How To's: Deploy L2VPN - EoMPLS (AToM)
In this article we're going to deploy L2VPN - EoMPLS also referred to as E-Line/VPWS. For this lab we're going to use the following topology:
Software List:
Cisco IOS XE Software, CSR1000V Software, Version 16.03.07
Cisco IOS Software, Version 15.5(2)T
Cisco IOS Software, Version 15.2
OBS: I wanted to use also Cisco IOS XRv, but unfortunately L2VPN data plane isn't supported. But I'll add the reference links so you can have an idea about the syntax. Without further due, let the fun begin.
1. Configure Addressing, IGP, LDP
Core Configuration
CSR1
host CSR1
mpls label range 100 199
inter g1
ip add 192.1.2.1 255.255.255.0
ip ospf 1 area 0
mpls ip
no shut
inter g2
ip add 192.1.3.1 255.255.255.0
ip ospf 1 area 0
mpls ip
no shut
inter g3
ip add 192.1.4.1 255.255.255.0
ip ospf 1 area 0
mpls ip
no shut
inter g4
ip add 192.1.5.1 255.255.255.0
ip ospf 1 area 0
mpls ip
no shut
int lo0
ip add 1.1.1.1 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
ip ospf 1 area 0
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
CSR2
en
conf t
mpls label range 200 299
host CSR2
interface g3
ip add 192.1.2.2 255.255.255.0
no shut
ip ospf 1 area 0
mpls ip
interface g1
no shut
interface lo0
ip add 2.2.2.2 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
ip ospf 1 area 0
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
CSR3
en
conf t
host CSR3
interface g1
no shut
interface g2
no shut
mpls label range 300 399
interface g4
ip add 192.1.3.3 255.255.255.0
no shut
ip ospf 1 area 0
mpls ip
interface lo0
ip add 3.3.3.3 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
ip ospf 1 area 0
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
CSR4
en
conf t
host CSR4
inter g1
no shut
mpls label range 400 499
interface g3
ip add 192.1.4.4 255.255.255.0
no shut
ip ospf 1 area 0
mpls ip
int lo0
ip add 4.4.4.4 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
ip ospf 1 area 0
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
CSR5
en
conf t
host CSR5
interface g1
no shut
interface g2
no shut
mpls label range 500 599
interface g3
ip add 192.1.5.5 255.255.255.0
no shut
ip ospf 1 area 0
mpls ip
interface lo0
ip add 5.5.5.5 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
ip ospf 1 area 0
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
Customer Mercedez
R12-1
en
conf t
host R12-1
int e0/0
ip add 10.1.2.1 255.255.255.0
no shut
int lo0
ip add 11.11.11.11 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
router eigrp 12
net 10.1.2.0
net 11.11.11.11
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
R12-2
en
conf t
host R12-2
int e0/0
ip add 10.1.2.2 255.255.255.0
no shut
int lo0
ip add 22.22.22.22 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
router eigrp 12
net 10.1.2.0
net 22.22.22.22
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
Customer Honda
R34-3
en
conf t
host R34-3
int e0/0
no shut
int e0/0.34
encapsulation dot1q 34
ip add 10.3.4.3 255.255.255.0
no shut
int lo0
ip add 33.33.33.33 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
router eigrp 34
net 10.3.4.0
net 33.33.33.33
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
R34-4
en
conf t
host R34-4
int e0/0
no shut
int e0/0.34
encapsulation dot1q 34
ip add 10.3.4.4 255.255.255.0
int lo0
ip add 44.44.44.44 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
router eigrp 34
net 10.3.4.0
net 44.44.44.44
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
Customer Lamborghini
R567-7
en
conf t
host R567-7
int e0/0
no shut
int e0/0.6
encapsulation dot1q 6
ip add 10.6.7.7 255.255.255.0
int lo0
ip add 77.77.77.77 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
router eigrp 67
net 10.6.7.0
net 77.77.77.77
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
R567-6
en
conf t
host R567-6
int e0/0
no shut
ip add 10.6.7.6 255.255.255.0
int lo0
ip add 66.66.66.66 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
router eigrp 67
net 10.6.7.0
net 66.66.66.66
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
R567-5
en
conf t
host R567-5
int e0/0
no shut
ip add 10.5.8.5 255.255.255.0
int lo0
ip add 55.55.55.55 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
router eigrp 58
net 10.5.8.0
net 55.55.55.55
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
R567-8
en
conf t
host R567-8
int e0/0
no shut
int e0/0.8
encapsulation dot1q 8
ip add 10.5.8.8 255.255.255.0
int lo0
ip add 88.88.88.88 https://www.dhirubhai.net/redir/general-malware-page?url=255%2e255%2e255%2e255
router eigrp 58
net 10.5.8.0
net 88.88.88.88
no ip domain-loo
line con 0
privi level 15
logg s
exec-time 35791
At this stage we should have full reachability on core.
L2VPN AToM can be deployed in different ways, but they all achieve the same result.
Now let's interconnect the customers sites.
2. Configure L2VPN for Customer Mercedez
CSR2
interface g2
no shut
service instance 12 ethernet
encapsulation default
xconnect 5.5.5.5 12 encapsulation mpls
CSR5
interface g2
no shut
service instance 12 ethernet
encapsulation default
xconnect 2.2.2.2 12 encapsulation mpls
After this last command, we should see LDP adjacency between CSR5 and CSR2 coming up:
%LINEPROTO-5-UPDOWN: Line protocol on Interface pseudowire0, changed state to up
%LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (2) is UP
R12-1 and R12-2 should establish EIGRP adjacency.
3. Configure L2VPN for Customer Honda
CSR2
pseudowire-class CUST-HONDA
encapsulation mpls
exit
interface g1
no shut
xconnect 3.3.3.3 34 pw-class CUST-HONDA
CSR3
pseudowire-class CUST-HONDA
encapsulation mpls
exit
interface g2
no shut
xconnect 2.2.2.2 34 pw-class CUST-HONDA
4. Configure L2VPN for Customer Lamborghini
SW
host SW
vlan 5
name VOICE
vlan 6
name INTERNET
int e0/0
no shut
swi
swi trun enc do
swi mode trun
int e0/1
no shut
swi
swi mode access
swi acc vlan 5
int e0/1
no shut
swi
swi mode access
swi acc vlan 6
CSR3
int g1
no shut
service instance 67 ethernet
enca dot1q 6
exit
l2vpn xconnect context CUST-LAMBORGHINI
member GigabitEthernet1 service-instance 67
member pseudowire67 4.4.4.4 67 encapsulation mpls
CSR5
interface GigabitEthernet1
no shut
service instance 58 ethernet
encapsulation dot1q 8
xconnect 4.4.4.4 58 encapsulation mpls
CSR4
interface GigabitEthernet1
no shutdown
service instance 58 ethernet
encapsulation dot1q 5
rewrite ingress tag translate 1-to-1 dot1q 8 symmetric
xconnect 5.5.5.5 58 encapsulation mpls
service instance 67 ethernet
encapsulation dot1q 6
l2vpn xconnect context CUST-LAMBORGHINI
member GigabitEthernet1 service-instance 67
member pseudowire67 3.3.3.3 67 encapsulation mpls
All requirements were met successfully. We can use the following commands for monitoring or troubleshooting:
show l2vpn service all detail
show mpls l2transport vc detail
show mpls for
Hope you enjoyed this post, leave your comments below and I'll see you on the next post.
References:
https://tools.ietf.org/html/rfc4906
Electronic Engineer | Network Engineer - CISCO CCNP x2 (R&S + DC) | NSE4 | Sophos Eng | MTCRE | JNCIA | 3CX
3 年hi, can you add an IOS router to the topology between the CSRs? I have some problems trying to establish a L2VPN between IOS and IOS-XE.