Cisco – Joining Layer 2 Networks Over Layer 3 Networks

KB ID 0001313 

Problem

It’s a common problem, you want to connect one site to another and still have them on the same layer 2 network.

As you can see above both the routers at the bottom are in the 172.16.1.0/24 network, let’s assume they are clients in the same layer 2 network how would you connect them?

Solution

Option 1: xconnect over L2TP

All the ‘heavy lifting’ is done on the SiteA and SiteB routers. We will start with Site A. You create a pseudowire class, and specify the interface that will do the encrypting .

[box]

!
pseudowire-class CL-XCONNECT
 encapsulation l2tpv3
 protocol none
 ip local interface Ethernet 0/0
!

[/box]

Set the public (internet facing)  IP.

[box]

!
interface Ethernet0/0
 ip address 192.168.200.1 255.255.255.0
 no shut
!

[/box]

Finally setup the private, (LAN facing) interface, and specify the ‘other side’ of the encryption tunnel, (the internet facing interface at SiteB.) Then setup a unique ID.

[box]

!
interface Ethernet0/1
 description LAN
 no ip address
 xconnect 192.168.100.1 1 encapsulation l2tpv3 manual pw-class CL-XCONNECT
 l2tp id 1 2
!

[/box]

Site B is the mirror opposite;

[box]

!
pseudowire-class CL-XCONNECT
 encapsulation l2tpv3
 protocol none
 ip local interface Ethernet 0/0
!
interface Ethernet0/0
 ip address 192.168.100.1 255.255.255.0
!
interface Ethernet0/1
 description LAN
 no ip address
 xconnect 192.168.200.1 1 encapsulation l2tpv3 manual pw-class CL-XCONNECT
 l2tp id 2 1
!        

[/box]

To test you can use the ‘show l2tun tunnel all‘ command

Option 2: MPLS

Hang about! Isn’t MPLS very complicated? Well not for layer two networks. There are certain steps we have to take;

Backbone Routers (That will be Site A, SiteB, AND the ISP one.) We will need a loopback address, (don’t forget these addresses will need advertising into whatever routing protocol is running over the backbone).

[box]

Site A

!         
interface Loopback1
 ip address 192.168.255.4 255.255.255.255
!

Site B

!         
interface Loopback1
 ip address 192.168.255.3 255.255.255.255
!

ISP

!
interface Loopback1
 ip address 192.168.255.2 255.255.255.255
!

[/box]

Backbone Routers: Enable MPLS on all the interfaces that will pass traffic;

[box]

Site A

!
interface Ethernet0/0
 ip address 192.168.200.1 255.255.255.0
 mpls ip
!

Site B

!
interface Ethernet0/0
 ip address 192.168.100.1 255.255.255.0
 mpls ip
!

ISP

!
interface Ethernet0/0
 ip address 192.168.100.254 255.255.255.0
 mpls ip
!
interface Ethernet0/1
 ip address 192.168.200.254 255.255.255.0
 mpls ip
!

[/box]

Client facing interfaces:, (these can also be sub interfaces, if you are trunking). Need xconnect setting up, the syntax is as follows;

xconnect {ip of target loopback) {id-must-match-other-end} encapsulation mpls

[box]

Site A

!
interface Ethernet0/1
 description LAN
 no ip address
 xconnect 192.168.255.3 3000 encapsulation mpls
!


Site B

!
interface Ethernet0/1
 description LAN
 no ip address
 xconnect 192.168.255.4 3000 encapsulation mpls
!

[/box]

Option 3: VPLS

Virtual Private LAN Service, is pretty much designed to do exactly what we want, it let’s us stretch layer two networks to multiple points, let’s assume both my network segments (above) need to be in VLAN 300, so they share the same broadcast domain.

The setup process is similar to MPLS, you create a loopback interface on the backbone routers, advertise those addresses into the routing protocol of your choice, then you enable ‘mpls ip‘. But then, on the routers that face the clients you need to create a ‘vfi‘ (virtual forwarding instance,) then attach that VFI to the VLAN interface that the clients are connected to.

[box]

!
l2 vfi VPLS-300 manual
 vpn id 300
 neighbor 192.168.255.3 encapsulation mpls
!
interface Vlan300
 mtu 1600
 xconnect vfi VPLS-300
!

[/box]

Note: Obviously the physical interface connected to the clients, needs to be in VLAN 300, and don’t forget (at both ends), to make sure that vlan 300 is up (no shut).

To Test:

[box]

SiteA#show mpls l2transport vc 300

Local intf     Local circuit              Dest address    VC ID      Status
-------------  -------------------------- --------------- ---------- ----------
VFI VPLS-300   VFI                        192.168.255.3     300        UP

and

SiteA#show mac address-table vlan 300

Legend: * - primary entry
        age - seconds since last seen
        n/a - not available
        S - secure entry
        R - router's gateway mac address entry
        D - Duplicate mac address entry

Displaying entries from active supervisor:

     vlan   mac address    type   learn    age                 ports
----+----+---------------+-------+-----+----------+-----------------------------
*     300 0050.56ab.2eae  dynamic  Yes       90     VPLS peer 192.168.255.3(2:1)
*     300 0050.56ab.12ee  dynamic  Yes      340     VPLS peer 192.168.255.3(2:1)

[/box]

In the bottom example, you can see MAC addresses being learned form the ‘other’ sire of the VPLS link.

 

Related Articles, References, Credits, or External Links

NA

4 thoughts on “Cisco – Joining Layer 2 Networks Over Layer 3 Networks

  1. Hi Pete,

    Good work.

    Could you also elaborate which router should be taken into consideration while implementing the above in the GNS or any other practical simulators.

    Cheers,

    • Hi,

      That image was taken from UNL – It’s the simulator I use now 🙂 And the one I used for testing the Lab.

      Regards,

      Pete

  2. Do you know what version of CAT6K IOS supports this, also what features or IOS for Nexus93180?

Leave a Reply

Your email address will not be published. Required fields are marked *