VPLS
VPLS is a class of virtual private network service that allows the connection of multiple sites in a single bridged domain over a provider-managed IP/MPLS network. The customer sites in a VPLS instance appear to be on the same LAN, regardless of their location. VPLS uses an Ethernet interface on the customer-facing (access) side, which simplifies the LAN/WAN boundary and allows rapid and flexible service provisioning.
A VPLS service provides connectivity between two or more SAPs on one (local service) or more (distributed service) service routers. To the customer sites, the connection appears to be a bridged domain, allowing protocols (including routing protocols) to traverse the VPLS service.
See "Virtual Private LAN Service" in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide for detailed information about VPLS.
The following figure shows the VPLS topology used in this example.
A VPLS service will be created to establish communication between the two clients. RSVP-TE LSP will be used as the tunnelling protocol.
See RSVP-TE for information about relevant LSP configuration.
See VPLS for information about relevant VPLS show commands.
Configuration
CE-facing port configuration on PE1 and PE3:
/configure port 1/1/c10/1 admin-state enable
/configure port 1/1/c10/1 ethernet mode access
/configure port 1/1/c10/1 ethernet encap-type dot1q
/configure port 1/1/c10/1 ethernet mtu 5000SDP configuration on PE1:
/configure service sdp 520 admin-state enable
/configure service sdp 520 description "RSVP to PE3"
/configure service sdp 520 delivery-type mpls
/configure service sdp 520 far-end ip-address 10.10.10.3
/configure service sdp 520 lsp "lsp-to-R3" { }SDP configuration on PE3:
/configure service sdp 521 admin-state enable
/configure service sdp 521 description "RSVP to PE1"
/configure service sdp 521 delivery-type mpls
/configure service sdp 521 far-end ip-address 10.10.10.1
/configure service sdp 521 lsp "lsp-to-R1" { }MAC ACL filter configuration on PE1
In this example, we will use a MAC ACL.
/configure filter mac-filter "VPLS-MAC-Filter" filter-id 1021
/configure filter mac-filter "VPLS-MAC-Filter" entry 10 match src-mac address aa:c2:ab:00:02:02
/configure filter mac-filter "VPLS-MAC-Filter" entry 10 match src-mac mask ff:ff:ff:ff:ff:ff
/configure filter mac-filter "VPLS-MAC-Filter" entry 10 action acceptVPLS service configuration on PE1:
/configure service vpls "VPLS-VLAN200" admin-state enable
/configure service vpls "VPLS-VLAN200" description "VPLS-CEA-VLAN200-CEZ-VLAN200"
/configure service vpls "VPLS-VLAN200" service-id 20
/configure service vpls "VPLS-VLAN200" customer "1"
/configure service vpls "VPLS-VLAN200" spoke-sdp 520:200 { }
/configure service vpls "VPLS-VLAN200" sap 1/1/c10/1:200 ingress qos sap-ingress policy-name "CE-ingress-QoS"
/configure service vpls "VPLS-VLAN200" sap 1/1/c10/1:200 ingress filter mac "VPLS-MAC-Filter"
/configure service vpls "VPLS-VLAN200" sap 1/1/c10/1:200 egress qos sap-egress policy-name "CE-egress-QoS"VPLS service configuration on PE3:
/configure service vpls "VPLS-VLAN200" admin-state enable
/configure service vpls "VPLS-VLAN200" description "VPLS-CEA-VLAN200-CEZ-VLAN200"
/configure service vpls "VPLS-VLAN200" service-id 20
/configure service vpls "VPLS-VLAN200" customer "1"
/configure service vpls "VPLS-VLAN200" spoke-sdp 521:200 { }
/configure service vpls "VPLS-VLAN200" sap 1/1/c10/1:200 { }Customer verification
Login to CEA:
docker exec -it cea bashPing CEZ VLAN 200 from CEA:
└──> ping -c 100 -Q 34 192.168.20.2
PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.
64 bytes from 192.168.20.2: icmp_seq=1 ttl=64 time=10.7 ms
64 bytes from 192.168.20.2: icmp_seq=2 ttl=64 time=5.51 ms
64 bytes from 192.168.20.2: icmp_seq=3 ttl=64 time=5.44 ms
--- 192.168.20.2 ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 99151ms
rtt min/avg/max/mdev = 4.583/5.901/14.539/1.815 msWhile the ping is in progress, check the SAP, ACL, and QoS statistics.