Sunday, June 21, 2009

EVC : Flexible Frame Matching

EVC stands for Ethernet Virtual Connection and in Cisco's platforms it's used to represent Cisco's software architecture to address Carrier Ethernet Services. In MEF (Metro Ethernet Forum) terminology EVC means "Ethernet Virtual Connection/Circuit", but here EVC represents also the whole Carrier Ethernet software infrastructure developed by Cisco.

EVC has many advantages (which i will try to describe in future posts), one of them being the Flexible Frame Matching. Flexible Frame Matching is a functionality that allows each service instance to match frames with either a unique single vlan, or a list/range of vlans. It can also match single/double tagged frames, untagged frames, or everything else that belongs to the default category.

Flexible Frame Matching is the first major step after configuring a service instance. This is the complete idea:

1) Service Instance definition (create the service instance)
2) Flexible frame matching (configure what frames need to be matched based on vlan match criteria)
3) Flexible VLAN tag rewrite (configure the action to do on the matched frames' vlan tags)
4) Flexible Service Mapping (map the service instance to a service)
5) Extra service features (apply some extra features on the service instance, i.e. QoS)

The middle 3 most important steps can also be described as:

a) Frame matching
b) Frame rewrite
c) Frame forwarding

Example

interface Gi1/1
 ! Service Instance definition
 ! ID is local port significant
service instance 10 ethernet
  ! Flexible frame matching
encapsulation dot1q 10 second-dot1q 20
  ! Flexible VLAN tag rewrite
rewrite ingress tag pop 1 symmetric 
  ! Service Mapping
xconnect 10.10.10.10 100 encapsulation mpls 
  ! Extra service features
service-policy input TEST-INPUT-POLICY

The current EVC implementation supports matching only on vlan tags, but in future we may see matching on other L2 fields too, since the hardware is quite capable.

These are the current supported vlan matching configurations:

Single tagged frames, where match criteria can be a single vlan, a list/range of vlans, or any vlan (1-4094)
encapsulation dot1q <vlan-id>
encapsulation dot1q <vlan-id>, <vlan-id>
encapsulation dot1q <vlan-id> - <vlan-id>
encapsulation dot1q any

Double tagged frames, where first VLAN tag can be only single (software limitation), while second VLAN tag can be single, list/range, or any
encapsulation dot1q <vlan-id> second-dot1q <vlan-id>
encapsulation dot1q <vlan-id> second-dot1q <vlan-id>, <vlan-id>
encapsulation dot1q <vlan-id> second-dot1q <vlan-id> - <vlan-id>
encapsulation dot1q <vlan-id> second-dot1q any

Untagged frames, where all untagged frames are matched
encapsulation untagged

Default tag frames, where all tagged/untagged frames that are not matched by other more specific service instances are matched
encapsulation default


Examples
interface Gi1/1
!
service instance 10
  ! single tagged frames with a specific tag
encapsulation dot1q 10
!
service instance 20
  ! single tagged frames with multiple tags
encapsulation dot1q 20,22,24,26-28
!
service instance 30
  ! single tagged frames with any tag
encapsulation dot1q any
!
service instance 40
  ! frames with a specific single outer tag and specific single inner tag
encapsulation dot1q 10 second-dot1q 20
!
service instance 50
  ! frames with a specific single outer tag and multiple inner tags
encapsulation dot1q 10 second-dot1q 20,22,24,26-28
!
service instance 60
  ! frames with a specific single outer tag and any inner tag
encapsulation dot1q 10 second-dot1q any
!
service instance 70
  ! frames without a tag
encapsulation untagged
!
service instance 80
  ! frames that do not match under any other service instance
encapsulation default


There are some important things to keep in mind when configuring Flexible Frame Matching.

1) When you have multiple vlan match criteria configured under different service instances of a single physical interface, the most specific is the one that wins (it's like the longest match rule used in the routing table). So the order of service instances under an interface doesn't have the same effect like the classes in MQC. This is because frame matching is done by hardware using the linecard's TCAM table, where each frame matching configuration gets converted to 1 or more TCAM entries (vlan lists/ranges in matching criteria are the most TCAM consuming configurations). The number of 16000 service instances per ES20 module is based on the assumption that each service instance uses a single TCAM entry.

2) When you don't get any match according to the above longest match rule, matching is done according to a looser match algorithm, where a single tag configuration matches all frames that have a common outer tag (regardless of the number of inner tags) and a double tag configuration matches all frames that have common the first 2 tags (regardless of the number of 2+ inner tags; btw, i'm planning of doing a triple-tag test soon).

Example
interface G1/1
service instance 10 ethernet
encapsulation dot1q 10
service instance 20 ethernet
encapsulation dot1q 10 second-dot1q 20
service instance 30 ethernet
encapsulation default

On the above configuration:

10/20 will be matched by service instance 20 (both tags matched)
10/30 will be matched by service instance 10 (outer tag matched)
20/30 will be matched by service instance 30 (no tag matched)

"encapsulation dot1q 10" matches "10", "10/20", "10/30" and so on.
"encapsulation dot1q 10 second-dot1q 20" matches "10/20", "10/20/30", "10/20/40" and so on.

Note: The above examples were done on a 7600 with ES+ cards running 12.2(33)SRB IOS.

8 comments:

  1. Hi,
    Your topics are really great and indetails :-)

    Do you have any good linke or document that can help understanding service instance?

    thanks,
    Dev

    ReplyDelete
  2. Hi Tassos,

    Inspirational blog. I've created one similar to yours (http://aravinthrk.blogspot.com). Would like to have your advice on certain preparation approaches. Would it be possible for your share your contact in my email ID? aravinthrk@gmail.com

    ReplyDelete
  3. Aravinth,

    If you check the initial posts in my blog you'll find my approach. On the right side you'll also find links of other blogs, so you can check their approach too.

    ReplyDelete
  4. Anonymous,

    The best description i have found about service instances is the one that's included into the EVC MIB:

    Ethernet Virtual Connections (EVC), are defined by the Metro Ethernet Forum (MEF), as an association between two or more UNIs. Frames within an EVC can only be exchanged among the associated UNIs. Frames sent into the MEN via a particular UNI must not be delivered back to the UNI from which it originated.

    Along an EVC path, there are demarcation flow points on associated ingress and egress interface, of every device, through which the EVC passes. A service instance represents these flow points where a service passes through an interface.

    From an operational perspective, a service instance serves three purposes:
    1. Defines the instance of a particular EVC service on a specific interface and identifies all frames that belongs to that particular service/flow.
    2. To provide the capability of applying the configured features to those frames belonging to the service.
    3. To optionally define how to forward those frames in the data-path.

    The association of a service instance to an EVC depicts an instance of an Ethernet flow on a particular interface for an end-to-end (UNI-to-UNI) Ethernet service for a subscriber.

    ReplyDelete
  5. the post is awesome. Could you tell me the impact on CPU processes after enabling it.

    ReplyDelete
  6. Excellent work !!!!! Tis content really helpful and more importantly understandable.

    Also it is better if you can include little brief on the hardware and IOS code u used for these configurations which really gives a "big picture" to the readers.

    Anyway Great work.. Keep it up!!!!

    ReplyDelete
  7. Did you ever do some triple tag tests?

    We are looking to do magic on POI from our provider who will handover DSL connection that are double tagged.

    ReplyDelete
  8. Yes, it works fine (at least on our environment), as long as you match on the outer tags.

    ReplyDelete

 
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Greece License.