Documentation main page FRINX Features User Guide main page

L2VPN Service Module User Guide

Usage - Setup

FRINX ODL - Install features

  1. First, start FRINX ODL.
    • Wait for 3 minutes to ensure the start up process is complete.
  2. Then, in the karaf terminal which will have started, install two features - RESTCONF and the l2vpn provider:
feature:install odl-restconf frinx-l2vpn-iosxrv 

odl-restconf enables us to communicate between FRINX ODL and the routers by using REST calls (which we issue with Postman).

frinx-l2vpn-iosxrv is an L2VPN Provider with the IOS-XRv (Network Element Plugin) NEP and a NETCONF connector. This particular feature is specific for IOS-XRv devices.

Postman - Import collection

  1. To download and use FRINX pre-configured Postman REST calls with L2VPN - see this page.
  2. Follow that guide to import the file postman_collection_L2VPN_IOS-XRv.json from the directory L2VPN Service Module.
  3. Configure an environment in Postman where you set a value for odl_ip.

Your system is now ready. To provision L2VPN see the Usage - Operations Guide below.

Introduction

The goal of this project is to automate provisioning of Layer 2 Virtual Private Networks (L2VPN) on Service Provider (SP) routers.

L2VPN Service

Problem definition and L2VPN

Consider the scenario where a company needs to reconnect multiple sites with each other via an SP which provides L2 services to the company.

The company has two different sites and they are both connected to the Service Provider using an L2 connection. They need to interconnect two of their sites.

Two company's sites connected to SP

In this case L2VPN provides site-to-site connectivity and the SP network behaves as a wire between the company’s sites. The company’s routes are exchanged via the SP network.

Solution with L2VPN between sites.

Terminology

These terms are usually used in the L2VPN domain:

Terminology in picture

L2VPN types

There are two main types of L2VPN:

These types have many implementations. The FRINX ODL distribution supports Virtual Private Wire Service (VPWS) implementation.

VPWS

VPWS (Virtual Private Wire Service) is the simplest form for enabling Ethernet services over MPLS.

VPWS example

Usage - Operations Guide

To import the necessary Postman collection file see the section Postman - Import collection at the top of this page.

That file contains several REST calls for establishing a NETCONF connection and creating or deleting L2VPN instances, for which we provide guidance below:

Set up an L2VPN connection

Three steps are required to create an l2vpn connection between two routers (we perform these steps in our video which you can use a reference):

1. Establish a NETCONF connection

This is between FRINX ODL and each of the two routers which we’ll use for the L2VPN.

{
  "node": [
    {
      "node-id": "pe1",
      "netconf-node-topology:host": "192.168.1.211",//Edit this according to your setup
      "netconf-node-topology:port": 830,
      "netconf-node-topology:keepalive-delay": 0,
      "netconf-node-topology:tcp-only": false,
      "netconf-node-topology:username": "cisco",//Edit this according to your setup
      "netconf-node-topology:password": "cisco"//Edit this according to your setup
    }
  ]
}

connect pe1

2. Create a pseudo-wire (PW) template

This will be used in the next step when we create the L2VPN instance.

{  
  "pw-template":[  
    {  
      "name":"PW1",
      "cw-negotiation":"preferred",
      "encapsulation":"mpls"
    }
  ]
}

create pw template

3. Create the L2VPN instance

Use the Postman REST call: L2VPN Service/create l2vpn instance ce1-ce2_vlan3001

{  
  "l2vpn-instance":[  
    {  
      "name":"ce1-ce2_vlan3001",
      "type":"vpws-instance-type",
      "service-type":"Ethernet",
      "signaling-type":"ldp-signaling",
      "tenant-id":"frinx",
      "pw":[
        {
          "name":"pe1_pw999_vlan3001",
          "template":"PW1",//If you edited the name in step 2. then use the same name here
          "peer-ip":"172.16.2.2",//Edit to the IP of the interface on router 2
          "pw-id":999,
          "request-vlanid":3001
        },
        {
          "name":"pe2_pw999_vlan3001",
          "template":"PW1",//If you edited the name in step 2. then use the same name here
          "peer-ip":"172.16.1.2",//Edit to the IP of the interface on router 1
          "pw-id":999,
          "request-vlanid":3001
        }
      ],
      "endpoint":[
        {
          "name":"ce1",
          "pe-node-id":"pe1",
          "pe-2-ce-tp-id":"GigabitEthernet0/0/0/0",
          "pw":[
            {
              "name":"pe1_pw999_vlan3001"
            }
          ]
        },
        {
          "name":"ce2",
          "pe-node-id":"pe2",
          "pe-2-ce-tp-id":"GigabitEthernet0/0/0/0",
          "pw":[
            {
              "name":"pe2_pw999_vlan3001"
            }
          ]
        }
      ]
    }
  ]
}

create l2vpn instance

Delete the L2VPN connection

If you want to remove the L2VPN connection:

  1. Delete the pseudo-wire template by:
    • using the Postman REST call: L2VPN Service/delete PW template PW1. There is no body to the call.
    • commit by RPC: Issue the Postman REST call: L2VPN Service/RPC commit-l2vpn. There is no body to the call.
    • In the Response body you should receive “status”: “complete”. This shows the deletion has been competed successfully.
  2. Delete the l2vpn instance by using the Postman REST call: L2VPN Service/delete l2vpn-instance ce1-ce2_vlan3001. There is no body to the call.
    • commit by RPC: Issue the Postman REST call: L2VPN Service/RPC commit-l2vpn. There is no body to the call.
    • In the Response body you should receive “status”: “complete”. This shows the deletion has been competed successfully.

FRINX L2VPN demo video (setup and deletion)

See our video

Testing

We also provide a feature which can be used for testing the l2vpn feature:
Karaf installation:

feature:install frinx-l2vpn-testing

Description:
Installs L2VPN Provider with Mock NEP and RESTCONF. This feature can be used for testing and demonstration purposes where real PE devices are not available.

L2VPN Provider

L2VPN Provider is an implementation which automatically provisions L2VPN on PE routers based on intended L2VPN service.

It exposes a domain specific API for L2VPN manipulation and declarative configuration “what vs how”.

Use Case Specification

L2VPN Provider can be used on a network where:

Use case example

L2VPN Provider works only with devices which have these capabilities:

Name Revision
Cisco-IOS-XR-l2-eth-infra-cfg 2015-11-09
Cisco-IOS-XR-ifmgr-cfg 2015-07-30
Cisco-IOS-XR-l2vpn-cfg 2015-11-09
rollback-on-error

The capabilities are sent from XR to ODL automatically during device connection via NETCONF.

You can see the NETCONF capabilities under each node by calling (replacing odl_ip with the IP of the system on which you’re running FRINX ODL):

GET http://odl_ip:8181/restconf/operational/network-topology:network-topology/topology/topology-netconf

A list of PE nodes can be obtained from (replacing odl_ip with the IP of the system on which you’re running FRINX ODL):

GET http://odl_ip:8181/restconf/operational/network-topology:network-topology/topology/l2vpn-provider-edge-topology

Architecture

L2VPN Provider is composed of multiple components. The high level architecture is shown in the picture below.

Architecture

An external application modifies ietf-l2vpn in CONF DS. L2VPN can be configured on nodes which are read from l2vpn-provider-edge-topology.

As stated earlier, NEP registers network elements to L2VPN Provider. L2VPN Provider stores network elements as nodes to abstract topology l2vpn-provider-edge-topology and this topology is a source of nodes which can be used for L2VPN configuration.

API description

The API is described using YANG modules.

ietf-l2vpn@2017-08-02.yang

The YANG module contains 2 root statements and one RPC:

Network Element Plugin

Network Element Plugin (NEP) is a unit which implements SPI from the L2VPN Provider. This NEP is device API specific and is responsible for:

IOS-XRv Network Element Plugin

This plugin configures L2VPN on IOS-XRv using NETCONF.

IOS-XRv NEP

Here is an example of L2VPN configuration on IOS-XRv (parameters encapsulated in ** are specific for VPN or site):

interface **GigabitEthernet0/0/0/0** l2transport
 no shutdown
!

interface **GigabitEthernet0/0/0/0.3001** l2transport
 encapsulation dot1q **3001**
 rewrite ingress tag pop 1 symmetric
 no shutdown
!

l2vpn
 pw-class **PW1**
  encapsulation mpls
   control-word
  !
 !
 xconnect group **frinx**
  p2p **ce1**
   interface **GigabitEthernet0/0/0/0.3001**
   neighbor ipv4 **172.16.2.2** pw-id **999**
    pw-class **PW1**
   !
  !
 !
!

Mock Network Element Plugin

The purpose of this plugin is to mock functionality of the Network Element Plugin. It is mainly use for testing when you do not need to connect real devices.

Mock NEP

Known Limitations

Other limitations:

Feature Guide    
  FRINX 3.1.0 Removed all elements from yang which are not supported in implementation
Feature introduced in FRINX 2.3.1 VPN service module implementation with support for L2VPN and IOS XR (Version 6.1.2) NEP via NETCONF