Technical White Paper for VPLS

Huawei Technologies Co., Ltd.

 Technical White Paper for VPLS

Table of Contents

1 Foreword.......................................................................................................... 1
2 Introduction ...................................................................................................... 1
2.1 Two Signaling Modes for VPLS PW Establishment............................................... 2
2.2 Packet Forwarding................................................................................................. 5
2.2.1 Basic Transmission Components of the VPLS Network.............................................. 5

3 Key Technologies ............................................................................................. 8

3.1 VPLS Reliability ................................................................................................... 12
3.1.1 CE Access Reliability ................................................................................................. 12
3.1.2 HVPLS Reliability....................................................................................................... 13
3.1.3 Reliability of Links among PEs .................................................................................. 13

3.2 VPLS Loop Avoidance......................................................................................... 14

3.2.1 Loop Avoidance in the Basic Networking Mode ........................................................ 14
3.2.2 Loop Avoidance in the HVPLS Networking Mode ..................................................... 14

4 Typical Application.......................................................................................... 15
4.1 Integrated Networking with VPLS........................................................................ 15
5 Conclusion ..................................................................................................... 16
Appendix A Abbreviations and Acronyms............................................................. 17

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. i

http://datacomm.huawei.com
 Technical White Paper for VPLS

VPLS Technical White Paper

Abstract: The VPLS technology is a technology used to provide virtual Ethernet service over
the existing WAN. Through membership discovery, PW establishment and
maintenance, and MAC-based address forwarding in the VSI, it interconnects LAN
sites across WANs and thus interconnects the LANs geographically scattered via
the Internet. This document introduces the principles, key technologies, defects
and merits of VPLS. It ends up with suggestions on VPLS application and
deployment.
Key word: VPLS, PW, AC, VSI, UPE, SPE, P-PE

1 Foreword
VPLS is a kind of L2 VPN technology based on MPLS and Ethernet technologies. In
the past decade, the Ethernet technology has gained rapid development and wide
application. Its rate increases from 10M to 100M and from 100M to 1000M with lower
and lower deployment cost. Besides wide application in enterprise networks, it is
more and more applied to operation networks especially MANs. Because of its high
bandwidth and low cost, the Ethernet is very competitive. To provide the multi-point
service similar to that in the Ethernet over the MAN/WAN, the VPLS technology
emerged.

2 Introduction
VPLS (Virtual Private LAN Services) is a kind of service provided on the MPLS
network, similar to the LAN service. It enables users to access the network from
multiple points geographically scattered and access each other, just as if these points
were directly accessed to the LAN. With the VPLS service, users can extend their
LAN to the MAN or even the WAN.
Figure 1 illustrates the typical networking of VPLS. The interfaces added to the VPLS
support broadcast, forwarding and Ethernet frame filtering. The PEs are connected
with one another via PWs (Pseudo Wires) to form a simulated LAN for the customer.
Each PE must learn not only MAC addresses of the Ethernet packets from the PWs
but also MAC addresses of the CEs connected to it. Generally, MPLS tunnels or any
tunnel tunnels (e.g. GRE, L2TPV3 or TE) are used as the PWs. A PE is generally an
MPLS edge router and can establish tunnels to the other PEs.

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 1

http://datacomm.huawei.com
 Technical White Paper for VPLS

VPLS-A VPLS-A
CE-3 U-PE
CE-1
PE P-PE
VPLS-B
CE-1
VPLS-B
CE-3 SP Backbone
L 2 ACCESS
NETWORK

PE

VPLS-B
U-PE CE-4
VPLS-A
CE-2
VPLS-B
CE-2

Figure 1 Typical networking of VPLS

2.1 Two Signaling Modes for VPLS PW Establishment

There are two common signaling modes for PW tunnel establishment: LDP
(draft-ietf-l2vpn_vpls_ldp_xx) and MP-BGP (draft-ietf-l2vpn_vpls_bgp_xx).
When the LDP is used as the signaling, the TLV of the standard LDP is extended to
carry the VPLS information. Two types of FEC TLV are added: 128 type and 129 type.
The label distribution sequence during PW establishment adopts the DU (downstream
unsolicited) mode and label retention adopts the liberal label retention mode. The
LDP connections used to exchange VC signaling must be configured to the Remote
mode.
The following figure shows a typical procedure of PW establishment and release with
the LDP mode of signaling. When PE1 is configured with a VSI (Virtual Switch
Instance) and PE2 is specified as its peer, a label will be distributed to the session and
a mapping message will be sent to PE2 if the IDP session between PE1 and PE2 has
been established. Upon receipt of the mapping message, PE2 will check if the same
VSI has been configured locally. If the same VSI has been configured locally with the
same VSI ID and encapsulation type, it indicates that the VSIs on these two PE’s are
in the same VPN. And if the interface parameters of both PE’s are the same, a PW will
be established for PE2. The same applies to PE1 after it receives the mapping
message from PE2.
When PW1 does not want to forward the packets of PE2 any longer (for instance, the
user withdraws the designation of PE2 as the peer), it will send a withdraw message
to PE2. Upon receipt of this withdraw message, PE2 will release PW1 and return a
release message. PE1 will release the label and disconnect the PW after receiving
the release message.

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 2

http://datacomm.huawei.com
 Technical White Paper for VPLS

PE1 PE2
Configure a VSI and
specify PE2 as the Configure a VSI and
peer specify PE1 as the
Mapping message peer

Mapping message

Interface parameter Interface parameter

matching, PW up matching, PW up

Withdraw message

Withdraw the
PW, PW down
Release message

Reclaim the
label, PW down

Figure 2 PW establishment/release procedure with LDP used as the signaling

When BGP is used as the signaling, the multi-protocol extension (RFC2283) of BGP
is used to transmit the VPLS member information. The MP-reach and MP-unreach
attributes transmit the VPLS label information and the extended community attribute
transmits the interface parameter information. The VPN membership is determined by
the RD (Route Distinguish) and VPN-TARGET that are both transmitted in the
extended community attribute.
The following figure shows a typical procedure of PW establishment and release with
the BGP mode of signaling. When PE1 is configured with a VSI (Virtual Switch
Instance) and has a BGP session established to PE2 and the VPLS address family is
enabled on this session, a label will be distributed to the BGP session and an update
message that carries the MP-REACH attribute will be sent to PE2. Upon receipt of the
update message, PE2 will check if the same VSI has been configured locally. If the
same VSI has been configured locally and the VPN-TARGET is matched (the same
as L3VPN match), it indicates that the VSIs on these two PEs are in the same VPN.
And if the interface parameters of both PE’s are the same, a PW will be established
for PE2. The same applies to PE1 after it receives the update message from PE2.
When PW1 does not want to forward the packets of PE2 any longer (for instance, the
user withdraws the designation of PE2 as the peer), it will send an update message
that carries the MP-UNREACH attribute to PE2 while disconnecting the PW and
releasing the label at the same time. PE2 will disconnect the PW after receiving the
update message from PE1.

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 3

http://datacomm.huawei.com
 Technical White Paper for VPLS

PE1 PE2
Configure a VSI, specify
PE2 as its BGP peer Configure a VSI, specify
and enable the VPLS PE1 as its BGP peer
address family and enable the VPLS
Update message (with mp-reach) address family

Update message (with mp-reach)

Interface Interface parameter

parameter matching, PW up
matching, PW up

Update message (with mp-UNreach)

Withdraw the
PW, PW down

Reclaim the
label, PW down

Figure 3 PW establishment/release procedure with BGP used as the signaling

The LDP protocol is quite simple and has low requirement for the PEs. However, the
LDP does not provide the VPN member auto discovery mechanism and the
membership should be manually configured. In comparison, the BGP mode has high
requirement for the PEs so as to run the BGP protocol, but it provides the VPN
member auto discovery mechanism and so users may find it simple to use. Secondly,
a remote session must be established between every two PEs and the number of
sessions is in direct proportion to the square of PE quantity in the LDP mode,
whereas the RR (Route Reflector) can be used in the BGP mode to reduce the
number of BGP sessions and thus improve the expandability of the network. Thirdly, a
label is distributed to each PE only when necessary in the LDP mode while a label
block is distributed to each PE in the BGP mode and results in a certain waste of
labels. Fourthly, a PW must be configured for each PE to connect the new PE when a
new PE is added in the LDP mode while it is not necessary to modify the
configurations of the PEs but only necessary to configure the new PE in the BGP
mode, provided that the number of PEs is not more than the label block size. Fifthly,
it must be ensured that the VPLS instances configured for all the ASs use the same
VSI ID space in the inter-AS case in the LDP mode while the VPN TARGET is used to
identify the VPN relationship and the same VPN TARGET space is required in the
BGP mode.
Table 1 Comparison of the two signaling modes of VPLS

Signaling mode

LDP mode BGP mode

Attribute

Requirement for the capability of General High

PE’s
Support for auto discovery No Yes
Complexity of implementation Low High

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 4

http://datacomm.huawei.com
 Technical White Paper for VPLS

Signaling mode

LDP mode BGP mode

Attribute

Expandability Poor Good

Label utilization High Low
Configuration workload Huge Little
Inter-AS restriction Much Little

In sum, the BGP mode is suitable for the core layer of a large network where the PEs
run the BGP protocol and have requirement of the inter-AS. The LDP mode is
applicable when there are few VPLS sites and there is no or seldom inter-AS
requirement, especially when the PEs do not run the BGP protocol. When the VPLS
network is large (with numerous nodes and large geographical area), the HVPLS
(Hierarchical VPLS) combining these two modes can be used: The core layer adopts
the BGP mode and the access layer adopts the LDP mode.

2.2 Packet Forwarding

The whole VPLS network is just like a huge switch. It establishes PWs between sites
of various VPNs and transparently transmits L2 user packets via these PWs. The
PEs will learn the source MAC address and establish an MAC forwarding entry while
forwarding a packet, so as to complete the mapping between MAC addresses and
user Attachment Circuits (ACs)/PWs. The P equipment only needs to complete the
MPLS data forwarding according to the MPLS label without concerning the L2 user
packets internally encapsulated in the MPLS packets.

2.2.1 Basic Transmission Components of the VPLS Network

The basic transmission components of the VPLS network and their functions are
described as follows:
1) Attachment Circuit (AC): A connection line or virtual link between a CE and a PE.
Generally, all the user packets on the AC should be transparently transmitted to the
peer site, including the L2/L3 protocol packets of the user.
2) Pseudo Wire (PW): To be simply, a PW is a VC plus a tunnel. The tunnel may be an
LSP, L2TPV3 or TE. PWs are directional. To establish a PW in the VPLS network, the
signaling (LDP or BGP) is needed to transmit VC information and then the VC
information and tunnel is managed via VSI management to form a PW. For the
VPLS system, a PW is just like a straight channel from one local AC to the peer AC to
transparently transmit L2 data of users.
3) Forwarders: A PE receives the data frames sent over the AC while a forwarder
selects a PW for forwarding the packets. A forwarder is in fact the FDB of VPLS.

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 5

http://datacomm.huawei.com
 Technical White Paper for VPLS

4) Tunnels: Used for bearing PWs. One tunnel can bear multiple PWs, generally MPLS
tunnels. A tunnel is a straight channel between a local PE and the peer PE to
transparently transmit data between the two PE’s.
5) Encapsulation: The packets transmitted over the PW use the standard PW
encapsulation format and technology. There are two modes for VPLS packet
encapsulation over the PW: Tagged mode and RAW mode.
6) Pseudowire Signaling: The PW signaling protocol is the basis for VPLS
implementation and is used for establishing and maintaining PWs. It can also be
used for automatically discovering the peer PE of a VSI. At present, there are two PW
signaling protocols: LDP and BGP.
7) Service Quality: To map the priority information in the L2 packet header of the user
into the QoS priority for transmission over the public network, generally the
application should support MPLS QOS.
The positions of the basic transmission components of VPLS in the network are
shown in Figure 4:

AC VPN 1
PW Site 1
Tunnel
CE1
VPN 2
PW信令协议 Site 1
CE2
Forwarder
PE1

VPN 1 P MPLS网络
Site 2
PE2
CE3

CE4
VPN 2
Site 2

Figure 4 Basic transmission components of VPLS

Let’s take the example of the VPN1 packet flow from CE1 to CE3 to look at the basic
data flow: CE1 sends a L2 packet, which is transmitted via the AC to PE1. After PE1
receives the packet, the forwarder selects a PW to forward this packet and the system
adds the PW label according to the FDB entry of the PW and sends this label to the
outer tunnel (a PW label is used to identify a PW and is sent via the tunnel to PE2).
The PW label reaches PE2 via the public network tunnel and PE2 uses this label to
forward the packet to the corresponding AC. Finally, the packet is sent to CE3.

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 6

http://datacomm.huawei.com
 Technical White Paper for VPLS

MAC address learning and flooding

The control plane of VPLS does not need to advertise and distribute reachability
information, but uses address learning of the standard bridge function in the data
plane to provide reachability. Just like an Ethernet switch, the VPLS floods all the
received Ethernet packets with unknown unicast addresses, broadcast addresses
and multicast addresses to all the rest ports (all the ports and PWs of the local VSI).
To improve the efficiency of multicast, the following measures (e.g. IGMP Snooping
and PIM Snooping) should be taken for a PE:
1) Source MAC address learning
To forward a packet, a PE must be able to establish an MAC FDB. Different from the
BGP VPN that uses the route advertisement mechanism to establish a routing table in
the control plane, the VPLS uses the standard bridge learning function to establish
the FDB in the forwarding plane. The MAC address FDB is established by MAC
address learning, including the learning of packets from users and the learning of
packets from PWs. The egress interface of the MAC address learnt from the ingress
PW must be set as the egress PW of this PW. The MAC address learning process
involves two parts:
A. Remote MAC address learning associated with PWs
Because a PW is composed of a pair of unidirectional VC LSPs (the PW will be
regarded as being up only when the VC LSPs in both directions are up), the PW
should map the MAC address to the VC LSP in the egress direction when the VC LSP
in the ingress direction has learnt an MAC address originally unknown to it.
B. Local MAC address learning of the port directly connected to the user
For an L2 packet sent from the CE, the source MAC address in the packet should be
learnt by the corresponding port on the VSI.
The address learning and flooding process of the PE is illustrated in Figure 5.

VSI MAC PORT

VPN1 A vlan10,port1
ARP broadcast VPN1 B PW1

PW2

mac A ,IP 1.1.1.2

VSI MAC PORT
PW1
VPN1 A PW2
PW2

VSI MAC PORT

VPN1 A PW1

VPN1 B vlan10,port1

ARP reply

mac B ,IP 1.1.1.3

Figure 5 Address learning and flooding process of the PE

2) MAC address aging

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 7

http://datacomm.huawei.com
 Technical White Paper for VPLS

The remote MAC addresses learnt by the PE need an aging mechanism to remove
the address entries related to the VC label but no longer in use. After the packet is
received, the aging timer corresponding to the source address shall be reset. Similarly,
all the MAC addresses learnt in the local VSI should be aged.
Loop elimination
Generally, STP is used on the Ethernet to avoid possible forwarding loops. In the
VPLS network, the split horizon mechanism is used to eliminate loops between PEs,
that is, the packets received by a PE shall not be forwarded to the other PEs. In
addition, the PE’s are fully meshed to ensure the reachability and a loop-free
environment for VPLS packet forwarding, along with the split horizon mechanism.
When a CE has multiple connections to a PE or the CEs connected to one VPLS VPN
have connections with one another, loops are unavoidable in the VPLS network and
other methods (e.g. STP) shall be used to solve the problem.

3 Key Technologies
MAC Address Learning
MAC address learning is one of the important indices in VPLS. In the telecom network,
the original traffic will change from clockwise to counterclockwise if ring network
switching occurs. If 500 MAC packets are learnt per second, it takes 128 seconds to
learn the typical 64K MAC addresses. Thus, before the MAC addresses are all learnt
again, traffic will be in an incorrect direction (still clockwise) or broadcast will occur.
Packet loss will be caused in either case. The typical switching time for the telecom
network is 50ms. Then what is the appropriated MAC learning capability? When the
MAC address capacity of the equipment is 64K and the switching of 64K MAC
addresses is to be completed within 50 ms, the learning capability should be: 64K / 50
ms = 1.28M times/second. When the MAC address capacity is 16K, the learning
capability should be: 16K / 50 ms = 320K times/second.
Fully Mesh of PWs when the Number of PEs Increases
Whether the BGP mode or the LDP mode of signaling for the VPLS, the basic concept
is to establish a full mesh of all sites in signaling so as to avoid loop occurrence. In the
LDP mode, the LDP sessions among all sites are fully meshed. So it is with the BGP
mode. During data forwarding, the packets from a PW will no longer be forwarded to
the other PWs according to the split horizon mechanism. Suppose there are 100 sites,
then there will be 4950 LDP sessions among sites. The HVPLS (Hierarchical VPLS) is
introduced to protocol draft-ietf-l2vpn_vpls_ldp_xx. This HVPLS solution can also be
derived from protocol draft-ietf-l2vpn_vpls_bgp_xx.
HVPLS in the LDP mode
The core concept of HVPLS is to divide the network into different layers with each
layer of network being fully meshed and connect the equipment of different layers via
the QinQ or PW. The upper end of the connection is called the SPE (Super PE) or
P-PE (Provider PE) and the lower end is called the UPE (User PE). Because the PE’s

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 8

http://datacomm.huawei.com
 Technical White Paper for VPLS

of different layers are not fully meshed, the data forwarding between the SPE and the
UPE does not follow the split horizon mechanism but the mutual forwarding principle.
1) PW access means of H-VPLS

PSN Tunnel

U-PE1 P-PE1
CE1
VSI
CE2
VSI P-PE3 U-PE3

CE5
VSI

CE6

P-PE2
U-PE2 PW
CE3
VSI

VSI
CE4

Figure 6 LSP access mode of H-VPLS

As shown in Figure 6, the UPE works as the aggregation equipment and only
establishes a PW with P-PE1 to connect the link U-PW and does not establish any
PW with the rest peers. The data are forwarded in the following way: UPE1 sends a
packet from a CE to P-PE1 and adds the multiplex detachment label (MPLS label) of
the U-PW to the packet. Upon receipt of the packet, P-PE1 determines the VSI of the
packet according to the multiplex detachment label and then adds the multiplex
detachment label of the N-PW to the packet according to the destination MAC
address of the user data packet before forwarding the packet. After receiving the
packet from the N-PW, P-PE1 adds the multiplex detachment label of the U-PW and
sends the packet to the UPE. Upon receipt of the packet, the UPE then forwards it to
the CE.
If CE1 and CE2 exchange data for the local CEs, the UPE will directly forward the
packets between CE1 and CE2 without needing to report the packet to P-PE because
of its bridge function. However, if it is the first packet or a broadcast packet whose
destination MAC address is unknown, the UPE will still forward the packet via the
U-PW to P-PE while broadcasting the packet via the bridge to CE2, so that P-PE can
duplicate the packet and forward it to each peer CE.
2) QinQ access means of H-VPLS

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 9

http://datacomm.huawei.com
 Technical White Paper for VPLS

PSN Tunnel

U-PE1 P-PE1
CE1
BG VSI
CE2
VSI P-PE3 U-PE3

CE4
VSI BG

CE5

U-PE2 P-PE2
PW
BG VSI
CE3
VSI

.1Q in .1Q

Figure 7 QinQ access mode of H-VPLS

As shown in Figure 7, the UPE is a standard bridge device. QinQ is enabled on the
CE access ports and the VLAN-TAG is attached as the multiplex detachment label.
The packet is transparently transmitted to PE1 via the QinQ tunnel between the UPE
and P-PE. PE1 then determines the VSI according to the VLAN-TAG attached by the
UPE and then adds the multiplex detachment label of the PW (MPLS label) to the
packet according to the destination MAC address of the user data packet before
forwarding the packet. After receiving the packet from the PW, PE1 determines the
VSI of the packet according to the multiplex detachment label (MPLS label) and then
adds the VLAN-TAG according to the destination MAC address of the user data
packet for the QinQ tunnel to forward the packet to the UPE, which will then forward
the packet to the CE.
If CE1 and CE2 exchange data for the local CEs, the UPE will directly forward the
packets between CE1 and CE2 without needing to report the packet to PE1 because
of its bridge function. However, if it is the first packet or a broadcast packet whose
destination MAC address is unknown, the MTU will still forward the packet via the
QinQ tunnel to PE1 while broadcasting the packet via the bridge to CE2, so that PE1
can duplicate the packet and forward it to each peer CE.
HVPLS in the BGP mode
1) MP-EBGP access means of H-VPLS

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 10

http://datacomm.huawei.com
 Technical White Paper for VPLS

CE4 SPE1 AS1

N-PW
SPE3

N-PW MP-EBGP

N-PW
CE2 UPE1 AS2
N-PW
SPE2 SPE1 AS3
UPE3 N-PW
SPE3
N-PW

CE1
MP-EBGP N-PW

N-PW
CE3
N-PW

UPE2
SPE2

BGP HVPLS
Figure 8 HVPLS solution in the MP-EBGP mode
In the LDP HVPLS solution, the mode of LDP + IGP is adopted between the UPE and
the P-PE to establish a PW. This mode will have problems in the inter-AS case of the
MAN, because the routers SPE and UPE between the ASs cannot run IGP + LDP.
Therefore, only the MP-EBGP solution can be used in that case.
As shown in Figure 8, the MP-EBGP is run between the UPE and the SPE,
draft-ietf-l2vpn_vpls_bgp_xx is used in terms of signaling to establish a PW, and the
split horizon disable setting (for both the UPE and the SPE) is applied for the BGP
peers in terms of forwarding, or the split horizon disable flag is used for the VE ID in
the BGP VSI, that is, the UPE is allowed to send a packet from the other PEs to the
SPE while the SPE is allowed to send a packet from the other PEs to the UPE. In this
way, HVPLS is implemented.
2) HVPLS solution with LDP access, MP-EBGP access and BGP RR in the backbone
area

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 11

http://datacomm.huawei.com
 Technical White Paper for VPLS

CE3 AS2 CE4

UPE1
BGP access
MP-EBGP

SPE1
CE3

BGP RR

SPE2
SPE3
CE1 CE2
PW access
IGP + LDP
UPE2 AS1
PW access UPE3
IGP + LDP

PE4 PE5 PE6 PE7

AS1 AS1

Figure 9 HVPLS solution with LDP PW access, MP-EBGP access and BGP RR
As shown in the above figure, fully-meshed connections can be formed inside the
VPLS of a lower layer by use of the LDP mode. And because the VPLS of a lower
layer is located in the same AS with that of a higher layer, it can use the LPD PW
mode to access the BGP VPLS. Since the backbone network contains a huge number
of PEs, the BGP RR is used to reduce the quantity of fully-meshed connections and
indirectly attain the logic full mesh. However, if the VPLS of a lower layer is not in the
same AS with that of a higher layer, the MP-EBGP mode can still be adopted. The
above figure shows a hybrid networking model that combines LDP PW access,
MP-EBGP access and BGP in the backbone area.

3.1 VPLS Reliability

3.1.1 CE Access Reliability

1) CE Dual Homing

Similar to L3VPN, in order to ensure that the services of the accessed user are not
interrupted when the access point equipment PE fails, the CE can connect two PEs
(one active and the other standby). When the active PE fails, the services can be
automatically switched over to the standby PE.
The CE dual homing solves the reliability problem in the case of PE failure.

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 12

http://datacomm.huawei.com
 Technical White Paper for VPLS

2) Adoption of FRR to Protect the Access Reliability

When ME-VPLS (MPLS-Edge-VPLS) is adopted, the user’s CE can also adopt a PW

to connect the PE. In this case, the FRR can be used to protect the PW.

3.1.2 HVPLS Reliability

In HVPLS, the UPE can connect the SPE in the dual homing mode. The
active/standby mode is adopted. When a PW fails, the services can be immediately
switched over to the other PW, as shown in the following figure:

U-PE Primary PW P-PE P-PE 1

CE
BG VSI

CE PE

VSI

LDP

Secondary PW P-PE

VSI

P-PE 2

Figure 10 Protection in the case of PW dual homing in HVPLS

As shown in the above figure, the UPE connects two P-PE’s (one active and the other
is standby). When the active P-PE is faulty, the services will be switched over to the
standby P-PE.

3.1.3 Reliability of Links among PEs

It is necessary to protect the tunnels for constructing the PWs for the links among PEs.
There are two types of tunnel protection: Protection of the physical links bearing the
tunnels and backup of different physical links through certain protocols. The RPR
(Resilient Packet Ring) is of dual-ring structure. Physically, when one direction of the
ring fails, the service can be looped in the other direction. Therefore, if the tunnel is
established on such physical links, it is protected automatically. In addition, the
upper-layer protocol, for example, the RSVP-TE protocol, can be adopted to protect
the tunnels. That is, RSVP-TE FRR (Fast Re-Routing) technology can be adopted to
implement fast switchover in the case of link faults, thus ensuring end-to-end tunnel
protection.

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 13

http://datacomm.huawei.com
 Technical White Paper for VPLS

3.2 VPLS Loop Avoidance

3.2.1 Loop Avoidance in the Basic Networking Mode

To avoid loop occurrence, the STP protocol should be enabled in an Ethernet-based

L2 network but the STP of VPLS evidently should not participate in the network of the
ISP. In VPLS, to avoid slow network convergence and complex topology design,
fully-meshed connections and split horizon forwarding are used to avoid the running
of STP on the ISP network. Each PE must create a tree for each VPLS forwarding
instance to all the other PE routers in this instance. Each PE router must support the
split horizon policy to avoid loop occurrence, that is, the PE router cannot forward
packets between the PWs of the same VPLS instance (because all PEs are directly
connected in the same VPLS instance). In this sense, split horizon forwarding means
that the data packets received from the PWs on the public network side will no longer
be forwarded to the other PWs but can only be forwarded to the private network side.
However, for the UPE of hierarchical VPLS, forwarding among SPEs is an exception.
In the point of view of the user, it is allowed to run the STP in the VPLS private
network and all the BPDU packets of the STP are only transparently transmitted on
the network of the ISP.

3.2.2 Loop Avoidance in the HVPLS Networking Mode

The following method can be used to avoid loops:

In the core layer, fully-meshed connections and split horizon forwarding are adopted
among the PEs.
There are two types of topologies between the edge layer and the core layer:
1) There is only one connection from the UPE to the SPE. In this case, the two network
layers are of the tree topology, i.e., the ASs in the two-level network cannot interwork
with each other, and one UPE can only connect one SPE. In addition, the CEs of
different sites should not be connected. This mode naturally avoids loop occurrence.
However, the problem of single point failure exists from the UPE to the SPE.
2) If the UPE connects the SPE in the dual homing mode, then other mechanisms must
be adopted to ensure there is no loop. For example, when the BGP signaling is
adopted, the BGP completes the routing so that the UPE only has one active route
to the SPE.
Moreover, if the CE loop cannot be avoided, it is necessary to adopt the MSTP
(Multiple-instance Spanning Tree Protocol).

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 14

http://datacomm.huawei.com
 Technical White Paper for VPLS

4 Typical Application
4.1 Integrated Networking with VPLS
MPLS VPLS is an important MAN technology, with which various existing enterprise
networks based on the Ethernet technology can be interconnected. Featuring low
cost and high reliability, VPLS is attracting more and more operators.

Shanghai
Branch of
Customer A

PE2
Operator's CE2
national
backbone
network MPLS
PE1
PE3
Beijing CE3
Branch of
Customer A
Shenzhen
CE1
Branch of
Customer A

Figure 11 Typical VPLS application

The above figure shows a typical VPLS application, where the backbone network is
constructed by use of RPR that can protect the PWs and ensure the high reliability of
VPLS service transmission on the public network. The LANs are connected via the
ring network to the network among the cities. The operator constructs a national
backbone network and provides the VPLS service. Customer A has three branch
offices that are located in Beijing, Shanghai and Shenzhen respectively. To provide
the VPLS service to Customer A, the operator constructs three pieces of equipment
(PE1, PE2 and PE3) for VPLS service access in the three cities. In this way, the
operator can provide trans-AS and trans-WAN LAN services to Customer A through
the VPLS. For Customer A, the networking is simple and easy, and it is unnecessary
to change Customer A’s original enterprise network plan (including the routing plan).
The system expansion in the VPLS mode is also convenient. Suppose Customer A
establishes a branch office in Guangzhou and connects it to the headquarters and the
other branches to meet its service development needs. The operator only needs to
add a VSI for the PE in Guangzhou and make simple configuration.

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 15

http://datacomm.huawei.com
 Technical White Paper for VPLS

5 Conclusion
The VPLS is a technology that extends the LAN to the MAN/WAN and emancipates
users from geographical restrictions. It is easy and simple to use as a widely applied
LAN technology. The feature of multipoint access makes the VPLS application easy
and it almost does not have any requirement or restriction on users.

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 16

http://datacomm.huawei.com
 Technical White Paper for VPLS

Appendix A Abbreviations and Acronyms

Abbreviation
Full name Explanation
/Acronym
It is a point-to-multipoint L2VPN service provided in the
public network and enables the users that are
VPLS Virtual Private LAN Service geographically isolated to connect with one another via
the MAN/WAN and enables the sites to be connected as
if they were connected in an LAN.
It is the user edge equipment directly connected to the
CE Custom Edge
service provider.
It refers to the edge router in the backbone network and
is connected to the CE for the access of VPN services. It
completes the mapping and forwarding of packets from
PE Provider Edge Router
the private network to public network tunnels and from
public network tunnels to the private network. PEs can be
further divided into UPEs and NPEs.
It is the PE equipment close to the user side and serves
UPE User facing-Provider Edge as the convergence equipment for users to access the
VPN.
It is the core PE of the network and is located at the edge
Super/Network/Provider of the core domain of the VPLS network to provide the
SPE/NPE/P-PE
Provider Edge VPLS transparent transmission service between the core
networks.
Through the VSI, the actual access links of the VPLS
VSI Virtual Switch Instance
can be mapped to various PWs.
It is a bidirectional virtual connection between two VSIs
PW Pseudo Wire
and is composed of a pair of unidirectional MPLS VCs.
It refers to the connection between the CE and the PE. It
may be a real physical interface or a virtual interface. All
AC Attachment Circuit the user packets on the AC should generally be
transparently transmitted to the peer site, including the
L2/L3 protocol packets of the users.
It is a mechanism directly using the 802.1q-based
tunneling protocol of the Ethernet switch to provide
multipoint L2VPN services. It encapsulates the private
QinQ 802.1Q in 802.1Q network VLAN tag of the user into the public network
VLAN tag and the packet carries both layers of tags while
crossing the backbone network of the provider, thus
offering a kind of simpler L2 VPN tunnels to the user.

Copyright ©2007 Huawei Technologies Co., Ltd. All Rights Reserved. 17

http://datacomm.huawei.com