Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

VPLS over GRE Overview

 

Generic routing encapsulation (GRE) is one of the tunneling mechanisms that uses IP as the transport protocol. The tunnels behave as virtual point-to-point links that have two endpoints identified by the tunnel source and tunnel destination addresses at each endpoint.

The primary use of GRE is to carry non-IP packets through an IP network. GRE also carries IP packets such as IP broadcast, IP multicast through an IP cloud. A GRE tunnel has the following characteristics:

  • GRE tunnel is stateless, and offers no flow control mechanisms.

  • GRE is multiprotocol and can tunnel any OSI Layer 3 protocol.

  • GRE enables routing protocols to travel through the tunnel.

  • GRE has weak security features.

  • GRE provides no reliability or sequencing. Such features are typically handled by upper-layer protocols.

  • GRE tunnels carry multicast traffic.

The VPLS over GRE feature allows you to combine flow-based and packet-based services in a single device. You can deploy large-scale VPLS over GRE.

To better understand this configuration, consider the following scenarios:

In the first scenario, pseudowires enable the creation of point-to-point circuits between two endpoints carried over the MPLS network. Ignoring the signaling protocols for this discussion, these connections are just point-to-point connections. Using this approach provides an end-to-end wire between sites. This is beneficial from a traffic processing point of view because the gateways do not need to learn MAC addresses; they simply forward anything they receive to the pseudowire. Deploying this configuration can be difficult when trying to provide connectivity to multiple branch offices.

In the second scenario, VPLS provides a Layer 2 network abstraction. With VPLS, endpoints typically negotiate LSPs and pseudowires with every other endpoint (that is, they are fully meshed). When a node receives an Ethernet frame from one of its LAN interfaces, the source MAC address is learned, if it is not already known, and flooded using every pseudowire connecting to all other branch nodes. However, if the destination has been previously learned, then the frame is sent to the appropriate destination. When an Ethernet frame is received through one of the pseudowires (that is, from the MPLS network), source MAC address learning is performed. The next time a frame is sent to that MAC it does not need to be flooded and the frame is flooded to every single LAN interface in the node, but not over the pseudowires. The network acts as a distributed Layer 2 switch providing any-to-any Ethernet connectivity between the devices connected to the different nodes in the network.

While the second scenario provides significant advantages (any-to-any connectivity, automated provisioning, and simple abstraction), it is more complex. Every PE node has to perform Layer 2 learning and flooding of traffic, which can cause problems when either multiple broadcast/multicast or frames to unknown MAC addresses are used. For example, in a topology with a thousand branch offices, each office that receives a broadcast packet must replicate it 999 times, encapsulate each copy in GRE, and forward the resulting traffic. Additionally, because each node performs Layer 2 learning, the maximum number of MAC addresses that each node can learn is limited, limiting the total number of nodes in the domain.