VLL services

This chapter provides information about Virtual Leased Line (VLL) services and implementation notes.

Ethernet pipe service

This section provides information about the Ethernet pipe (Epipe) service and implementation notes.

Epipe service overview

An Epipe service is the Nokia implementation of an Ethernet VLL based on the IETF "Martini Drafts" (draft-martini-l2circuit-trans-mpls-08.txt and draft-martini-l2circuit-encapmpls-04.txt) and the IETF Ethernet Pseudowire Draft (draft-so-pwe3-ethernet-00.txt).

An Epipe service is a Layer 2 point-to-point service where the customer data is encapsulated and transported across a service provider IP, MPLS, or Provider Backbone Bridging (PBB) VPLS network. An Epipe service is completely transparent to the customer data and protocols. The Epipe service does not perform any MAC learning. A local Epipe service consists of two SAPs on the same node, whereas a distributed Epipe service consists of two SAPs on different nodes. SDPs are not used in local Epipe services.

Each SAP configuration includes a specific port or channel on which service traffic enters the router from the customer side (also called the access side). Each port is configured with an encapsulation type. If a port is configured with an IEEE 802.1Q (referred to as dot1q) encapsulation, a unique encapsulation value (ID) must be specified.

Epipe service pseudowire VLAN tag processing

Distributed Epipe services are connected using a pseudowire, which can be provisioned statically or dynamically and is represented in the system as a spoke SDP. The spoke SDP can be configured to process zero, one, or two VLAN tags as traffic is transmitted and received. See Epipe spoke SDP VLAN tag processing: ingress and Epipe spoke SDP VLAN tag processing: egress for more information about ingress and egress tag processing. In the transmit direction, VLAN tags are added to the frame being sent. In the received direction, VLAN tags are removed from the received frame. This is analogous to the SAP operations on a null, dot1q, and QinQ SAP.

The system expects a symmetrical configuration with its peer; specifically, it expects to remove the same number of VLAN tags from received traffic as it adds to transmitted traffic. When removing VLAN tags from a spoke SDP, the system attempts to remove the configured number of VLAN tags. If fewer tags are found, the system removes the VLAN tags found and forwards the resulting packet.

Because some of the related configuration parameters are local and not communicated in the signaling plane, an asymmetrical behavior cannot always be detected and so cannot be blocked. With an asymmetrical behavior, a protocol extraction does not necessarily function as it would with a symmetrical configuration, resulting in an unexpected operation.

The VLAN tag processing is configured as follows on a spoke SDP in an Epipe service:

zero VLAN tags processed

This requires the configuration of vc-type ether under the spoke SDP, or in the related PW template.
one VLAN tag processed

This requires one of the following configurations:
- vc-type vlan under the spoke SDP or in the related PW template
- vc-type ether and force-vlan-vc-forwarding under the spoke SDP or in the related PW template
two VLAN tags processed

This requires the configuration of force-qinq-vc-forwarding [c-tag-c-tag | s-tag-c-tag] under the spoke SDP or in the related PW template.

The PW template configuration provides support for BGP VPWS services.

The following restrictions apply to VLAN tag processing:

The configuration of vc-type vlan and force-vlan-vc-forwarding is mutually exclusive.
force-qinq-vc-forwarding [c-tag-c-tag | s-tag-c-tag] can be configured with the spoke SDP signaled as either vc-type ether or vc-type vlan.
The following are not supported with force-qinq-vc-forwarding [c-tag-c-tag | s-tag-c-tag] configured under the spoke SDP, or in the related PW template:
- multisegment pseudowires
- force-vlan-vc-forwarding under the same spoke SDP or PW template
- Eth-CFM LM tests are not supported on up MEPs when force-qinq-vc-forwarding is enabled

Epipe spoke SDP VLAN tag processing: ingress and Epipe spoke SDP VLAN tag processing: egress describe the VLAN tag processing with respect to the zero, one, and two VLAN tag configuration described for the VLAN identifiers, Ethertype, ingress QoS classification (dot1p or DE), and QoS propagation to the egress (which can be used for egress classification or to set the QoS information, or both, in the innermost egress VLAN tag).

Table 1. Epipe spoke SDP VLAN tag processing: ingress
Ingress (received on spoke SDP)	Zero VLAN tags	One VLAN tag	Two VLAN tags (enabled by force-qinq-vc-forwarding [c-tag-c-tag \| s-tag-c-tag]
VLAN identifiers	—	Ignored	Both inner and outer ignored
Ethertype (to determine the presence of a VLAN tag)	N/A	0x8100 or value configured under sdp vlan-vc-etype	Both inner and outer VLAN tags: 0x8100, or outer VLAN tag value configured under sdp vlan-vc-etype (inner VLAN tag value must be 0x8100)
Ingress QoS (dot1p/DE) classification	—	Ignored	Both inner and outer ignored
QoS (dot1p/DE) propagation to egress	Dot1p/DE=0	Dot1p/DE taken from received VLAN tag	Dot1p/DE taken as follows: if the egress encapsulation is a dot1q SAP, the system takes dot1p/DE bits from the outer received VLAN tag if the egress encapsulation is QinQ SAP, the system takes the S-tag bits from the outer received VLAN tag and the C-tag bits from the inner received VLAN tag The egress cannot be a spoke SDP because force-qinq-vc-forwarding does not support multisegment PWs.

Table 2. Epipe spoke SDP VLAN tag processing: egress
Egress (sent on mesh or spoke SDP)	Zero VLAN tags	One VLAN tag	Two VLAN tags (enabled by force-qinq-vc-forwarding [c-tag-c-tag \| s-tag-c-tag]
VLAN identifiers (set in VLAN tags)	—	The tag is derived from one of the following: the vlan-vc-tag value configured in PW template or under the spoke SDP value from the inner tag received on a QinQ SAP or QinQ spoke SDP value from the VLAN tag received on a dot1q SAP or spoke SDP (with vc-type vlan or force-vlan-vc-forwarding) value from the outer tag received on a qtag.* SAP 0 if there is no service delimiting VLAN tag at the ingress SAP or spoke SDP	The inner and outer VLAN tags are derived from one of the following: The vlan-vc-tag value configured in the PW template or under the spoke SDP: if c-tag-c-tag is configured, the system takes both inner and outer tags from the vlan-vc-tag value if s-tag-c-tag is configured, only the system only takes the S-tag value from the vlan-vc-tag value from the inner tag received on a QinQ SAP for the c-tag-c-tag option and value from the outer or inner tag received on a QinQ SAP for the s-tag-c-tag configuration option value from the VLAN tag received on a dot1q SAP for the c-tag-c-tag option and value from the VLAN tag for the outer tag and zero for the inner tag value from the outer tag received on a qtag.* SAP for the c-tag-c-tag option and value from the VLAN tag for the outer tag and zero for the inner tag value 0 if there is no service delimiting VLAN tag at the ingress SAP or spoke- DP Ethertype (set in VLAN tags).
Ethertype (set in VLAN tags)	—	0x8100 or value configured under sdp vlan-vc-etype	Both inner and outer VLAN tags: 0x8100, or outer VLAN tag value configured under sdp vlan-vc-etype (inner VLAN tag value is 0x8100)
Egress QoS (dot1p/DE) (set in VLAN tags)	—	The tag taken from the innermost ingress service delimiting tag can be one of the following: the inner tag received on a QinQ SAP or QinQ spoke SDP value from the VLAN tag received on a dot1q SAP or spoke SDP (with vc-type vlan or force-vlan-vc-forwarding) value from the outer tag received on a qtag.* SAP	Inner and outer dot1p/DE: If c-tag-c-tag is configured, the inner and the system takes both the outer dot1p/DE bits from the innermost ingress service delimiting tag. It can be one of the following: inner tag received on a QinQ SAP value from the VLAN tag received on a dot1q SAP value from the outer tag received on a qtag.* SAP value 0 if there is no service delimiting VLAN tag at the ingress SAP
–	–	0 if there is no service delimiting VLAN tag at the ingress SAP or spoke SDP Note: Neither the inner nor outer dot1p/DE values can be explicitly set.	If s-tag-c-tag is configured, the inner and outer dot1p/DE bits are taken from the inner and outer ingress service delimiting tag (respectively). They can be: inner and outer tags received on a QinQ SAP value from the VLAN tag received on a dot1q SAP for the outer tag and zero for the inner tag value from the outer tag received on a qtag.* SAP for the outer tag and zero for the inner tag value 0 if there is no service delimiting VLAN tag at the ingress SAP Note: Neither the inner nor outer dot1p/DE values can be explicitly set.

Any non-service delimiting VLAN tags are forwarded transparently through the Epipe service. SAP egress classification is possible on the outermost customer VLAN tag received on a spoke SDP using the ethernet-ctag parameter in the associated SAP egress QoS policy.

Epipe up operational state configuration option

By default, the operational state of the Epipe is tied to the state of the two connections that comprise the Epipe. If either of the connections in the Epipe is operationally down, the Epipe service that contains that connection is also operationally down. The user can configure a single SAP within an Epipe without affecting the operational state of that Epipe, using the optional ignore-oper-state command. Within an Epipe, if a SAP that includes this optional command becomes operationally down, the operational state of the Epipe remains up; it does not transition to down. The SAP remains down and no traffic can transit an operationally down SAP. Removing and adding this command on the fly evaluates the operational state of the service, based on the SAPs and the addition or deletion of this command.

Service OAM (SOAM) designers may consider using this command if an operationally up MEP configured on the operationally down SAP within an Epipe is required to receive and process SOAM PDUs. When a service is operationally down, this is not possible. For SOAM PDUs to continue to arrive on an operationally up MEP configured on the failed SAP, the service must be operationally up. Consider the case where an operationally up MEP is placed on a UNI-N or E-NNI, and the UNI-C on the E-NNI peer is shutdown in such a way that it causes the SAP to become operationally down.

Two connections must be configured within the Epipe; otherwise, the service is operationally down regardless of this command. The ignore-oper-state functionality only operates as intended when the Epipe has one ingress and one egress.

Note: This command should not be used for Epipe services with redundant connections that provide alternate forwarding in case of failure, even though the CLI does not prevent this configuration.

Support is available on Ethernet SAPs configured on ports or Ethernet SAPs configured on LAG. However, it is not allowed on SAPs using LAG profiles or on a SAP configured on a LAG that has no ports.

VLL CAC

The VLL Connection Admission Control (CAC) is supported for the 7705 SAR Gen 2 and provides a method to administratively account for the bandwidth used by VLL services inside an SDP that consists of RSVP LSPs.

The service manager keeps track of the available bandwidth for each SDP. The SDP available bandwidth is applied through a configured booking factor. An administrative bandwidth value is assigned to the spoke-SDP. When a VLL service is bound to an SDP, the amount of bandwidth is subtracted from the adjusted available SDP bandwidth. When the VLL service binding is deleted from the SDP, the amount of bandwidth is added back into the adjusted SDP available bandwidth. If the total adjusted SDP available bandwidth is overbooked when adding a VLL service, a warning is issued and the binding is rejected.

This feature does not guarantee bandwidth to a VLL service because there is no change to the datapath to enforce the bandwidth of an SDP by means such as shaping or policing of constituent RSVP LSPs.

MC-Ring and VLL

To support redundant VLL access in ring configurations, the multichassis ring (MC-Ring) feature is applicable to VLL SAPs. A conceptual drawing of the operation is shown in MC-Ring in a combination with VLL service. The specific CPE that is connected behind the ring node has access to both BSAs through the same VLAN provisioned in all ring nodes. There are two SAPs (with the same VLAN) provisioned on both nodes.

If a closed ring status occurs, one of the BSAs becomes the primary BSA and signals an active status bit on the corresponding VLL pseudowire. Similarly, the standby BSA signals a standby status. With this information, the remote node can choose the correct path to reach the CPE. In case of a broken ring, the node that can reach the ring node, to which the CPE is connected by RNCV check, becomes the primary and signals corresponding status on its pseudowire.

The mapping of individual SAPs to the ring nodes is done statically through CLI provisioning. To keep the convergence time to a minimum, MAC learning must be disabled on the ring node so all CPE originated traffic is sent in both directions. If the status is operationally down on the SAP on the standby BSA, that part of the traffic is blocked and not forwarded to the remote site.

Figure 2. MC-Ring in a combination with VLL service

Circuit emulation VLL (Cpipe) services

This section provides information about the Cpipe service.

Cpipe service overview

Cpipe service is the Nokia implementation of TDM PW VLL as defined in the IETF PWE3 working group.

The 7705 SAR Gen 2 supports TDM circuit applications that transport delay-sensitive TDM traffic over a packet network. For example, in the case of cell site aggregation, Cpipe services provide transport service for 2G connectivity between the base transceiver station and the base station controller, and for 3G backhaul applications (for example, EVDO traffic from T1/E1 ports with MLPPP). Cpipe services over MPLS or GRE tunnels are supported.

The legacy TDM traffic is transported encapsulated in a TDM VLL over the packet-switched network (PSN). The entire T1/E1 frame or part of a frame (n ✕ 64 kb/s) is carried as a TDM VLL over the PSN. At the far end, the transport layer frame structure is regenerated when structured circuit emulation is used, or simply forwarded as part of the payload when unstructured circuit emulation is used.

TDM SAP-to-SAP service

TDM VLLs can be configured with both endpoints (SAPs) on the same 7705 SAR Gen 2. This is referred to as TDM SAP-to-SAP or local TDM service. TDM SAP-to-SAP emulates a TDM multiplexing and switching function on the 7705 SAR Gen 2.

A TDM SAP-to-SAP connection is set up in the 7705 SAR Gen 2 and a pseudowire is configured between the two endpoints.

Note: TDM SAP-to-SAP connections are supported between any port configured for access mode and circuit emulation service and another port with the same configuration (endpoint type, bit rate [number of DS0s in a channel group], payload size). TDM SAP-to-SAP service is supported on 8-port T1/E1 ASAP Adapter card and 8-port RS-232 and C37.94 Combination MDA.

Cpipe service modes

Cpipe services support structured circuit emulation mode (CESoPSN) for n ✕ 64 kb/s timeslots in DS1 and E1 circuits, as described in RFC 5086.

Structured mode (CESoPSN)

Structure-aware circuit emulation is used for the transport of structured TDM, taking at least some level of the structure into account. By selecting only the necessary n ✕ 64 kb/s timeslots to transport, bandwidth usage is reduced or optimized (compared to a full DS1 or E1). Full DS1s or E1s can be transported by selecting all the timeslots in the DS1 or E1 circuit. Framing bits (DS1) or FAS (E1) are terminated at the near end and reproduced at the far end.

The 7705 SAR Gen 2 supports CESoPSN with and without channel-associated signaling (CAS) for DS1 and E1.

When CESoPSN with CAS is selected, the ABCD bits are coded into the T1 or E1 multiframe packets, transported within the TDM PW, and reconstructed in the T1 or E1 multiframe at the far end for each timeslot.

CAS includes four signaling bits (A, B, C, and D) in the messages sent over a voice trunk. These messages provide information such as the dialed digits and the call state (whether on-hook or off-hook).

The mechanism for E1 CAS is described in ITU-T G.732. When configured for E1 CAS, timeslot 17 carries the signaling information for the timeslots used for voice trunking. Each channel requires four signaling bits, so grouping 16 E1 frames into a multiframe allows the signaling bits for all 30 channels to be trunked.

As shown in the following figure, timeslot 1 of all frames within the E1 multiframe is reserved for alignment, alarm indication, and CRC. For Frame 0, timeslot 17 is reserved for multiframe alignment bits. For the remaining 15 frames, timeslot 17 contains ABCD bits for two channels.

Note: For E1 CAS, timeslots are numbered 1 to 32 on the 7705 SAR Gen 2.

Figure 3. E1 framing for CAS support in an E1 multiframe

For T1 CAS, the signaling bits are transferred using Robbed Bit Signaling (RBS), where the least significant bit in the channel is used periodically to transport these bits instead of voice data. T1 CAS is supported when extended superframe format (ESF) or superframe format (SF) framing is configured. ESF framing uses a 24-frame multiframe and transfers all four signaling bits (ABCD). SF framing uses a 12-frame multiframe and transfers only the AB bits. The signaling bits are carried in the least significant bit of the following frames:

A bit in frame 6
B bit in frame 12
C bit in frame 18
D bit in frame 24

When CESoPSN with CAS is selected, the ABCD bits are decoded from the incoming E1/T1 multiframe, transferred within the TDM PW, and reconstructed in the E1/T1 multiframe at the far end for every DS0 channel. CAS can be configured on a per-T1/E1 basis or on a per-DS0/64 kb/s channel basis.

The 7705 SAR Gen 2 supports mixed framing formats for the T1 ports on a Cpipe configured for CESoPSN with CAS; that is, one port can be configured for ESF framing and the other port for SF framing.

If the ingress port is an ESF-framed T1 port, when the packets arrive at the egress port, the ABCD bits from the ingress ESF SAP are sent out as AB bits in two consecutive superframes on the egress SF SAP. The CD bits from the ingress ESF SAP are mapped as AB bits in the second SF frame.

If the ingress port is an SF-framed T1 port, when the packets arrive at the egress port, the AB bits from every second SF frame from the ingress SF SAP are repeated twice as the ABCD bits of an egress ESF frame. The AB bits from the interlacing SF frames are dropped.

ESF and SF framing interoperability is supported on DS1 (T1) ports or channels on the following hardware:

8-port T1/E1 ASAP Adapter card
8-port RS-232 and C37.94 Combination MDA

The following table describes the structure of a T1 ESF multiframe that uses RBS. The structure of a T1 SF multiframe is based on 12 frames, and only the A and B bits are available.

Table 3. T1 framing for CAS (RBS) support in a T1 ESF multiframe
Frame number	F bit				Bit numbers in each channel timeslot		Signaling channel designation⁴
	Bit number within multiframe	Assignments			Bit numbers in each channel timeslot
	Bit number within multiframe	FAS ¹	DL ²	CRC ³	For character signal⁴	For signaling ⁴
1	1	—	m	—	1-8	—	—
2	194	—	—	e1	1-8	—	—
3	387	—	m	—	1-8	—	—
4	580	0	—	—	1-8	—	—
5	773	—	m	—	1-8	—	—
6	966	—	—	e2	1-7	8	A
7	1159	—	m	—	1-8	—	—
8	1352	0	—	—	1-8	—	—
9	1545	—	m	—	1-8	—	—
10	1738	—	—	e3	1-8	—	—
11	1931	—	m	—	1-8	—	—
12	2124	1	—	—	1-7	8	B
13	2317	—	m	—	1-8	—	—
14	2510	—	—	e4	1-8	—	—
15	2703	—	m	—	1-8	—	—
16	2896	0	—	—	1-8	—	—
17	3089	—	m	—	1-8	—	—
18	3282	—	—	e5	1-7	8	C
19	3475	—	m	—	1-8	—	—
20	3668	1	—	—	1-8	—	—
21	3861	—	m	—	1-8	—	—
22	4054	—	—	e6	1-8	—	—
23	4247	—	m	—	1-8	—	—
24	4440	1	—	—	1-7	8	D

Notes:

FAS = frame alignment signal (....001011.....)
DL = 4 kb/s data link (m represents message bits)
CRC = CRC-6 block check field (e1 to e6 represent check bits)
Only applicable for CAS

TDM PW encapsulation

Note: For GRE tunnels, the encapsulations shown in the following figure are used, but GRE tunnel headers are used instead of MPLS tunnel headers.

The following figure shows the format of the CESoPSN TDM payload (with and without CAS) for packets carrying trunk-specific n ✕ 64 kb/s service.

Figure 5. CESoPSN packet payload format for trunk-specific n x 64 kb/s (with and without CAS transport)

For CESoPSN without CAS, select the packet size so that an integer number of frames are transported. That is, if n timeslots per frame are to be encapsulated in a TDM PW, the packet size must be a multiple of n (where n is not equal to 1). For example, if n = 4 timeslots, the packet size can be 8, 12, 16, and so on. If only one timeslot per frame is being transported, the packet size must be an even number.

For CESoPSN with CAS, the packet size is an integer number of frames. A single T1/E1 port can have a mix of CAS and non-CAS traffic in each DS0/64 kb/s channel. You must configure the relevant T1/E1 port or channel group for CAS signal mode before provisioning the TDM PW with CAS, or the system will disallow the signal mode configuration. The extra bytes for ABCD (CAS) signaling bits are not included when setting the packet size.

For a single T1/E1 port that contains a mix of CAS and non-CAS signaling, all non-CAS channel Cpipes inherit the CAS channel restriction on 24/16 frames payload size. For a T1 port, the payload size is equal to the number of CAS and/or non-CAS timeslots ✕ 24 frames/multiframe ✕ n multiframes, where n = 1 to 8. For an E1 port, the payload size is equal to the number of CAS and/or non-CAS timeslots ✕ 16 frames/multiframe ✕ n multiframes, where n =1 to 8.

Note: The extra bytes for CAS signaling bits must be included when setting the service-mtu size. See Structured T1/E1 CES with CAS for more information.

Circuit emulation parameters and options

E1 circuits as defined in RFC 4553, and structured circuit emulation mode (CESoPSN) for n ✕ 64 kb/s timeslots in DS1 and E1 circuits as defined in RFC 5086.

The following table lists the adapter cards, modules, and chassis that support CESoPSN.

Table 4. CESoPSN support on the 7705 SAR Gen 2
Card/module/chassis		CESoPSN
Name	CLI identifier (includes mode and channelization)	CESoPSN
8-port T1/E1 ASAP Adapter card	m8-t1e1-rj48	✓
8-port RS-232 and C37.94 Combination MDA	m4-rs232-rj45+4-c3794-sfp	✓

Structured DS1/E1 CES without CAS

Structured CES without CAS is configured by choosing cesopsn as the vc-type when creating a Cpipe service. For n ✕ 64 kb/s structured circuit emulation operation, the framing parameter of the port must be set to a framed setting (such as ESF for DS1). Each channel group contains n DS0s (timeslots), where n is between 1 and 24 timeslots for DS1 and between 1 and 31 timeslots for E1.

The packet payload size is configurable (in octets) and must be an integer multiple of the number of timeslots in the channel group. The minimum payload packet size is 2 octets (based on two frames per packet and one timeslot per frame). See Default and minimum payload sizes for CESoPSN without CAS for default and minimum payload size values. The maximum payload packet size is 1514 octets.

If a port on a 8-port T1/E1 ASAP Adapter card is configured for DCR, the port timing is associated with the service clock of the Cpipe of channel group 1. This restriction does not apply to framed E1 ports.

Each DS1 or E1 frame contributes a number of octets to the packet payload. That number is equal to the number of timeslots configured in the channel group. Thus, a channel group with four timeslots contributes 4 octets to the payload. The timeslots do not need to be contiguous.

A smaller packet size results in lower packetization delay; however, it increases the packet overhead (when expressed as a percentage of the traffic).

Calculation of payload size

The payload size (S), in octets, can be calculated using the following formula:

S = N x F

where:

N = the number of octets (timeslots) collected per received frame (DS1 or E1)

F = the number of received frames (DS1 or E1) that are accumulated in each CESoPSN packet

For example, assume the packet collects 16 frames (F) and the channel group contains 4 octets (timeslots) (N). Then the packet payload size (S) is:

S = 4 octets/frame x 16 frames

= 64 octets

Calculation of packetization delay

Packetization delay is the time required to collect the payload for a CESoPSN packet. DS1 and E1 frames arrive at a rate of 8000 frames per second. Therefore, the received frame arrival period is 125 μs.

In the previous example, 16 frames were accumulated in the CESoPSN packet. In this case, the packetization delay (D) can be calculated as follows:

D = 125 μs/frame ✕ 16 frames

= 2.000 ms

The following table lists the default and minimum values for frames per packet, payload size, and packetization delay as they apply to the number of timeslots (N) that contribute to the packet payload. The default values are set by the operating system as follows:

for N = 1, the default is 64 frames/packet
for 2 ≤ N ≤ 4, the default is 32 frames/packet
for 5 ≤ N ≤ 15, the default is 16 frames/packet
for N ≥ 16, the default is 8 frames/packet

Table 5. Default and minimum payload sizes for CESoPSN without CAS
	Default values			Minimum values
Number of timeslots (N)	Frames per packet (F)	Payload size (octets) (S)	Packetization delay (ms) (D)	Frames per packet (F)	Payload size (octets) (S)	Packetization delay (ms) (D)
1	64	64	8.000	2	2	0.250
2	32	64	4.000	2	4	0.250
3	32	96	4.000	2	6	0.250
4	32	128	4.000	2	8	0.250
5	16	80	2.000	2	10	0.250
6	16	96	2.000	2	12	0.250
7	16	112	2.000	2	14	0.250
8	16	128	2.000	2	16	0.250
9	16	144	2.000	2	18	0.250
10	16	160	2.000	2	20	0.250
11	16	176	2.000	2	22	0.250
12	16	192	2.000	2	24	0.250
13	16	208	2.000	2	26	0.250
14	16	224	2.000	2	28	0.250
15	16	240	2.000	2	30	0.250
16	8	128	1.000	2	32	0.250
17	8	136	1.000	2	34	0.250
18	8	144	1.000	2	36	0.250
19	8	152	1.000	2	38	0.250
20	8	160	1.000	2	40	0.250
21	8	168	1.000	2	42	0.250
22	8	176	1.000	2	44	0.250
23	8	184	1.000	2	46	0.250
24	8	192	1.000	2	48	0.250
25	8	200	1.000	2	50	0.250
26	8	208	1.000	2	52	0.250
27	8	216	1.000	2	54	0.250
28	8	224	1.000	2	56	0.250
29	8	232	1.000	2	58	0.250
30	8	240	1.000	2	60	0.250
31	8	248	1.000	2	62	0.250

Structured T1/E1 CES with CAS

Structured circuit emulation with CAS is supported for T1 and E1 circuits.

Structured CES with CAS service is configured by choosing cesopsn-cas as the vc-type when creating a Cpipe service. The DS1 or E1 service on the port associated with the Cpipe SAP should be configured to support CAS (via the signal-mode {cas} command) before configuring the Cpipe service to support DS1 or E1 with CAS.

For n ✕ DS0 and n ✕ 64 kb/s structured circuit emulation with CAS, the implementation is almost identical to that of CES without CAS. When CAS operation is enabled, timeslot 16 (channel 17) cannot be included in the channel group on E1 carriers. Since the CAS in-band method is used, separate PW support for CAS is not provided.

When CAS is enabled, the packet size is based on the number of multiframes per packet and whether the circuit is configured for E1 or T1. Payload size is user-configurable to correspond to the required integer number of multiframes. The 7705 SAR Gen 2 supports up to 8 multiframes, where a multiframe contains 24 frames for T1 and 16 frames for E1. Therefore, the payload size = number of timeslots ✕ 24 (T1) or 16 (E1) frames per multiframe ✕ number of multiframes. For example, the payload size for a T1 line (24 frames) using 2 timeslots and 8 multiframes is 384 bytes (384 = (2 ✕ 24) ✕ 8).

The following table lists the default payload sizes based on the number of timeslots.

For CAS, the signaling portion adds (n/2) bytes (n is an even integer) or ((n+1)/2) bytes (n is odd) to the packet, where n is the number of timeslots in the channel group. The user does not include the additional signaling bytes when setting the TDM payload size. However, the operating system includes the additional bytes in the total packet payload, and the total payload must be accounted for when setting the service-mtu size. Continuing the preceding example, since n = 4, the total payload is 64 octets plus (4/2 = 2) CAS octets, or 66 octets. See CESoPSN packet payload format for trunk-specific n x 64 kb/s (with and without CAS transport) to see the structure of the CES with CAS payload.

CES fragmentation is not supported.

Note: If the configured service-mtu size is smaller than the total payload size (payload plus CAS bytes), the Cpipe will not become operational. This must be considered if the service-mtu is changed from its default value.

Table 6. Default values for the payload size for T1 and E1 CESoPSN with CAS
Number of timeslots	T1			E1
Number of timeslots	Number of frames per packet	Payload size (octets)	Packetization delay (ms)	Number of frames per packet	Payload size (octets)	Packetization delay (ms)
1	24	24	3.00	16	16	2.00
2	24	48	3.00	16	32	2.00
3	24	72	3.00	16	48	2.00
4	24	96	3.00	16	64	2.00
5	24	120	3.00	16	80	2.00
6	24	144	3.00	16	96	2.00
7	24	168	3.00	16	112	2.00
8	24	192	3.00	16	128	2.00
9	24	216	3.00	16	144	2.00
10	24	240	3.00	16	160	2.00
11	24	264	3.00	16	176	2.00
12	24	288	3.00	16	192	2.00
13	24	312	3.00	16	208	2.00
14	24	336	3.00	16	224	2.00
15	24	360	3.00	16	240	2.00
16	24	384	3.00	16	256	2.00
17	24	408	3.00	16	272	2.00
18	24	432	3.00	16	288	2.00
19	24	456	3.00	16	304	2.00
20	24	480	3.00	16	320	2.00
21	24	504	3.00	16	336	2.00
22	24	528	3.00	16	352	2.00
23	24	552	3.00	16	368	2.00
24	24	576	3.00	16	384	2.00
25	NA	NA	NA	16	400	2.00
26	NA	NA	NA	16	416	2.00
27	NA	NA	NA	16	432	2.00
28	NA	NA	NA	16	448	2.00
29	NA	NA	NA	16	464	2.00
30	NA	NA	NA	16	480	2.00

Packet payload size

The packet payload size defines the number of octets contained in the payload of a TDM PW packet when the packet is transmitted. Each DS0 (timeslot) in a DS1 or E1 frame contributes 1 octet to the payload, and the total number of octets contributed per frame depends on the number of timeslots in the channel group (for example, 10 timeslots contribute 10 octets per frame).

Jitter buffer

A circuit emulation service uses a jitter buffer to ensure that received packets are tolerant to packet delay variation (PDV). The selection of jitter buffer size must take into account the size of the TDM-encapsulated packets (payload size). A properly configured jitter buffer provides continuous play-out, thereby avoiding discards caused by overruns and underruns (packets arriving too early or too late). The maximum receive jitter buffer size is configurable for each SAP configured for circuit emulation. The range of values is from 1 to 250 ms in increments of 1 ms.

Configuration and design considerations

Determining the best configuration value for the jitter buffer may require some adjustments to account for the requirements of your network, which can change PDV as nodes are added or removed.

For each circuit, the maximum receive jitter buffer is configurable. Play-out from this buffer must start when the buffer is 50% full, to ensure an operational PDV equal to half the maximum buffer size. The supported range is 1 to 250 ms in increments of 1 ms. The buffer size must be set to at least 3 times the packetization delay and no greater than 32 times the packetization delay. Use a buffer size (in ms) that is equal to or greater than the peak-to-peak PDV expected in the network used by circuit emulation service. For example, for a PDV of ±5 ms, configure the jitter buffer to be at least 10 ms.

Note:

The jitter buffer setting and payload size (packetization delay) interact such that it may be necessary for the operating system to adjust the jitter buffer setting to ensure no loss of packets. Thus, the configured jitter buffer value may not be the value used by the system. Use the following command to display the effective PDVT (packet delay variation tolerance).
```
show service id service-id all
```
If asymmetric delay control is enabled (asym-delay-control), it must be enabled on both ends of the Cpipe, and the jitter buffer size must match on both ends of the Cpipe. Otherwise, a service parameter mismatch state occurs, and the service is brought down.

The following values are the default jitter buffer times for structured circuits without CAS, where N is the number of timeslots:

for N = 1, the default is 32 ms
for 2 ≤ N ≤ 4, the default is 16 ms
for 5 ≤ N ≤ 15, the default is 8 ms
for N ≥ 16, the default is 5 ms

For CESoPSN with CAS, the default jitter buffer is 12 ms for T1 and 8 ms for E1.

Jitter buffer overrun and underrun counters are available for statistics and can raise an alarm (optional) while the circuit is operational. For overruns, excess packets are discarded and counted. For underruns, an all-ones pattern is sent for unstructured circuits, and an all-ones or a user-defined pattern is sent for structured circuits (based on configuration).

The circuit status and statistics can be displayed using the show command.

Asymmetric delay control

If there is high jitter in the network, the last packet for initialization of the circuit emulation service may arrive early or late, resulting in a jitter buffer latency that is different from the expected configured jitter buffer setting (time associated with 50% jitter buffer size). The latency difference between each direction of the TDM PW is known as asymmetric latency, and because some applications (for example, power industry networks) require a very low latency difference, this must be controlled.

Asymmetric delay control (ADC) is used to control the asymmetric latency contributed by the jitter buffer. When the asym-delay-control command is enabled, a special startup sequence is triggered when the TDM PW is initially started or is restarted after being brought down (caused by faults such as packet overflow, packet underflow, or the port going down).

Upon startup, a configurable number of TDM PW packets are analyzed. During this analysis period, the access port transmits an all-ones pattern (for the 8-port RS-232 and C37.94 Combination MDA) or the configured idle-payload-fill value (for the other port types).

If any packet loss is detected during the analysis period, the analysis is restarted. If no packet loss is detected, the average jitter buffer latency is computed. Based on the difference between the average latency and the expected latency of the jitter buffer size, the network processor will either:

drop a number of octets based on the difference (if the measured average is higher than expected)
add a number of dummy octets based on the difference (if the measured average is lower than expected); the dummy octets are based on the idle-payload-fill value of the channel or port

Note:

ADC can only reduce asymmetry in the jitter buffer. It does not reduce any asymmetry that may exist in the network path. Because of this, the network must be engineered to maintain symmetrical latency:
- use explicit-path LSPs with strict hops using RSVP-TE or SR-TE
- do not use MPLS FRR or loop-free alternate paths (LFA, R-LFA, or TI-LFA) anywhere along the path because it may change the latency characteristics of a single direction without changing the other direction
- ensure that both directions of the TDM PW traverse the same path end to end
With ADC, care must be taken when designing the network to prevent a situation where an error recovery mechanism would result in different MPLS paths in the two directions of the Cpipe, between the two SAPs across the network. If different paths are used, latencies may differ, causing asymmetry. To prevent this situation, the 7705 SAR supports path redundancy for ADC. See ADC for redundant paths.

Optionally, the ADC analysis can be set to repeat at configured time intervals (min-repeat) after the service is up. This analysis is done with live traffic (that is, not with all-ones or the idle-payload-fill value). If the difference between the calculated average latency and the expected latency is greater than the threshold-repeat value, octets are added or dropped as necessary.

On-demand ADC allows users to initiate a one-time ADC analysis and correction on a live service using the following command.

tools perform service id sap

Similar to the ADC repeat function, ADC uses the threshold-repeat value to determine if octets need to be added or dropped.

If ADC is enabled, it must be enabled on both ends of the Cpipe; otherwise, a service parameter mismatch state occurs, and the service is brought down. Jitter buffer size is also included in the set of parameters that can cause a service parameter mismatch if the value is not the same at both ends of the Cpipe. This prevents the operator from changing the jitter buffer size, which would immediately change the latency symmetry of the Cpipe service.

As well, Cpipes using ADC must have the same card and port type on both ends of the Cpipe. Mismatched card or port configuration is not blocked in the CLI or in SNMP, but must be avoided; otherwise, differential delay is introduced, caused by different framer delays on the cards/ports.

ADC can only be enabled for Cpipes configured as CESoPSN without CAS (applies only to E1 circuits on the 8-port T1/E1 ASAP Adapter card).

ADC for redundant paths

When two paths are created between Cpipe endpoint routers, there is no guarantee that the latency of the two paths is exactly the same. Each path may be a different distance and have different numbers or types of switches or routers, and path failures may occur in a single direction. Automatic path switchover in these cases will result in asymmetry of traffic latency. This is problematic for networks that require high availability, such as power industry networks that use teleprotection. To overcome this problem, the 7705 SAR Gen 2 supports ADC over redundant network paths.

To enable ADC over redundant network paths in a Cpipe service, each router in the service must be configured with one SAP and two SDPs, where:

one router is configured as the standby-signaling master, and the other is configured as the standby-signaling slave.
the two SDPs on each router provide two different paths between the routers. To keep the service symmetric, both the master endpoint router and the slave endpoint router must use the same SDP and therefore the same path at any one time.
each path is made up of two unidirectional LSPs with strict hop-by-hop routing over the two routers.

If the active path becomes unavailable, as detected through LOS, BFD failure, LSP down, or spoke SDP down, the standby-signaling master and the standby-signaling slave routers both switch over to the available path.

After each path switchover, ADC automatically executes its analysis and resets the jitter buffer latency to the engineered value. This occurs because the switchover process may leave the path in a state that is susceptible to asymmetry.

In addition, TDM PWs enabled with ADC receive data only from the active path. Normally, incoming traffic is accepted from both active and inactive paths. However, because in-transit traffic may cause symmetry issues after a path switchover, only traffic on the active path is accepted.

Control word

The control word is mandatory for CESoPSN. The following figure shows the bit structure and the table describes the bit fields. See Pseudowire control word for more information.

Table 7. Control word bit descriptions
Bit	Description
Bits 0 to 3	The use of bits 0 to 3 is described in RFC 4385. These bits are set to 0 unless they are being used to indicate the start of an Associated Channel Header (ACH) for the purposes of VCCV.
L (Local TDM Failure)	The L bit is set to 1 if an abnormal condition of the attachment circuit, such as LOS, LOF, or AIS, has been detected, and the TDM data carried in the payload is invalid. The L bit is cleared (set back to 0) when the fault is rectified.
R (Remote loss of frames indication)	The R bit is set to 1 if the local CE-bound interworking function (IWF) is in the packet loss state and cleared (reset to 0) after the local CE-bound IWF is no longer in the packet loss state.
M (Modifier)	The M bits are a 2-bit modifier field. For SAToP, M is set to 00 as per RFC 4553. For CESoPSN, M is set according to RFC 5086, summarized as follows: When L bit = 0, and M = 00 – Normal conditions M = 01 – Reserved for future use M = 10 – RDI condition for the attachment circuit (AC) M = 11 – Reserved for CESoPSN When L bit = 1, and M = 00 – TDM data is invalid M = 01 – Reserved for future use M = 10 – Reserved for future use M = 11 – Reserved for future use
FRG	The FRG bits in the CESoPSN control word are set to 00.
LEN	The LEN bits (bits 10 to 15) carry the length of the CESoPSN packet (defined as the CESoPSN header size plus the payload size) if it is less than 64 bytes, and set to 0 otherwise.
Sequence number	The sequence number is used to provide the common PW sequencing function and detect lost packets.

Error situations

The CE-bound interworking function (IWF) uses the sequence numbers in the control word to detect lost and incorrectly ordered packets. Incorrectly ordered packets that cannot be reordered are discarded.

For unstructured CES, the payload of received packets with the L bit set is replaced with an all-ones pattern. For structured CES, the payload of received packets with the L bit set is replaced with an all-ones or a user-configurable bit pattern. This is configured using the idle-payload-fill command. For structured CES with CAS, the signaling bits are replaced with an all-ones or a user-configurable bit pattern.

All circuit emulation services can have a status of up, loss of packets (LOP), or admin down, and any jitter buffer overruns or underruns are logged.

Transparent SDH/SONET over packet (TSoP)

Transparent SDH/SONET over packet (TSoP) is a method for transporting clear channel OC3/STM1 or clear channel OC12/STM4 traffic over a packet network using OC3/STM1 TSoP SFPs and OC12/STM4 TSoP SFPs. With TSoP, the entire signal is encapsulated in a pseudowire and transported over the network to a single destination, which simplifies operation. TSoP is modeled after the SAToP method for pseudowire transport of DS1, E1, DS3, or E3 circuits (RFC 4553).

TSoP SFPs are inserted into Ethernet SFP ports, and the 7705 SAR Gen 2 treats them as standard Ethernet SFPs. To set up the TSoP service, an Epipe must be created across the network connecting two OC3/STM1 TSoP SFPs or two OC12/STM4 TSoP SFPs. The TSoP SFPs implement DCR for service clock delivery. Both nodes must be synchronized against a common clock for DCR.

TSoP SFPs are supported on the 7705 SAR-Hx and 7705 SAR-Mx.

Pseudowire redundancy service models

This section describes the MC-LAG and pseudowire redundancy scenarios and the algorithm used to select the active transmit object in a VLL endpoint.

Redundant VLL service model

To implement pseudowire redundancy, a VLL service accommodates more than a single object on the SAP side and on the spoke-SDP side.

The following figure shows the model for a redundant VLL service based on the concept of endpoints.

Figure 7. Redundant VLL endpoint objects

By default, a VLL service supports two implicit endpoints managed internally by the system. Each endpoint can only have one object: a SAP or a spoke-SDP.

To add more objects, create up to two explicitly named endpoints per VLL service. The endpoint name is locally significant to the VLL service. In the preceding figure, endpoints are referred to as endpoint X and endpoint Y.

In the preceding figure, endpoint Y can also have a SAP or an ICB spoke-SDP. The following is a list of supported endpoint objects, and the applicable rules to associate the object with an endpoint of a VLL service:

SAP

A maximum of only one SAP per VLL endpoint is supported.
primary spoke-SDP

The VLL service always uses this pseudowire and only switches to a secondary pseudowire when this primary pseudowire is down; the VLL service switches the path to the primary pseudowire when it is back up. The user can configure a timer to delay reverting back to primary or to never revert. A maximum of only one primary spoke-SDP per VLL endpoint is supported.
secondary spoke-SDP

A maximum of four secondary spoke-SDPs per endpoint are supported. The user can configure the precedence of a secondary pseudowire to indicate the order in which a secondary pseudowire is activated.
Inter-Chassis Backup (ICB) spoke-SDP

This special pseudowire is used for MC-LAG and pseudowire redundancy applications. Forwarding between ICBs is blocked on the same node. At the time this endpoint object is created, the user must explicitly indicate that the spoke-SDP is an ICB; however, a few scenarios are possible where the user can configure the spoke-SDP as an ICB or as a regular spoke-SDP on a specified node. The CLI for those cases indicate both options.

A VLL service endpoint can use only a single active object to transmit at a specific time, but it can receive from all endpoint objects.

An explicitly named endpoint can have a maximum of one SAP and one ICB. When a SAP is added to the endpoint, only one more object of the ICB spoke-SDP type is allowed. The ICB spoke-SDP cannot be added to the endpoint if the SAP is not part of an MC-LAG instance. Conversely, a SAP that is not part of an MC-LAG instance cannot be added to an endpoint that already has an ICB spoke-SDP.

An explicitly named endpoint that does not have a SAP object can have a maximum of four spoke-SDPs and include any of the following:

a single primary spoke-SDP
one or many secondary spoke-SDPs with precedence
a single ICB spoke-SDP

T-LDP status notification handling rules

Using Redundant VLL endpoint objects as a reference, this section describes the rules for generating, processing, and merging T-LDP status notifications in a VLL service with endpoints. Any allowed combination of objects, as specified in Redundant VLL service model, can be used on endpoints X and Y.

This section uses the specific combination of objects shown in Redundant VLL endpoint objects as an example to describe the more general rules.

Processing endpoint SAP active/standby status bits

The advertised administrative forwarding status bit of active/standby reflects the status of the local LAG SAP in MC-LAG applications. If the SAP is not part of an MC-LAG instance, the forwarding status of active is always advertised.

If the SAP in endpoint X is part of an MC-LAG instance, a node must send a T-LDP forwarding status bit of SAP active/standby over all endpoint Y spoke-SDPs, except the ICB spoke-SDP, whenever this status changes. The status bit sent over the ICB is always zero (active by default).

If the SAP in endpoint X is not part of an MC-LAG instance, the forwarding status sent over all endpoint Y spoke-SDPs should always be set to zero (active by default).

Processing and merging

Endpoint X is operationally up if at least one of its objects is operationally up. It is down if all of its objects are operationally down.

If the SAP in endpoint X transitions locally to the down state or receives a SAP down notification via the SAP-specific OAM signal, the node must send T-LDP SAP down status bits on endpoint Y ICB spoke SDPs only. Ethernet SAP does not support the SAP OAM protocol. No other SAP types can exist on the same endpoint as an ICB spoke SDP because a non-Ethernet SAP cannot be part of an MC-LAG instance.

If the ICB spoke SDP in endpoint X transitions locally to the down state, the node must send T-LDP SDP-binding down status bits on this spoke SDP.

If the ICB spoke SDP in endpoint X receives T-LDP SDP-binding down status bits or the pseudowire does not forward the status bits, the node saves this status and takes no further action. The saved status is used for active transmit endpoint object selection.

If any or all of the following are true for all objects in endpoint X, the node must send status bits of SAP down over all endpoint Y spoke SDPs, including the ICB:

transitioned locally to down state
received a SAP down notification by remote T-LDP status bits or by SAP-specific OAM signal
received SDP-binding down status bits
received PW not forwarding status bits

Endpoint Y is operationally up if at least one of its objects is operationally up. It is down if all its objects are operationally down.

If a spoke SDP in endpoint Y, including the ICB spoke SDP, transitions locally to the down state, the node must send T-LDP SDP-binding down status bits on this spoke SDP.

If any or all of the following are true for a spoke SDP in endpoint Y, including the ICB spoke SDP, the node saves this status and takes no further action:

received T-LDP SAP down status bits
received T-LDP SDP-binding down status bits
received PW not forwarding status bits

The saved status is used for selecting the active transmit endpoint object.

If any or all of the following are true for all objects in endpoint Y, except the ICB spoke SDP, the node must send status bits of SDP-binding down over the X endpoint ICB spoke SDP only:

transitioned locally to the down state
received T-LDP SAP down status bits
received T-LDP SDP-binding down status bits
received PW not forwarding status bits

If any or all of the following are true for all objects in endpoint Y, the node must send status bits of SDP-binding down over the X endpoint ICB spoke SDP, and must send a SAP down notification on the X endpoint SAP by the SAP-specific OAM signal, if applicable:

transitioned locally to down state
received T-LDP SAP down status bits
received T-LDP SDP-binding down status bits
received PW not forwarding status bits

An Ethernet SAP does not support signaling status notifications.

VLL using G.8031 protected Ethernet tunnels

The use of MPLS tunnels provides the 7705 SAR Gen 2 a way to scale the core while offering fast failover times using MPLS FRR. In environments where Ethernet services are deployed using native Ethernet backbones, Ethernet tunnels are provided to achieve the same fast failover times as in the MPLS FRR case.

The Nokia VLL implementation offers the capability to use core Ethernet tunnels compliant with ITU-T G.8031 specification to achieve 50 ms resiliency for backbone failures. This is required to comply with the stringent SLAs provided by service providers. Epipe and Ipipe services are supported.

When using Ethernet tunnels, the Ethernet tunnel logical interface is created first. The Ethernet tunnel has member ports, which are the physical ports supporting the links. The Ethernet tunnel control SAPs carry G.8031 and 802.1ag control traffic and user data traffic. Ethernet service SAPs are configured on the Ethernet tunnel. Optionally, when tunnels follow the same paths, end-to-end services may be configured with fate shared Ethernet tunnel SAPs, which carry only user data traffic and share the fate of the Ethernet tunnel port (if correctly configured).

Ethernet tunnels provide a logical interface that VLL SAPs may use just as regular interfaces. The Ethernet tunnel provides resiliency by providing end-to-end tunnels. The tunnels are stitched together by VPLS or Epipe services at intermediate points. Epipes offer a more scalable option.

For further information, see the 7705 SAR Gen 2 Services Overview Guide.

MPLS EL and hash label

The router supports the MPLS entropy label (EL) (RFC 6790) and the Flow Aware Transport (FAT) label, known as the hash label (RFC 6391). These labels allow LSR nodes in a network to load-balance labeled packets in a more granular way than by hashing on the standard label stack. See the 7705 SAR Gen 2 MPLS Guide for more information.

The EL is supported for Epipe VLL services as well as BGP VPWS. To configure insertion of the EL on a spoke SDP of a specific service, use the entropy-label command in the spoke-sdp or pw-template context. The EL is only inserted if the far-end of the MPLS tunnel is also EL-capable.

The hash label is supported for Epipe VLL services. For TLDP based spoke SDPs, configure it using the following commands:

configure service epipe spoke-sdp hash-label

For BGP-VPWS spoke SDPs, configure it using the following command:

configure service pw-template hash-label

Optionally, the hash-label signal-capability command can be configured. If the user configures the hash-label command only, the hash label is sent (and it is expected to be received) in all the packets. However, if the hash-label signal-capability command is configured, the use of the hash label is signaled and only used in case the peer PE signals support for hash label in its TLDP signaling or BGP-VPLS route (RFC 8395).

Either the hash label or the EL can be configured on one object, but not both.

BGP VPWS

BGP Virtual Private Wire Service (VPWS) is a point-to-point Layer 2 VPN service based on RFC 6624 Layer 2 Virtual Private Networks using BGP for Auto-Discovery and Signaling, which in turn uses the BGP pseudowire signaling concepts described in RFC 4761, Virtual Private LAN Service Using BGP for Auto-Discovery and Signaling.

The BGP-signaled pseudowires created can use either automatic or preprovisioned SDPs over LDP- or BGP-signaled tunnels; the choice of tunnel depends on the tunnel's preference in the tunnel table, or over GRE. Preprovisioned SDPs must be configured when RSVP signaled transport tunnels are used.

The use of an automatically created GRE tunnel is enabled by creating the PW template used within the service with the parameter auto-gre-sdp. The GRE SDP and SDP binding are created after a matching BGP route is received.

Inter-AS model C and dual-homing are supported.

Single-homed BGP VPWS

A single-homed BGP VPWS service is implemented as an Epipe connecting a SAP or static GRE tunnel (a spoke-SDP using a GRE SDP configured with static MPLS labels) and a BGP signaled pseudowire, maintaining the Epipe properties such as no MAC learning. The MPLS pseudowire data plane uses a two-label stack; the inner label is derived from the BGP signaling and identifies the Epipe service while the outer label is the tunnel label of an LSP transporting the traffic between the two end systems.

The following figure shows how this service would be used to provide a virtual leased line service (VLL) across an MPLS network between sites A and B.

Dual-homed BGP VPWS

A BGP-VPWS service can benefit from dual-homing, as described in IETF Draft draft-ietf-bess-vpls-multihoming-01. When using dual-homing, two PEs connect to a site, with one PE being the designated forwarder (DF) for the site and the other blocking its connection to the site. On failure of the active PE, its pseudowire, or its connection to the site, the other PE becomes the DF and unblocks its connection to the site.

Single pseudowire example

A pseudowire is established between the DF of the dual-homed PEs and the remote PE. If a failure causes a change in the DF, the pseudowire is deleted and reestablished between the remote PE and the new DF. This topology requires that the VE IDs on the dual-homed PEs are set to the same value.

The following figure shows an example of a dual-homed, single pseudowire topology.

Figure 9. Dual-homed BGP VPWS with single pseudowire

An Epipe with BGP VPWS enabled is configured on each PE. Site A is dual-homed to PE1 and PE2 with the remote PE (PE3) connecting to site B. An Epipe service is configured on each PE in which there is a SAP connecting to the local site.

The pair of dual-homed PEs perform a DF election, which is influenced by BGP route selection, the site state, and configuration of the site-preference. A site is only eligible to be the DF if it is up (the site state is down if there is no pseudowire established or if the pseudowire is in an operationally down state). The winner, for example PE1, becomes the active switch for traffic sent to and from site A, while the loser blocks its connection to site A.

Pseudowires are signaled using BGP from PE1 and PE2 to PE3, but only from PE3 to the DF in the opposite direction (so only one bidirectional pseudowire is established). There is no pseudowire between PE1 and PE2; this is achieved by configuration.

Traffic is sent and received traffic on the pseudowire connected between PE3 and the DF, PE1.

If the site state is operationally down, both the D and Circuit Status Vector (CSV) bits (see the following for more details) are set in the BGP-VPWS update, which causes the remote PE to use the pseudowire to the new DF.

Active/standby pseudowire example

Pseudowires are established between the remote PE and each dual-homed PE. The remote PE can receive traffic on either pseudowire, but only sends on the one to the designated forwarder. This creates an active/standby pair of pseudowires. At most, one standby pseudowire is established; this being determined using the tie-breaking rules defined in the multihoming draft. This topology requires each PE to have a different VE ID.

The following figure shows an example of a dual-homed, active/standby pseudowires topology.

Figure 10. Dual-homed BGP VPWS with active/standby pseudowires

The pair of dual-homed PEs perform a designated forwarder election, which is influenced by configuring the site-preference value. The winner, PE1 (based on its higher site-preference value) becomes the active switch for traffic sent to and from site A, while the loser, PE2, blocks its connection to site A. Pseudowires are signaled using BGP between PE1 and PE3, and between PE2 and PE3. There is no pseudowire between PE1 and PE2; this is achieved by configuration. The active/standby pseudowires on PE3 are part of an endpoint automatically created in the Epipe service.

Traffic is sent and received on the pseudowire connected to the designated forwarder, PE1.

BGP VPWS pseudowire switching

Pseudowire switching is supported with a BGP VPWS service allowing the cross connection between a BGP VPWS signaled spoke-SDP and a static GRE tunnel, the latter being a spoke SDP configured with static MPLS labels using a GRE SDP. No other spoke SDP types are supported. Support is not included for BGP multihoming using an active and a standby pseudowire to a pair of remote PEs.

Operational state changes to the GRE tunnel are reflected in the state of the Epipe and propagated accordingly in the BGP VPWS spoke SDP status signaling, specifically using the BGP update D and CSV bits.

The following configuration is required:

The Epipe service must be created using the vc-switching parameter.
The GRE tunnel spoke SDP must be configured using a GRE SDP with signaling off and have the ingress and egress vc-labels statically configured.

Example: BGP VPWS service configured to allow pseudowire switching

configure
    service
        sdp 1 create
            signaling off
            far-end 192.168.1.1
            keep-alive
                shutdown
            exit
            no shutdown
        exit
        pw-template 1 create
        exit
        epipe 1 customer 1 vc-switching create
            description "BGP VPWS service"
            bgp
                route-distinguisher 65536:1
                route-target export target:65536:1 import target:65536:1
                pw-template-binding 1
                exit
            exit
            bgp-vpws
                ve-name "PE1"
                    ve-id 1
                exit
                remote-ve-name "PE2"
                    ve-id 2
                exit
                no shutdown
            exit
            spoke-sdp 1:1 create
                ingress
                    vc-label 1111
                exit
                egress
                    vc-label 1122
                exit
                no shutdown
            exit
            no shutdown
        exit

Pseudowire signaling

The BGP signaling mechanism used to establish the pseudowires is described in the BGP VPWS standards with the following differences:

As stated in Section 3 of RFC 6624, there are two modifications of messages when compared to RFC 4761:
- the Encaps Types supported in the associated extended community
- the addition of a circuit status vector sub-TLV at the end of the VPWS NLRI
The control flags and VPLS preference in the associated extended community are based on IETF Draft draft-ietf-bess-vpls-multihoming-01.

The following figure shows the format of the BGP VPWS update extended community.

Figure 11. BGP VPWS update extended community format

extended community type

This is the value allocated by IANA for this attribute is 0x800A.
encaps type

The encapsulation type identifies the type of pseudowire encapsulation. Ethernet VLAN (4) and Ethernet Raw mode (5), as described in RFC 4448, are the only values supported. If there is a mismatch between the Encaps Type signaled and the one received, the pseudowire is created but with the operationally down state.
control flags

This is control information concerning the pseudowires, see Control flags for more information.
Layer 2 MTU

This is the MTU to be used on the pseudowires. If the received Layer 2 MTU is zero, no MTU check is performed and the related pseudowire is established. If there is a mismatch between the local service-mtu and the received Layer 2 MTU, the pseudowire is created with the operationally down state and an MTU/Parameter mismatch indication.
VPLS preference

VPLS preference has a default value of zero for BGP-VPWS updates sent by the system, indicating that it is not in use. If the site-preference is configured, its value is used for the VPLS preference and is also used in the local designated forwarder election.

On receipt of a BGP VPWS update containing a non-zero value, it is used to determine to which system the pseudowire is established, as part of the VPWS update process tie-breaking rules. The BGP local preference of the BGP VPWS update sent by the system is set to the same value as the VPLS preference if the latter is non-zero, as required by the draft (as long as the D bit in the extended community is not set to 1). Consequently, attempts to change the BGP local preference when exporting a BGP VPWS update with a non-zero VPLS preference is ignored. This prevents the updates being treated as malformed by the receiver of the update.

For inter-AS, the preference information must be propagated between autonomous systems using the VPLS preference. Consequently, if the VPLS preference in a BGP-VPWS or BGP multihoming update is zero, the local preference is copied by the egress ASBR into the VPLS preference field before sending the update to the External Border Gateway Protocol (EBGP) peer. The adjacent ingress ASBR then copies the received VPLS preference into the local preference to prevent the update from being considered malformed.

The following figure shows the pseudowire control flags.

The following bits in the Control Flags are defined:

D: Access circuit down indicator from IETF Draft draft-kothari-l2vpn-auto-site-id-01. D is 1 if all access circuits are down, otherwise D is 0.
A: Automatic site ID allocation, which is not supported. This is ignored on receipt and set to 0 on sending.
F: MAC flush indicator. This is not supported because it relates to a VPLS service. This is set to 0 and ignored on receipt.
C: Presence of a control word. Control word usage is supported. When this is set to 1, packets are sent and are expected to be received with a control word. When this is set to 0, packets are sent and are expected to be received without a control word (by default).
S: Sequenced delivery. Sequenced delivery is not supported. This is set to 0 on sending (no sequenced delivery) and, if a non-zero value is received (indicating sequenced delivery required), the pseudowire is not created.

The BGP VPWS NLRI is based on that defined for BGP VPLS, but is extended with a circuit status vector, as shown in the following figure.

The VE ID value is configured within each BGP VPWS service, the label base is chosen by the system, and the VE block offset corresponds to the remote VE ID because a VE block size of 1 is always used.

The circuit status vector is encoded as a TLV, as shown in BGP VPWS NLRI TLV extension format and Circuit status vector TLV type.

Figure 14. BGP VPWS NLRI TLV extension format

Figure 15. Circuit status vector TLV type

The circuit status vector is used to indicate the status of both the SAP/GRE tunnel and the status of the spoke-SDP within the local service. Because the VE block size used is 1, the most significant bit in the circuit status vector TLV value is set to 1 if either the SAP/GRE tunnel or spoke-SDP is down, otherwise it is set to 0. On receiving a circuit status vector, only the most significant byte of the CSV is examined for designated forwarder selection purposes.

If a circuit status vector length field of greater than 32 is received, the update is ignored and not reflected to BGP neighbors. If the length field is greater than 800, a notification message is sent and the BGP session restarts. Also, BGP VPWS services support a single access circuit, so only the most significant bit of the CSV is examined on receipt.

A pseudowire is established when a BGP VPWS update is received that matches the service configuration, specifically the configured route targets and remote VE ID. If multiple matching updates are received, the system to which the pseudowire is established is determined by the tie-breaking rules, as described in IETF Draft draft-ietf-bess-vpls-multihoming-01.

Traffic is sent on the active pseudowire connected to the remote designated forwarder. Traffic can be received on either the active or standby pseudowire, although no traffic should be received on the standby pseudowire because the SAP/GRE tunnel on the non-designated forwarder should be blocked.

The adv-service-mtu command can be used to override the MTU value used in BGP signaling to the far-end of the pseudowire. This value is also used to validate the value signaled by the far-end PE unless ignore-l2vpn-mtu-mismatch is also configured.

If the ignore-l2vpn-mtu-mismatch command is configured, the router does not check the value of the "Layer 2 MTU" in the "Layer2 Info Extended Community" received in a BGP update message against the local service MTU, or against the MTU value signaled by this router. The router brings up the BGP VPLS service regardless of any MTU mismatch.

BGP-VPWS with inter-AS model C

BGP VPWS with inter-AS model C is supported both in a single-homed and dual-homed configuration.

When dual-homing is used, the dual-homed PEs must have different values configured for the site-preference (under the site within the Epipe service) to allow the PEs in a different AS to select the designated forwarder when all access circuits are up. The value configured for the site-preference is propagated between autonomous systems in the BGP VPWS and BGP multihoming update extended community VPLS preference field. The receiving ingress ASBR copies the VPLS preference value into local preference of the update to ensure that the VPLS preference and local preference are equal, which prevents the update from being considered malformed.

BGP VPWS configuration procedure

In addition to configuring the associated BGP and MPLS infrastructure, the provisioning of a BGP VPWS service requires:

configuring the BGP Route Distinguisher, Route Target

The updates are accepted into the service only if they contain the configured import route-target.
configuring a binding to the pseudowire template

The multiple pseudowire template bindings can be configured with their associated route-targets used to control which is applied.
configuring the SAP or static GRE tunnel
configuring the name of the local VE and its associate VE ID
configuring the name of the remote VE and its associated VE ID
for a dual-homed PE:
- enabling the site
- configuring the site with non-zero site-preference
for a remote PE, configuring up to two remote VE names and associated VE IDs
enabling BGP VPWS

Use of pseudowire template for BGP VPWS

The pseudowire template concept used for BGP AD is reused for BGP VPWS to dynamically instantiate pseudowires (SDP-bindings) and the related SDPs (provisioned or automatically instantiated).

The settings for the L2-Info extended community in the BGP update sent by the system are derived from the pw-template attributes. The following rules apply:

If multiple pw-template-bindings (with or without import-rt) are specified for the VPWS instance, the first (numerically lowest ID) pw-template entry is used.
Both Ethernet VLAN and Ethernet Raw Mode Encaps Types are supported; these are selected by configuring the vc-type in the pseudowire template to be either vlan or ether, respectively. The default is ether.
The same value must be used by the remote BGP VPWS instance to ensure that the related pseudowire comes up.
Layer 2 MTU is derived from the service VPLS service-mtu parameter.
The same value must be used by the remote BGP VPWS instance to ensure that the related pseudowire comes up.
Control Flag C can be 0 or 1, depending on the setting of the control-word parameter in the PW template 0.
Control Flag S is always 0.

On reception, the values of the parameters in the L2-Info extended community of the BGP update are compared with the settings from the corresponding pw-template. The following steps are used to determine the local pw-template:

The route-target values are matched to determine the pw-template. The binding configured with the first matching route target is chosen.
If a match is not found from the previous step, the lowest pw-template-binding (numerically) without any route-target configured is used.
If the values used for encap-type or Layer 2 MTU do not match, the pseudowire is created but with the operationally down state.
To interoperate with existing implementations, if the received MTU value = 0, the MTU negotiation does not take place; the related pseudowire is set up ignoring the MTU.
If the value of the S flag is not zero, the pseudowire is not created.

The following pseudowire template parameters are supported when applied within a BGP VPWS service; the remainder are ignored:

configure service pw-template policy-id [use-provisioned-sdp | 
       [prefer-provisioned-sdp] [auto-sdp]] [create] [name name]
   accounting-policy acct-policy-id 
   no accounting-policy
   [no] collect-stats
   [no] controlword
   egress 
      filter ipv6 ipv6-filter-id 
      filter ip ip-filter-id
      filter mac mac-filter-id
      no filter [ip ip-filter-id] [mac mac-filter-id] [ipv6 ipv6-filter-id]
      qos network-policy-id port-redirect-group queue-group-name instance instance
id
      no qos [network-policy-id] 
   [no] force-vlan-vc-forwarding
   hash-label [signal-capability] 
   no hash-label
   ingress 
      filter ipv6 ipv6-filter-id 
      filter ip ip-filter-id
      filter mac mac-filter-id
      no filter [ip ip-filter-id] [mac mac-filter-id] [ipv6 ipv6-filter-id]
      qos network-policy-id fp-redirect-group queue-group-name instance instance-id 
      no qos [network-policy-id]
   [no] sdp-exclude
   [no] sdp-include
   vc-type {ether | vlan}
   vlan-vc-tag vlan-id
   no vlan-vc-tag

For more information about this command, see the 7705 SAR Gen 2 Services Overview Guide.

The use-provisioned-sdp option is permitted when creating the pseudowire template if a preprovisioned SDP is to be used. Preprovisioned SDPs must be configured whenever RSVP-signaled transport tunnels are used.

When the prefer-provisioned-sdp option is specified, if the system finds an existing matching SDP that conforms to any restrictions defined in the pseudowire template (for example, sdp-include or sdp-exclude group), it uses this matching SDP (even if the existing SDP is operationally down); otherwise, it automatically creates an SDP.

When the auto-gre-sdp option is specified, a GRE SDP is automatically created.

The tools perform command can be used in the same way as for BGP-AD to apply changes to the pseudowire template using the following format:

tools perform service [id service-id] eval-pw-template policy-id [allow-service-impact]

If a user configures a service using a pseudowire template with the prefer-provisioned-sdp option, but without provisioning an applicable SDP, and the system binds to an automatic SDP, and the user subsequently provisions an appropriate SDP, the system does not automatically switch to the new provisioned SDP. This only occurs if the pseudowire template is reevaluated using the tools perform service id service-id eval-pw-template command.

Use of endpoint for BGP VPWS

An endpoint is required on a remote PE connecting to two dual-homed PEs to associate the active/standby pseudowires with the Epipe service. An endpoint is automatically created within the Epipe service such that active/standby pseudowires are associated with that endpoint. The creation of the endpoint occurs when bgp-vpws is enabled (and deleted when it is disabled) and so exists in both a single- and dual-homed scenario. This simplifies converting a single-homed service to a dual-homed service. The naming convention used is _tmnx_BgpVpws-x, where x is the service identifier. The automatically created endpoint has the default parameter values, although all are ignored in a BGP-VPWS service with the description field being defined by the system.

The following command does not have any effect on an automatically created VPWS endpoint:

tools perform service id <service-id> endpoint <endpoint-name> force-switchover

VLL service considerations

This section describes the general service features and any special capabilities or considerations as they relate to VLL services.

SDPs

The most basic SDPs must include the following:

a locally unique SDP identification (ID) number
the system IP address of the originating and far-end routers
an SDP encapsulation type, either GRE or MPLS

SDP statistics for VPLS and VLL services

The three-node network in SDP statistics for VPLS and VLL services shows two MPLS SDPs and one GRE SDP defined between the nodes. These SDPs connect VPLS1 and VPLS2 instances that are defined in the three nodes. With this feature, the operator has local CLI-based and SNMP-based statistics collection for each VC used in the SDPs. This allows for traffic management of tunnel usage by the different services and with aggregation the total tunnel usage.

SAP encapsulations and pseudowire types

The section describes encapsulations and PW types for VLL services.

Epipe

The Epipe service is designed to carry Ethernet frame payloads, so it can provide connectivity between any two SAPs that pass Ethernet frames.

The following SAP encapsulations are supported on the Epipe service:

Ethernet null
Ethernet dot1q
QinQ

While different encapsulation types can be used, encapsulation mismatch can occur if the encapsulation behavior is not understood by connecting devices, which are unable to send and receive the expected traffic. For example, if the encapsulation type on one side of the Epipe is dot1q and the other is null, tagged traffic received on the null SAP is double-tagged when it is transmitted out of the dot1q SAP.

One pseudowire encapsulation mode, that is, SDP vc-type, is available: PWE3 N-to-1 Cell Mode Encapsulation.

Cpipe

Cpipe service supports CESoPSN encapsulation over MPLS or GRE tunnels to connect to the far-end circuit. Cpipes support SAP-to-SAP and SAP-to-spoke SDP binding with a default service MTU of 1514 bytes.

The supported PW service types are 0x0015 (CESoPSN basic mode), and 0x0017 (CESoPSN TDM with CAS).

QoS policies

When applied to Epipe services, service ingress QoS policies only create the unicast queues defined in the policy. The multipoint queues are not created on the service.

With Epipe services, egress QoS policies function as with other services where the class-based queues are created as defined in the policy. Both Layer 2 or Layer 3 criteria can be used in the QoS policies for traffic classification in a service.

Filter policies

Epipe and Ipipe services can have a single filter policy associated on both ingress and egress. Both MAC and IP filter policies can be used on Epipe services.

MAC resources

Epipe services are point-to-point Layer 2 VPNs capable of carrying any Ethernet payloads. Although an Epipe is a Layer 2 service, the 7705 SAR Gen 2 Epipe implementation does not perform any MAC learning on the service, so Epipe services do not consume any MAC hardware resources.

Pseudowire control word

The PW control word (CW) is a 32-bit field that is inserted between the VC label and the Layer 2 frame. The presence of the control word is indicated by the C bit of the FEC element used in LDP signaling. The PW control word is described in RFC 4385.

The PW control word is supported for all implemented PW types:

Epipes (Ethernet VLLs)
Cpipes (TDM VLLs in CESoPSN circulation emulation mode)

For Epipes (except MEF 8 services), the control word is optional. If it is enabled, it will be set to all zeros and ignored on egress.

For Cpipes and Epipe MEF 8 services, the control word is mandatory and cannot be configured.

When the packet length is less than 64 bytes (that is, the length of the Layer 2 payload plus the length of the control word), the length field in the control word is set to the length of the packet. Otherwise, the length field is set to 0. The CE-bound PE uses the length field in the control word to determine the size of padding added by the PSN, so that the PE can extract the PW payload from the PW packet. If the control word is not set for packets less than 64 bytes, the PE cannot determine the original packet length and forwards the payload, including the padding bits. When the CE receives the padded packet, the packet is dropped.

The following points describe the behavior of the 7705 SAR Gen 2 when it receives a Label Mapping message for a PW. It is assumed that no Label Mapping message for the PW has been sent to the next PW router yet. The 7705 SAR Gen 2 operating system performs the following:

If the received Label Mapping message has C = 0 (where C refers to the C bit of the FEC element), a Label Mapping message with C = 0 is sent forward to the next router (or hop). In this case, the control word is not used.
If the received Label Mapping message has C = 1 and the PW is locally configured such that the use of the control word is mandatory, the 7705 SAR Gen 2 sends a Label Mapping message with C = 1. In this case, the control word is used.
Note: : CESoPSN (Cpipes) and Epipe MEF 8 services always require the control word.
If the received Label Mapping message has C = 1 and the PW is locally configured such that the use of the control word is not supported, the 7705 SAR Gen 2 sends a new Label Mapping message in which the C bit is set to correspond to the locally configured preference for use of the control word (that is, C = 0).

Pseudowire redundancy

Pseudowire (PW) redundancy protects a PW and any services on the PW against endpoint failures. This differs from LSP redundancy and FRR, which offer protection against link and node failures within the backhaul network.

As shown in Pseudowire redundancy, to provide redundant PWs, the 7705 SAR Gen 2 must signal PWs to two endpoints at the MTSO (7x50-1 and 7x50-2), which is done using two spoke SDPs on the 7705 SAR Gen 2. This configuration removes any single point of failure from a particular network. If 7x50-1 loses all of its connectivity to the network or to the RNC, the 7705 SAR Gen 2 can reroute the PW traffic to 7x50-2, which switches traffic to the RNC.

For end-to-end protection, PW redundancy is supported in the following scenarios:

PW redundancy with multichassis LAG (MC-LAG)
PW redundancy with VPLS or PW switching (for Epipes)

PW redundancy applies to all VLL services available on the 7705 SAR Gen 2: Cpipe and Epipe.

PW redundancy operation

PW redundancy on the 7705 SAR Gen 2 is similar to a point-to-multipoint implementation for PWs (in the ingress to the egress direction). A single SAP can be bound to more than one spoke SDP, and traffic from multiple spoke SDPs can all be switched to the same SAP. To implement PW redundancy, a PW service on the 7705 SAR Gen 2 must be able to accommodate more than one spoke SDP on the spoke SDP side. This is achieved using the concept of endpoints.

An endpoint can be thought of as a container for a single SAP, a single spoke SDP, or multiple spoke SDPs. The following figure shows the model for a redundant VLL service based on the endpoints. Endpoints are implicit or explicit objects.

Figure 18. Implicit and explicit endpoint objects

Implicit endpoints are transparent to the user and are not user-configurable. As shown in the preceding figure, implicit endpoints (a) indicate that one endpoint is a SAP and the other is a spoke SDP. Endpoints are considered implicit if the endpoint command is not used in the following context, where xpipe refers to any of the VLL services.

configure service xpipe spoke-sdp

Explicit endpoints are user-configurable and apply when multiple spoke SDPs are present. As shown in Implicit and explicit endpoint objects, explicit endpoints (b) mean that there can be multiple spoke SDPs associated with the endpoint. An explicitly endpoint created can have up to four spoke SDPs associated with it. The explicit endpoint method is used for PW redundancy.

The 7705 SAR supports the following types of endpoint objects:

SAP

There can be only one SAP per PW endpoint (Endpoint X in Implicit and explicit endpoint objects)
spoke SDP

From the perspective of a 7705 SAR, if there is only one SDP endpoint, then it is a spoke SDP endpoint, and it is implicitly defined. In other words, there can be only one implicitly defined spoke SDP per PW endpoint (Endpoint Y in Implicit and explicit endpoint objects).
primary spoke SDP

There can be only one explicitly defined primary spoke SDP per PW endpoint (one of the spoke SDPs at Endpoint Z in Implicit and explicit endpoint objects). If a primary spoke SDP is defined, there can be up to three secondary spoke SDPs per endpoint, and the service can be revertive.
secondary spoke SDP

There can be up to four explicitly defined secondary spoke SDPs per endpoint if no primary spoke SDP is defined; otherwise, there can be up to three. Secondary spoke SDPs are assigned a precedence value that is used by the 7705 SAR to determine which secondary PW becomes active when the currently active PW fails (see Selecting the active spoke SDP for PW redundancy configuration).

Multiple spoke SDPs can be established between a 7705 SAR Gen 2 and any 7750 SR platform. For example, multiple spoke SDPs on a 7705 SAR Gen 2 can connect to a 7750 SR. In this case, the 7750 SR must be configured to use multichassis backup in conjunction with multi-segment PWs; that is, the 7750 SR nodes at the far end must support multi-chassis redundancy.

A PW service endpoint can only use a single active spoke SDP for transmission at any specific time. A PW SAP can receive traffic from any of the endpoint spoke SDPs assigned to the service.

7705 SAR Gen 2 nodes support user-initiated manual switchover of the VLL path to the primary path or any of the secondary paths using the force-switchover command in the following context. A manual switchover is useful during planned outages such as node upgrade procedures.

tools perform service-id

Selecting the active spoke SDP for PW redundancy configuration

There are two main scenarios for configuring PW redundancy. One scenario uses a primary spoke SDP and provides revertive behavior. The other scenario uses only secondary spoke SDPs for non-revertive behavior.

Primary and secondary spoke SDPs

If a primary spoke SDP is defined, up to three secondary spoke SDPs can also be defined. The VLL service always uses the primary endpoint PW and only switches to a secondary PW when the primary PW is down. The PW service switches the path back to the primary PW when the primary PW is back up. The user can configure a timer to delay reverting to the primary path, or to never revert to it. When the primary PW goes down, the 7705 SAR Gen 2 selects the secondary spoke SDP that is operationally up and has the highest precedence setting.

Secondary spoke SDPs only

If a primary spoke SDP is not defined, up to four secondary spoke SDPs can be defined. The user can configure the precedence of each secondary PW to indicate the order in which they are activated. The secondary PW with the highest precedence is selected first. If two or more secondary spoke SDPs are assigned the same precedence, the 7705 SAR Gen 2 selects the secondary path that is operationally up and has the lowest spoke SDP identifier. There is no revertive behavior between secondary paths, which means that a secondary path will not switch to another secondary path of higher precedence if one becomes available.

The use of four secondary spoke SDPs is shown in the following figure, where:

spoke SDP-1 goes over S-PE-1 to T-PE1 (S-PE is a switching PE and T-PE is a terminating PE)
spoke SDP-2 goes over S-PE-1 to T-PE2
spoke SDP-3 goes over S-PE-2 to T-PE1
spoke SDP-4 goes over S-PE-2 to T-PE2

Figure 19. Pseudowire redundancy with four spoke SDPs

Active/standby mode for PW redundancy (standby signaling)

Pseudowire redundancy, as described in the previous section, operates in active/active mode. That is, the primary pseudowire is up and ready to transmit and receive traffic, and the secondary pseudowire is up and ready to receive traffic. In the following figure, if both pseudowires were active, this mode of operation would offer seamless redundancy in most cases. However, this mode could also potentially stress the IGP; for example, in active/active mode, the number of advertised routes is greater than in active/standby mode. Another example is the duplication of Ethernet control frames to the 7705 SAR Gen 2 from a VPLS or VPRN service on an 7750 SR node through both primary and secondary VLLs.

Figure 20. Active/standby mode for redundant pseudowires

Active/standby mode, also called standby signaling, is introduced to address these issues. Standby signaling is supported on all VLLs: Cpipes and Epipes

Standby signaling has two components: standby-signaling master and standby-signaling slave.

Note: Standby-signaling-master and standby-signaling slave cannot be enabled at the same time on the same endpoint.

PW status signaling label withdrawal option

7705 SAR Gen 2 supports PW status signaling or label withdrawal for signaling PW status.

Signaling PW status based on label withdrawal requires the PW label to be released. In contrast, PW status signaling can mark the PW as unusable based on local-end and far-end status, and on status messages exchanged between endpoints.

As indicated in RFC 4447, Pseudowire Setup and Maintenance Using the Label Distribution Protocol, PW status signaling is the preferred method for exchanging state information between two endpoints and should be used as long as both endpoints support it.

However, the PW label withdrawal method for exchanging PW status can be configured even if the far end supports PW status signaling and the PW status TLV for designating the operational (forwarding) state of a PW.

This configuration option allows the PEs at both ends of the spoke SDP to use PW label withdrawal instead of the PW status TLV. This is necessary when a 7705 SAR Gen 2 must interoperate with PEs that do not support the PW forwarding standby bit or when multiple remote PEs are connected to an r-VPLS instance via spoke-SDP termination.

Interoperation with PEs that do not support the PW forwarding standby bit

Not all PEs support the PW forwarding standby bit as part of PW status signaling. If standby-signaling-master is enabled on the 7705 SAR Gen 2, it signals standby on all but one of the PWs and blocks the transmit direction for all standby PWs. However, if a PE does not support processing of that bit, it does not block its end of the PW and forwards traffic to that PW. As a result, traffic received on a standby PW at the 7705 SAR Gen 2 end is forwarded to the associated SAP. Master-slave PW redundancy prevents this from occurring only if all of the PEs support PW active/standby mode in a master-slave configuration and block their transmit directions for the standby PW. Previously, the 7705 SAR Gen 2 only used the PW label withdrawal method if a PE did not support the PW status signaling bit.

To allow PW redundancy on the 7705 SAR Gen 2 to interoperate with third-party PEs that do not support the PW forwarding standby bit, an option to disable PW status signaling is provided. This option ensures that forwarding on a standby PW is bidirectionally blocked to prevent PWs in standby mode from transmitting traffic via label withdrawal.

Multiple remote PEs connected to an r-VPLS instance via spoke-SDP termination

When multiple remote PEs are hooked up to an r-VPLS instance via spoke-SDP termination, label withdrawal can be used to control the operational status of the associated IP interface at the r-VPLS. If all of the spoke SDPs of an r-VPLS enter the forwarding standby state, the spoke SDP is locally blocked if the no ignore-standby-signaling option is configured. In its default mode of operation, the 7705 SAR Gen 2 automatically negotiates the use of PW status signaling on the spoke SDP. This means that a standby spoke SDP will not go operationally down at the endpoint. As a result, there is no change in the operational status of the VPLS to which the spoke SDPs are bound, and consequently, no change to the operational status of the r-VPLS or the IP interface.

The ability to disable PW status signaling allows configuring the use of PW label withdrawal on a node instead of allowing the automatic negotiation of PW status signaling. When pseudowire status signaling is disabled, a 7705 SAR Gen 2 does not include the PW status TLV in the initial label mapping message of the pseudowire that is used for a spoke SDP. This forces both 7705 SAR Gen 2 nodes to use the pseudowire label withdrawal method for exchanging pseudowire status. When the remote endpoint determines that a specific PW should be in standby mode, it withdraws the PW label. This causes VPLS to go operationally down if the label is withdrawn for all PWs on a VPLS. The IP interface associated with r-VPLS goes down as a result.

PW redundancy on serial data interface ports

PW redundancy is only supported on serial data interface ports when there is a Cpipe on a standby-signaling master with a single SAP and an endpoint with up to two spoke SDPs. The far-end slaves (standby-signaling slaves) each have a single SAP and a single spoke SDP back to the master.

Subrate speeds (< 64 kb/s) on RS-232 ports are supported using Hardware Control Mode (HCM). HCM cannot determine signal quality until a circuit is established (that is, both endpoints of the circuit are connected). Therefore, when standby-signaling-slave is enabled on subrate circuits, HCM framing is always down on the inactive slave. The normal behavior is for the slave to send the port status to the master using the PW status bit, indicating local attachment circuit (LAC) Tx/Rx faults. Because the slave cannot clear these faults, this prevents the master from switching back to the primary PW as soon as possible (PW redundancy reversion).

To enable PW redundancy reversion in this case, sending LAC Tx/Rx fault messages from the slaves to the master is suppressed on RS-232 ports configured for subrate speeds. The master is therefore unaware that the far-end port is down because HCM is down, and will switch back to the primary PW as soon as other types of alarms are cleared.

These limitations apply to 8-port RS-232 and C37.94 Combination MDA.

Configuring a VLL service using CLI

This section provides information to configure VLL services using the CLI.

Common configuration tasks

This section provides a brief overview of the tasks that must be performed to configure VLL services and the associated CLI commands.

Associate the service with a customer ID.
Define SAP parameters.
- Optional - select egress and ingress QoS or scheduler policies, or both (configured in the config>qos context).
- Optional - select accounting policy (configured in the config>log context)
Define spoke-SDP parameters.
Enable the service.

Configuring VLL components

This section provides VLL configuration examples for the VLL services.

Creating an Epipe service

Use the following CLI syntax to create an Epipe service.

CLI syntax:


config>service# epipe service-id [customer customer-id] [vpn vpn-id] [vc-switching]
description description-string
no shutdown

The following example shows an Epipe configuration:

A:ALA-1>config>service# info
-------------------------------------------
...
        epipe 500 customer 5 vpn 500 create
            description "Local epipe service"
            no shutdown
        exit
-------------------------------------------
A:ALA-1>config>service#

Configuring Epipe SAP parameters

A default QoS policy is applied to each ingress and egress SAP. Additional QoS policies can be configured in the config>qos context. Filter policies are configured in the config>filter context and explicitly applied to a SAP. There are no default filter policies.

Use the following CLI syntax to create:

CLI syntax:

config>service# epipe service-id [customer customer-id]
    — sap sap-id [endpoint endpoint-name]
    — sap sap-id [no-endpoint]
        — accounting-policy policy-id
        — collect-stats
        — description description-string
        — no shutdown
        — egress
            — filter {ip ip-filter-name | mac mac-filter-name}
            — qos sap-egress-policy-id
            — scheduler-policy scheduler-policy-name
        — ingress
            — filter {ip ip-filter-name | mac mac-filter-name}
            — match-qinq-dot1p {top | bottom}
            — qos policy-id [shared-queuing]
            — scheduler-policy scheduler-policy-name

Local Epipe SAPs

To configure a basic local Epipe service, enter the sap sap-id command twice with different port IDs in the same service configuration.

By default, QoS policy ID 1 is applied to ingress and egress service SAPs. Existing filter policies or other existing QoS policies can be associated with service SAPs on ingress and egress ports. Supported SAP types shows supported SAP types.

Table 8. Supported SAP types
Uplink type	Svc SAP type	Cust. VID	Access SAPs	Network SAPs
L2	Null-star	—	Null, dot1q *	Q.*
L2	Dot1q	—	Dot1q	Q.*
L2	Dot1q-preserve	—	Dot1q (encap = X)	Q1.Q2 (where Q2 = X)

An existing scheduler policy can be applied to ingress and egress SAPs to be used by the SAP queues and, at egress only, policers. The schedulers comprising the policy are created when the scheduler policy is applied to the SAP. If any policers or orphaned queues (with a non-existent local scheduler defined) exist on a SAP and the policy application creates the required scheduler, the status on the queue becomes non-orphaned at this time.

Ingress and egress SAP parameters can be applied to local and distributed Epipe service SAPs.

The following example shows the SAP configurations for local Epipe service 500 on SAP 1/1/2 and SAP 1/1/3 on ALA-1:

A:ALA-1>config>service# epipe 500 customer 5 create
    config>service>epipe$ description "Local epipe service"
    config>service>epipe# sap 1/1/2:0 create
    config>service>epipe>sap? ingress
    config>service>epipe>sap>ingress# qos 20
    config>service>epipe>sap>ingress# filter ip 1
    config>service>epipe>sap>ingress# exit
    config>service>epipe>sap# egress
    config>service>epipe>sap>egress# qos 20
    config>service>epipe>sap>egress# scheduler-policy test1
    config>service>epipe>sap>egress# exit
    config>service>epipe>sap# no shutdown
    config>service>epipe>sap# exit

    config>service>epipe# sap 1/1/3:0 create
    config>service>epipe>sap# ingress
    config>service>epipe>sap>ingress# qos 555
    config>service>epipe>sap>ingress# filter ip 1
    config>service>epipe>sap>ingress# exit
    config>service>epipe>sap# egress
    config>service>epipe>sap>egress# qos 627
    config>service>epipe>sap>egress# scheduler-policy alpha
    config>service>epipe>sap>egress# exit
    config>service>epipe>sap# no shutdown
    config>service>epipe>sap# exit

The following example shows the local Epipe configuration:

A:ALA-1>config>service# info
----------------------------------------------
...
        epipe 500 customer 5 vpn 500 create
            description "Local epipe service"
            sap 1/1/2:0 create
                ingress
                    qos 20
                    filter ip 1
                exit
                egress
                    scheduler-policy "test1"
                    qos 20
                exit
            exit
            sap 1/1/3:0 create
                ingress
                    qos 555
                    filter ip 1
                exit
                egress
                    scheduler-policy "alpha"
                    qos 627
                exit
            exit
            no shutdown
        exit
----------------------------------------------
A:ALA-1>config>service#

Distributed Epipe SAPs

To configure a distributed Epipe service, you must configure service entities on the originating and far-end nodes. You should use the same service ID on both ends (for example, Epipe 5500 on ALA-1 and Epipe 5500 on ALA-2). The spoke-sdp sdp-id:vc-id must match on both sides. A distributed Epipe consists of two SAPs on different nodes.

By default, QoS policy ID 1 is applied to ingress and egress service SAPs. Existing filter policies or other existing QoS policies can be associated with service SAPs on ingress and egress.

Ingress and egress SAP parameters can be applied to local and distributed Epipe service SAPs.

For SDP configuration information, see the 7705 SAR Gen 2 Services Overview Guide. For SDP binding information, see Configuring SDP bindings.

The following example shows a configuration of a distributed service between ALA-1 and ALA-2:

A:ALA-1>epipe 5500 customer 5 create
    config>service>epipe$ description "Distributed epipe service to east coast"
    config>service>epipe# sap 221/1/3:21 create 
    config>service>epipe>sap# ingress
    config>service>epipe>sap>ingress# qos 555
    config>service>epipe>sap>ingress# filter ip 1
    config>service>epipe>sap>ingress# exit
    config>service>epipe>sap# egress
    config>service>epipe>sap>egress# qos 627
    config>service>epipe>sap>egress# scheduler-policy alpha
    config>service>epipe>sap>egress# exit
    config>service>epipe>sap# no shutdown
    config>service>epipe>sap# exit
    config>service>epipe#

A:ALA-2>config>service# epipe 5500 customer 5 create
    config>service>epipe$ description "Distributed epipe service to west coast"
    config>service>epipe# sap 441/1/4:550 create
    config>service>epipe>sap# ingress
    config>service>epipe>sap>ingress# qos 654
    config>service>epipe>sap>ingress# filter ip 1020
    config>service>epipe>sap>ingress# exit
    config>service>epipe>sap# egress
    config>service>epipe>sap>egress# qos 432
    config>service>epipe>sap>egress# filter ip 6
    config>service>epipe>sap>egress# scheduler-policy test1
    config>service>epipe>sap>egress# exit
    config>service>epipe>sap# no shutdown
    config>service>epipe#

The following example shows the SAP configurations for ALA-1 and ALA-2:

A:ALA-1>config>service# info
----------------------------------------------
...
        epipe 5500 customer 5 vpn 5500 create
            description "Distributed epipe service to east coast"
            sap 221/1/3:21 create
                ingress
                    qos 555
                    filter ip 1
                exit
                egress
                    scheduler-policy "alpha"
                    qos 627
                exit
            exit
        exit
...
----------------------------------------------
A:ALA-1>config>service#


A:ALA-2>config>service# info
----------------------------------------------
...
        epipe 5500 customer 5 vpn 5500 create
            description "Distributed epipe service to west coast"
            sap 441/1/4:550 create
                ingress
                    qos 654
                    filter ip 1020
                exit
                egress
                    scheduler-policy "test1"
                    qos 432
                    filter ip 6
                exit
            exit
        exit
...
----------------------------------------------
A:ALA-2>config>service#

Configuring ingress and egress SAP parameters

By default, QoS policy ID 1 is applied to ingress and egress service SAPs. Existing filter policies or other existing QoS policies can be associated with service SAPs on ingress and egress ports.

Ingress and egress SAP parameters can be applied to local and distributed Epipe service SAPs.

The following example shows the SAP ingress and egress parameters:

ALA-1>config>service# epipe 5500
    config>service>epipe# sap 2/1/3:21
    config>service>epipe>sap# ingress
    config>service>epipe>sap>ingress# qos 555
    config>service>epipe>sap>ingress# filter ip 1
    config>service>epipe>sap>ingress# exit
    config>service>epipe>sap# egress
    config>service>epipe>sap>egress# qos 627
    config>service>epipe>sap>egress# scheduler-policy alpha
    config>service>epipe>sap>egress# exit
    config>service>epipe>sap#

The following example shows the Epipe SAP ingress and egress configuration:

A:ALA-1>config>service#
----------------------------------------------
...
        epipe 5500 customer 5 vpn 5500 create
            description "Distributed epipe service to east coast"
            sap 2/1/3:21 create
                ingress
                    qos 555
                    filter ip 1
                exit
                egress
                    scheduler-policy "alpha"
                    qos 627
                exit
            exit
            spoke-sdp 2:123 create
                ingress
                    vc-label 6600
                exit
                egress
                    vc-label 5500
                exit
            exit
            no shutdown
        exit
----------------------------------------------
A:ALA-1>config>service#

Configuring SDP bindings

VPLS provides scaling and operational advantages. A hierarchical configuration eliminates the need for a full mesh of VCs between participating devices. Hierarchy is achieved by enhancing the base VPLS core mesh of VCs with access VCs (spoke) to form two tiers. Spoke SDPs are generally created between Layer 2 switches and placed at the MTU. The PE routers are placed at the service provider's Point of Presence (POP). Signaling and replication overhead on all devices is considerably reduced.

A spoke SDP is treated like the equivalent of a traditional bridge port where flooded traffic received on the spoke SDP is replicated on all other ‟ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received (unless a split horizon group was defined on the spoke SDP; see section Configuring VPLS spoke SDPs with split horizon).

A spoke SDP connects a VPLS service between two sites and, in its simplest form, could be a single tunnel LSP. A set of ingress and egress VC labels are exchanged for each VPLS service instance to be transported over this LSP. The PE routers at each end treat this as a virtual spoke connection for the VPLS service in the same way as the PE-MTU connections. This architecture minimizes the signaling overhead and avoids a full mesh of VCs and LSPs between the two metro networks.

A mesh SDP bound to a service is logically treated like a single bridge ‟port” for flooded traffic where flooded traffic received on any mesh SDP on the service is replicated to other ‟ports” (spoke SDPs and SAPs) and not transmitted on any mesh SDPs.

A VC-ID can be specified with the SDP-ID. The VC-ID is used instead of a label to identify a virtual circuit. The VC-ID is significant between peer SRs on the same hierarchical level. The value of a VC-ID is conceptually independent from the value of the label or any other datalink-specific information of the VC.

SDPs — unidirectional tunnels shows an example of a distributed VPLS service configuration of spoke and mesh SDPs (unidirectional tunnels) between routers and MTUs.

Creating a Cpipe service

This section describes how to create a Cpipe service.

Use the commands in the following context to create a Cpipe service. When creating a Cpipe, the user must specify the vc-type.

configure service cpipe

The following example shows the Cpipe service creation output for PE Router 1 (node-2).

A:node-2>config>service# info
-------------------------------------
...
     cpipe 234 customer 123 vc-type cesopsn create
            description "cpipe test"
            service-mtu 1400
            no shutdown
        exit
...
-------------------------------------
A:node-2>config>service#

Configuring Cpipe SAP parameters

Use the commands in the following context to configure Cpipe SAP parameters. For ingress and egress configuration information, see Configuring ingress and egress SAP parameters.

configure service cpipe sap

The following example shows the Cpipe SAP configuration output for PE Router 1 (node-2).

A:node-2config>service# info
-------------------------------------
...
        cpipe 5 name "5" customer 1 vc-type cesopsn create
            description "cpipe test"
            service-mtu 1400
            sap 1/1/1.1 create
                no shutdown
            exit
            no shutdown
        exit
...
-------------------------------------

To configure a basic local Cpipe service (SAP-to-SAP), enter the sap sap-id command twice with different port IDs in the same service configuration.

The following example shows a TDM SAP-to-SAP configuration:

A:node-2config>service# info
-------------------------------------
...
        cpipe 5 name "5" customer 1 vc-type cesopsn create
            description "TDM sap2sap"
            service-mtu 1400
            sap 1/1/1.1 create
                no shutdown
            exit
            sap 1/1/2.1 create
                no shutdown
            exit
            no shutdown
        exit
...
-------------------------------------

Configuring Cpipe SDP bindings

Use the commands in the following context to create a spoke SDP binding with a Cpipe service. For SDP configuration information, see 7705 SAR Gen 2 Services Overview Guide

configure service cpipe spoke-sdp

The following example shows the Cpipe spoke SDP configuration output for PE Router 1 (node-2).

A:node-2>config>service# info
-------------------------------------
...
        cpipe 8 customer 1 vc-type cesopsn create
            description "cpipe test"
            sap 1/1/3.1 create
                no shutdown
            exit
            spoke-sdp 1:8 create
                no shutdown
            exit
            no shutdown
        exit
...
-------------------------------------
A:node-2>config>service#

Using spoke SDP control words

The control-word command provides the option to add a control word as part of the packet encapsulation for PW types for which the control word is optional. It can be enabled for Ethernet PW (Epipe). The control word may be needed because, when ECMP is enabled on the network, packets of a specific PW may be spread over multiple ECMP paths if the hashing router mistakes the PW packet payload for an IPv4 or IPv6 packet. This occurs when the first nibble following the service label corresponds to a value of 4 or 6.

The control word negotiation procedures described in Section 6.2 of RFC 4447 are not supported and, therefore, the service comes up only if the same C-bit value is signaled in both directions. If a spoke-SDP is configured to use the control word, but the node receives a label mapping message with a C-bit clear, the node releases the label with an ‟Illegal C-bit” status code per Section 6.1 of RFC 4447. As soon as the user enables control of the remote peer, the remote peer withdraws its original label and sends a label mapping with the C-bit set to 1 and the VLL service is up in both nodes.

When the control word is enabled, VCCV packets also include the VCCV control word. In that case, the VCCV CC type 1 (OAM CW) is signaled in the VCCV parameter in the FEC. If the control word is disabled on the spoke-SDP, the Router Alert label is used. In that case, VCCV CC type 2 is signaled. For a multisegment pseudowire (MS-PW), the CC type 1 is the only type supported; therefore, the control word must be enabled on the spoke SDP to be able to use VCCV-ping and VCCV-trace.

The following example shows a spoke SDP control word configuration.

-Dut-B>config>service>epipe# info
----------------------------------------------
    description "Default epipe description for service id 2100"
    sap 1/2/7:4 create
        description "Default sap description for service id 2100"
    exit
    spoke-sdp 1:2001 create
        control-word
    exit
    no shutdown
----------------------------------------------
*A:ALA-Dut-B>config>service>epipe#
To disable the control word on spoke-sdp 1:2001:
*A:ALA-Dut-B>config>service>epipe# info
----------------------------------------------
    description "Default epipe description for service id 2100"
    sap 1/2/7:4 create
        description "Default sap description for service id 2100"
    exit
    spoke-sdp 1:2001 create
    exit
    no shutdown
----------------------------------------------
*A:ALA-Dut-B>config>service>epipe#

Same-fate Epipe VLANs access protection

The following example shows a G.8031 Ethernet tunnel for Epipe protection configuration using same-fate SAPs for each Epipe access (two Ethernet member ports 1/1/1 and 2/1/1/1 are used):

*A:node-2>config>eth-tunnel 1
----------------------------------------------
        description "Protection is APS"
        protection-type 8031_1to1
        ethernet
            mac 00:11:11:11:11:12
            encap-type dot1q
        exit
        ccm-hold-time down 5 up 10 // 50 ms down, 1 second up
        path 1
            member 1/1/1
            control-tag 5 // primary control vlan 5
            precedence primary
            eth-cfm
                mep 2 domain 1 association 1
                    ccm-enable
                    control-mep
                    no shutdown
                exit
            exit
            no shutdown
        exit
        path 2
            member 2/1/1
            control-tag 105 //secondary control vlan 105
            eth-cfm
                mep 2 domain 1 association 2
                    ccm-enable
                    control-mep
                    no shutdown
                exit
            exit
            no shutdown
        exit
        no shutdown
--------------------------------------------------
# Configure Ethernet tunnel SAPs 
--------------------------------------------------
*A:node-2>config>service epipe 10 customer 5 create
        sap eth-tunnel-1 create // Uses control tags from the Ethernet tunnel port
            description "g8031-protected access ctl/data SAP for eth-tunnel 1"

        exit
        no shutdown 
----------------------------------------------
*A:node-2>config>service epipe 11 customer 5 create
    sap eth-tunnel-1:1 create
        description "g8031-protected access same-fate SAP for eth-tunnel 1"

        // must specify tags for each corresponding path in Ethernet tunnel port 
        eth-tunnel path 1 tag 6
        eth-tunnel path 2 tag 106
    exit
    …
----------------------------------------------
*A:node-2>config>service epipe 10 customer 5 create
    sap eth-tunnel-1:3 create
        description "g8031-protected access same-fate SAP for eth-tunnel 1"
        // must specify tags for each path for same-fate SAPs
        eth-tunnel path 1 tag 10
        eth-tunnel path 2 tag 110
    exit
    …
----------------------------------------------

Pseudowire configuration notes

The vc-switching parameter must be specified when the VLL service is created. When the vc-switching parameter is specified, you are configuring an S-PE. This is a pseudowire switching point (switching from one pseudowire to another). Therefore, you cannot add a SAP to the configuration.

The following example shows the configuration when a SAP is added to a pseudowire. The CLI generates an error response if you attempt to create a SAP. VC switching is only needed on the pseudowire at the S-PE.

*A:ALA-701>config>service# epipe 28 customer 1 create vc-switching 
*A:ALA-701>config>service>epipe$ sap 1/1/3 create
MINOR: SVCMGR #1311 SAP is not allowed under PW switching service 
*A:ALA-701>config>service>epipe$

Use the following CLI syntax to create pseudowire switching VLL services. These are examples only. Different routers support different pseudowire switching VLL services.

CLI syntax:

config>service# epipe service-id [customer customer-id] [vpn vpn-id] [vc-switching]
description description-string
spoke-sdp sdp-id:vc-id

CLI syntax:

config>service# ipipe service-id [customer customer-id][vpn vpn-id] [vc-switching] 
description description-string
spoke-sdp sdp-id:vc-id

The following example shows configurations for each service:

*A:ALA-48>config>service# info
----------------------------------------------
...

        epipe 107 customer 1 vpn 107 vc-switching create
            description "Default epipe description for service id 107"
            spoke-sdp 3:8 create
            exit
            spoke-sdp 6:207 create
            exit
            no shutdown
        exit
...
        ipipe 108 customer 1 vpn 108 vc-switching create
            description "Default ipipe description for service id 108"
            spoke-sdp 3:9 create
            exit
            spoke-sdp 6:208 create
            exit
            no shutdown
        exit
...

Configuring two VLL paths terminating on T-PE2

Figure 21. VLL resilience with pseudowire redundancy and switching

T-PE1

The following shows an example of the T-PE1 configuration:

*A:ALA-T-PE1>config>service>epipe# info
----------------------------------------------
            endpoint "x" create
            exit
            endpoint "y" create
            exit
            spoke-sdp 1:100 endpoint "y" create
                precedence primary
                revert-time 0
            exit
            spoke-sdp 4:400 endpoint "y" create
                precedence 0
            exit
            no shutdown
----------------------------------------------
*A:ALA-T-PE1>config>service>epipe#

T-PE2

The following shows and example of the T-PE2 configuration.

*A:ALA-T-PE2>config>service>epipe# info
----------------------------------------------
            endpoint "x" create
            exit
            endpoint "y" create
            exit
            sap 2/2/2:200 endpoint "x" create
            exit
            spoke-sdp 3:300 endpoint "y" create
                precedence primary
                revert-time 0
            exit
            spoke-sdp 6:600 endpoint "y" create
                precedence 0
            exit
            no shutdown
----------------------------------------------
*A:ALA-T-PE2>config>service>epipe#

S-PE1

Specifying the vc-switching parameter enables a VC cross-connect, so the service manager does not signal the VC label mapping immediately, but puts this into passive mode.

The following example shows the configuration:

*A:ALA-S-PE1>config>service>epipe# info
----------------------------------------------
...
            spoke-sdp 2:200 create
            exit
            spoke-sdp 3:300 create
            exit
            no shutdown
----------------------------------------------
*A:ALA-S-PE1>config>service>epipe#

S-PE2

Specifying the vc-switching parameter enables a VC cross-connect, so the service manager does not signal the VC label mapping immediately, but puts this into passive mode.

The following example shows the configuration:

*A:ALA-S-PE2>config>service>epipe# info
----------------------------------------------
...
            spoke-sdp 2:200 create
            exit
            spoke-sdp 3:300 create
            exit
            no shutdown
----------------------------------------------
*A:ALA-S-PE2>config>service>epipe#

Configuring VLL resilience

The following figure shows an example to create VLL resilience. The zero revert-time value means that the VLL path is switched back to the primary immediately after it comes back up.

PE-1

The following example shows the configuration on PE-1:

*A:ALA-48>config>service>epipe# info
----------------------------------------------
            endpoint "x" create
            exit
            endpoint "y" create
            exit
            spoke-sdp 1:100 endpoint "y" create
                precedence primary
            exit
            spoke-sdp 2:200 endpoint "y" create
                precedence 1
            exit
            no shutdown
----------------------------------------------
*A:ALA-48>config>service>epipe#

Configuring VLL resilience for a switched pseudowire path

The following figure shows an example of VLL resilience with pseudowire switching.

Figure 23. VLL resilience with pseudowire switching

T-PE-1

The following example shows the configuration on T-PE-1.


*A:ALA-48>config>service>epipe# info
----------------------------------------------
            endpoint "x" create
            exit
            endpoint "y" create
            exit
            sap 1/1/1:100 endpoint "x" create
            exit
            spoke-sdp 1:100 endpoint "y" create
                precedence primary
            exit
            spoke-sdp 2:200 endpoint "y" create
                precedence 1
            exit
            spoke-sdp 3:300 endpoint "y" create
                precedence 1
            exit
            no shutdown
----------------------------------------------
*A:ALA-48>config>service>epipe#

T-PE-2

The following is an example configuration output on T-PE-2.

*A:ALA-49>config>service>epipe# info
----------------------------------------------
            endpoint "x" create
            exit
            endpoint "y" create
                revert-time 100
            exit
            spoke-sdp 4:400 endpoint "y" create
                precedence primary
            exit
            spoke-sdp 5:500 endpoint "y" create
                precedence 1
            exit
            spoke-sdp 6:600 endpoint "y" create
                precedence 1
            exit
            no shutdown
----------------------------------------------
*A:ALA-49>config>service>epipe#

S-PE-1

The following is an example configuration output on S-PE-1.

*A:ALA-50>config>service>epipe# info
----------------------------------------------
...
            spoke-sdp 1:100 create
            exit
            spoke-sdp 4:400 create
            exit
            no shutdown
----------------------------------------------
*A:ALA-49>config>service>epipe#

Configuring BGP VPWS

Single-homed BGP VPWS

The following figure shows an example topology for a BGP VPWS service used to create a VLL across an MPLS network between sites A and B.

An Epipe is configured on PE1 and PE2 with BGP VPWS enabled. PE1 and PE2 are connected to site A and B, respectively, each using a SAP. The interconnection between the two PEs is achieved through a pseudowire, using Ethernet VLAN encapsulation, which is signaled using BGP VPWS over a tunnel LSP between PE1 and PE2. A MIP or MEP can be configured on a BGP VPWS SAP. However, fault propagation between a MEP and the BGP update state signaling is not supported. BGP VPWS routes are accepted only over an IBGP session.

The following examples shows the BGP VPWS configuration on each PE.

PE1 configuration

pw-template 1 create
    vc-type vlan
exit
epipe 1 customer 1 create
    bgp
        route-distinguisher 65536:1
        route-target export target:65536:1 import target:65536:1
        pw-template-binding 1
        exit
    exit
    bgp-vpws
        ve-name PE1
            ve-id 1
        exit
        remote-ve-name PE2
            ve-id 2
        exit
        no shutdown
    exit
    sap 1/1/1:1 create
    exit
    no shutdown
exit

PE2 configuration

pw-template 1 create
    vc-type vlan
exit
epipe 1 customer 1 create
    bgp
        route-distinguisher 65536:2
        route-target export target:65536:1 import target:65536:1
        pw-template-binding 1
        exit
    exit
    bgp-vpws
        ve-name PE2
            ve-id 2
        exit
        remote-ve-name PE1
            ve-id 1
        exit
        no shutdown
    exit
    sap 1/1/1:1 create
    exit
    no shutdown
exit

The BGP-VPWS update can be displayed using the following command:

show service l2-route-table bgp-vpws detail

===============================================================================
Services: L2 Bgp-Vpws Route Information - Summary
===============================================================================
Svc Id         : 1
VeId           : 2
PW Temp Id     : 1
RD             : *65536:2
Next Hop       : 10.1.1.2
State (D-Bit)  : up(0)
Path MTU       : 1514
Control Word   : 0
Seq Delivery   : 0
Status         : active
Tx Status      : active
CSV            : 0
Preference     : 0
Sdp Bind Id    : 17407:4294967295
===============================================================================
A:PE1#

Dual-homed BGP VPWS

Single pseudowire example:

The following figure shows an example topology for a dual-homed BGP VPWS service used to create a VLL across an MPLS network between sites A and B. A single pseudowire is established between the designated forwarder of the dual-homed PEs and the remote PE.

Figure 25. Example of dual-homed BGP VPWS with single pseudowire

An Epipe with BGP VPWS enabled is configured on each PE. Site A is dual-homed to PE1 and PE2 with a remote PE (PE3) connected to site B; each connection uses a SAP. A single pseudowire using Ethernet Raw Mode encaps connects PE3 to PE1. The pseudowire is signaled using BGP VPWS over a tunnel LSP between the PEs.

Site A is configured on PE1 and PE2 with the BGP route selection, the site state, and the site-preference used to ensure PE1 is the designated forwarder when the network is fully operational.

The following examples show the BGP VPWS configuration on each PE.

Dual-homed BGP VPWS configuration with single pseudowires on PE1

pw-template 1 create
exit
epipe 1 customer 1 create
    bgp
        route-distinguisher 65536:1
        route-target export target:65536:1 import target:65536:1
        pw-template-binding 1 
        exit
    exit
    bgp-vpws
        ve-name PE1
            ve-id 1
        exit
        remote-ve-name PE3
            ve-id 3
        exit
        no shutdown
    exit
    sap 1/1/1:1 create
    exit
    site "siteA" create
        site-id 1
        sap 1/1/1:1
        boot-timer 20
        site-activation-timer 5
        no shutdown
    exit
    no shutdown
exit

Dual-homed BGP VPWS configuration with single pseudowires on PE2

pw-template 1 create
exit
epipe 1 customer 1 create
    bgp
        route-distinguisher 65536:2
        route-target export target:65536:1 import target:65536:1
        pw-template-binding 1
        exit
    exit
    bgp-vpws
        ve-name PE2
            ve-id 1
        exit
        remote-ve-name PE3
            ve-id 3
        exit
        no shutdown
    exit
    sap 1/1/1:1 create
    exit
    site "siteA" create
        site-id 1
        sap 1/1/1:1
        boot-timer 20
        site-activation-timer 5
        no shutdown
    exit
    no shutdown
exit

Dual-homed BGP VPWS configuration with single pseudowires on PE3

pw-template 1 create
exit
epipe 1 customer 1 create
    bgp
        route-distinguisher 65536:3
        route-target export target:65536:1 import target:65536:1
        pw-template-binding 1
        exit
    exit
    bgp-vpws
        ve-name PE3
            ve-id 3
        exit
        remote-ve-name PE1orPE2
            ve-id 1
        exit
        no shutdown
    exit
    sap 1/1/1:1 create
    exit
    no shutdown
exit

Active/standby pseudowire example:

The following figure shows an example topology for a dual-homed BGP VPWS service used to create a VLL across an MPLS network between sites A and B. Two pseudowires are established between the remote PE and the dual-homed PEs. The active pseudowire used for the traffic is the one connecting the remote PE to the designated forwarder of the dual-homed PEs.

Figure 26. Example of dual-homed BGP VPWS with active/standby pseudowires

An Epipe with BGP VPWS enabled is configured on each PE. Site A is dual-homed to PE1 and PE2 with a remote PE (PE3) connected to site B; each connection uses a SAP. Active/standby pseudowires using Ethernet Raw Mode encapsulation connect PE3 to PE1 and PE2, respectively. The pseudowires are signaled using BGP VPWS over a tunnel LSP between the PEs.

Site A is configured on PE1 and PE2 with the site-preference set to ensure that PE1 is the designated forwarder when the network is fully operational. An endpoint is automatically created on PE3 in which the active/standby pseudowires are created.

The following examples show the BGP VPWS configurations on each PE.

Dual-homed BGP VPWS configuration with active/standby pseudowires on PE1

pw-template 1 create
exit
epipe 1 customer 1 create
    bgp
        route-distinguisher 65536:1
        route-target export target:65536:1 import target:65536:1
        pw-template-binding 1 
        exit
    exit
    bgp-vpws
        ve-name PE1
            ve-id 1
        exit
        remote-ve-name PE3
            ve-id 3
        exit
        no shutdown
    exit
    sap 1/1/1:1 create
    exit
    site "siteA" create
        site-id 1
        sap 1/1/1:1
        boot-timer 20
        site-activation-timer 5
        site-preference 200
        no shutdown
    exit
    no shutdown
exit

Dual-homed BGP VPWS configuration with active/standby pseudowires on PE2

pw-template 1 create
exit
epipe 1 customer 1 create
    bgp
        route-distinguisher 65536:2
        route-target export target:65536:1 import target:65536:1
        pw-template-binding 1
        exit
    exit
    bgp-vpws
        ve-name PE2
            ve-id 2
        exit
        remote-ve-name PE3
            ve-id 3
        exit
        no shutdown
    exit
    sap 1/1/1:1 create
    exit
    site "siteA" create
        site-id 1
        sap 1/1/1:1
        boot-timer 20
        site-activation-timer 5
        site-preference 10 
        no shutdown
    exit
    no shutdown
exit

Dual-homed BGP VPWS configuration with active/standby pseudowires on PE3

pw-template 1 create
exit
epipe 1 customer 1 create
    bgp
        route-distinguisher 65536:3
        route-target export target:65536:1 import target:65536:1
        pw-template-binding 1
        exit
    exit
    bgp-vpws
        ve-name PE3
            ve-id 3
        exit
        remote-ve-name PE1
            ve-id 1
        exit
        remote-ve-name PE2
            ve-id 2
        exit
        no shutdown
    exit
    sap 1/1/1:1 create
    exit
    no shutdown
exit

Service management tasks

The service management tasks are similar for Cpipe and Epipe services. These examples show service management tasks for Epipe.

Modifying service parameters

Use the following command to add an accounting policy to an existing SAP.

configure service epipe sap accounting-policy

The following example displays an accounting policy configuration.

node-2>config>service# info
----------------------------------------------
    epipe 2 customer 6 vpn 2 create
            description "Distributed Epipe service to east coast"
            sap 1/2/3:21 create
              accounting-policy 14
            exit
            spoke-sdp 2:6000 create
            exit
            no shutdown
        exit
----------------------------------------------
node-2>config>service#

Disabling a service

Use the following command to shut down an Epipe service without deleting the service parameters.

configure service epipe service-id shutdown

Re-enabling a service

Use the following command to re-enable an Epipe service that was shut down.

configure service epipe service-id no shutdown

Deleting a service

Perform the following steps to delete an Epipe service.

Shut down the SAP and SDP.
Delete the SAP and SDP.
Shut down the service.
Use the commands in the following context to delete the Epipe service:
```
configure service epipe
```

config>service# epipe 2 
config>service>epipe# sap 1/2/3:21
config>service>epipe>sap# shutdown
config>service>epipe>sap# exit
config>service>epipe# no sap 2/1/3:21
config>service>epipe# spoke-sdp 2:6000
config>service>epipe>spoke-sdp# shutdown
config>service>epipe>spoke-sdp# exit
config>service>epipe# no spoke-sdp 2:6000
config>service>epipe# epipe 2
config>service>epipe# shutdown
config>service>epipe# exit
config>service# no epipe 2