This feature module explains how to configure L2VPN Pseudowire Switching, which extends layer 2 virtual private network (L2VPN) pseudowires across an interautonomous system (inter-AS) boundary or across two separate multiprotocol label switching (MPLS) networks.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for L2VPN Pseudowire Switching
-
In Cisco IOS XE Release 2.4, Pseudowire Switching is supported on Ethernet over MPLS attachment circuits.
-
L2VPN Pseudowire Switching is supported with AToM.
-
Only static, on-box provisioning is supported.
-
Sequencing numbers in AToM packets are not processed by L2VPN Pseudowire Switching. The feature blindly passes the sequencing data through the xconnect packet paths, a process that is called transparent sequencing. The endpoint PE-CE connections enforce the sequencing.
-
You can ping the adjacent next-hop PE router. End-to-end LSP pings are not supported.
-
Do not configure IP or Ethernet interworking on a router where L2VPN Pseudowire Switching is enabled. Instead, configure interworking on the routers at the edge PEs of the network.
See AlsoMPLS Layer 2 VPNs Configuration Guide - Xconnect as a Client of BFD [Cisco ASR 1000 Series Aggregation Services Routers]Configure L2 Bridging across an L3 NetworkMPLS Configuration Guide, Cisco IOS XE 17.x - Xconnect as a Client of BFD [Cisco ASR 1000 Series Aggregation Services Routers]Nexus 9000 : Configuration et vérification de VXLAN Xconnect -
The control word negotiation results must match. If either segment does not negotiate the control word, the control word is disabled for both segments.
-
AToM Graceful Restart is negotiated independently on each pseudowire segment. If there is a transient loss of the LDP session between two AToM PE routers, packets continue to flow.
-
Per-pseudowire quality of service (QoS) is not supported. Traffic Engineering (TE) tunnel selection is supported.
-
Attachment circuit interworking is not supported.
Information About L2VPN Pseudowire Switching
How L2VPN Pseudowire Switching Works
L2VPN Pseudowire Switching allows the user to extend L2VPN pseudowires across an inter-AS boundary or across two separate MPLS networks, as shown in the figures below. L2VPN Pseudowire Switching connects two or more contiguous pseudowire segments to form an end-to-end multihop pseudowire. This end-to-end pseudowire functions as a single point-to-point pseudowire.
As shown in the second figure below, L2VPN Pseudowire Switching enables you to keep the IP addresses of the edge PE routers private across inter-AS boundaries. You can use the IP address of the autonomous system boundary routers (ASBRs) and treat them as pseudowire aggregation (PE-agg) routers. The ASBRs join the pseudowires of the two domains.
L2VPN Pseudowire Switching also enables you to keep different administrative or provisioning domains to manage the end-to-end service. At the boundaries of these networks, PE-agg routers delineate the management responsibilities.
![MPLS Layer 2 VPNs Configuration Guide - L2VPN Pseudowire Switching [Cisco ASR 1000 Series Aggregation Services Routers] (1)](https://i0.wp.com/www.cisco.com/c/dam/en/us/td/i/100001-200000/120001-130000/127001-128000/127912.ps/_jcr_content/renditions/127912.jpg "MPLS Layer 2 VPNs Configuration Guide - L2VPN Pseudowire Switching [Cisco ASR 1000 Series Aggregation Services Routers] (1)")
![MPLS Layer 2 VPNs Configuration Guide - L2VPN Pseudowire Switching [Cisco ASR 1000 Series Aggregation Services Routers] (2)](https://i0.wp.com/www.cisco.com/c/dam/en/us/td/i/100001-200000/120001-130000/127001-128000/127913.ps/_jcr_content/renditions/127913.jpg "MPLS Layer 2 VPNs Configuration Guide - L2VPN Pseudowire Switching [Cisco ASR 1000 Series Aggregation Services Routers] (2)")
How Packets Are Manipulated at the Aggregation Point
Switching AToM packets between two AToM pseudowires is the same as switching any MPLS packet. The MPLS switching data path switches AToM packets between two AToM pseudowires. The following list explains exceptions:
-
The outgoing virtual circuit (VC) label replaces the incoming VC label in the packet. New Internal Gateway Protocol (IGP) labels and Layer 2 encapsulation are added.
-
The incoming VC label time-to-live (TTL) field is decremented by one and copied to the outgoing VC label TTL field.
-
The incoming VC label EXP value is copied to the outgoing VC label EXP field.
-
The outgoing VC label ‘Bottom of Stack’ S bit in the outgoing VC label is set to1.
-
AToM control word processing is not performed at the L2VPN Pseudowire Switching aggregation point. Sequence numbers are not validated. Use the Router Alert label for LSP Ping; do not require control word inspection to determine an LSP Ping packet.
How to Configure L2VPN Pseudowire Switching
Configuring
Use the following procedure to configure L2VPN Pseudowire Switching on each of the PE-agg routers.
Before you begin
-
This procedure assumes that you have configured basic AToM L2VPNs. This procedure does not explain how to configure basic AToM L2VPNs that transport Layer 2 packets over an MPLS backbone. For information on the basic configuration, see Any Transport over MPLS.
-
For inter-Autonomous configurations, ASBRs require a labeled interface.
![MPLS Layer 2 VPNs Configuration Guide - L2VPN Pseudowire Switching [Cisco ASR 1000 Series Aggregation Services Routers] (3)](https://i0.wp.com/www.cisco.com/content/dam/en/us/td/i/templates/note.gif "MPLS Layer 2 VPNs Configuration Guide - L2VPN Pseudowire Switching [Cisco ASR 1000 Series Aggregation Services Routers] (3)") Note | In this configuration, you are limited to two neighbor commands after entering the l2 vfi command. > |
SUMMARY STEPS
- enable
- configure terminal
- l2 vfi name point-to-point
- neighbor ip-address vcid encapsulation mpls | pw-class pw-class-name
- exit
- exit
- show mpls l2transport vc [vcid [vc-id | [vc-id-min vc-id-max ]] [interface name [local-circuit-id ]] [destination ip-address | name ] [detail ]
- show vfi [vfi-name ]
- ping [protocol ] [tag ] {host-name | system-address }
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step1 | enable Example: | Enables privileged EXEC mode.
| ||
| Step2 | configure terminal Example: | Enters global configuration mode. | ||
| Step3 | l2 vfi name point-to-point Example: | Creates a point-to-point Layer 2 virtual forwarding interface (VFI) and enters VFI configuration mode. | ||
| Step4 | neighbor ip-address vcid encapsulation mpls | pw-class pw-class-name Example: | Sets up an emulated VC. Specify the IP address and the VC ID of the remote router. Also specify the pseudowire class to use for the emulated VC.
| ||
| Step5 | exit Example: | Exits VFI configuration mode. | ||
| Step6 | exit Example: | Exits global configuration mode. | ||
| Step7 | show mpls l2transport vc [vcid [vc-id | [vc-id-min vc-id-max ]] [interface name [local-circuit-id ]] [destination ip-address | name ] [detail ] Example: | Verifies that the L2VPN Pseudowire Switching session has been established. | ||
| Step8 | show vfi [vfi-name ] Example: | Verifies that a point-to-point VFI has been established. | ||
| Step9 | ping [protocol ] [tag ] {host-name | system-address } Example: | When issued from the CE routers, this command verifies end-to-end connectivity. |
Examples
The following example displays the output of the show mpls l2transport vc command:
Router# show mpls l2transport vcLocal intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ----- ---- MPLS PW 10.0.1.1:100 10.0.1.1 100 UP MPLS PW 10.0.1.1:100 10.0.1.1 100 UP The following example displays the output of the show vfi command:
Router# show vfiVFI name: test, type: point-to-point Neighbors connected via pseudowires: Router ID Pseudowire ID 10.0.1.1 100 10.0.1.1 100 How to Configure L2VPN Pseudowire Switching using the commands associated with the L2VPN Protocol-Based CLIs feature
Perform this task to configure L2VPN Pseudowire Switching on each of the PE-agg routers. In this configuration, you are limited to two neighbor commands after entering the l2vpn xconnect command.
Before you begin
-
This task assumes that you have configured basic AToM L2VPNs. This task does not explain how to configure basic AToM L2VPNs that transport Layer 2 packets over an MPLS backbone. For information on the basic configuration, see the “Any Transport over MPLS” section.
-
For interautonomous configurations, autonomous system boundary routers (ASBRs) require a labeled interface.
SUMMARY STEPS
- enable
- configure terminal
- interface pseudowire number
- encapsulation mpls
- neighbor peer-address vcid-value
- exit
- interface pseudowire number
- encapsulation mpls
- neighbor peer-address vcid-value
- exit
- l2vpn xconnect context context-name
- member pseudowire interface-number
- member ip-address vcid encapsulation mpls
- member pseudowire interface-number
- member ip-address vcid encapsulation mpls
- exit
- exit
- show l2vpn atom vc [vcid [vc-id | vc-id-min vc-id-max ]] [interface type number [local-circuit-id ]] [destination ip-address | name ] [detail ]
- ping [protocol ] [tag ] {hostname | system-address }
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step1 | enable Example: | Enables privileged EXEC mode.
| ||
| Step2 | configure terminal Example: | Enters global configuration mode. | ||
| Step3 | interface pseudowire number Example: | Specifies the pseudowire interface and enters interface configuration mode. | ||
| Step4 | encapsulation mpls Example: | Specifies that Multiprotocol Label Switching (MPLS) is used as the data encapsulation method. | ||
| Step5 | neighbor peer-address vcid-value Example: | Specifies the peer IP address and virtual circuit (VC) ID value of the Layer 2 VPN (L2VPN) pseudowire. | ||
| Step6 | exit Example: | Exits interface configuration mode. | ||
| Step7 | interface pseudowire number Example: | Specifies the pseudowire interface and enters interface configuration mode. | ||
| Step8 | encapsulation mpls Example: | Specifies that Multiprotocol Label Switching (MPLS) is used as the data encapsulation method. | ||
| Step9 | neighbor peer-address vcid-value Example: | Specifies the peer IP address and virtual circuit (VC) ID value of the Layer 2 VPN (L2VPN) pseudowire. | ||
| Step10 | exit Example: | Exits interface configuration mode. | ||
| Step11 | l2vpn xconnect context context-name Example: | Creates a Layer 2 VPN (L2VPN) cross connect context and enters xconnect configuration mode. | ||
| Step12 | member pseudowire interface-number Example: | Specifies a member pseudowire to form a Layer 2 VPN (L2VPN) cross connect. | ||
| Step13 | member ip-address vcid encapsulation mpls Example: | Specifies the devices that form a point-to-point Layer 2 VPN (L2VPN) virtual forwarding interface (VFI) connection.
| ||
| Step14 | member pseudowire interface-number Example: | Specifies a member pseudowire to form a Layer 2 VPN (L2VPN) cross connect. | ||
| Step15 | member ip-address vcid encapsulation mpls Example: | Specifies the devices that form a point-to-point Layer 2 VPN (L2VPN) virtual forwarding interface (VFI) connection.
| ||
| Step16 | exit Example: | Exits Xconnect configuration mode. | ||
| Step17 | exit Example: | Exits global configuration mode. | ||
| Step18 | show l2vpn atom vc [vcid [vc-id | vc-id-min vc-id-max ]] [interface type number [local-circuit-id ]] [destination ip-address | name ] [detail ] Example: | Displays information about Any Transport over MPLS (AToM) virtual circuits (VCs) and static pseudowires that have been enabled to route Layer 2 packets on a device. | ||
| Step19 | ping [protocol ] [tag ] {hostname | system-address } Example: | When issued from the CE routers, verifies end-to-end connectivity. |
Configuring
Use the following procedure to configure L2VPN Pseudowire Switching on each of the PE-agg routers.
Before you begin
-
This procedure assumes that you have configured basic AToM L2VPNs. This procedure does not explain how to configure basic AToM L2VPNs that transport Layer 2 packets over an MPLS backbone. For information on the basic configuration, see Any Transport over MPLS.
-
For inter-Autonomous configurations, ASBRs require a labeled interface.
Note | In this configuration, you are limited to two neighbor commands after entering the l2 vfi command. > |
SUMMARY STEPS
- enable
- configure terminal
- l2 vfi name point-to-point
- neighbor ip-address vcid encapsulation mpls | pw-class pw-class-name
- exit
- exit
- show mpls l2transport vc [vcid [vc-id | [vc-id-min vc-id-max ]] [interface name [local-circuit-id ]] [destination ip-address | name ] [detail ]
- show vfi [vfi-name ]
- ping [protocol ] [tag ] {host-name | system-address }
DETAILED STEPS
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step1 | enable Example: | Enables privileged EXEC mode.
| ||
| Step2 | configure terminal Example: | Enters global configuration mode. | ||
| Step3 | l2 vfi name point-to-point Example: | Creates a point-to-point Layer 2 virtual forwarding interface (VFI) and enters VFI configuration mode. | ||
| Step4 | neighbor ip-address vcid encapsulation mpls | pw-class pw-class-name Example: | Sets up an emulated VC. Specify the IP address and the VC ID of the remote router. Also specify the pseudowire class to use for the emulated VC.
| ||
| Step5 | exit Example: | Exits VFI configuration mode. | ||
| Step6 | exit Example: | Exits global configuration mode. | ||
| Step7 | show mpls l2transport vc [vcid [vc-id | [vc-id-min vc-id-max ]] [interface name [local-circuit-id ]] [destination ip-address | name ] [detail ] Example: | Verifies that the L2VPN Pseudowire Switching session has been established. | ||
| Step8 | show vfi [vfi-name ] Example: | Verifies that a point-to-point VFI has been established. | ||
| Step9 | ping [protocol ] [tag ] {host-name | system-address } Example: | When issued from the CE routers, this command verifies end-to-end connectivity. |
Examples
The following example displays the output of the show mpls l2transport vc command:
Router# show mpls l2transport vcLocal intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ----- ---- MPLS PW 10.0.1.1:100 10.0.1.1 100 UP MPLS PW 10.0.1.1:100 10.0.1.1 100 UP The following example displays the output of the show vfi command:
Router# show vfiVFI name: test, type: point-to-point Neighbors connected via pseudowires: Router ID Pseudowire ID 10.0.1.1 100 10.0.1.1 100 Configuration Examples for L2VPN Pseudowire Switching
L2VPN Pseudowire Switching in an Inter-AS Configuration Example
Two separate autonomous systems are able to pass L2VPN packets, because the two PE-agg routers have been configured with L2VPN Pseudowire Switching. This example configuration is shown in the figure below.
![MPLS Layer 2 VPNs Configuration Guide - L2VPN Pseudowire Switching [Cisco ASR 1000 Series Aggregation Services Routers] (5)](https://i0.wp.com/www.cisco.com/c/dam/en/us/td/i/200001-300000/270001-280000/274001-275000/274871.eps/_jcr_content/renditions/274871.jpg "MPLS Layer 2 VPNs Configuration Guide - L2VPN Pseudowire Switching [Cisco ASR 1000 Series Aggregation Services Routers] (5)")
| CE1 | CE2 |
|---|---|
| |
Additional References
Related Documents
| Related Topic | Document Title |
|---|---|
| Cisco IOS commands | Cisco IOS Master Command List, All Releases |
| MPLS commands | Cisco IOS Multiprotocol Label Switching Command Reference |
| L2VPN pseudowire redundancy | “L2VPN Pseudowire Redundancy” feature module in the MPLS Layer 2 VPNs Configuration Guide. |
| H-VPLS | “Configuring VPLS” in the “Configuring Multiprotocol Label Switching on the Optical Services Modules” chapter in the Optical Services Modules Installation and Configuration Notes, 12.2SR document. |
| MPLS traffic engineering | “MPLS Traffic Engineering Fast Reroute Link and Node Protection” feature module in the MPLS Traffic Engineering: Path, Link, and Node Protection Configuration Guide (part of the Multiprotocol Label Switching Configuration Guide Library) |
Standards
| Standard | Title |
|---|---|
| http://www.ietf.org/rfc/rfc4447.txt | Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) |
| http://www3.ietf.org/proceedings/06mar/IDs/draft-ietf-l2vpn-vpls-ldp-08.txt | Virtual Private LAN Services over MPLS |
| http://www.ietf.org/internet-drafts/draft-ietf-pwe3-segmented-pw-02.txt | Segmented Pseudo Wire |
| draft-ietf-pwe3-vccv-10.txt | Pseudo Wire Virtual Circuit Connectivity Verification (VCCV) |
| draft-ietf-pwe3-oam-msg-map-03.txt | Pseudo Wire (PW) OAM Message Mapping |
MIBs
| MIB | MIBs Link |
|---|---|
| Pseudowire Emulation Edge-to-Edge MIBs for Ethernet, Frame Relay, and ATM Services | To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs |
Technical Assistance
| Description | Link |
|---|---|
| The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. | http://www.cisco.com/cisco/web/support/index.html |
Feature Information for L2VPN Pseudowire Switching
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.| Feature Name | Releases | Feature Information |
|---|---|---|
| L2VPN Pseudowire Switching | Cisco IOS XE Release 2.4 | The L2VPN Pseudowire Switching feature extends layer 2 virtual private network (L2VPN) pseudowires across an interautonomous system (inter-AS) boundary or across two separate multiprotocol label switching (MPLS) networks. In Cisco IOS XE Release 2.4, The L2VPN Pseudowire Switching feature is supported with Ethernet over MPLS. The following commands were introduced or modified: l2 vfi point-to-point , neighbor (L2VPN Pseudowire Switching), show vfi . |
![MPLS Layer 2 VPNs Configuration Guide - L2VPN Pseudowire Switching [Cisco ASR 1000 Series Aggregation Services Routers] (2024)](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/h8AAvMB+NzmkbcAAAAASUVORK5CYII=)