info_i_25x25.png See important information about Ubiquiti Devices and KRACK Vulnerability in this article. We will update this document as more information becomes available.

EdgeRouter - Basic Virtual Private LAN Service (VPLS) with LDP Signaling Configuration

Overview


In this article the reader will learn how to connect multiple sites, so they behave as if they were on the same layer-2 network, by setting up a VPLS (Virtual Private LAN Service) using Label Distribution Protocol (LDP) for signaling. 

Table of Contents


  1. The Scenario
  2. Interface and OSPF Configuration

  3. LDP and VPLS Configuration

  4. Operational Status

  5. MAC Address Learning

The Scenario


Virtual Private LAN Service (VPLS) allows multiple sites to be connected and behave like a single layer-2 network, i.e., the different sites using VPLS are basically "on the same LAN" as if they are directly connected. As an example, consider the following scenario:

 

The goal is to connect sites A and B together. In this example, R1, R2, and R3 are the service provider's routers: R1 and R3 are "Provider EdgeRouters" (PE routers), and R2 is a "Provider router" (P router). The provider offers VPLS by providing each site an Ethernet connection (eth0 in this example) on the PE routers. With VPLS, broadcast, multicast, VLANs, etc. can all work across the two sites as if they are on the same layer-2 network.

In this article, we will look at setting up VPLS in the above scenario using Label Distribution Protocol (LDP) for signaling.

Interface and OSPF Configuration


Back to Top

First, set up interface addresses, MTU, and OSPF configuration on each router: 

R1

set interfaces ethernet eth1 address 10.10.10.1/24
set interfaces ethernet eth1 mtu 1526
set interfaces ethernet eth0 mtu 1504
set interfaces loopback lo address 10.100.0.1/32
set protocols ospf area 0.0.0.0 network 10.0.0.0/8

R2

set interfaces ethernet eth2 address 10.10.10.2/24
set interfaces ethernet eth2 mtu 1526
set interfaces ethernet eth1 address 10.11.11.2/24
set interfaces ethernet eth1 mtu 1526
set interfaces loopback lo address 10.100.0.2/32
set protocols ospf area 0.0.0.0 network 10.0.0.0/8

R3

set interfaces ethernet eth2 address 10.11.11.3/24
set interfaces ethernet eth2 mtu 1526
set interfaces ethernet eth0 mtu 1504
set interfaces loopback lo address 10.100.0.3/32
set protocols ospf area 0.0.0.0 network 10.0.0.0/8 

Note that we are setting the MTU to 1504 on the "customer side", and 1526 on the "provider side". This is to accommodate one possible VLAN tag for the LAN traffic, i.e., this would allow normal 1500-byte MTU for the sites A and B LANs for both non-VLAN and VLAN (single tag) traffic.

LDP and VPLS Configuration


Back to Top

R1

set protocols mpls interface eth1 label-switching
set protocols vpls instance vpls1 id 1 signaling ldp vpls-peer 10.100.0.3
set protocols vpls interface eth0 instance vpls1
set protocols ldp interface eth1 enable ipv4
set protocols ldp targeted-peer ipv4 10.100.0.3
set protocols ldp transport-address ipv4 10.100.0.1

R2

set protocols mpls interface eth1 label-switching
set protocols mpls interface eth2 label-switching
set protocols ldp interface eth1 enable ipv4
set protocols ldp interface eth2 enable ipv4
set protocols ldp transport-address ipv4 10.100.0.2

R3

set protocols mpls interface eth2 label-switching
set protocols vpls instance vpls1 id 1 signaling ldp vpls-peer 10.100.0.1
set protocols vpls interface eth0 instance vpls1
set protocols ldp interface eth2 enable ipv4
set protocols ldp targeted-peer ipv4 10.100.0.1
set protocols ldp transport-address ipv4 10.100.0.3

Note that VPLS is only configured on the "PE routers" and is not needed on the "P router". Also the PE routers for a VPLS instance need to know the others (i.e., "full mesh" configuration is needed).

Operational Status


Back to Top

There are "show" commands available to display the operational status of the various protocols. For example:

R1

ubnt@ubnt:~$ show ip route ospf 
IP Route Table for VRF "default"
O    *> 10.11.11.0/24 [110/11] via 10.10.10.2, eth1, 00:31:32
O    *> 10.100.0.2/32 [110/20] via 10.10.10.2, eth1, 00:31:32
O    *> 10.100.0.3/32 [110/21] via 10.10.10.2, eth1, 00:31:32
Gateway of last resort is not set

ubnt@ubnt:~$ 
ubnt@ubnt:~$ show ldp session 
Peer IP Address           IF Name    My Role    State      KeepAlive
10.100.0.3                eth1       Passive   OPERATIONAL   30
10.100.0.2                eth1       Passive   OPERATIONAL   30
ubnt@ubnt:~$ 
ubnt@ubnt:~$ show mpls forwarding-table 
Codes: > - selected FTN, p - stale FTN, B - BGP FTN, K - CLI FTN,
       L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, I - IGP-Shortcut,
       U - unknown FTN
Code    FEC                 FTN-ID    Tunnel-id   Pri  Nexthop          Out-Label    Out-Intf     LSP-Type
L>      10.11.11.0/24       1         0           Yes  10.10.10.2       3            eth1         LSP_DEFAULT
L>      10.100.0.2/32       2         0           Yes  10.10.10.2       3            eth1         LSP_DEFAULT
L>      10.100.0.3/32       3         0           Yes  10.10.10.2       17           eth1         LSP_DEFAULT

ubnt@ubnt:~$

R2

ubnt@ubnt:~$ show ip route ospf 
IP Route Table for VRF "default"
O    *> 10.100.0.1/32 [110/11] via 10.10.10.1, eth2, 00:32:55
O    *> 10.100.0.3/32 [110/11] via 10.11.11.3, eth1, 00:32:56
Gateway of last resort is not set

ubnt@ubnt:~$ 
ubnt@ubnt:~$ show ldp session 
Peer IP Address           IF Name    My Role    State      KeepAlive
10.100.0.3                eth1       Passive   OPERATIONAL   30
10.100.0.1                eth2       Active    OPERATIONAL   30
ubnt@ubnt:~$ 
ubnt@ubnt:~$ show mpls forwarding-table 
Codes: > - selected FTN, p - stale FTN, B - BGP FTN, K - CLI FTN,
       L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, I - IGP-Shortcut,
       U - unknown FTN
Code    FEC                 FTN-ID    Tunnel-id   Pri  Nexthop          Out-Label    Out-Intf     LSP-Type
L>      10.100.0.1/32       1         0           Yes  10.10.10.1       3            eth2         LSP_DEFAULT
L>      10.100.0.3/32       2         0           Yes  10.11.11.3       3            eth1         LSP_DEFAULT

ubnt@ubnt:~$

R3

ubnt@ubnt:~$ show ip route ospf
IP Route Table for VRF "default"
O    *> 10.10.10.0/24 [110/2] via 10.11.11.2, eth2, 00:33:35
O    *> 10.100.0.1/32 [110/12] via 10.11.11.2, eth2, 00:33:34
O    *> 10.100.0.2/32 [110/11] via 10.11.11.2, eth2, 00:33:35
Gateway of last resort is not set

ubnt@ubnt:~$
ubnt@ubnt:~$ show ldp session 
Peer IP Address           IF Name    My Role    State      KeepAlive
10.100.0.1                eth2       Active    OPERATIONAL   30
10.100.0.2                eth2       Active    OPERATIONAL   30
ubnt@ubnt:~$ 
ubnt@ubnt:~$ show mpls forwarding-table 
Codes: > - selected FTN, p - stale FTN, B - BGP FTN, K - CLI FTN,
       L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, I - IGP-Shortcut,
       U - unknown FTN
Code    FEC                 FTN-ID    Tunnel-id   Pri  Nexthop          Out-Label    Out-Intf     LSP-Type
L>      10.10.10.0/24       1         0           Yes  10.11.11.2       3            eth2         LSP_DEFAULT
L>      10.100.0.1/32       2         0           Yes  10.11.11.2       16           eth2         LSP_DEFAULT
L>      10.100.0.2/32       3         0           Yes  10.11.11.2       3            eth2         LSP_DEFAULT

ubnt@ubnt:~$

MAC Address Learning


Back to Top

After the above configuration is done, hosts in sites A and B can communicate with each other as if they are on the same network, e.g., DHCP server at one site can server clients at the other site. When there is traffic across the two sites, the MAC addresses "learned" by the routers can be displayed using the "show vpls <instance_name> mac-address" operational command. For example: 

R1

ubnt@ubnt:~$ show vpls vpls1 mac-address 

VPN-ID: 1
Port: eth0 Vlan: 100 MAC: xx:xx:xx:xx:xx:xx
Port: eth0 Vlan: 1 MAC: xx:xx:xx:xx:xx:xx
Port: eth1 Peer: 10.100.0.3 MAC: xx:xx:xx:xx:xx:xx
Port: eth1 Peer: 10.100.0.3 MAC: xx:xx:xx:xx:xx:xx

ubnt@ubnt:~$

R3

ubnt@ubnt:~$ show vpls vpls1 mac-address 

VPN-ID: 1
Port: eth2 Peer: 10.100.0.1 MAC: xx:xx:xx:xx:xx:xx
Port: eth2 Peer: 10.100.0.1 MAC: xx:xx:xx:xx:xx:xx
Port: eth0 Vlan: 100 MAC: xx:xx:xx:xx:xx:xx
Port: eth0 Vlan: 1 MAC: xx:xx:xx:xx:xx:xx

ubnt@ubnt:~$

In the above example, at each site there is one host in VLAN 1 (non-VLAN) and another host in VLAN 100, and their MAC addresses are displayed in the show command output.