Next-Generation VPLS for Multicast with Multihoming Overview
VPLS emulates the broadcast domain of a LAN across an MPLS network cloud. Traditional MPLS implementations of VPLS require that all participating ingress PE routers make separate copies of each broadcast or multicast packet to send to all other PE routers that are part of the VPLS site for the same extended LAN. In a large virtual private network (VPN), replication overhead can be significant for each ingress router and its attached core-facing links.
Junos OS offers the following VPLS enhancements which provide redundancy for VPLS between PE and CE routers:
Redundancy using BGP for multihomed links between PE and CE devices— Juniper Networks integrates the local preference and path selection capability of BGP with VPLS to allow a CE Ethernet switch to have a backup path across the network.
Redundancy using the Spanning Tree Protocol (STP) for multihomed links between PE and CE devices— Various versions of STP can be used in the CE network to avoid loops in a multihoming environment. The provider does not have any control over this customer network configuration. The provider can also implement BGP-based loop avoidance as an additional measure to avoid loops.
The following standardized VPLS implementations are supported by the Internet Engineering Task Force (IETF):
RFC 4761, Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling
RFC 4762, Virtual Private LAN Service (VPLS) Using LDP Signaling
For more information about the basic configuration of next-generation VPLS, see the Technology Overview Next-Generation VPLS Using Point-to-Multipoint LSPs for Unicast and Multicast Forwarding.
For a detailed technology overview of VPLS, you can refer to LDP-BGP VPLS Interworking at the following location: https://www.juniper.net/us/en/local/pdf/whitepapers/2000282-en.pdf .
Redundancy Using BGP for Multihomed Links between PE and CE Routers
Juniper Networks implements a BGP-based multihoming solution to provide redundancy for VPLS between PE and CE routers.
In this implementation:
VPLS-enabled PE routers (also called VPLS PE routers) collectively elect one of the VPLS PE routers, to which a site is multihomed, as the designated forwarder of traffic between this site and all other sites.
All the other VPLS PE routers, to which the same site is connected, do not forward traffic to or from the site.
Essentially all VPLS PE routers behave as if the site is singlehomed to the VPLS PE router that is the designated forwarder.
Service providers are able to prevent well-known Layer 2 loops without relying on the customer’s STP configuration.
Customers can still run STP as a fallback strategy to prevent loops that are formed without the service provider's knowledge.
The benefits of multihoming include:
Redundancy of the link connecting the PE router and the CE device.
Redundancy of the directly connected PE routers.
Faster convergence when there is a link failure between a PE router and CE device.
The same BGP attributes are used to configure primary and backup links.
Operation of Next-Generation VPLS for Multicast with Multihoming Using BGP
VPLS provides a multipoint-to-multipoint Ethernet service that can span one or more metro areas and multiple sites. VPLS provides connectivity as if these sites are attached to the same Ethernet LAN.
VPLS uses an IP and MPLS service provider infrastructure. From the service provider’s point of view, using IP and MPLS routing protocols and procedures instead of STP, and using MPLS labels instead of VLAN identifiers (IDs), significantly improves the scalability of the VPLS service.
Single CE Site Connected to Multiple VPLS PE Routers
This section describes the process used to elect a single designated forwarder for a multihomed site.
For a multihomed site, all the PE routers in the VPLS instance elect the same designated forwarder PE router using the BGP VPLS multihoming procedure. Only elected designated forwarders forward traffic to and receive traffic from the multihomed site. All other PE routers where this multihomed site is present do not participate in forwarding for that site.
All remote PE routers are aware of the designated forwarder PE router for each multihomed site and do not create a pseudowire to the PE routers that are not the designated forwarder for the multihomed site.
In Figure 1:
The same site ID (sometimes known as a VPLS edge identifier or VE ID) is configured on all VPLS PE routers to which a site is multihomed.
All PE routers are aware of which sites are multihomed since they see multiple advertisements with the same site ID.
One of the VPLS PE routers is selected as the designated forwarder for this site by all PE routers based on a deterministic algorithm.
The algorithm selects the VPLS PE router that originates the best advertisement with a particular site ID as the designated forwarder. There are two possible selection methods:
BGP path selection on the route reflector and the PE routers
VPLS site selection on the PE router only
If multiple network layer reachability information (NLRI) advertisements have the same route distinguisher and site ID, the router uses BGP path selection rules to select the best path. The BGP rules are:
Always prefer advertisements that do not have the down bit set over ones that do have this bit set.
Prefer the advertisement with the higher local preference.
Use the configurable per-site site preference to set the BGP local preference in the advertisement and influence the choice of the designated forwarder.
Ignore the interior gateway protocol (IGP) metric while doing path selection because the choice of designated forwarder must be the same on all PE routers.
Among advertisements with the same route distinguisher, apply VPLS site selection rules (a subset of BGP path selection rules) to pick the select advertisement.
Figure 1 illustrates the following four-step process to select the designated forwarder and create the pseudowire:
Router PE1 and Router PE2 both have the same site ID (Site 1) for Router CE1.
Router PE1 has a better local preference of 65535 and is configured as the primary router.
Router PE3 receives the BGP NLRI advertisement from Router PE1 and Router PE2 with the local preferences of 65535 and 1, respectively.
Router PE3 runs the BGP path selection algorithm and selects Router PE1 as the designated forwarder VPLS edge PE router for Site 1.
Router PE3 creates the pseudowire only to Router PE1, which helps to save bandwidth in the network core.
The resulting VPLS PE router roles for Site 1 are:
Router PE1 is the designated forwarder VPLS edge PE router.
Router PE2 is the non-designated forwarder VPLS edge PE router.
Router PE3 is the remote VPLS edge PE router.
All the interfaces linking the CE and PE devices that are connected to the designated forwarder VPLS PE router, are marked Up and forwarding in show command output.
All the interfaces linking the CE and PE devices on the non-designated forwarder VPLS PE router, are marked vc-down in show command output. The router does not send traffic or forward received traffic on these interfaces.
Remote VPLS PE routers establish pseudowires only to the designated PE router, and tear down any pseudowires to the non-designated PE router.
Multiple CE Sites Connected to a Single VPLS PE Router for Link Redundancy
This section describe some of the operational details of multiple CE sites connected to a single VPLS PE router.
In Figure 2:
Router CE2 is multihomed to Router PE1 and Router PE2.
Router CE1 is singlehomed to Router PE1.
The scenario shown in Figure 2 is common. Your network might have a single PE router in a remote area, but you would like to multihome a Layer 2 network to different Flexible PIC Concentrators (FPCs) on the same PE router. This configuration provides link redundancy on the CE devices and link redundancy on the links between the CE and PE devices, but limited link redundancy on PE devices. In this case, you need the ability to configure a site to use a single active interface for forwarding.
In this scenario:
Path selection is done per site to determine if a PE router is the designated forwarder for that site or not.
Only a single pseudowire is established between any two PE routers, even if one or both of them have multiple designated PE routers.
A pseudowire between two PE routers is always established between the designated sites with the minimum site IDs on the two PE routers.
Establishing a single pseudowire avoids the need to maintain multiple flooding and media access control (MAC) address tables per instance (one per site) on each PE router.
The local interfaces are marked vc-down in the show command output where a site is connected to the non-designated forwarder router.
When a designated site on a PE router fails, all MAC addresses from this remote PE router have to be learned again, since the router does not know the exact site where the MAC addresses were originally learned from.
Implementation of Redundancy Using VPLS Multihomed Links Between PE and CE Devices
You might need to multihome a CE device to multiple PE routers without causing a Layer 2 forwarding loop. This is not a problem if the CE device is a router, since no Layer 2 loops can form when using a router. However, if the CE device is a Layer 2 device, like a hub or switch, multihoming it to two PE routers can cause a Layer 2 loop.
You can use one of the following methods to prevent the Layer 2 loop:
BGP-based primary and backup link selection.
Spanning tree protocol (STP) to prune links to the CE router. However, this method requires the service provider to trust its customer to not cause any Layer 2 loops by misconfiguration.
Active and standby up link functionality, such as the redundant trunk groups that are supported on Juniper Networks EX Series Ethernet Switches.
The limitations of using STP on the CE site are:
Backbone and access network bandwidth is not used efficiently.
PE routers using STP to prevent loops with dual-homed sites receive broadcast traffic unnecessarily because the pseudowire to the standby PE router still exists.
When the direct link between the CE and PE router fails, multihoming works fine. When a link connected downstream from the CE router fails, multihoming does not work.
The benefits and properties of the BGP-based solution are:
BGP path selection does not have the limitations of STP.
A CE device that is multihomed to multiple PE routers is given the same site ID on all the PE routers it is multihomed to.
The BGP path selection algorithm selects the router that originates the best advertisement as the VPLS PE designated forwarder.
If desired, you can set the local preference on the PE routers to control BGP path selection.
BGP path selection occurs on the route reflector and the PE router.
An IGP metric is not part of the selection process.
If the route distinguisher is the same on both PE routers, the route reflector selects one PE router as the designated forwarder. If the route distinguishers are different on the PE routers, the route reflector forwards both copies of the route to the remote PE routers.