    • Profile 21
  • MVPN SR
    • Start
    • Topology
    • Profile 27
    • Profile 27 w/ Constraints
    • Profile 27 w/ FRR
    • Profile 28
    • Profile 28 w/ Constraints and FRR
    • Profile 28 w/ Data MDTs
    • Profile 29
  • Segment Routing
    • Start
    • Topology
    • Basic SR with ISIS
    • Basic SR with OSPF
    • SRGB Modifcation
    • SR with ExpNull
    • SR Anycast SID
    • SR Adjacency SID
    • SR LAN Adjacency SID (Walkthrough)
    • SR and RSVP-TE interaction
    • SR basic inter-area with ISIS
    • SR basic inter-area with OSPF
    • SR basic inter-IGP (redistribution)
    • SR basic inter-AS using BGP
    • SR BGP Data Center (eBGP)
    • SR BGP Data Center (iBGP)
    • LFA
    • LFA Tiebreakers (ISIS)
    • LFA Tiebreakers (OSPF)
    • Remote LFA
    • RLFA Tiebreakers?
    • TI-LFA
    • Remote LFA or TILFA?
    • TI-LFA Node Protection
    • TI-LFA SRLG Protection
    • TI-LFA Protection Priorities (ISIS)
    • TI-LFA Protection Priorities (OSPF)
    • Microloop Avoidance
    • SR/LDP Interworking
    • SR/LDP SRMS OSPF Inter-Area
    • SR/LDP Design Challenge #1
    • SR/LDP Design Challenge #2
    • Migrate LDP to SR (ISIS)
    • OAM with SR
    • SR-MPLS using IPv6
    • Basic SR-TE with AS
    • Basic SR-TE with AS and ODN
    • SR-TE with AS Primary/Secondary Paths
    • SR-TE Dynamic Policies
    • SR-TE Dynamic Policy with Margin
    • SR-TE Explicit Paths
    • SR-TE Disjoint Planes using Anycast SIDs
    • SR-TE Flex-Algo w/ Latency
    • SR-TE Flex-Algo w/ Affinity
    • SR-TE Disjoint Planes using Flex-Algo
    • SR-TE BSIDs
    • SR-TE RSVP-TE Stitching
    • SR-TE Autoroute Include
    • SR inter-IGP using PCE
    • SR-TE PCC Features
    • SR-TE PCE Instantiated Policy
    • SR-TE PCE Redundancy
    • SR-TE PCE Redundancy w/ Sync
    • SR-TE Basic BGP EPE
    • SR-TE BGP EPE for Unified MPLS
    • SR-TE Disjoint Paths
    • SR Converged SDN Transport Challenge
    • SR OAM DPM
    • SR OAM Tools
    • Performance-Measurement (Interface Delay)
  • EVPN
    • Start
    • Topology
    • EVPN VPWS
    • EVPN VPWS Multihomed
    • EVPN VPWS Multihomed Single-Active
    • Basic Single-homed EVPN E-LAN
    • EVPN E-LAN Service Label Allocation
    • EVPN E-LAN Ethernet Tag
    • EVPN E-LAN Multihomed
    • EVPN E-LAN on XRv
    • EVPN IRB
    • EVPN-VPWS Multihomed IOS-XR (All-Active)
    • EVPN-VPWS Multihomed IOS-XR (Port-Active)
    • EVPN-VPWS Multihomed IOS-XR (Single-Active)
    • EVPN-VPWS Multihomed IOS-XR (Non-Bundle)
    • PBB-EVPN (Informational)
  • VPWS
    • Start
    • Topology
    • Basic VPWS
    • VPWS with Tag Manipulation
    • Redundant VPWS
    • Redundant VPWS (IOS-XR)
    • VPWS with PW interfaces
    • Manual VPWS
    • VPWS with Sequencing
    • Pseudowire Logging
    • VPWS with FAT-PW
    • MS-PS (Pseudowire stitching)
    • VPWS with BGP AD
  • VPLS
    • Start
    • Topology
    • Basic VPLS with LDP
    • VPLS with LDP and BGP
    • VPLS with BGP only
    • Hub and Spoke VPLS
    • Tunnel L2 Protocols over VPLS
    • Basic H-VPLS
    • H-VPLS with BGP
    • H-VPLS with QinQ
    • H-VPLS with Redundancy
    • VPLS with Routing
    • VPLS MAC Protection
    • Basic E-TREE
    • VPLS with LDP/BGP-AD and XRv RR
    • VPLS with BGP and XRv RR
    • VPLS with Storm Control
  • BGP Multi-Homing (XE)
    • Start
    • Topology
    • Lab1 ECMP
    • Lab2 UCMP
    • Lab3 Backup Path
    • Lab4 Shadow Session
    • Lab5 Shadow RR
    • Lab6 RR with Add-Path
    • Lab7 MPLS + Add Path ECMP
    • Lab8 MPLS + Shadow RR
    • Lab9 MPLS + RDs + UCMP
  • BGP Multi-Homing (XR)
    • Start
    • Topology
    • Lab1 ECMP
    • Lab2 UCMP
    • Lab3 Backup Path
    • Lab4 “Shadow Session”
    • Lab5 “Shadow RR”
    • Lab6 RR with Add-Path
    • Lab7 MPLS + Add Path ECMP
    • Lab8 MPLS + “Shadow RR”
    • Lab9 MPLS + RDs + UCMP
    • Lab10 MPLS + Same RD + Add-Path + UCMP
    • Lab11 MPLS + Same RD + Add-Path + Repair Path
  • BGP
    • Start
    • Conditional Advertisement
    • Aggregation and Deaggregation
    • Local AS
    • BGP QoS Policy Propagation
    • Non-Optimal eBGP Routing
    • Multihomed Enterprise Challenge
    • Provider Communities
    • Destination-Based RTBH
    • Destination-Based RTBH (Community-Based)
    • Source-Based RTBH
    • Source-Based RTBH (Community-Based)
    • Multihomed Enterprise Challenge (XRv)
    • Provider Communities (XRv)
Powered by GitBook
On this page
  • Answer
  • Explanation
  • Verification
  1. VPLS

H-VPLS with QinQ

PreviousH-VPLS with BGPNextH-VPLS with Redundancy

Last updated 8 days ago

Load hvpls.qinq.init.cfg

#IOS-XE (R1-R6, CE1-3, CE12)
config replace flash:hvpls.qinq.init.cfg

R1, R3 and R5 are “access switches” that run QinQ instead of MPLS. Configure H-VPLS using QinQ in the access network.

CE1 and CE2 should be in one VPLS domain, and CE12 and CE3 should be in another. Allow the customers to use any vlan tag they wish to use, but make sure to keep customer traffic separated.

Each “access switch” router should peer with the N-PE that it is one number higher.

  • R1 connects to R2 on Gi6

  • R3 connects to R4 on Gi7

  • R5 connects to R6 on Gi7

Use BGP for both AD and signaling in the N-PE full mesh. BGP is already preconfigured.

Answer

#R1
int gi4
 service instance 1 ethernet
  encapsulation default
  rewrite ingress tag push dot1q 10 symmetric
 exit
int gi5
 service instance 1 ethernet
  encapsulation default
  rewrite ingress tag push dot1q 20 symmetric
 exit
int gi6
 service instance 10 ethernet
  encapsulation dot1q 10
 service instance 20 ethernet
  encapsulation dot1q 20
 exit
!
bridge-domain 10
 member gi4 service-instance 1
 member gi6 service-instance 10
!
bridge-domain 20
 member gi5 service-instance 1
 member gi6 service-instance 20

#R3
int gi6
 service instance 1 ethernet
  encapsulation default
  rewrite ingress tag push dot1q 10 symmetric
 exit
int gi7
 service instance 10 ethernet
  encapsulation dot1q 10
exit
!
bridge-domain 10
 member gi6 service-instance 1
 member gi7 service-instance 10

#R5
int gi6
 service instance 1 ethernet
  encapsulation default
  rewrite ingress tag push dot1q 20 symmetric
 exit
int gi7
 service instance 20 ethernet
  encapsulation dot1q 20
exit
!
bridge-domain 20
 member gi6 service-instance 1
 member gi7 service-instance 20

## 
## N-PEs
##
#R2
l2vpn vfi context VPLS10
 vpn id 10
 autodiscovery bgp signaling bgp
  ve id 2
!
l2vpn vfi context VPLS20
 vpn id 20
 autodiscovery bgp signaling bgp
  ve id 2
!
int gi6
 service instance 10 eth
  encapsulation dot1q 10
 service instance 20 eth
  encapsulation dot1q 20
 exit
!
bridge-domain 10
 member vfi VPLS10
 member gi6 service-instance 10
!
bridge-domain 20
 member vfi VPLS20
 member gi6 service-instance 20

#R4
l2vpn vfi context VPLS10
 vpn id 10
 autodiscovery bgp signaling bgp
  ve id 4
!
int gi7
 service instance 10 eth
  encapsulation dot1q 10
 exit
!
bridge-domain 10
 member vfi VPLS10
 member gi7 service-instance 10

#R6
l2vpn vfi context VPLS20
 vpn id 20
 autodiscovery bgp signaling bgp
  ve id 6
!
int gi7
 service instance 20 eth
  encapsulation dot1q 20
 exit
!
bridge-domain 20
 member vfi VPLS20
 member gi7 service-instance 20

Explanation

When using QinQ in the access network with H-VPLS, the access network does pure L2 bridging. The “access switches” push a tag ontop of the customer traffic in order to separate customer traffic at the NNI (U-PE to N-PE connection). This allows for up to 4094 customers per U-PE switch.

We can implement QinQ on CSR1000v by using EFPs. The U-PE pushes a tag upon ingress, one per customer, and pops it upon egress (symmetric). At the NNI, the traffic is classified based on the outer tag. Both the UNI and NNI belong to the same bridge-domain.

The N-PE receives the traffic as doubled tagged at the NNI. The N-PEs form a basic VPLS domain between themselves, one per customer. Because the N-PEs are not forming pseudowires with the U-PEs (which would need split horizon to be disabled), we can use BGP for both auto discovery and signaling in the N-PE VPLS domains.

Verification

On the U-PEs, we will simply have bridged traffic, no pseudowires. We should see local MACs on UNIs and remote MACs on NNIs:

At the N-PEs, we should see a normal VPLS setup. The AC on the N-PEs is really an NNI instead of a UNI, but the operation is basically the same as we’ve seen in previous labs. We can see the VFI neighbors and the bridge table.

On the CEs we can verify that we aren’t able to reach CEs in other VPLS domains. All CEs are overlapping with dot1q tags and IP subnets which allows us to test this. Below, CE1 only gets a reply from CE2.

Below, CE3 only gets a reply from CE12: