irwan piesessa

AToM is used to transport any layer 2 packet via MPLS cloud. This MPLS application is used two MPLS Label, one for tunnel label (per hop LSR label) and one for VC (virtual circuit) label.

You can learn AToM more in the CiscoPress books from Wei Luo (CCIE #13291), Carlos Pignataro (CCIE #4619), Dmitry Bokotey (CCIE #4460) and Anthony Chan (CCIE #10266), “Layer 2 VPN Architectures”.

We will reveal the AToM Packets, that used for EoMPLS (Ethernet over MPLS) with the scenario below:

PE-1, P and PE-2 are use LDP (Label Distribution Protocol) to distribute labels for networks PE1-P, P-P2, PE1 and PE2 loopback interfaces. The PE1 and PE2 loopback networks must be a host network, or /32 IP Address.

These is the relevant configuration for scenario above:

I. Enabling MPLS and LDP

PE-1
interface FastEthernet1/1
ip address 10.0.0.1 255.255.255.0
no ip directed-broadcast
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
no clns route-cache
end

P
interface FastEthernet1/0
ip address 10.0.0.2 255.255.255.0
no ip directed-broadcast
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
no clns route-cache
end
interface FastEthernet1/1
ip address 10.1.1.2 255.255.255.0
no ip directed-broadcast
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
no clns route-cache
end

PE-2
interface FastEthernet1/1
ip address 10.1.1.1 255.255.255.0
no ip directed-broadcast
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
no clns route-cache
end
II. Enabling L2Transport over MPLS (AToM)
In this example, we use EoMPLS, using VLAN 30.

PE-1
interface FastEthernet1/0
no ip address
no ip directed-broadcast
duplex auto
speed auto
no cdp enable
no clns route-cache
end
interface FastEthernet1/0.30
encapsulation dot1Q 30
no ip directed-broadcast
xconnect 10.10.10.3 301 encapsulation mpls
end

PE-2
interface FastEthernet1/0
no ip address
no ip directed-broadcast
duplex auto
speed auto
no clns route-cache
end
interface FastEthernet1/0.30
encapsulation dot1Q 30
no ip directed-broadcast
xconnect 10.10.10.1 301 encapsulation mpls
end

III. Verifying AToM Connectivity

PE-1#sh mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
————- ————————– ————— ———- ———
Fa1/0.200 Eth VLAN 200 10.10.10.3 200 UP
Se2/0 HDLC 10.10.10.3 222 UP
Fa1/0.30 Eth VLAN 30 10.10.10.3 301 UP
PE-1#
PE-1#sh mpls l2transport vc 301 det
Local interface: Fa1/0.30 up, line protocol up, Eth VLAN 30 up
Destination address: 10.10.10.3, VC ID: 301, VC status: up
Preferred path: not configured
Default path: active
Next hop: 10.0.0.2
Output interface: Fa1/1, imposed label stack {41 17}
Create time: 00:33:26, last status change time: 00:32:24
Signaling protocol: LDP, peer 10.10.10.3:0 up
Targeted Hello: 10.10.10.1(LDP Id) -> 10.10.10.3
MPLS VC labels: local 25, remote 17
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 12, send 12
byte totals: receive 1350, send 1350
packet drops: receive 0, seq error 0, send 0
PE-1#
PE-1#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
24 Untagged l2ckt(200) 144 none point2point
25 Untagged l2ckt(301) 1350 none point2point
26 Untagged l2ckt(222) 2728 none point2point
27 Pop tag 10.1.1.0/24 0 Fa1/1 10.0.0.2
28 40 10.3.3.0/24 0 Fa1/1 10.0.0.2
29 Pop tag 10.10.10.2/32 0 Fa1/1 10.0.0.2
30 41 10.10.10.3/32 0 Fa1/1 10.0.0.2
PE-1#

PE-2#sh mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
————- ————————– ————— ———- ———
Fa1/0.200 Eth VLAN 300 10.10.10.1 200 UP
Se2/0 HDLC 10.10.10.1 222 UP
Fa1/0.30 Eth VLAN 30 10.10.10.1 301 UP
PE-2#
PE-2#sh mpls l2transport vc 301 detail
Local interface: Fa1/0.30 up, line protocol up, Eth VLAN 30 up
Destination address: 10.10.10.1, VC ID: 301, VC status: up
Preferred path: not configured
Default path: active
Next hop: 10.1.1.2
Output interface: Fa1/1, imposed label stack {43 25}
Create time: 00:37:56, last status change time: 00:36:49
Signaling protocol: LDP, peer 10.10.10.1:0 up
Targeted Hello: 10.10.10.3(LDP Id) -> 10.10.10.1
MPLS VC labels: local 17, remote 25
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 12, send 12
byte totals: receive 1350, send 1350
packet drops: receive 0, seq error 0, send 0
PE-2#
PE-2#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Untagged l2ckt(200) 144 none point2point
17 Untagged l2ckt(301) 1350 none point2point
18 Untagged l2ckt(222) 5319 none point2point
19 Pop tag 10.0.0.0/24 0 Fa1/1 10.1.1.2
20 Pop tag 10.10.10.2/32 0 Fa1/1 10.1.1.2
21 42 10.2.2.0/24 0 Fa1/1 10.1.1.2
22 43 10.10.10.1/32 0 Fa1/1 10.1.1.2
PE-2#

So, it is confirmed that the VC with ID 301 for VLAN 30, from interface F1/0.30 of router PE-1 (facing to CE-1) and to interface F1/0.30 of router PE-2 (facing to CE-2), is up. Next we verify with ICMP echo from CE-1 to CE-2 traversing the VC 301.

Note that in this process, we will capture five ICMP-Echo and ICMP-Reply packet with Ethereal:

CE-1
interface FastEthernet1/0
no ip address
duplex auto
speed auto
end
interface FastEthernet1/0.30
encapsulation dot1Q 30
ip address 30.1.1.1 255.255.255.0
end

CE-2
interface FastEthernet1/0
no ip address
duplex auto
speed auto
end
interface FastEthernet1/0.30
encapsulation dot1Q 30
ip address 30.1.1.2 255.255.255.0
end

CE-1#ping 30.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 272/371/492 ms
CE-1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 30.1.1.2 17 cc05.1628.0010 ARPA FastEthernet1/0.30
Internet 30.1.1.1 – cc00.1628.0010 ARPA FastEthernet1/0.30
Internet 192.168.1.1 – cc00.1628.0010 ARPA FastEthernet1/0.200
CE-1#

CE-2#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 30.1.1.2 – cc05.1628.0010 ARPA FastEthernet1/0.30
Internet 30.1.1.1 20 cc00.1628.0010 ARPA FastEthernet1/0.30
Internet 192.168.1.2 – cc05.1628.0010 ARPA FastEthernet1/0.100
CE-2#

IV. Capturing ICMP-Echo/Reply Packets at Ingress and MPLS Interface of PE-1

We use Ethereal to capture ICMP-Echo/Reply packets between CE-1 and CE-2, at Ingress interface (F1/0) and MPLS interface (F1/1) of router PE-1.

- Packets Capture from interface F1/0 at router PE-1

The source MAC Address is from interface FastEthernet1/0 at router CE-1. And the destination MAC Address is from interface FastEthernet1/0 at router CE-2. See, both interface are in the same broadcast domain.

CE-1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 30.1.1.2 17 cc05.1628.0010 ARPA FastEthernet1/0.30
Internet 30.1.1.1 – cc00.1628.0010 ARPA FastEthernet1/0.30
<deleted>

In this captured flow, we look that the ten packet are in the normal IPv4 ICMP packet format.

- Packets Capture from interface F1/1 at router PE-1

In the captured packets flow above, we see that the source MAC-Address is from interface FastEthernet1/1 at router PE-1, and the destination MAC-Address is from interface FastEthernet1/0 at router P.

PE-1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.0.2 71 ca02.1628.001c ARPA FastEthernet1/1
Internet 10.0.0.1 – ca01.1628.001d ARPA FastEthernet1/1

P#sh arp | i 1/0
Internet 10.0.0.2 – ca02.1628.001c ARPA FastEthernet1/0
Internet 10.0.0.1 75 ca01.1628.001d ARPA FastEthernet1/0

We see that the protocol in frame is eth:mpls:eth:data. There are two MPLS label. The outer label is 19, that is the tunnel label. And the inner label is 16 that is the VC label. The tunnel label has TTL 255, and the VC label has TTL 2, because just used in the edge to edge LSR.

The real ICMP packet is placed after the two MPLS Label Header. In the egress PE router, the outer ethernet header and the double MPLS header is stripped from the packet. The inner packet then forwarded to the CE-2 router.