I am investigating the implementation of a VPLS roll out over an existing MPLS network. The current PE devices are running MPLS and M-BGP with no issues and layer-3 services are running for our customers. Recently we have began to have requests for layer-2 services and we have used the occassional xconnect without issues to achieve this, however we are looking to provide more advanced any-any connectivity for one of the customers which is making VPLS look like a good option for us. When we were using a layer-2 xconnect we would simply present the layer-2 connection on a sub-interface on the PE device and bridge it through the CPE router using bridge-groups - which is not very elegant but it does work. Sometime the downstream CPE device is actually a switch using SVI's and in this instance we can simply switch the connection straight though at layer-2.
My issue is that the CPE's in use are primarily routers (and not switches that can implement SVI's) so the connection configuration from the PE to the CPE is configured using sub-interfaces on routed ports rather than trunks and VLAN interfaces. I can amend this easily enough on the PE devices (6509 and 760x) however C290x, C1812 and C2811 devices only work using sub-interfaces so you cannot use SVIs - please correct me if this is wrong...
The configuration examples I have seen for VPLS implies its the whole interface that is configured on the PE device using "switchport mode dot1q-tunnel" or similar.
Existing - MPLS PE --> Trunk containing sub-interfaces with L3 P-2-P connections and L2 xconnect --> CPE router
Required - MPLS PE --> Trunk containing sub-interfaces with L3 P-2-P connections, VPLS and L2 xconnect --> CPE router
Is there any sneaky way to index sub-interfaces into VPLS or does it have to be the whole port? Q-in-Q for example appears to be a switch function and not router option as it requires switchport commands which are not available on a router CPE such as the C1812, C290x and C28xx.
If need be then I will recommend that the CPE devices need to be swapped out for a L3 switch, however this would add greatly to any design implementation costs and I would like to retain the existing CPE routers if possible.
In a nutshell here we have a remote CPE connected over a WAN link of some sort and I want to be able to offer existing Layer-3 services, EoMPLS xconnect services and VPLS all over the same WAN bearer where the CPE is a router and not a switch.
There is an option on 2900, 1800, 2800 series router to add switching modules and this will help add the switching funtionality and the CLI's related to it. It shall solve your purpose. Please refer to the below mentioned white paper:
Thanks for the response Vinijain. The HWIC modules you refer to appears to add some but not all of the required functionality. For example L2TPv3 is supported under v15.x using a data licence, however I never seem to be able to run the q-in-q encapsulation "encapsulation dot1q-tunnel" on the switchport of the HWIC module.
I have been digging for a while now (on and off) and still seem to be unable to locate the ideal solution without starting to replace bits of CE and PE kit which begins to get expensive...
The Customer CE doesnt require a Switch with VPLS, in your case if your CE router can use dot1q tagging on the router , it should be enough to create a VPLS instances between your PEs and trunk those VLANs between your PEs to the CEs.
All Layer-3 addressing then would be configured and assigned at the CE routers which Sees other CEs as a Single FLat Network.
With XR 4.2.0 the ASR9000 is releasing a new line of hardware models. This amongst others is the RSP440, the next generation RSP with faster switch fabric along with Typhoon based Linecards, the next generation network processor.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on...
Internet security is important with the increasing attacks that are happening every day. Many internet and browsing security solutions exist, but some are not very easy to use or maybe the question is how can I enable them?