Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Stitching Layer 2 VPNs and VPWS

Stitching an Layer 2 VPN (L2VPN) and a Virtual Private Wire Service (VPWS) tunnel enables seamless forwarding of traffic in the network. Configure interwork interfaces to stitch the L2VPN and VPWS tunnel without a physical interface.

When two Layer 2 point-to-point services converge on a device, you can stitch the two services together to move traffic across seamlessly. In a spine-leaf architecture, the spine acts as an aggregation point where southbound traffic from the backbone uses an L2VPN and northbound traffic from the access layer uses VPWS. Stitching allows you to stitch an L2VPN tunnel to a VPWS tunnel seamlessly without dedicating a physical hardware interface to loop packets from the L2VPN to VPWS.

Figure 1 shows a spine-leaf topology where the spines connect to the backbone of a provider’s network and the leaf devices connect to the customer’s access network. The spine is the convergence point for the L2VPN and VPWS.

Figure 1: Spine-Leaf Topology with L2VPN and VPWS Tunnels Spine-Leaf Topology with L2VPN and VPWS Tunnels

The following sample configuration snippet is for PE1. You must use a similar configuration for PE2.

  1. Set up the interwork interfaces for the two Layer 2 services that will be peered.
  2. Configure the ESI on the logical interface facing the access layer. This allows leaf devices to send packets to either spine.
  3. Configure the L2VPN routing instance. Identify the associate peering instance that will be stitched. For this example, VPWS1 is the peer instance that will be stitched to L2VPN1. We specify CE1 as our local VPN site and configure a static incoming label of 200 to utilize an anycast gateway. For more information about anycast gateways in an L2VPN, see Configure an Anycast Gateway in an L2VPN.
  4. Configure the VPWS routing instance. We will use EVPN signaling and configure an EVPN-VPWS instance type. Identify the associate peering instance that will be stitched. L2VPN1 is the peer instance that will be stitched to VPWS1.
  5. Enable dynamic-peer-discovery under the Layer 2 Interwork protocol. When this feature is enabled, the device matches the site identifier (site-identifier) configured under the Layer 2 VPN routing instance with the VPWS service identifier (local vpws-service-id ) under the VPWS routing instance and pairs the associated interfaces as peers.
  6. Enable control-word for both the l2vpn and evpn instances to ensure that the PE device processes data encapsulation consistently.
  7. Enable composite next hop for improved convergence in the L2VPN.
Note:

Enable load balancing on the leaf devices to ensure that the traffic will be distributed across the spines.

Verification

Confirm that the L2VPN and VPWS tunnels are stitched using the following commands:

  • show l2vpn connections

  • show evpn vpws-instance

  • show route table mpls.0

Use the show l2vpn connections command to display the label used in the VPN connection.

Use the show evpn vpws-instance command to display label used in the VPWS instance.

Use the show route table mpls.0 command to verify that packet labels are being swapped