PWE3 Access/Untagged

References:

http://www.cisco.com/c/dam/en/us/td/docs/switches/metro/me3600x_3800x/software/design/guide/ASR9K_interop_white_paper.pdf
http://ccie-in-3-months.blogspot.co.uk/2011/05/to-forward-to-peer-or-to-tunnel.html
https://supportforums.cisco.com/document/60506/asr9000xr-how-cdp-handled-l2-and-l3-scenarios?decorator=print

Reference for  L2CP (L2 Control Protocol) Forwarding:

Supported device features:

Device       Interface           forward            drop            peer            tunnel
ASR1000      EFP                                    default
ASR1000      Port based PWE3     default
3750         L2 switchport                                                          l2protocol-tunnel
ME-3400      L2 switchport                                                          l2protocol-tunnel
ME-3[6|8]00X L2 switchport                          l2protocol drop l2protocol peer
ME-3[6|8]00X L2 service instance l2protocol forward                 l2protocol peer l2protocol tunnel
ME-3[6|8]00X Port based PWE3     by defaut
7600/67xx    L2 switchport                                                          l2protocol-tunnel
7600/ES      L2 switchport                                                          l2protocol-tunnel
7600/ES      L3                                     l2protocol drop l2protocol peer
7600/ES      L3 service instance l2protocol forward
ASR9000      L2 transport        by default                                         l2protocol tunnel

By default ME3600/ME3800/ASR901 drop L2CP frames on EFPs and have to be specifically allowed with the "l2protocol" command under the EFP. For port based xconnects on ME3600/ME3800 they forward the L2CP frames without any additional configuration.

For ASR1000's L2CP/BPDU forwarding/tunneling/peering are all not supported using EFPs for pseudowires or VPLS. Port based pseudowire support L2CP forwarding only, by default, and is not configurable.

ASR9000's default forward all L2CP frames and one has to explicity deny them.

l2protocol ?
forward: frame is forwarded 'as-is' without any change and no local processing takes place
drop: frame is dropped
peer: frame is processed/terminated locally
tunnel: the destination MAC address gets rewritten to a 'special' multicast MAC addresses, the remote end of the 'tunnel' restores the original MAC address. Forward can be used if both customer devices are connected directly to PEs, if one side connects to a L2 only devices you have to use tunnel. Tunnel helps if the frame needs to pass through intermediary layer 2 devices before the tunnel end-point.

Pseudowire Examples (all these examples use VC type 5 by default):
IOS port-based to IOS port-based, untagged
IOS EFP untagged to IOS EFP untagged
IOS-XE to IOS-XE port-to-port untagged and subint-to-subint
IOS-XE EFP untagged to IOS-XE EFP untagged
IOS port-based to IOS-XE port-based
IOS port-based to IOS-XE EFP untagged

IOS port-based to IOS port-based, untagged pseudowire (default is VC type 5 which will actually transport either untagged or tagged when used on port based pseudowire, L2CPs are forwarded too)

interface Gi2/34
 xconnect 2.2.2.2 19 encapsulation MPLS

 

IOS EFP untagged to IOS EFP untagged pseudowire with L2 PDU support (ME3600/ME3800/ASR903). When used with "l2protocol tunnel" or "l2protocol forward" EFPs will forward L2CP frames.

service instance 2222 ethernet
 encapsulation untagged
 l2protocol tunnel
 service-policy input PM-XCONNECT-CUSTOMER-100M-IN
 service-policy output PM-XCONNECT-CUSTOMER-100M-OUT
 xconnect 2.2.2.2 2222 encapsulation mpls
 mtu 9000 

 

IOS-XE to IOS-XE port-to-port untagged and subint-to-subint pseudowires (both will negotiate VC type 5 by default so the port based will actually accept tagged and no tagged, the sub interface example here actually strips the dot1q tag before transport across the pseudowire, this is implied by the "encaps dot1q xx" command, the dot1q tag us then pushed back onto the frame at the remote PE before transmission over the local access circuit assuming the same sub-int configuration).

Port:
interface gigabitethernet4/0/0
 xconnect 2.2.2.2 123 encapsulation mpls

Sub Int:
interface gigabitethernet4/0/0.1
 encapsulation dot1q 100
 xconnect 2.2.2.2 123 encapsulation mpls

 

IOS-XE EFP untagged to IOS-XE EFP untagged pseudowire (this will by default negotiate to VC type 5)

interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
 service instance 11 ethernet
  encapsulation untagged
  xconnect 10.0.0.5 123 encapsulation mpls

 

IOS port-based to IOS-XE port-based pseudowire (this will actually forward untagged, tagged and double tagged frames as it's VC type 5, it should forward control frames too although untested)

! ME3800

interface GigabitEthernet0/1
 description ME3600-Gi0/3
 no switchport
 no ip address
 xconnect 10.0.0.2 123 encapsulation mpls


! ASR1K1
interface GigabitEthernet0/0/0
 description ME3600-Gi0/4
 no ip address
 xconnect 10.0.0.1 123 encapsulation mpls


ME3800#show mpls l2transport binding 123
  Destination Address: 10.0.0.2,VC ID: 123
    Local Label:  19
        Cbit: 1,    VC Type: Ethernet,    GroupID: 0
        MTU: 1500,   Interface Desc: ME3600-Gi0/3
        VCCV: CC Type: CW [1], RA [2]
              CV Type: LSPV [2], BFD/Raw [5]
    Remote Label: 19
        Cbit: 1,    VC Type: Ethernet,    GroupID: 0
        MTU: 1500,   Interface Desc: ME3600-Gi0/4
        VCCV: CC Type: CW [1], RA [2], TTL [3]
              CV Type: LSPV [2]


ASR1K1#show mpls l2transport vc 123 detail
Local interface: Gi0/0/0 up, line protocol up, Ethernet up
  Destination address: 10.0.0.1, VC ID: 123, VC status: up
    Output interface: Gi0/0/1, imposed label stack 19
    Preferred path: not configured
    Default path: active
    Next hop: 10.0.20.1
  Create time: 00:00:35, last status change time: 00:00:22
    Last label FSM state change time: 00:00:21
  Signaling protocol: LDP, peer 10.0.0.1:0 up
    Targeted Hello: 10.0.0.2(LDP Id) -> 10.0.0.1, LDP is UP
    Graceful restart: not configured and not enabled
    Non stop routing: not configured and not enabled
    Status TLV support (local/remote)   : enabled/supported
      LDP route watch                   : enabled
      Label/status state machine        : established, LruRru
      Last local dataplane   status rcvd: No fault
      Last BFD dataplane     status rcvd: Not sent
      Last BFD peer monitor  status rcvd: No fault
      Last local AC  circuit status rcvd: No fault
      Last local AC  circuit status sent: No fault
      Last local PW i/f circ status rcvd: No fault
      Last local LDP TLV     status sent: No fault
      Last remote LDP TLV    status rcvd: No fault
      Last remote LDP ADJ    status rcvd: No fault
    MPLS VC labels: local 19, remote 19
    Group ID: local 0, remote 0
    MTU: local 1500, remote 1500
    Remote interface description: ME3600-Gi0/3
  Sequencing: receive disabled, send disabled
  Control Word: On (configured: autosense)
  SSO Descriptor: 10.0.0.1/123, local label: 19
  Dataplane:
    SSM segment/switch IDs: 4098/4097 (used), PWID: 1
  VC statistics:
    transit packet totals: receive 11, send 5
    transit byte totals:   receive 660, send 410
    transit packet drops:  receive 0, seq error 0, send 0

IOS port-based to IOS-XE EFP untagged pseudowire (IOS-XE platforms like the ASR901 will support l2protocol forwarding under untagged EFP but not l2protocol forward, so L2CP frames have varying levels of support dependant on platform).

IOS-XE:
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
 service instance 11 ethernet
  encapsulation untagged
  xconnect 10.0.0.5 123 encapsulation mpls

IOS:
interface GigabitEthernet0/1
 no switchport
 no ip address
 no cdp enable
 xconnect 10.0.0.2 123 encapsulation mpls