Configuring a Control Word for BGP VPLS
In a BGP VPLS network, transit routers must determine the payload for hash calculations for load balancing. While parsing an MPLS encapsulated packet for hashing, a transit router can incorrectly calculate an Ethernet payload as an IPv4 or IPv6 payload if the first nibble of the destination address MAC is 0x4 or 0x6, respectively. This false positive can cause out-of-order packet delivery over a pseudowire. This issue can be avoided by configuring a BGP VPLS PE router to request that other BGP VPLS edge (VE) routers insert a control word between the label stack and the MPLS payload.
If you attempt to set a control word in a VPLS network that contains a VE router that does not support a control word, the pseudowire will not come up. To ensure that the pseudowire comes up, be sure that all VE routers in the VPLS network support the presence of a control word.
Before configuring support for a control word in a BGP VPLS network, ensure that the router meets the following requirements:
MX Series router running Junos OS Release 14.1 or later and containing one of the following Flexible PIC Concentrators: ADPC, NPC, or I-Chip
OR
M320 router running Junos OS Release 14.1 or later and containing either the I-Chip or the Trio
To configure a VE router to expect a control word between the label stack and the MPLS payload:
- At the [edit routing-instances] hierarchy level
in configuration mode, set control-word for the VPLS protocol
for the specified routing instance.[edit routing-instances]user@host# set routing-instance-name protocols vpls control-word
For example:
[edit routing-instances]user@host# set vpls1 protocols vpls control-word - If you are setting control-word on a Trio-based
MPC on an MX Series router, set no-ether-pseudowire to
omit the IP payload over the Ethernet pseudowire from the hash key.[edit forwarding-options]user@host# set enhanced-hash-key family mpls no-ether-pseudowire
- Verify the configuration.
[edit routing-instances] user@host# show vpls1 { protocols { vpls { control-word; } } }[edit forwarding-options] user@host# show enhanced-hash-key { family mpls { no-ether-pseudowire; } } - Repeat the configuration on each VE router in the BGP VPLS network.
- Run show vpls connections instance routing-instance-name extensive to verify the presence of a control word for the
pseudowire.
For example:
user@host# show vpls connections instance vpls1 extensiveLayer-2 VPN connections: Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS ... PF -- Profile parse failure PB -- Profile busy Legend for interface status Up -- operational Dn -- down Instance: vpls1 ... connection-site Type St Time last up # Up trans 1 rmt Up May 21 10:08:34 2013 2 Remote PE: 192.0.2.0, Negotiated control-word: Yes