The (Unofficial) CCNP-SP Study Guide
  • About
    • About the Author
    • About This Study Guide
  • MPLS
    • LDP
      • LDP Transport Address
      • LDP Conditional Advertisement
      • LDP Authentication
      • LDP/IGP Sync
      • LDP Session Protection
    • MPLS-TE
      • MPLS-TE Basics, Pt. 1 (TED)
      • MPLS-TE Basics, Pt.2 (RSVP)
      • MPLS-TE Basics, Pt.3 (CSPF)
      • MPLS-TE Basics, Pt.4 (Routing)
      • MPLS-TE Fast Reroute (FRR)
      • MPLS-TE with OSPF
    • Unified MPLS
    • Segment Routing
      • Introduction, Theory Pt.1
      • Introduction, Lab (OSPF) Pt.2
      • Introduction, Lab (ISIS) Pt. 3
      • Multi-Area/Level Segment Routing
      • Segment Routing using BGP
      • Migrating LDP to SR
      • LDP/SR Interworking
      • TI-LFA Pt. 1 (Theory)
      • TI-LFA Pt. 2 (Implementation)
      • TI-LFA Pt. 3 (Node and SRLG Protection)
      • SR-TE Pt. 1 (Overview)
      • SR-TE Pt. 2 (Creating an SR-TE Policy)
      • SR-TE Pt. 3 (Using a PCE)
      • SR-TE Pt. 4 (Automated Steering)
      • SR-TE Pt. 5 (On-Demand Nexthop)
      • SR-TE Pt. 6 (Flex Algo)
    • MPLS OAM
      • Classic Traceroute Behavior in MPLS Networks
      • LSP Ping
      • LSP Traceroute
  • Routing
    • BGP
      • BGP Synchronization
      • BGP Load Sharing (Multipath)
      • An Intuitive Look at Path Attributes
      • AS Path Prepending on XE and XR
      • RPL
    • BGP Security
      • BGP TTL Security, Pt. 1
      • BGP TTL Security, Pt. 2 (IOS-XE)
      • BGP TTL Security, Pt. 3 (IOS-XR)
      • BGP MD5 Authentication
      • BGP Maximum Prefixes
      • BGP RFD (Route Flap Dampening)
      • RTBH
      • Flowspec
      • BGPsec
    • L3VPN
      • An In-Depth Look at RD and RT, Pt. 1
      • An In-Depth Look at RD and RT, Pt. 2
      • An In-Depth Look at RD and RT, Pt. 3
      • An In-Depth Look at RD and RT, Pt. 4
      • Inter-AS L3VPN Pt. 1, Overview
      • Inter-AS L3VPN Pt. 2, Option A
      • Inter-AS L3VPN Pt. 3, Option B
      • Inter-AS L3VPN Pt. 4, Option C
      • CSC (Carrier Supporting Carrier)
      • PE NAT
    • OSPF
      • Type 7 to Type 5 Translation
      • OSPF Authentication
      • Troubleshooting OSPF Adjacencies
      • OSPFv3 LSA Types
      • OSPFv3 LSAs Example (Single Area)
    • ISIS
      • The Potential for Asymmetric Routing with Multi-Area ISIS
      • Interarea Routing is Distance-Vector
      • Basic ISIS - LSPDB
      • Multitopology
      • What is the role of CLNS and CLNP in ISIS?
      • Troubleshooting ISIS Adjacencies
    • IPv6 Transition
      • Overview
      • NAT64
      • 6to4
      • 6RD (IPv6 Rapid Deployment)
      • DS Lite (Dual Stack Lite)
      • MAP (Mapping of Address and Port)
      • Tunneling IPv6 Dynamic Routing Protocols over IPv4
    • Multicast
      • Introduction
      • IP and MAC Addressing
      • Tree Formation and Packet Forwarding
      • IGMP
      • PIM-DM (Dense Mode)
      • PIM-SM (Sparse Mode)
      • PIM-SM SPT Switchover
      • PIM-SM Tunnel Interfaces
      • PIM DR and the Assert Message
      • PIM-SM RP Discovery
      • PIM-BiDir
      • PIM-SSM (Source-Specific Multicast)
      • Interdomain Multicast (PIM-SM)
      • IPv6 Multicast
      • mVPN Introduction
      • mVPN Profile 0
      • mVPN Profile 1
      • Multicast Routing on IOS-XR
  • L2VPN & Ethernet
    • IOS-XE Ethernet Services
      • Service Instances
      • E-Line
      • E-LAN (VPLS)
      • E-Tree
      • E-Access
      • VPLS with BGP Autodiscovery
      • Martini/Kompella Circuits
    • EVPN
      • Introduction to EVPN
      • Learning EVPN VXLAN First
      • E-Line (EVPN VPWS)
      • E-Line (EVPN VPWS) on IOS-XR
      • E-Line (EVPN VPWS) Multi-Homed
      • E-LAN (EVPN Single-Homed)
    • Carrier Ethernet
      • 802.1ah (MAC-in-MAC)
      • 802.3ah (Ethernet OAM)
      • 802.1ag (CFM)
      • Cisco REP (Resilient Ethernet Protocol)
      • ITU G.8032 ERPS (Ethernet Ring Protection Switching)
  • Security
    • CoPP (Control Plane Policing)
    • LPTS (Local Packet Transport Services)
  • Misc
    • QoS
      • QoS Introduction (Part 1)
      • QoS Tools Overview and QoS Models (Part 2)
      • QoS Classification and Marking (Part 3)
      • QoS Queuing/Congestion Management (Part 4)
      • QoS Shaping and Policing (Part 5)
      • QoS for IPv6
      • MPLS QoS Basics
      • MPLS QoS Modes
      • MPLS TE QoS (DS-TE)
      • MPLS TE CBTS/PBTS
    • Automation and Assurance
      • NSO
      • NSO Command Cheat Sheet
      • Intro to YANG/NETCONF
      • YANG In-Depth
      • NETCONF In-Depth
      • RESTCONF
      • Model-Driven Telemetry
      • Automation Tool Comparison
      • Netflow
      • SNMP
    • Virtualization
      • NFV (Network Function Virtualization)
      • OpenStack
    • Transport
      • xPON
      • SONET/SDH
      • WDM
      • 4G and 5G RAN
    • High Availability (HA)
      • NSF/GR
      • NSR
      • NSF/NSR Whitepapers
      • BFD
      • Link Aggregation on IOS-XE
      • Link Aggregation on IOS-XR
    • IOS Software Overview
  • Labs
    • Lab Challenges
      • How to Use These Labs
      • Basic LDP
      • Advanced LDP
      • BGP Security
      • Unified MPLS
      • BGP Fundamentals
      • Ethernet Services
      • L3VPN Extranet
      • Multicast
      • Inter-area OSPF
      • ISIS
      • MPLS-TE
      • Control Plane Policing
      • QoS
Powered by GitBook
On this page
  • Configuration
  • The problems with this approach
  1. L2VPN & Ethernet
  2. IOS-XE Ethernet Services

E-Tree

PreviousE-LAN (VPLS)NextE-Access

Last updated 2 years ago

E-Tree is a simulated layer 2 P2MP service. There are two types of AC ports in an E-Tree service: root ports, and leaf ports.

The AC ports are also called UNI (user to network interface) in the literature. Think of a UNI as an AC (attachment circuit) that connects to a customer device. In contrast an NNI (network to network interface) is a port where an ISP connects to another ISP.

In E-Tree, root ports can communicate with all other ports (other root ports and leaf ports). Leaf ports can only communicate with root ports. Leaf ports cannot communicate with other leaf ports.

This creates a hub-and-spoke topology, in which there are several spokes (leafs) and one or more hubs (roots).

We will reuse our topology from the E-LAN lab, and set CE1 and CE2 as leafs, and CE3 as the root:

In order to achieve this setup, we will run VPLS just as last time, except we will not form a pseudowire between PE1 and PE2. This will be a partial mesh VPLS instead of a full mesh VPLS. In this context, regular VPLS is basically E-Tree with all ports as “root.”

To make this slightly more realistic, we will pretend that CE1 and CE2 are two completely different internet-access customers that should not be able to reach each other. CE3 will be the common internet gateway for the shared subnet. By doing this, we conserve IP address space by using a large subnet like a /24 instead of a /30 or /31 for every single customer.

Configuration

The configuration in the MPLS core is the same as VPLS, but with no pseudowire between PE1 and PE2

PE1#
interface GigabitEthernet2
 service instance 100 ethernet
  encapsulation default
!
l2vpn vfi context E-TREE 
 vpn id 100
 member 3.3.3.3 encapsulation mpls
!
bridge-domain 1 
 member GigabitEthernet2 service-instance 100
 member vfi E-TREE

PE2#
interface GigabitEthernet2
 service instance 100 ethernet
  encapsulation default
!
l2vpn vfi context E-TREE 
 vpn id 100
 member 3.3.3.3 encapsulation mpls
!
bridge-domain 1 
 member GigabitEthernet2 service-instance 100
 member vfi E-TREE

PE3#
interface GigabitEthernet2
 service instance 100 ethernet
  encapsulation default
!
l2vpn vfi context E-TREE 
 vpn id 100
 member 2.2.2.2 encapsulation mpls
 member 1.1.1.1 encapsulation mpls
!
bridge-domain 1 
 member GigabitEthernet2 service-instance 100
 member vfi E-TREE

y

Let’s configure CE3 as a DHCP server, and CE1 and CE2 as customer routers that will obtain a public IP via DHCP.

CE3#
interface GigabitEthernet0/0
 ip address 123.1.1.1 255.255.255.0
!
ip dhcp pool CUSTOMERS
 network 123.1.1.0 255.255.255.0
 default-router 123.1.1.1

CE1 and CE2#
interface GigabitEthernet0/0
 ip address dhcp

CE1 obtains the IP 123.1.1.2 and CE2 obtains the IP 123.1.1.3. Each customer can ping the default gateway, but not each other

CE2#show ip int br | in 0/0
GigabitEthernet0/0         123.1.1.3       YES DHCP   up                    up  
    
CE2#ping 123.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms

CE2#ping 123.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.1.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Now we can have up to 253 customers in this /24. Quite an efficient use of address space!

The problems with this approach

You may have noticed a flaw in configuring the E-Tree service this way. What happens if you want multiple leafs connected to a single PE? You would have to add both UNIs into the same bridge domain, and now they will be able to communicate.

If you’ve worked on real SP networks you know this would be a huge problem, and would completely prevent you from deploying E-Tree like this. In the real word, every single customer does not have its own dedicated PE. What we’ve done here in this lab, is essentially treated each PE as a leaf or root, not each AC or UNI as a leaf or root.

Unfortunately the solution to this using VPLS is complicated.

RFC 7287 is a framework for E-Tree using MPLS. It mentions VPLS and EVPN but does not state how to actually configure the service. I would recommend reading through this RFC as it is pretty short and a good intro to E-Tree.

RFC 7796 provides a mechanism for supporting E-Tree with VPLS by using updates to 802.1Q in published in 2014. The idea is that customer traffic will have a certain tag, and traffic from the root port(s) will have a different tag. The PE must not allow frames with the customer tag to be forwarded to other customer ports.

So let’s say customer traffic will have a tag of 100, and root traffic will have a tag of 200. The PE must be able to prevent traffic with a tag of 100 from being sent to other customers, and allow traffic with a tag of 200 to be sent to customers.

How exactly this is achieved, I am not sure. It kind of sounds like firewalling/filtering based on 802.1Q tags instead of IPs or ports. I’m not even sure if Cisco supports this. I believe that using EVPN is a much better way to provide this service anyways.