1. Using Cisco Ethernet Virtual Circuit (EVC) Framework�Concepts, Configuration and Verification �
2. Agenda Introduction
Cisco EVC Fundamentals
Operation and Packet Flow
Configuration
Platform Support
3. Introduction ��
4. What Is Cisco EVC Framework? Cisco Ethernet Virtual Circuit (EVC) is the next-generation cross-platform Carrier Ethernet Software Infrastructure
Addresses Flexible Ethernet Edge requirements
Supports service convergence over Ethernet
Complies with MEF, IEEE, IETF standards EVC stands for Ethernet Virtual Circuit is the short name for the Cisco IOS Carrier Ethernet software infrastructure. It is the next generation cross-platform software architecture to address Carrier Ethernet Services requirements including service flexibility, scalability, network redundancy, HA, performance, OAM and QoS.
This new Ethernet infrastructure specifically addresses Carrier Ethernet and Layer 2 VPN services. Inspired by MEF terminology, it is given “EVC” as short name. But be aware, the name “EVC” here has a slightly different connotation. In the MEF context, an “EVC” is a technology-agnostic object that carries service traffic between the UNIs. In the framework, and EVC and related structures represent an instantiation of a service in a given deviceEVC stands for Ethernet Virtual Circuit is the short name for the Cisco IOS Carrier Ethernet software infrastructure. It is the next generation cross-platform software architecture to address Carrier Ethernet Services requirements including service flexibility, scalability, network redundancy, HA, performance, OAM and QoS.
This new Ethernet infrastructure specifically addresses Carrier Ethernet and Layer 2 VPN services. Inspired by MEF terminology, it is given “EVC” as short name. But be aware, the name “EVC” here has a slightly different connotation. In the MEF context, an “EVC” is a technology-agnostic object that carries service traffic between the UNIs. In the framework, and EVC and related structures represent an instantiation of a service in a given device
5. Introducing Cisco EVC Framework Functional Highlights
6. Cisco EVC Fundamentals ��
7. Cisco EVC Building Blocks Cisco EVC uses the following new concepts:
Ethernet Service Instance
Transport-agnostic abstraction of an Ethernet service on an interface
Ethernet Virtual Circuit (EVC)
Device local object (container) for network-wide service parameters
Bridge Domain (BD)
Ethernet Broadcast Domain local to a device
Bridge Domain Interface (BDI)
Logical Layer 3 interface associated with a BD to perform integrated routing and bridging
8. Cisco EVC Building Blocks Instance of a MEF EVC on a port
Also defined as Ethernet Flow Point (EFP)
Classify frames belonging to a particular Ethernet Service
Apply features selectively to service frames
Define forwarding actions and behavior Ethernet Service Instance
9. Cisco EVC Building Blocks Representation of a MEF EVC on the device
Management Plane container
Hosts global EVC attributes
One-to-many mapping from EVC to Service Instance Ethernet Virtual Circuit
10. Cisco EVC Building Blocks Broadcast Domain internal to the device
Allows decoupling broadcast domain from VLAN
Per port VLAN significance
One-to-many mapping from BD to Service Instances Bridge Domain
11. Cisco EVC Building Blocks VLAN bridge has 1:1 mapping between VLAN and internal Broadcast Domain
VLAN has global per-device significance
EVC bridge decouples VLAN from Broadcast Domain
VLAN treated as encapsulation on a wire
VLAN on a wire mapped to internal Bridge Domain via Service Instances
Net result: per-port VLAN significance Bridge Domain vs. VLAN Bridge
12. Multiplexed Forwarding Services Cisco EVC supports flexible access VLAN to forwarding service mapping
1-to-1 access VLAN to a service
Same port, multiple access VLANs to a service
Multiple ports, multiple access VLANs to a service
Forwarding services include:
L2 point-to-point local connect
L2 point-to-point xconnect
L2 multipoint bridging
L2 multipoint VPLS
L2 point-to-multipoint bridging
L3 termination
13. Multiplexed Forwarding Services Layer 2 P2P�local services
No MAC learning
Two Service Instances (EFP) on same interface (hair-pin)
Two EFPs on different interfaces
Layer 2 MP �bridged services
MAC based fwd and learning
Local VLAN significance
Bridge Domain (BD)—different access VLANs in the same broadcast domain
Split-horizon—prevent communication between service instances Local and Bridged P2P and MP Forwarding Services
14. Multiplexed Forwarding Services Layer 2 P2P services using Ethernet �over MPLS
EFP to EoMPLS PW
Layer 2 MP services using VPLS
Extends ethernet multipoint bridging over a full mesh �of PWs
Split horizon support over attachment circuits (configurable) and PWs MPLS-Based P2P and MP Forwarding Services
15. Multiplexed Forwarding Services BD with Split Horizon Group can be used to implement rooted-multipoint forwarding service:
Place all Leaf EFPs in Split Horizon Group
Keep Root EFP outside the Split Horizon Group
Net effect:
Bidirectional connectivity �between Root and all �Leaf EFPs
Leaf EFPs cannot �communicate to �each other Rooted-Multipoint Forwarding Services (E-TREE)
16. Multiplexed Forwarding Services Co-existence with Routed sub-interfaces
Layer 3 termination through SVI/BDI interface
Layer 3 termination through Routed �sub-interfaces Layer 3 Forwarding Services
17. Multiplexed Forwarding Services Multiplexed Service Interface
Mix of L2 and L3 services on same port
Different types of �L2 services
Point-to-Point
Multipoint Putting It All Together
18. Operation and Packet Flow ��
19. Packet Flow Pipeline
20. Flexible Service Mapping Service Instance construct classifies L2 flows on Ethernet interfaces
Single Tagged
Double Tagged
Header/Payload Comprehensive Matching Capabilities
21. Flexible Service Mapping Cisco EVC follows a Loose Match classification model
Unspecified fields are treated as wildcard
encapdot1q 10 matches any frame with outer tag equal to 10
encapdot1q 10 sec 50 matches any frame with outer-most tag as 10 and second tag as 50
Loose Match Classification Rule
22. Flexible Service Mapping Cisco EVC follows a Longest Match classification model
Frames are mapped to Service Instance with longest matching set of classification fields Longest Match Classification Rule
23. Flexible Service Mapping Matches all frames unmatched by any other EFP on a port
If default Service Instance is the only one configured on a port, it matches all traffic on the port (tagged and untagged) Service Instance with ‘Default’ Encapsulation
24. Flexible Frame Matching Examples Provide classification of L2 flows on Ethernet interfaces
Are also referred to as EVC service-instances
Support dot1q and Q-in-Q
Support VLAN lists
Support VLAN ranges
Support VLAN Lists and Ranges combined
Coexist with routed subinterfaces Ethernet Flow Points
26. Advanced Frame Manipulation Add one VLAN tag
Add two VLAN tags PUSH Operations
27. Advanced Frame Manipulation Remove one VLAN tag
Remove two VLAN tags POP Operations
28. Advanced Frame Manipulation 1:1 VLAN Translation
1:2 VLAN Translation
2:1 VLAN Translation
2:2 VLAN Translation Translation Operations
29. Advanced Frame Manipulation PUSH operations
POP operations
TRANSLATION operations VLAN Tag Manipulation
30. Configuration�
31. Cisco EVC Configuration Anatomy
32. Encapsulation Encapsulation matching is done on a most to least specific basis.
If a packet entering a port, does not match any of the Encapsulations on that port, then that packet is dropped. This “filtering” happens both on Ingress and Egress.
The Encapsulation matches the packet on the wire to determine filtering criteria.
“On the wire” is defined as packets ingressing the switch prior to any rewrites, and packets egressing the switch after all rewrites.
33. Configuring Flexible Service Mapping Single-Tagged Frame
encapsulation dot1q {any | “<vlan-id>[,<vlan-id>[-<vlan-id>]]”}
VLAN tag can be single, multiple or range or any (1-4094)
Double-Tagged Frame
encapsulation dot1q <vlan-id> second-dot1q {any | “<vlan-id>[,<vlan-id>[-<vlan-id>]]”}
First vlan tag must be unique, second vlan tag can be any, unique, range or multiple
Untagged Frame
encapsulation untagged
Match un-tagged frames, for example control traffic
Default
encapsulation default
Match all frames (tagged/untagged) not matched by more specific service instances
34. Configuring Flexible Service Mapping (cont.) Single-Tagged Frame and payload Ether-Type
encapsulation dot1q {“<vlan-id>[,<vlan-id>[-<vlan-id>]]” | etype [IPv4|IPv6|pppoe-all]}
Double-Tagged Frame and payload Ether-Type
encapsulation dot1q<vlan-id> second-dot1q {“<vlan-id>[,<vlan-id>[-<vlan-id>]]” | etype [IPv4|IPv6|pppoe-all]}
Single-Tagged Frame and COS
encapsulation dot1q {“<vlan-id>[,<vlan-id>[-<vlain-id>]]” | cos<cos-id>[,<cos-id>[-<cos-id>]]}
Double-Tagged Frame and Inner COS
encapsulation dot1q<vlan-id> second-dot1q {“<vlan-id>[,<vlan-id>[-<vlan-id>]]” | cos<cos-id>[,<cos-id>[-<cos-id>]]}
Double-Tagged Frame and Outer COS
encapsulation dot1q<vlan-id>{cos<cos-id>[,<cos-id>[-<cos-id>]]} second-dot1q {“<vlan-id>[,<vlan-id>[-<vlan-id>]]”}
35. Rewrite The “Rewrite” command allows for packet vlan tag modifications.
This command can be used to emulate traditional dot1q tagging, where packets going into a switch travel native, and vlan tagging properties are added on egress.
This can also be used to facilitate vlan translation, and Q-in-Q.
36. Configuring Advanced Frame Manipulation
37. EVC Configuration Example interface GigabitEthernet0/2
switchport trunk allowed vlan none
switchport mode trunk
service instance 10 ethernet
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
bridge-domain 10
38. Configuring Point-to-Point Services Point-to-point local connect
connect <name><interface-type/slot/port><EFP-id><ethernet-type/slot/port><EFP-id>
Point-to-point xconnect
xconnect<peer-add><VC-ID> encapsulation mpls
39. Encapsulation Adjustment Considerations�PW VC Type and EVC VLAN rewrites (cont.)
40. Configuring Multipoint Services Multipoint Native Ethernet Bridging and VPLS
bridge-domain <global-vlan-id> [split-horizon]
Split-horizon to disable L2 communication between �two Service Instances (optional)
41. Configuring Point-to-Multipoint Services Multipoint Native Ethernet Bridging and VPLS
bridge-domain <global-vlan-id> [split-horizon]
Disables communication between leaf Service Instances in Split Horizon Group
42. Configuring Layer 3 Services
43. Forwarding, Learning and Aging on EFPs Layer 2 forwarding is based on the bridge domain ID and the destination MAC address.
The frame is forwarded to an EFP if the binding between the bridge domain, destination MAC address, and EFP is known;
MAC address learning is based on bridge domain ID, source MAC addresses, and logical port number.
If there is no matching entry in the Layer 2 forwarding table for the ingress frame, the frame is flooded to all the ports within the bridge domain.
44. Forwarding, Learning and Aging on EFPs (cont.) You can disable learning on a bridge domain by entering the global configuration command
“no mac address-table learning bridge-domain <bridge-id>”
Dynamic addresses are aged out if there is no frame from the host with the MAC address.
The default for aging dynamic addresses is 5 minutes.
45. Forwarding, Learning and Aging on EFPs (cont.) You can configure dynamic address aging time per VLAN by entering the command. The range is in seconds.
mac address-table aging time [0 | 10-1000000] bridge-domain bridge-id
An aging time of 0 means that the address aging is disabled.
MAC address movement is detected when the host moves from one port to another.
46. Etherchannel/L2 Protocols EVC on etherchannels
EVC can be configured under bundle interface.
Load-balancing is performed based on MAC address or IP address of the traffic flow on the bundle interface.
47. Etherchannel/L2 Protocols To enable L2PT, the command to do this is: “l2protocol tunnel “
interface GigabitEthernet0/4
service instance 20 ethernet
encapsulation untagged, dot1q 200 second-dot1q 300
l2protocol tunnel cdp stp vtp dtp page lacp
bridge-domain 10
Valid <protocols> include: cdp, dtp, lacp, pagp, stp, vtp
If a protocol is not listed in <protocols>, then it is dropped at the interface.
CSCtf72829 UDLD & LLDP tunneling option is missing for L2PT
48. Split-Horizon The split-horizon feature allows service instances in a bridge domain to join groups.
Service instances in the same bridge domain and split-horizon group
They cannot forward data between each other
They can forward data between other service instances that are in the same bridge domain, but in different split-horizon group
If a service instance does not belong to a group, it can send and receive from all ports within the bridge domain.
A service instance cannot join more than one split-horizon group
Enter the bridge-domain bridge-id split-horizon group group_id service-instance configuration mode command to configure a split-horizon group
49. Split-Horizon contd.. Interface Gi0/1
Service Instance 1 Ethernet� Encapsulation dot1q 10� Rewrite ingress pop 1 symmetric� Bridge-Domain 8000 Split-Horizon Group 1
Service Instance 2 Ethernet� Encapsulation dot1q 99� Rewrite ingress pop 1 symmetric � Bridge-Domain 8000 Split-Horizon Group 1
Interface Gi0/2
Service Instance 3 Ethernet� Encapsulation dot1q 10� Rewrite ingress pop 1 symmetric � Bridge-Domain 8000 Split-Horizon Group 2
Service Instance 4 Ethernet� Encapsulation dot1q 99� Rewrite ingress pop 1 symmetric� Bridge-Domain 8000
In this example, Service Instances 1 and 2 cannot forward and receive packets from each other.
Service Instance 3 can talk to everyone in Bridge-Domain 8000 since no one is in Split-Horizon Group 2.
Service Instance 4 can talk to everyone in Bridge-Domain 8000 since it has not joined any Split-Horizon Groups.
50. L2 Protocol Tunneling Layer 2 protocol tunneling converts the customer BPDU to a Cisco-known MAC destination address (0100.0CCD.CDD0) upon network entry and exit
Cisco’s Layer 2 protocol tunneling address is treated as unknown multicast data.
ME3800X and ME3600X switches, Layer 2 protocol tunneling is supported on EFPs, but not on switchports.
51. L2 Protocol Tunneling contd... To enable L2PT, the command to do this is: “l2protocol tunnel “
interface GigabitEthernet0/4
service instance 20 ethernet
encapsulation untagged, dot1q 200 second-dot1q 300
l2protocol tunnel cdp stp vtp dtp page lacp
bridge-domain 10
Valid <protocols> include: cdp, dtp, lacp, pagp, stp, vtp
If a protocol is not listed in <protocols>, then it is dropped at the interface.
52. EFPs and MSTP EFP bridge domains are supported by MSTP.
These restrictions apply when running STP with bridge domains.
All incoming VLANs (outer-most or single) mapped to a bridge domain must belong to the same MST instance or loops could occur.
For all EFPs that are mapped to the same MST instance, you must configure backup EFPs on every redundant path to prevent loss of connectivity due to STP blocking a port.
When STP mode is PVST+ or PVRST, EFP information is not passed to the protocol.
EVC only supports only MSTP.
Changing STP mode from MST to PVST+ or PVRST for a multicast port is not allowed.
54. Untagged to Tagged Packet
55. Untagged to Tagged Packet
56. QinQ Configuration (EFP to Switchport)
57. Selective QinQ Configuration
58. QinQ Configuration (EFP to EFP)
59. 1:1 VLAN Mapping �Layer 2 VPN Service Offering
60. UNI with 1:1 Translation (EFP to EFP)
61. 1:2 VLAN Mapping / Selective QinQ�Layer 2 VPN Service Offering: MEF- EVPL
62. UNI with 1:2 Translation (EFP to EFP)
63. QinQ with 2:1 Translation Provides the port isolation of QinQ while also allowing the SP to choose what vlan to pass over the core network.Provides the port isolation of QinQ while also allowing the SP to choose what vlan to pass over the core network.
64. UNI with 2:1 Translation (EFP to EFP)
65. UNI with 2:2 Translation (EFP to EFP)
66. Bridge Domain Routing The bridge-domain can only be between 1-4K range since SVI interfaces can be configured in that range only.
We need SVI interfaces for bridge-domain routing
There can only be one EFP in the bridge-domain.
There can not be any switchport as well in the same VLAN/bridge-domain.
The EFP must make the packet native for Bridge-domain routing to work.
This is fundamental for IP routing purposes since IP router routes a IP datagram
Only IP is supported. MPLS is not supported.
L3VPN/L2VPN configuration is supported
Multicast is supported
67. One/ Two Tag EFP int gi0/1
switchport trunk allowed vlan none
switchport mode trunk
service instance 1 ethernet
encapsulation dot1q 10 second-dot1q 20
rewrite ingress tag pop 1 symmetric
bridge-domain 100
int vlan 100
ip address 20.1.1.1 255.255.255.255
69. Monitoring EFP
70. Monitoring EFP 3600-HL-1#sh ethernet service instance id 10 interface gigabitEthernet 0/7 detail �Service Instance ID: 10�Associated Interface: GigabitEthernet0/7�Associated EVC: �L2protocol drop
CE-Vlans: Encapsulation: dot1q 10 vlan protocol type 0x8100�Rewrite: ingress tag pop 1 symmetric�Interface Dot1q Tunnel Ethertype: 0x8100�State: Down
EFP Statistics:� Pkts In Bytes In Pkts Out Bytes Out� 0 0 0 0
EFP Microblocks:
****************
Microblock type: Bridge-domain
Bridge-domain: 10
71. Monitoring EFP 3600-HL-1#sh bridge-domain 10 �Bridge-domain 10 (1 ports in all)�State: UP� GigabitEthernet0/7 service instance 10
3600-HL-1#show mac address-table bridge-domain 10
Mac Address Table�-------------------------------------------�BD Mac Address Type Ports�---- ----------- -------- -----� All 0100.0000.0000 STATIC CPU� All 0100.0ccc.cccc STATIC CPU� All 0100.0ccc.cccd STATIC CPU� All 0100.0ccc.ccce STATIC CPU
73. UNI Service In order to do UNI functionality, we would need a way to drop protocol packets and also a way to create traffic isolation across UNI ports in same bridge domain/VLAN.
Split-horizon needs to be configured per bridge-domain instead of per port
74. ENI Service The ENI service is similar to UNI except that it provides flexibility of understanding customer protocol packets instead of dropping them.
75. NNI Service The NNI service is standard dot1q trunking.
The NNI interface can communicate with any other NNI and also any UNI ports (split-horizon enabled).
int gi0/3 ? NNI (EVC model)�switchport trunk allowed vlan none�switchport mode trunk�service instance 1 ethernet� encapsulation 100� bridge-domain 100
int gi0/4 ? NNI (switchport model)
switchport mode trunk
76. Private VLAN Service The private VLAN service is typically deployed using two VLANs where one VLAN is used for down interfaces (UNI) and other VLAN is used for uplink interface (NNI).
This service can be deployed using EVC configuration model in conjunction with split-horizon and we would need only one VLAN/bridge-domain.
77. Protected port Service The protected port feature allows UNI kind of functionality.
This service can be deployed using EVC configuration model in conjunction with split-horizon.
The only drawback is that split-horizon need to be enabled per bridge-domain instead of per port but because of this reason it is more flexible.
78. Platform Support�
79. Cisco EVC Framework Platform Support
80. EVC Configuration Comparison (IOS XR & IOS) – L2VPN P2P service
81. EVC Configuration Comparison (IOS XR & IOS) – L2VPN MP bridging
82. Acronyms
84. ���Introduction to Metro Ethernet Forum (MEF) Ethernet Services�Appendix�
85. MEF Concepts and Terminology�CE, MEN and UNI CE:
Customer Equipment (Edge)
Router or IEEE 802.1 bridge/switch
MEN:
Metro Ethernet Network
Provide Ethernet service to CE
May employ various transports/media
UNI:
User-Network Interface
Demarcation between Customer and Provider
IEEE 802.3 PHY/MAC
86. MEF Service Attributes at a Glance
87. MEF Concepts and Terminology�Ethernet Virtual Connection (EVC) Ethernet Virtual Connection (or Circuit)
Conceptual visualization of an Ethernet Service
“An association of two or more UNIs”
Three types:
Point-to-Point EVC (E-Line)
Multipoint-to-Multipoint EVC (E-LAN)
Rooted-Multipoint EVC (E-Tree)
88. MEF Concepts and Terminology �Service Visualization
89. MEF Concepts and Terminology�Highlight of UNI Attributes Bundling: More than one CE-VLAN on a UNI mapped to an EVC
All-to-one Bundling: All CE-VLANs on a UNI mapped to a single EVC
Service Multiplexing: Support multiple EVCs over a UNI; EVC selection �is based on CE-VLAN value
90. Mapping MEF Services to Cisco EVC�Support for Various EVC Types E-Line:
Associate a point-to-point forwarding service to a Service Instance
Native Transport: Ethernet to Ethernet Local Switching (connect)
MPLS Transport: EoMPLS (xconnect)
E-LAN:
Associate a multipoint forwarding service (Bridge Domain) with EFPs
Native Transport: Ethernet multipoint bridging
MPLS Transport: VPLS
E-Tree:
Associate a rooted-multipoint forwarding service (Bridge Domain �with Split Horizon) with Service Instances
Native Transport: Service Instances
MPLS Transport: Service Instances and Pseudowires
91. Mapping MEF Services to Cisco EVC�Support for Bundling and Service Multiplexing
92. Configuring MEF Attributes Configuring EVC Identifier
PE(config)# ethernet evc <evc-name>
CE-VLAN ID/EVC Map
PE(config-if-srv)# ethernet lmi ce-vlan map {<vlan-id>[,<vlan-id>[-<vlain-id>]] | any | default | untagged}
UNI Count
PE(config-evc)# uni count {2 [multipoint] to 1024}
UNI Type
PE(config-if)# ethernet uni {bundle [all-to-one] | multiplex}
UNI Name
PE(config-if)# ethernet uni id <uni-name>
93. Configuring MEF UNI Variants
94. Configuring MEF UNI Variants (cont.)
