Building Carrier Ethernet Services Using Cisco Ethernet Virtual Circuit (EVC) Framework
What is Cisco EVC Framework
[li]Cisco Ethernet Virtual Circuit (EVC) is the next-generation cross-platform Carrier Ethernet Software Infrastructure[/li] [li]Addresses Flexible Ethernet Edge requirements[/li] [li]Supports service convergence over Ethernet[/li] [li]Complies with MEF, IEEE, IETF standards[/li]
Flexible Ethernet Edge
Introducing Cisco EVC Framework
Functional Highlights
Cisco EVC Building Blocks
Cisco EVC Uses the Following New Concepts:
[li]Ethernet Service Instance Transport-agnostic abstraction of an Ethernet service on an interface[/li] [li]Ethernet Virtual Circuit (EVC) Device local object (container) for network-wide service parameters[/li] [li]Bridge Domain (BD) Ethernet Broadcast Domain local to a device[/li] [li]Bridge Domain Interface (BDI) Logical Layer 3 interface associated with a BD to perform integrated routing and bridging[/li]
Ethernet Service Instance
[li]Instance of a MEF EVC on a port[/li] [li]Also defined as Ethernet Flow Point (EFP)[/li] [li]Classify frames belonging to a particular Ethernet Service[/li] [li]Apply features selectively to service frames[/li] [li]Define forwarding actions and behavior[/li]
Ethernet Virtual Circuit
[li]Representation of a MEF EVC on the device[/li] [li]Management Plane container[/li] [li]Hosts global EVC attributes[/li] [li]One-to-many mapping from EVC to Service Instance[/li]
Bridge Domain
[li]Broadcast Domain internal to the device[/li] [li]Allows decoupling broadcast domain from VLAN[/li] [li]Per port VLAN significance[/li] [li]One-to-many mapping from BD to Service Instances[/li]
Bridge Domain vs. VLAN Bridge
[li]VLAN bridge has 1:1 mapping between VLAN and internal Broadcast Domain VLAN has global per-device significance[/li] [li]EVC bridge decouples VLAN from Broadcast Domain VLAN treated as encapsulation on a wire[/li] [li]VLAN on a wire mapped to internal Bridge Domain via Service Instances Net result: per-port VLAN significance[/li]
Bridge Domain Interface
[li]Logical Layer 3 (routed) port associated with a Bridge Domain[/li] [li]Support termination of Ethernet traffic to IP / L3VPN (VRF aware)[/li] [li]Only a single BDI per Bridge Domain is allowed[/li] [li]Maintains Admin State (CLI) and Operational State (derived from BD) If all EFPs in BD are Down or Admin-Down, then BDI operational state will be Down[/li]
Packet Flow Pipeline
Flexible Service Mapping
Single Tagged VLAN Matching
[li]Untagged traffic[/li] [li]Single VLAN ID value[/li] [li]Single VLAN ID Range (contiguous)[/li] [li]Single VLAN ID List[/li] [li]Single VLAN ID Range and List[/li]
Double Tagged VLAN Matching
[li]Outer VLAN, Inner VLAN[/li] [li]Outer VLAN and Range of Inner VLANs (contiguous)[/li] [li]Outer VLAN and List of Inner VLANs[/li] [li]Outer VLAN and Range and List of Inner VLANs[/li]
Header Matching
[li]Single VLAN, single 802.1p (COS) value[/li] [li]Single VLAN, COS List/Range[/li] [li]Outer VLAN, outer COS and Inner VLAN[/li] [li]Outer VLAN, Inner VLAN and inner COS[/li] [li]Single VLAN, Ethertype value (PPPoE, IPv4, IPv6)[/li] [li]Outer VLAN, Inner VLAN and Ethertype value (PPPoE, IPv4, IPv6)[/li]
[li]Cisco EVC follows a Loose Match classification model[/li] [li]Unspecified fields are treated as wildcard[/li] [li]encap dot1q 10 matches any frame with outer tag equal to 10 [/li] [li]encap dot1q 10 sec 50 matches any frame with outer-most tag as 10 and second tag as 50
[/li]
Longest Match Classification Rule
[li]Cisco EVC follows a Longest Match classification model[/li] [li]Frames are mapped to Service Instance with longest matching set of classification fields[/li]
Service Instance with 'Default' Encapsulation
[li]Matches all frames unmatched by any other EFP on a port
[/li] [li]If default Service Instance is the only one configured on a port, it matches all traffic on the port (tagged and untagged)
[/li]
Advanced Frame Manipulation
PUSH Operations
[li]Add one VLAN tag[/li] [li]Add two VLAN tags[/li]
POP Operations
[li]Remove one VLAN tag[/li] [li]Remove two VLAN tags[/li]
[li]VC label imposition and service delimiter tag are independent from EVC VLAN tag operations[/li] [li]Any VLAN tag, if retained, will appear as payload to the VC[/li] [li]VLAN tags can be added, removed or translated prior to VC label imposition or after disposition[/li] [li]VC Service Delimiter VLAN-ID is removed before passing packet to Attachment Circuit processing[/li]
Multiplexed Forwarding Services
[li]Cisco EVC supports flexible access VLAN to forwarding service mapping 1-to-1 access VLAN to a service Same port, multiple access VLANs to a service Multiple ports, multiple access VLANs to a service[/li] [li]Forwarding services include: L2 point-to-point local connect L2 point-to-point xconnect L2 multipoint bridging L2 multipoint VPLS L2 point-to-multipoint bridging L3 termination[/li]
Local and Bridged P2P and MP Forwarding Services
[li]Layer 2 P2P local services No MAC learning Two Service Instances (EFP) on same interface (hair-pin) Two EFPs on different interfaces[/li] [li]Layer 2 MP bridged services MAC based fwd and learning Local VLAN significance Bridge Domain (BD) - different access VLANs in the same broadcast domain Split-horizon - prevent communication between service instances[/li]
MPLS-Based P2P and MP Forwarding Services
[li]Layer 2 P2P services using Ethernet over MPLS EFP to EoMPLS PW[/li] [li]Layer 2 MP services using VPLS Extends ethernet multipoint bridging over a full mesh of PWs Split horizon support over attachment circuits (configurable) and PWs[/li]
Rooted-Multipoint Forwarding Services (E-TREE)
[li]BD with Split Horizon Group can be used to implement rooted-multipoint forwarding service: Place all Leaf EFPs in Split Horizon Group Keep Root EFP outside the Split Horizon Group[/li] [li]Net effect: Bidirectional connectivity between Root and all Leaf EFPs Leaf EFPs cannot communicate to each other[/li]
Layer 3 Forwarding Services
[li]Co-existence with Routed sub-interfaces[/li] [li]Layer 3 termination through SVI/BDI interface[/li] [li]Layer 3 termination through Routed sub-interfaces[/li]
Putting It All Together
[li]Multiplexed Service Interface[/li] [li]Mix of L2 and L3 services on same port[/li] [li]Different types of L2 services Point-to-Point Multipoint[/li]
Service-Instance/Bridge Domain Features
Security Features
[li]MAC Address Limiting on EVC Bridge Domain[/li] [li]MAC Security on Service Instance[/li] [li]MAC ACL on Service Instance[/li] [li]L3 / L4 ACL on Service Instance[/li] [li]Storm Control on Ports with EVCs[/li] [li]IP Source Guard for Service Instance[/li] [li]DHCP snooping with Option-82 on Service Instance[/li] [li]Dynamic ARP Inspection (DAI)[/li]
[li]IEEE 802.1ag (CFM) on Service Instance with Bridge Domain[/li] [li]CFM on Service Instance with Xconnect[/li] [li]CFM on L2 VFI[/li] [li]CFM to Ethernet LMI (E-LMI) interworking[/li] [li]PW OAM to E-LMI Interworking[/li] [li]Link OAM to CFM Interworking[/li] [li]IP SLA for Metro Ethernet[/li] [li]ITU-T Y.1731 Performance Management[/li]
Miscellaneous and Instrumentation Features
[li]Miscellaneous IEEE 802.1ah (Provider Backbone Bridging - PBB) IGMP Snooping UDLD on Service Instance Custom ether-type on Service Instance Static unicast / multicast MAC on Service Instance and VFI PW SPAN on EVC[/li] [li]Instrumentation IF-MIB (extensions to support Service Instances) CISCO-EVC-MIB CISCO-BRIDGE-DOMAIN-MIB[/li]
Deployment Use Cases Residential Access Models Implementation Residential UNI Standards
[li]DSL Forum 101 for residential services UNI exists between the access node and the CPE Trunk UNI means a different VLAN or VC per service Non-Trunk UNI means no VLAN to CPE 1:1 means one VLAN per customer N:1 means multiple customers share a VLAN[/li] [li]Prevalent Residential service options Non-Trunk UNI, N:1 VLAN Trunk (Multi-VC) UNI, N:1 Service VLAN Trunk (Multi-VC) UNI, 1:1 Interface Access (HSI) VLAN[/li]
Deployment Use Cases Residential use cases presented in the section: Access Node UNI Type = Trunk UNI Characteristics
[li]N:1 Service VLANs for Voice, Video and Data[/li] [li]1:1 Dedicated VLAN for Data and N:1 Service VLANs for Voice and Video[/li]
Implementation N:1 Service VLAN Residential Service Connectivity Overview
[li]Split Horizon Forwarding, locally significant VLAN ids combined into a per service 'Bridge Domains' (N:1)[/li] [li]Video routed (unnumbered) in Aggregation, other transported to Distribution[/li]
Residential Service Use Case Trunk UNI, N:1 Data Service VLAN (PW Per AGG Node)
Configuration Example
[li]interface TenGigabitEthernet2/1 service instance 20 ethernet encapsulation dot1q 20 rewrite ingress tag pop 1 symmetric xconnect 10.0.0.2 20 encapsulation mpls
[/li] [li]interface TenGigabitEthernet2/1 service instance 30 ethernet encapsulation dot1q 30 rewrite ingress tag pop 1 symmetric bridge-domain 30 ! interface Vlan30 ip vrf forwarding l3vpn ip address 192.168.1.1 255.255.255.0
[/li] [li]l2 vfi vpls manual vpn id 40 neighbor 10.0.0.2 encapsulation mpls ! interface TenGigabitEthernet2/1 service instance 40 ethernet encapsulation dot1q 40 rewrite ingress tag pop 1 symmetric bridge-domain 40 split-horizon ! ! interface Vlan40 no ip address xconnect vfi vpls[/li]