Transcript
UNITED CONNECTIVITY Ethernet VPN (EVPN)
Product Overview The Ethernet VPN service provides private managed WAN connectivity between multiple customer sites in a dynamic-MAC any-to-any Ethernet topology that allows all sites to communicate effectively at speeds between 512Kbps and 1Gbps on a variety of WAN access media. EVPN is a scalable alternative to traditional transport methods, such as Frame Relay and ATM. However, EVPN integrates well with these other traditional transport methods, extending the life of existing network investments as needed to cost-effectively connect multiple sites to each other and to the Internet. Interoute’s EVPN service is available as a fully meshed any to any layer 2 service. EVPN uses Ethernet technology to recreate wide area networks to connect various customer locations. This is provided whilst fully maintaining logical separation of customer traffic, isolated switching domains and a single bridged domain per customer. EVPN also enables the customer to manage their own routing.
1
www.interoute.com
UNITED CONNECTIVITY Ethernet VPN (EVPN)
Example Implementations Ethernet VPN is appropriate for the following customer scenarios:
Enterprise or Service Provider customers requiring point-to-point Ethernet LAN services to augment their own private topology.
Enterprise customers requiring any-to-any Ethernet WAN topology for their private network.
Technical Product Details Ethernet VPN interconnects multiple customer Ethernet LANs across a variety of WAN media by making use of VPLS switching functionality on the Unified Connectivity managed router platforms. The Interoute IP network can then provide the necessary wide area connectivity in an efficient topological manner using MPLS VPN technology. Each site is bridged into a single, flat broadcast domain with any-to-any communication being possible between all stations on the LAN. This facilitates simple wide-area connectivity for customers who do not necessarily have a logical IP topology that maps to their wide-area connectivity, or for customers who seek transparent operation of non-IP protocols between geographically separated Ethernet LAN sites. The service is presented on an Ethernet LAN port. This can either be tagged or untagged. If tagged, the physical port can be shared with other Layer 2 services such as other EVPNs or Managed Ethernet Flex (IPETHX) (Point-to-Point Layer 2 VPN).
© Interoute Communications Limited
2
www.interoute.com
2
UNITED CONNECTIVITY Ethernet VPN (EVPN) Access Options: Ethernet VPN is supported on any of the following Unified Connectivity access products.
Up to 24Mbps on ADSL (Annex A or B) *
2.3/4.6/9.2Mbps SDSL (G.SHDSL) (Annex A or B) *
Backup on Up to 24Mbps on ADSL (Annex A or B) *
2Mbps E1 G.703
n x 2Mbps Bonded E1 G.703 (2 =< n =< 6)
2Mbps T1 G.703
n x 2Mbps T1 G.703
8Mbps X.21 V.35
34Mbps E3
45Mbps T3/DS3
100Mbps Ethernet 10/100BaseTX
250/400Mbps GigabitEthernet 1000BaseT
250/400Mbps GigabitEthernet SX, LX, ZX
600Mbps GigabitEthernet 1000BaseT
600Mbps GigabitEthernet SX, LX, ZX
1Gbps GigabitEthernet 1000BaseT
1Gbps GigabitEthernet SX, LX, ZX
* The capability of Ethernet over DSL is highly specific to the topology of each provider and RFC 2516 limitations. See Limitations (page 5) and ask your Account manager for further clarification and confirmation of EVPN over DSL availability
© Interoute Communications Limited
3
www.interoute.com
3
UNITED CONNECTIVITY Ethernet VPN (EVPN) Customer Operational Considerations Consistent MTU configuration Each site can have dissimilar access media but the maximum frame size at the most WAN-constrained site establishes the MTU that must be set at all member sites. This is critical to ensure full reachability of Ethernet traffic between sites and must be borne in mind during the design of the customer's service and OLO circuit specification, plus future expansion. A special consideration must be made when DSL access technologies are used to support Ethernet VPN services. Regional DSL providers use a large number of different vendors and technologies to provide this type of service and the Layer2 Frame size cannot always be guaranteed across their networks. Therefore, in topologies where this is a requirement it is always necessary that the customer houses their own router or layer3 device directly connected to the Interoute Managed CE not only to provide routing of customer based traffic, but also to enable packet fragmentation, if this becomes necessary. Alternatively, the traffic sources and destinations should constrain their Network Interface Card MTU to match the highest available payload capable of being carried buy the most constrained site.
VLAN Handling & QoS The service can be run in either tagged or untagged mode. In untagged mode, no VLAN is agreed over the LAN port demarcation. Customers are free to run IEEE 801.2Q or 802.1ad QinQ VLANs inside the EVPN service. Interoute has no visibility of those VLAN and will carry them transparently. This allows customers to superimpose their own VLAN topology onto their Ethernet VPN service. In tagged mode, a VLAN is nominated over the LAN port to identify each individual EVPN/ IPETHX over that port. The customer is free to carry a second VLAN inside that nominated VLAN in a Q-in-Q configuration. Interoute has no visibility of the inner VLAN, and will carry the inner VLAN transparently. This is to allow a Q-in-Q transport service. A service restriction of tagged mode is that all sites in the EVPN service must be run in tagged mode, and the same VLAN ID must be used for all sites of the VLAN. (VLAN swapping, popping and pushing are not supported.) Whether the service is run in tagged or untagged mode has an impact on QoS. The Ethernet QoS bits (known as CoS bits, or 802.1p bits) are part of the VLAN tag header. An untagged frame will not have any QoS bits to allow for QoS differentiation of frames. If the EVPN is in untagged mode, all frames on that service will be placed in a single nominated traffic class.
© Interoute Communications Limited
4
www.interoute.com
4
UNITED CONNECTIVITY Ethernet VPN (EVPN) High Availability Topologies In resilient sites where the customer has two or more CPE routers, customers can order a High Availability Ethernet VPN presentation. The Ethernet VPN would be presented on a port on each CPE router. However, caution must be exercised with this option, as the two ports will be bridged together within the Ethernet VPN service. If, in addition, the customer bridges the ports together within their network, there is a risk of a service affecting layer 2 loop. (A layer 2 loop is likely to cause an outage on the Ethernet VPN as a whole, and/or on all others services at that site.) Caution should be exercised when requesting High Availability presentation of Ethernet VPN services. Interoute recommends one of two topologies for High Availability. One recommended topology is where the Ethernet VPN is terminated directly at layer 3 with routers. This topology is appropriate for customers who wish to maintain full independent control of their routing. The Ethernet VPN being a layer 2 service is fully transparent to the customer’s routing. The customer then has the freedom of running their own VLANs and routing protocols over the service. But the key requirement is that the connection from the CPE routers are directly into routers or router ports on combined switch/routers. Connecting via switches or switch-ports is strongly discouraged in this topology. The other recommended topology is for customers who want to extend the Ethernet connectivity into their sites. Those customers must run spanning-tree or equivalent on the switches facing the Ethernet VPN. The spanning-tree network design over the Ethernet VPN must be configured to detect any loops over the network, and put any potentially looping ports in blocking mode. High Availability switched Ethernet VPN topologies are not recommended for customers not comfortable with Spanning Tree configuration.
© Interoute Communications Limited
5
www.interoute.com
5
UNITED CONNECTIVITY Ethernet VPN (EVPN) Avoid Duplicate MAC Addresses Whilst VLAN separation may exist within the customers own topology, the inherent nature of VPLS as a single, flat broadcast, Ethernet Bridge domain has certain implications. Namely that all Ethernet MAC addresses received and cached from all VLAN sources, from all of the customer's EVPN interfaces within a single Ethernet VPN service, occupy a common forwarding table within each CE of the Unified Connectivity Domain. Any 'MAC separation' enforced by a customer's use of VLANs has no bearing on this table. With this knowledge, it is vital that the customer ensures stability of their solution by not inadvertently broadcasting duplicate MAC addresses. Although most MAC addressing will be unique, there are situations where duplicate addresses may occur, leading to conflict within the EVPN, for example:
manually configured MAC addresses, including network testers
reserved HSRP standby address range: 00:00:0C:07:AC:
reserved VRRP standby address range: 00:00:5E:00:01:
Customers must ensure that they use unique group numbers for each HSRP/VRRP instance throughout their entire EVPN topology, regardless of local VLAN.
Limitations The following features have technical limitations in Unified Connectivity: Ethernet VPN over xDSL WANs. In deployments over L2TP-based DSL access media, where the encapsulation is PPPoE or PPPoEoA, many other carriers comply with RFC 2516 by setting a 1492 byte MRU. This applies to the CE WAN uplink, therefore the maximum frame size available to the customer on an Ethernet service port is less than this. If the service is delivered on a tagged port, the following services cannot be provisioned on the same LAN port:
Untagged services
Layer3 services such as IPVPN, Internet Access and Internet Managed Multi-homing
© Interoute Communications Limited
6
www.interoute.com
6
UNITED CONNECTIVITY Ethernet VPN (EVPN)
Performance Statistics Number of sites
Recommended for up to 15sites
Number of network routes
Ethernet topology, so independent of IP network routes
Customer LAN MAC Address Recommended to keep under 7500 MAC addresses across all Ethernet VPNs. Limit Limited by the Routing Protocol Limits associated with the Access Technology and its supporting router. Each MAC address on each Ethernet VPN service should be considered as a dynamic route entry in the CE’s Routing Protocol Limit. Supported Topologies
Any-to-any Ethernet dynamic MAC-based
Supported Encapsulations
Standard Ethernet II, IEEE 802.3, 802.1Q VLAN
Maximum Frame Size
1
1538 byte frame dependent on access technology; any larger requires a PE topology survey of all participating sites
Ethernet VPLS Overhead Overhead => 26 bytes/frame MTU
1 2
Throughput 2 of line speed
Throughput Loss
64
L2 64Bytes = 64/(64 + 26) =
71.11%
28.89%
128
L2 128Bytes = 128/(128 + 26) =
83.12%
16.88%
256
L2 256Bytes = 256/(256 + 26) =
90.78%
9.22%
512
L2 512Bytes = 512/(512 + 26) =
95.17%
4.83%
1024
L2 1024Bytes = 1024/(1024 + 26) =
97.52%
2.48%
1280
L2 1280Bytes = 1280/(1280 + 26) =
98.01%
1.99%
1518
L2 1518Bytes = 1518/(1518 + 26) =
98.32%
1.68%
This frame size does not apply with Ethernet over DSL access media. Dependent on CPE performance installed at the customer site.
© Interoute Communications Limited
7
www.interoute.com
7
UNITED CONNECTIVITY Ethernet VPN (EVPN)
Key Features & Benefits Key Features
Fully meshed topology as standard, other topologies such as Hub and Spoke available on request.
Installation provided as standard during office hours (9am to 5pm CET Monday to Friday).
IP Address Assignment: As required according to requirements of the individual site.
Interoute maintains ownership of all IP addresses during the contract and allocates them based upon information provided by customer during pre-sales process.
Managed CPE Routers from Juniper. Model provided depends upon interface type and speed at each site. Service includes installation and hardware support (24x7x4 provided as standard, in countries where available).
24x7 Monitoring. Through the use of SNMP polling messages sent at regular intervals, all alerts fed directly into Interoute 24x7 Network Operation Centre (NOC).
24x7 Customer Service. 24x7 support from Interoute central Customer Contact Centre (CCC).
High Availability Service can be used as part of a redundant high-availability pair using multi-homed VPLS.
Congestion Management (QoS). Allows traffic classification and prioritisation to expedite real-time and business critical traffic. Two compatible options for classifying traffic: Standard QoS - 4 classes and 2 Enhanced QoS - 6 classes.
10/100/1000 Mbps Ethernet presentation Independent of WAN media used.
IEEE 802.1Q/p VLAN/IP TOS/DSCP transparency Customer IEEE 802.1Q/p VLAN frames are transported without discrimination or modification (subject to compliance of access service).
Key Benefits
Deploy a secure and reliable platform for your users and applications
Communicate anytime, anywhere, instantly
Provide multiple services and applications over a common infrastructure
Simplify network operation and expansion
Improve resource utilization, visibility and performance
Decrease Total Cost of Ownership (TCO)
Future-proof your network to grow with your business
Integrate seamlessly with a full suite of related offers
2
Whether the service is run in tagged or untagged mode has an impact on QoS. For more information request QoS Data Sheet from your Interoute Account Manager.
© Interoute Communications Limited
8
www.interoute.com
8
UNITED CONNECTIVITY Ethernet VPN (EVPN)
EVPN enables access to: Product
Description
Internet Central
Internet Central is a centralised managed next-generation firewall service specifically designed for our VPN customers who need to give their users secure, flexible and cost effective access to the public Internet. It is delivered as a central connection (up to 1Gbps) provided in one of Interoute’s Data Centres. With Internet Central you gain total control with one set of firewall rules for your traffic.
Storage area networking (SAN)
EVPN supports the key storage protocols of Fibre Channel (FC), FICON, ESCON, SCSI, or iSCSI to connect your primary site to any number of remote storage facilities.
Voice access for IPVPN
Provides access to the Interoute ONE platform for IPVPN customers over the same Interface. Available over Leased Line and Ethernet accesses only.
Video A fully managed visual communication service. Conferencing & Video-as-a-Service (VaaS) Hosted Lync (Voice Interoute’s Hosted Microsoft Lync platform offers SIP trunking for outbound calls, Direct Dial and Online Inward (DDI) numbers for inbound call support, instant messaging, online presence, video Collaboration) and desktop sharing capability. Virtual Data Centre (VDC)
VDC is Interoute’s scalable, fully automated Infrastructure as a Service (IaaS) solution. VDC provides on demand computing, storage & applications integrated into the heart of your IT infrastructure.
IP VPN (Layer 3) Service provides similar private network services at an IP-layer for increased scalability.
How to order Please contact your Interoute Account Manager.
Further Information & Support
For product queries please consult your Account Manager.
For further features and description of products, refer to the Interoute website. http://www.interoute.com/unified-ict/connectivity/ethernet-vpn.
© Interoute Communications Limited
9
www.interoute.com
9
