Knowledge in one place.
By Guilherme Pfeiff - Network Applications Engineer
The network, known today as the Internet, is made up of millions of interconnected equipment from the most varied manufacturers. In order for them to interoperate, international standards must be followed. The standards defined by the IEEE, ITU-T and IETF bodies aim to guide manufacturers on how each relevant network protocol should be developed and implemented.
Even though these standards exist, there are several non-mandatory parts in the development of the standard that the manufacturer can choose to insert its standard or its default configuration. These implementation details can generate an incompatibility or need to change the factory configuration for the equipment to communicate. An example that we can cite (and that we will see in more detail later in the article) in this question of difference in default configuration is the size of the MTU (Maximum Transmission Unit) of a circuit delivered through an L2VPN MPLS between Datacom and Huawei *:
In the Datacom equipment, we used the size of 9,198 Bytes in the initial configuration, while the equipment of the manufacturer Huawei *, such as S6720 for example, uses the size of 1,500 Bytes as standard. This small configuration detail makes the VPN not up, and as a consequence, there is no delivery of customer traffic.
This small example shows us that in addition to reliability, ease of configuration, technical support and price, both large operators and small Internet service providers must also evaluate the interoperability issue when designing their networks.
Aware of this concern, Datacom has a system of systemic tests that validate compatibility with equipment from the main world manufacturers. With each new firmware version, these tests are automatically re-performed to ensure that there was no compatibility break.
1.1 What will we see in this article?
To demonstrate the compatibility of MPLS Datacom and Huawei *, a simple scenario with a linear topology involving 1x DM4370 (EDD 10G Datacom) and 2x Huawei S6720 * was set up. In this topology we create an OSPF and L2VPNs infrastructure of the VPWS and VPLS types.
During the article you will see all the parameters necessary for VPNs to rise, however it is important to note that most of the incompatibility problems in this scenario are related to the MTU configuration of L2VPNs.
If you want to check how to change the MTU sizes on the Datacom equipment interfaces, you can skip to the end of the article (Chapter 5. MTU).
2 Basic Infrastructure Configurations
2.1 OSPFv2
OSPFv2 was the IGP (Internal Gateway Protocol) used to route addresses and serve as part of the infrastructure of our scenario.
The topology below will be used to demonstrate the configuration of OSPFv2.
Figure 1. Scenario - OSPFv2 protocol
This topology presents the OSPF configuration in area 0 with a point-to-point network-type through the following parameters:
- DM4370: L3 interface on VLAN 10 with IPv4 address 200.0.0.1/30 and loopback interface with IPv4 200.200.200.3/32 being used as router-id in OSPFv2 in area 0.
- Huawei S6720-1 *: L3 interface on VLAN 10 with IPv4 address 200.0.0.2/30, VLAN 20 with IPv4 address 200.0.0.5/30 and loopback interface with IPv4 200.200.200.1/32 being used as router-id in OSPFv2 on area 0.
- Huawei S6720-2 *: L3 interface on VLAN 20 with IPv4 address 200.0.0.6/30 and loopback interface with IPv4 200.200.200.2/32 being used as router-id in OSPFv2 in area 0.
Configuration - DM4370
configure
dot1q
vlan 10
interface ten-gigabit-ethernet-1/1/1
!
!
!
!
interface l3 OSPF
ipv4 address 200.0.0.1/30
lower-layer-if vlan 10
!
!
!
interface loopback 0
ipv4 address 200.200.200.3/32
!
!
!
router ospf 1
router-id 200.200.200.3
area 0
interface l3-OSPF
network-type point-to-point
!
interface loopback-0
!
!
!
Configuration - Huawei S6720-1
system-view
#
vlan batch 10 20
#
interface Vlanif10
ip address 200.0.0.2 255.255.255.252
ospf network-type p2p
#
interface Vlanif20
ip address 200.0.0.5 255.255.255.252
ospf network-type p2p
#
interface XGigabitEthernet0/0/21
port link-type trunk
port trunk allow-pass vlan 10
#
interface XGigabitEthernet0/0/22
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack0
ip address 200.200.200.1 255.255.255.255
#
ospf 1 router-id 200.200.200.1
area 0.0.0.0
network 200.0.0.0 0.0.0.3
network 200.0.0.4 0.0.0.3
network 200.200.200.1 0.0.0.0
#
Configuration - Huawei S6720-2
system-view
#
vlan batch 20
#
interface Vlanif20
ip address 200.0.0.6 255.255.255.252
ospf network-type p2p
#
interface XGigabitEthernet0/0/22
port link-type trunk
port trunk allow-pass vlan 20
#
interface LoopBack0
ip address 200.200.200.2 255.255.255.255
#
ospf 1 router-id 200.200.200.2
area 0.0.0.0
network 200.0.0.4 0.0.0.3
network 200.200.200.2 0.0.0.0
#
Below are the main commands available to perform the OSPFv2 verification.
Troubleshooting
show ip ospf
show ip ospf neighbor
show ip ospf database
show ip ospf interface
show ip ospf detail
show ip ospf extensive
show ip ospf brief
show ip ospf database external
show ip route ospf
show ip rib ospf
2.2 LDP - Label Distribution Protocol
LDP requires the configuration of a routing protocol. OSPF, shown in the previous item, was used as a basis.
The topology below will be used to demonstrate the configuration of the MPLS infrastructure using LDP.
Figure 2. Example scenario with the LDP infrastructure
Configuration - Huawei S6720-1
configure
mpls ldp
lsr-id loopback-0
interface l3-VLAN10
!
neighbor targeted 200.200.200.2
!
!
!
Configuration - Huawei S6720-2
#
mpls lsr-id 200.200.200.2
mpls
#
mpls l2vpn
#
mpls ldp
#
#
mpls ldp remote-peer dm4370
remote-ip 200.200.200.3
#
interface Vlanif20
mpls
mpls ldp
#
Below are the main commands available to perform the LDP check.
Troubleshooting
show mpls ldp database
show mpls ldp neighbor
show mpls ldp parameters
3 MPLS L2VPN VPWS
In this item, some scenarios and interoperability configurations of VPWS and VPLS between Datacom DmOS equipment with Huawei * will be demonstrated.
The scenario below will be used to demonstrate the configurations of VPWS L2VPNs between the DM4370 and the Huawei S6720-2.
Figura 3. Exemplo de cenário com L2VPN VPWS
3.1 L2VPN VPWS with pw-type VLAN
When selecting the pw-type as VLAN, all VPN traffic will be transported with service-delimiting or service VLAN tags.
Below are 2 examples of VPWS configurations: pw-type vlan + vlan based; pw-type vlan port based.
3.1.1 VPWS VLAN Based with pw-type VLAN
This configuration mode allows the connection of several clients on the same access interface, as the VPN encapsulation is done when the packet received on the access port is matched in the vlan. In DmOS this is done through the “access-interface” + “dot1q” config as shown in the example below.
Configuration – DM4370
config
mpls l2vpn
vpws-group HUAWEI
vpn 1000
neighbor 200.200.200.2
pw-type vlan
pw-id 1000
!
access-interface ten-gigabit-ethernet-1/1/4
dot1q 1000
!
!
!
Configuration - Huawei S6720-2
system-view
#
vlan batch 1000
#
mpls l2vpn
#
interface Vlanif1000
mpls l2vc 200.200.200.3 1000 mtu 9198
#
interface XGigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 1000
#
Below are the main commands available to verify L2VPNs VPWS.
Troubleshooting
show mpls l2vpn vpws-group brief
show mpls l2vpn vpws-group detail
show mpls forwarding-table
show mpls l2vpn hardware
show mpls l2vpn counters vpws-group <Group Name> vpn-name <VPN Name>
clear mpls l2vpn counters vpws-group <Group Name> vpn-name <VPN Name>
3.1.2 VPWS Port Based with pw-type VLAN
In port based VPN, all traffic received on the PE access interface will be encapsulated, whether with or without VLAN dialing. The exception to this rule occurs if there are other VPNs of the VLAN Based type configured on this same access port. In this case, VLANs that match VPNs will be encapsulated by their respective VPNs, while all traffic that does not match VLANs will be encapsulated by the Port Based VPN. This configuration is done through the use of "VLAN Delimiting" as shown below.
Configuration – DM4370
config
mpls l2vpn
vpws-group HUAWEI
vpn 1000
neighbor 200.200.200.2
pw-type vlan 1000
pw-id 1000
!
access-interface ten-gigabit-ethernet-1/1/4
!
!
!
Configuration - Huawei S6720-2
system-view
#
vlan batch 1000
#
mpls l2vpn
#
interface Vlanif1000
mpls l2vc 200.200.200.3 1000 mtu 9198
#
interface XGigabitEthernet0/0/24
port link-type dot1q-tunnel
port default vlan 1000
#
Below are the main commands available to verify L2VPNs VPWS.
Troubleshooting
show mpls l2vpn vpws-group brief
show mpls l2vpn vpws-group detail
show mpls forwarding-table
show mpls l2vpn hardware
show mpls l2vpn counters vpws-group <Group Name> vpn-name <VPN Name>
clear mpls l2vpn counters vpws-group <Group Name> vpn-name <VPN Name>
3.2 L2VPN VPWS WITH PW-TYPE ETHERNET
When selecting the pw-type as Ethernet, all VPN traffic will be carried without a service VLAN tag or service-delimiting.
Below are 2 examples of VPWS configurations: pw-type vlan + vlan based; pw-type vlan port based.
3.2.1 VPWS Port Based with pw-type Ethernet
In port based VPN, all traffic received on the PE access interface will be encapsulated, whether with or without VLAN dialing. The exception to this rule occurs if there are other VPNs of the VLAN Based type configured on this same access port. In this case, VLANs that match VPNs will be encapsulated by their respective VPNs, while all traffic that does not match VLANs will be encapsulated by the Port Based VPN.
Configuration – DM4370
config
mpls l2vpn
vpws-group HUAWEI
vpn 1000
neighbor 200.200.200.2
pw-type ethernet
pw-id 1000
!
access-interface ten-gigabit-ethernet-1/1/4
!
!
!
Configuration - Huawei S6720-2
system-view
#
mpls l2vpn
#
interface XGigabitEthernet0/0/24
undo portswitch
mtu 9198
mpls
mpls mtu 9198
mpls l2vc 200.200.200.3 1000
#
Below are the main commands available to verify L2VPNs VPWS.
Troubleshooting
show mpls l2vpn vpws-group brief
show mpls l2vpn vpws-group detail
show mpls forwarding-table
show mpls l2vpn hardware
show mpls l2vpn counters vpws-group <Group Name> vpn-name <VPN Name>
clear mpls l2vpn counters vpws-group <Group Name> vpn-name <VPN Name>
4 MPLS L2VPN VPLS
The scenario below will be used to demonstrate the configurations of VPLS L2VPNs between the DM4370 and the Huawei S6720-2 *.
Figura 4. Exemplo de cenário com L2VPN VPLS
4.1 L2VPN VPLS WITH PW-TYPE VLAN
When selecting the pw-type as VLAN, all VPN traffic will be transported with service-delimiting or service VLAN tags.
Below are 2 examples of VPLS configurations: pw-type vlan + vlan based; pw-type vlan port based.
4.1.1 VPLS VLAN Based with pw-type VLAN
This configuration mode allows the connection of several clients on the same access interface, since the VPN encapsulation is performed when the packets received on the access port match the VLAN. In DmOS this is done through the “access-interface” + “dot1q” config as shown in the example below.
Configuration – DM4370
config
mpls l2vpn
vpls-group HUAWEI
vpn 1001
vfi
pw-type vlan
neighbor 200.200.200.2
pw-id 1001
!
!
bridge-domain
dot1q 1001
access-interface ten-gigabit-ethernet-1/1/4
!
!
!
!
!
Configuration - Huawei S6720-2
vlan batch 1001
#
vsi VPLS1001 static
pwsignal ldp
vsi-id 1001
peer 200.200.200.3
mtu 9198
#
interface Vlanif1001
l2 binding vsi VPLS1001
#
interface XGigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 1001
#
Below are the main commands available to carry out the verification of L2VPNs VPLS.
Troubleshooting
show mpls l2vpn vpls-group brief
show mpls l2vpn vpls-group detail
show mpls l2vpn vpls-group mac-address-table brief
show mpls l2vpn hardware
show mpls forwarding-table
show mpls l2vpn counters vpls-group <Group Name> vpn-name <VPN Name>
clear mpls l2vpn counters vpls-group <Group Name> vpn-name <VPN Name>
4.1.2 VPLS Port Based with pw-type VLAN
This configuration mode allows the connection of several clients on the same access interface, since the VPN encapsulation is performed when the packets received on the access port match the VLAN. In DmOS this is done through the “access-interface” + “dot1q” config as shown in the example below.
Configuration – DM4370
Config
mpls l2vpn
vpls-group HUAWEI
vpn 1001
vfi
pw-type vlan 1001
neighbor 200.200.200.2
pw-id 1001
!
!
bridge-domain
access-interface ten-gigabit-ethernet-1/1/4
!
!
!
!
!
Configuration - Huawei S6720-2
vlan batch 1001
#
vsi VPLS1001 static
pwsignal ldp
vsi-id 1001
peer 200.200.200.3
mtu 9198
encapsulation vlan
#
interface Vlanif1001
l2 binding vsi VPLS1001
#
interface XGigabitEthernet0/0/24
port link-type dot1q-tunnel
port default vlan 1001
#
Below are the main commands available to carry out the verification of L2VPNs VPLS.
Troubleshooting
show mpls l2vpn vpls-group brief
show mpls l2vpn vpls-group detail
show mpls l2vpn vpls-group mac-address-table brief
show mpls l2vpn hardware
show mpls forwarding-table
show mpls l2vpn counters vpls-group <Group Name> vpn-name <VPN Name>
clear mpls l2vpn counters vpls-group <Group Name> vpn-name <VPN Name>
4.2 L2VPN VPLS WITH PW-TYPE ETHERNET
When selecting the pw-type as Ethernet, all VPN traffic will be carried without a service VLAN tag or service-delimiting.
4.2.1 VPLS Port Based with pw-type Ethernet
In port based VPN, all traffic received on the PE access interface will be encapsulated, whether with or without VLAN dialing. The exception to this rule occurs if there are other VPNs of the VLAN Based type configured on this same access port. In this case, VLANs that match VPNs will be encapsulated by their respective VPNs, while all traffic that does not match VLANs will be encapsulated by the Port Based VPN.
Configuration – DM4370
config
mpls l2vpn
vpls-group HUAWEI
vpn 1001
vfi
pw-type ethernet
neighbor 200.200.200.2
pw-id 1001
!
!
bridge-domain
access-interface ten-gigabit-ethernet-1/1/4
!
!
!
!
!
Configuration - Huawei S6720-2
vlan batch 1001
#
vsi VPLS1001 static
pwsignal ldp
vsi-id 1001
peer 200.200.200.3
mtu 9198
encapsulation ethernet
#
interface Vlanif1001
l2 binding vsi VPLS1001
#
interface XGigabitEthernet0/0/24
undo portswitch
l2 binding vsi1001
#
Below are the main commands available to carry out the verification of L2VPNs VPLS.
Troubleshooting
show mpls l2vpn vpls-group brief
show mpls l2vpn vpls-group detail
show mpls l2vpn vpls-group mac-address-table brief
show mpls l2vpn hardware
show mpls forwarding-table
show mpls l2vpn counters vpls-group <Group Name> vpn-name <VPN Name>
clear mpls l2vpn counters vpls-group <Group Name> vpn-name <VPN Name>
5 MTU
The default MTU configuration for Huawei * is different from Datacom devices. In Huawei S6720 * the MTU of the ethernet interface is 9216 Bytes, the VLAN (Vlanif) interface 1500 Bytes and the L2VPN 1500 Bytes. In Datacom equipment, the MTU of the ethernet interfaces follows the maximum supported by the hardware of each model, in the case of the DM4370 it is 12266 Bytes. On the VLAN interface (L3 interface) 1500 Bytes and L2VPN 9190 Bytes.
Observing these parameter differences, it is necessary to change the MTU configuration of the L2VPN in one of the two devices. In the example of the article, the configuration of Huawei * equipment was changed.
Commands for changing MTU in Datacom:
- Changing the MTU of an interface:
Configuration
configure
interface gigabit-ethernet-1/1/1
mtu <64-12266>
!
!
- Changing the MTU of a VPN:
Configuration
configure
mpls l2vpn
vpws-group HUAWEI
vpn 1000
access-interface ten-gigabit-ethernet-1/1/4
mtu <64-9198>
!
!
!
- Changing the MTU of an L3 Interface:
Configuration
configure
interface l3 VLAN_10
ip-mtu <68-9000>
!
These were the necessary steps to set up L2VPNs between Datacom and Huawei. It is important to highlight that Datacom has a complete structure in its headquarters where on-site training is offered. With Datacom's MPLS technology training, you will be able to explore various topics in more depth.
In the training it will be possible to manipulate the equipment, perform configurations of different topologies and application scenarios in a complete laboratory environment, in addition to being able to count on the help of our professionals in a series of good practices that will greatly assist in the operation of your network.
For questions and request for proposal, do not hesitate to contact Datacom's commercial team: sales@datacom.com.br or phone (+55) 51 3933 3000.
* All third-party product and company names are trademarks or registered trademarks of their respective owners, with no affiliation or endorsement by them being mentioned in this document.
