EdgeRouter - Basic Virtual Private LAN Service (VPLS) with LDP Signaling Configuration


Overview


This article explains how to connect multiple sites, so they behave as if they were on the same layer-2 network, by setting up a VPLS (Virtual Private LAN Service) using Label Distribution Protocol (LDP) for signaling. 

NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. 

Table of Contents


  1. Scenario Description
  2. Interface and OSPF Configuration
  3. LDP and VPLS Configuration
  4. Operational Status
  5. MAC Address Learning
  6. Related Articles

Scenario Description


Back to Top

Virtual Private LAN Service (VPLS) allows multiple sites to be connected and behave like a single layer-2 network. For example, the different sites using VPLS are basically "on the same LAN" as if they were directly connected. As an example, consider the following topology:

 

EdgeRouter-Basic-Virtual-Private-LAN-Service-_VPLS_-w-LDP-Signaling-Configuration.png

The goal is to connect sites A and B together. In this example, R1, R2, and R3 are the service provider's routers: R1 and R3 are "Provider EdgeRouters" (PE routers), and R2 is a "Provider router" (P router). The provider offers VPLS by providing each site an Ethernet connection (eth0 in this example) on the PE routers. With VPLS, broadcast, multicast, VLANs, and others can all work across the two sites as if they were on the same layer-2 network.

This article demonstrates how to set up VPLS as seen in the scenario above using Label Distribution Protocol (LDP) for signaling.

NOTE: The traffic itself passing through the VPLS is not encrypted. Although this is generally a secure method of allowing for layer-2 traffic to pass from multiple different sites, implementing IPsec over MPLS is another way to increase the security of the network.

Interface and OSPF Configuration


Back to Top

First, set up interface addresses, MTU, and OSPF configuration on each router: 

R1

set interfaces ethernet eth1 address 10.10.10.1/24
set interfaces ethernet eth1 mtu 1526
set interfaces ethernet eth0 mtu 1504
set interfaces loopback lo address 10.100.0.1/32
set protocols ospf area 0.0.0.0 network 10.0.0.0/8

R2

set interfaces ethernet eth2 address 10.10.10.2/24
set interfaces ethernet eth2 mtu 1526
set interfaces ethernet eth1 address 10.11.11.2/24
set interfaces ethernet eth1 mtu 1526
set interfaces loopback lo address 10.100.0.2/32
set protocols ospf area 0.0.0.0 network 10.0.0.0/8

R3

set interfaces ethernet eth2 address 10.11.11.3/24
set interfaces ethernet eth2 mtu 1526
set interfaces ethernet eth0 mtu 1504
set interfaces loopback lo address 10.100.0.3/32
set protocols ospf area 0.0.0.0 network 10.0.0.0/8 
NOTE: The MTU on the "customer side" is set to 1504, and 1526 on the "provider side". This is to accommodate one possible VLAN tag for the LAN traffic. This would allow normal 1500-byte MTU for the sites A and B LANs for both non-VLAN and VLAN (single tag) traffic.

LDP and VPLS Configuration


Back to Top

R1

set protocols mpls interface eth1 label-switching
set protocols vpls instance vpls1 id 1 signaling ldp vpls-peer 10.100.0.3
set protocols vpls interface eth0 instance vpls1
set protocols ldp interface eth1 enable ipv4
set protocols ldp targeted-peer ipv4 10.100.0.3
set protocols ldp transport-address ipv4 10.100.0.1

R2

set protocols mpls interface eth1 label-switching
set protocols mpls interface eth2 label-switching
set protocols ldp interface eth1 enable ipv4
set protocols ldp interface eth2 enable ipv4
set protocols ldp transport-address ipv4 10.100.0.2

R3

set protocols mpls interface eth2 label-switching
set protocols vpls instance vpls1 id 1 signaling ldp vpls-peer 10.100.0.1
set protocols vpls interface eth0 instance vpls1
set protocols ldp interface eth2 enable ipv4
set protocols ldp targeted-peer ipv4 10.100.0.1
set protocols ldp transport-address ipv4 10.100.0.3

Note that VPLS is only configured on the "PE routers" and is not needed on the "P router". Also the PE routers for a VPLS instance need to know the others (i.e., "full mesh" configuration is needed).


Operational Status


Back to Top

There are "show" commands available to display the operational status of the various protocols. For example:

R1

show ip route ospf 
IP Route Table for VRF "default"
O    *> 10.11.11.0/24 [110/11] via 10.10.10.2, eth1, 00:31:32
O    *> 10.100.0.2/32 [110/20] via 10.10.10.2, eth1, 00:31:32
O    *> 10.100.0.3/32 [110/21] via 10.10.10.2, eth1, 00:31:32
Gateway of last resort is not set

show ldp session 
Peer IP Address           IF Name    My Role    State      KeepAlive
10.100.0.3                eth1       Passive   OPERATIONAL   30
10.100.0.2                eth1       Passive   OPERATIONAL   30

show mpls forwarding-table 
Codes: > - selected FTN, p - stale FTN, B - BGP FTN, K - CLI FTN,
       L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, I - IGP-Shortcut,
       U - unknown FTN
Code    FEC                 FTN-ID    Tunnel-id   Pri  Nexthop          Out-Label    Out-Intf     LSP-Type
L>      10.11.11.0/24       1         0           Yes  10.10.10.2       3            eth1         LSP_DEFAULT
L>      10.100.0.2/32       2         0           Yes  10.10.10.2       3            eth1         LSP_DEFAULT
L>      10.100.0.3/32       3         0           Yes  10.10.10.2       17           eth1         LSP_DEFAULT

ubnt@ubnt:~$

R2

show ip route ospf 
IP Route Table for VRF "default"
O    *> 10.100.0.1/32 [110/11] via 10.10.10.1, eth2, 00:32:55
O    *> 10.100.0.3/32 [110/11] via 10.11.11.3, eth1, 00:32:56
Gateway of last resort is not set

show ldp session 
Peer IP Address           IF Name    My Role    State      KeepAlive
10.100.0.3                eth1       Passive   OPERATIONAL   30
10.100.0.1                eth2       Active    OPERATIONAL   30

show mpls forwarding-table 
Codes: > - selected FTN, p - stale FTN, B - BGP FTN, K - CLI FTN,
       L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, I - IGP-Shortcut,
       U - unknown FTN
Code    FEC                 FTN-ID    Tunnel-id   Pri  Nexthop          Out-Label    Out-Intf     LSP-Type
L>      10.100.0.1/32       1         0           Yes  10.10.10.1       3            eth2         LSP_DEFAULT
L>      10.100.0.3/32       2         0           Yes  10.11.11.3       3            eth1         LSP_DEFAULT

R3

show ip route ospf
IP Route Table for VRF "default"
O    *> 10.10.10.0/24 [110/2] via 10.11.11.2, eth2, 00:33:35
O    *> 10.100.0.1/32 [110/12] via 10.11.11.2, eth2, 00:33:34
O    *> 10.100.0.2/32 [110/11] via 10.11.11.2, eth2, 00:33:35
Gateway of last resort is not set

show ldp session 
Peer IP Address           IF Name    My Role    State      KeepAlive
10.100.0.1                eth2       Active    OPERATIONAL   30
10.100.0.2                eth2       Active    OPERATIONAL   30

show mpls forwarding-table 
Codes: > - selected FTN, p - stale FTN, B - BGP FTN, K - CLI FTN,
       L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, I - IGP-Shortcut,
       U - unknown FTN
Code    FEC                 FTN-ID    Tunnel-id   Pri  Nexthop          Out-Label    Out-Intf     LSP-Type
L>      10.10.10.0/24       1         0           Yes  10.11.11.2       3            eth2         LSP_DEFAULT
L>      10.100.0.1/32       2         0           Yes  10.11.11.2       16           eth2         LSP_DEFAULT
L>      10.100.0.2/32       3         0           Yes  10.11.11.2       3            eth2         LSP_DEFAULT

MAC Address Learning


Back to Top

After the above configuration is done, hosts in sites A and B can communicate with each other as if they were on the same network. For example, a DHCP server at one site can server clients at the other site. When there is traffic across the two sites, the MAC addresses "learned" by the routers can be displayed using the "show vpls <instance_name> mac-address" operational command. For example: 

R1

show vpls vpls1 mac-address 

VPN-ID: 1
Port: eth0 Vlan: 100 MAC: xx:xx:xx:xx:xx:xx
Port: eth0 Vlan: 1 MAC: xx:xx:xx:xx:xx:xx
Port: eth1 Peer: 10.100.0.3 MAC: xx:xx:xx:xx:xx:xx
Port: eth1 Peer: 10.100.0.3 MAC: xx:xx:xx:xx:xx:xx

R3

show vpls vpls1 mac-address 

VPN-ID: 1
Port: eth2 Peer: 10.100.0.1 MAC: xx:xx:xx:xx:xx:xx
Port: eth2 Peer: 10.100.0.1 MAC: xx:xx:xx:xx:xx:xx
Port: eth0 Vlan: 100 MAC: xx:xx:xx:xx:xx:xx
Port: eth0 Vlan: 1 MAC: xx:xx:xx:xx:xx:xx

In the above example, at each site there is one host in VLAN 1 (non-VLAN) and another host in VLAN 100, and their MAC addresses are displayed in the show command output.


Related Articles


Back to Top

Intro to Networking - How to Establish a Connection using SSH

EdgeRouter - OSPF Routing


We're sorry to hear that!