Case Study 4: Implementing Layer 3 VPNs over Layer 2 VPN Topologies and Providing L2 VPN Redundancy
Figure 14-27 illustrates the topology used for this case study. The requirements posed by Customer A to the SP are as
Figure 14-27. Case Study 4 Topology
Layer 3 VPN over L2 VPN Configuration
Figure 14-28 outlines the basic configurations for devices to implement Layer 3 VPNs for Customer B traffic (by Customer A), as well as implementation of Layer 2 AToM tunnels between PE1-A and PE2-A over the SP infrastructure.
Figure 14-28. Case Study 4: Layer 3 VPN for Customer B over Customer A Layer 2 VPN Configuration
The highlighted portions in Figure 14-28 outline the pertinent configurations for the implementation of the following:
Implementing L2 VPN Redundancy
Customer A's final requirement is the ability to provide Layer 2 VPN redundancy between Sites PE1-A and PE2-A. To enable Layer 2 VPN redundancy, a third PE Router PE3-AS1 is connected to the same segment as between PE2-AS1 and PE2-A to provide Layer 2 VPN redundancy in the event of the primary VC failure between PE1-AS1 and PE2-AS1.
In the event of failure, all traffic from Customer A Site PE1-A must failover to the redundant path via PE3-AS1 to reach PE2-A. This is accomplished by configuration of a backup tunnel VC between PE1-AS1 and PE3-AS1 to the primary pseudo wire between PE1-AS1 and PE2-AS1.
Therefore, Layer 2 VPN redundancy when configured provides protection for the following failures:
Layer 2 VPN Pseudo-Wire Redundancy enables you to configure a backup pseudo wire in case the primary pseudo wire fails. When the primary pseudo wire fails, the PE router can switch to the backup pseudo wire. Traffic can be switched back to the primary pseudo wire after the path is operational again.
Configuration of Layer 2 VPN pseudo-wire redundancy and verification of its operation are performed using the procedure
Figure 14-29. Layer 2 VPN Pseudo-Wire Redundancy Configuration Flowchart
Layer 2 VPN Pseudo-Wire Redundancy Configuration for Customer A Traffic from PE1-A to PE2-A
Layer 2 VPN pseudo-wire redundancy for Customer A traffic originating from PE1-A to PE2-A is configured by the association of a backup VC between PE1-AS1 and PE3-AS1 for the primary tunnel between PE1-AS1 and PE2-AS1. The configuration of the PE routers to implement L2 VPN pseudo-wire redundancy is shown in Figure 14-30. In addition, for quicker IGP convergence OSPF, fast hellos are configured on the SP router interfaces for immediate failover to redundant paths. Configurations of all other devices
Figure 14-30. Case Study 4: L2 VPN Pseudo-Wire Redundancy Configuration
Verifications for Case Study 4
Figure 14-31 outlines the verifications performed on the various devices for Case Study 4. Verification operation of Layer 2 VPN circuits on PE1-AS1 and PE2-AS1 are done by performing show mpls l2transport vc on the routers, as shown in the figure. The output of PE1-AS1 must depict the primary Layer 2 VPN circuit as UP and the backup circuit as DOWN.
Figure 14-31. Case Study 4: Verifications
In addition, verification of Layer 3 VPN over Layer 2 VPN is performed as shown in Figure 14-31 by issuing show ip bgp vpnv4 all on the u-PE Routers PE1-A and PE2-A.
Finally, verify operation of the Layer 2 VPN pseudo-wire redundancy by performing an extended ping between the CE1-B and CE2-B loopback address and
Final Configurations for Case Study 4
Final configurations for devices in Case Study 4 are shown in Figure 14-32.
Figure 14-32. Case Study 4: Final Configurations