VPLS Control Word
VPLS Control Word
Section titled “VPLS Control Word”Virtual Private Lan Service (VPLS) enables transparent Ethernet segment forwarding between customer sites across a Multiprotocol Label Switching (MPLS) backbone. VPLS encapsulation adds overhead to packets, which can exceed the Maximum Transmission Unit (MTU) limitations of network interfaces. The Control Word (CW) feature provides pseudowire fragmentation and reassembly capabilities, allowing VPLS traffic to traverse networks where standard L2MTU is insufficient for full VPLS-encapsulated frames.
Overview
Section titled “Overview”VPLS creates Ethernet tunnels between customer sites using pseudo-wire (PW) tunnels over a packet switching network (PSN). Each VPLS interface encapsulates Ethernet frames with additional headers including MPLS labels, which increase the effective packet size. Network interfaces have hardware limitations on the maximum packet size they can transmit, known as L2MTU. When VPLS encapsulation exceeds the interface L2MTU, packets must be fragmented or they will be dropped.
The Control Word feature implements Pseudowire Emulation Edge-to-Edge (PWE3) fragmentation and reassembly as specified in RFC 4623. By adding a 4-byte Control Word between the PW label demultiplexor and the packet payload, the router can fragment oversized packets at the VPLS tunnel ingress and reassemble them at the egress. This enables VPLS to function over network paths where interface L2MTU is insufficient for non-fragmented VPLS traffic without requiring hardware upgrades.
Why Control Word Matters
Section titled “Why Control Word Matters”Ethernet chipsets have varying hardware capabilities regarding maximum packet sizes. Many older or entry-level devices support only single VLAN tagging, meaning their maximum L2MTU without Ethernet header and checksum is 1504 bytes. VPLS encapsulation typically requires at least 1524 bytes of L2MTU to transmit frames without fragmentation. When interface L2MTU is insufficient, the Control Word provides a software-based solution for handling oversized frames through fragmentation, avoiding the need to replace hardware or reconfigure upstream devices to increase MTU values.
Control Word Structure
Section titled “Control Word Structure”The 4-byte Control Word is divided into five fields that provide the information necessary for fragmentation and reassembly operations:
| Field | Size | Purpose |
|---|---|---|
| PW Identifier | 4 bits | Identifies the packet as a PW packet (value 0000) rather than IP |
| Flags | 4 bits | Control flags for PW processing |
| Fragment | 2 bits | Indicates payload fragmentation status |
| Length | 6 bits | Length of the Control Word and header information |
| Sequence | 16 bits | Sequence number for detecting packet loss and misordering |
The sequence number field follows RFC 4623 specifications, where generation and processing of sequence numbers is optional. When enabled, sequence numbers help identify missing or reordered fragments, though out-of-order fragment handling is not currently implemented in RouterOS.
Configuration
Section titled “Configuration”Control Word usage is configured through the use-control-word parameter in VPLS interface settings. This parameter controls whether the Control Word is added to outgoing packets and expected on incoming packets for a given VPLS tunnel.
Basic Control Word Configuration
Section titled “Basic Control Word Configuration”Enable Control Word for a VPLS interface when operating over network paths with L2MTU limitations:
/interface vplsset [find name=vpls-tunnel1] use-control-word=yesThe use-control-word parameter accepts three values that determine Control Word behavior:
| Value | Description |
|---|---|
| enabled | Control Word is always used for this VPLS tunnel |
| disabled | Control Word is never used for this VPLS tunnel |
| default | Uses protocol-specific default behavior |
Default Control Word Settings
Section titled “Default Control Word Settings”RouterOS applies different default Control Word settings based on the VPLS tunnel type:
/interface vpls add name=vpls-regular remote-peer=10.0.0.2 vpls-id=100:1/interface vpls add name=vpls-cisco remote-peer=10.0.0.3 vpls-id=100:2 cisco-static-id=200Regular VPLS tunnels have Control Word enabled by default, providing fragmentation support automatically. Cisco-style static VPLS pseudowires (FEC type 0x80 as defined in RFC 4447) have Control Word disabled by default to maintain compatibility with Cisco equipment. When interconnecting RouterOS VPLS with Cisco devices using static pseudowires, explicitly configure Control Word settings on both ends to match.
Verifying Control Word Configuration
Section titled “Verifying Control Word Configuration”Check the current Control Word settings and status on a VPLS interface:
/interface vpls printThe output displays the pw-control-word property showing the current configuration:
Flags: X - disabled # NAME PW-CONTROL-WORD ... 0 vpls1 default ... 1 vpls2 enabled ... 2 vpls3 disabled ...Monitor VPLS tunnel statistics to verify fragmentation activity:
/interface vpls monitor vpls1Dynamic BGP-Based VPLS Control Word
Section titled “Dynamic BGP-Based VPLS Control Word”For BGP-based VPLS (RFC 4761), Control Word negotiation occurs automatically during peer session establishment:
/bgp vpls exportBGP-based VPLS uses extended communities to signal Control Word capability between peers. Both endpoints must agree on Control Word usage for the tunnel to establish successfully.
Fragmentation and Reassembly
Section titled “Fragmentation and Reassembly”Understanding how fragmentation and reassembly work with the Control Word helps in troubleshooting and network design decisions.
Fragmentation Process
Section titled “Fragmentation Process”When a VPLS interface with Control Word enabled receives an Ethernet frame that would exceed the path MTU after VPLS encapsulation, the router performs the following operations:
- The outgoing interface L2MTU is checked against the VPLS-encapsulated packet size
- If the packet exceeds available MTU, the router fragments the original Ethernet frame
- Each fragment receives a Control Word with appropriate fragment flags and sequence numbers
- Fragments are transmitted as separate PW packets over the MPLS network
- At the receiving VPLS endpoint, fragments are reassembled using the Control Word information
- The original Ethernet frame is reconstructed and forwarded to the customer interface
Fragment Flags
Section titled “Fragment Flags”The Fragment field in the Control Word indicates the fragmentation status of each packet:
| Value | Meaning |
|---|---|
| 00 | No fragmentation, single fragment packet |
| 01 | First fragment of a multi-fragment packet |
| 10 | Last fragment of a multi-fragment packet |
| 11 | Middle fragment (neither first nor last) |
Reassembly Considerations
Section titled “Reassembly Considerations”RouterOS implements fragment reassembly but does not reorder out-of-order fragments. Fragments arriving out of sequence are dropped, requiring retransmission at higher layers. This behavior is consistent with RFC 4623, which specifies that out-of-order handling is optional. Network designs should minimize conditions that cause packet reordering, such as unequal-cost multipath routes or traffic engineering tunnels with different latency characteristics.
MTU Requirements
Section titled “MTU Requirements”The minimum L2MTU required for VPLS operation without fragmentation depends on the VLAN configuration and encapsulation overhead:
| Configuration | Minimum L2MTU Required |
|---|---|
| Standard Ethernet | 1508 bytes |
| Single VLAN tag | 1518 bytes |
| Double VLAN tag | 1534 bytes |
With Control Word enabled, the additional 4-byte overhead increases these requirements. Always verify interface L2MTU capabilities when planning VPLS deployments:
/interface ethernet printPractical Examples
Section titled “Practical Examples”Example 1: LDP-Signaled VPLS with Control Word
Section titled “Example 1: LDP-Signaled VPLS with Control Word”Deploy VPLS across an MPLS backbone using LDP label distribution with Control Word enabled for fragmentation support:
# Enable MPLS and LDP on core routers/mpls ldp set enabled=yes transport-address=10.0.0.1/mpls ldp interface add interface=ether1 transport-address=10.0.0.1
# Configure VPLS interface with Control Word/interface vpls add name=customer-a-vpls \ remote-peer=10.0.0.3 \ vpls-id=65001:100 \ use-control-word=yes \ mtu=1500 \ disabled=no
# Configure customer-facing interface as bridge port/interface bridge add name=br-customer-a protocol-mode=none/interface bridge port add bridge=br-customer-a interface=ether2/interface bridge port add bridge=br-customer-a interface=vpls-customer-a-vpls
# Verify VPLS tunnel status/interface vpls print statusExample 2: Cisco-Style Static VPLS with Explicit Control Word
Section titled “Example 2: Cisco-Style Static VPLS with Explicit Control Word”Connect RouterOS to Cisco equipment using static pseudowire configuration. Configure Control Word explicitly to match Cisco settings:
# Configure Cisco-style static VPLS/interface vpls add name=cisco-interop \ cisco-static-id=1000 \ remote-peer=10.0.0.2 \ use-control-word=enabled \ pw-type=vpls \ disabled=no
# Verify static VPLS status/interface vpls printWhen connecting to Cisco devices, verify the Cisco configuration uses the same Control Word setting. Cisco devices typically disable Control Word by default for static pseudowires, requiring explicit enabling for interoperability:
# Cisco configuration example pseudowire-class VPLS-CW encapsulation mpls control-word ! interface GigabitEthernet0/1 xconnect 10.0.0.1 1000 pw-class VPLS-CWExample 3: Troubleshooting Fragmentation Issues
Section titled “Example 3: Troubleshooting Fragmentation Issues”Diagnose when VPLS traffic experiences fragmentation-related problems:
# Check VPLS interface statistics for fragmentation errors/interface vpls monitor vpls1
# Monitor for dropped fragments/tool snmp-walk oid=1.3.6.1.4.1.14988.1.1.7
# Verify MTU settings on all interfaces in the path/interface ethernet print detail
# Check L2MTU on MPLS-enabled interfaces/interface print detail where "mtu"
# Test actual path MTU/tool ping 10.0.0.3 size=1500 do-not-fragment=noExample 4: Disabling Control Word for Legacy Equipment
Section titled “Example 4: Disabling Control Word for Legacy Equipment”Disable Control Word when connecting to equipment that does not support RFC 4623 fragmentation:
/interface vpls add name=legacy-vpls \ remote-peer=10.0.0.4 \ vpls-id=500:1 \ use-control-word=disabled \ disabled=no
# Verify the setting/interface vpls print where name=legacy-vplsTroubleshooting: VPLS Tunnel Not Establishing (vpls-id Mismatch)
Section titled “Troubleshooting: VPLS Tunnel Not Establishing (vpls-id Mismatch)”A common cause of VPLS tunnel failures is a vpls-id mismatch between the local and remote endpoints. The vpls-id must match on both sides of the tunnel.
Symptoms
Section titled “Symptoms”- VPLS tunnel shows
D(dynamic) state but never connects - VPLS tunnel repeatedly connects and disconnects
- No traffic passes through the VPLS tunnel
- Monitor shows
remoteandstatevalues but no active session
Diagnosis
Section titled “Diagnosis”Check the vpls-id configuration on both endpoints:
# On Router A/interface vpls print detail
# On Router B/interface vpls print detailCompare the vpls-id values - they must be identical on both routers.
The vpls-id format is PE-router-ID:VPN-ID, for example 100:1. Common mistakes include:
- Using different PE router IDs on each side
- Swapping the local and remote values (asymmetric configuration)
- Using different VPN-ID values
Solution
Section titled “Solution”Ensure both endpoints use matching vpls-id values:
# Router A configuration/interface vpls add name=vpls-to-B remote-peer=10.0.0.2 vpls-id=100:1
# Router B configuration/interface vpls add name=vpls-to-A remote-peer=10.0.0.1 vpls-id=100:1The vpls-id 100:1 means:
100= PE router identifier (must match on both ends)1= VPN identifier (must match on both ends)
Verification
Section titled “Verification”After correcting the vpls-id, verify the tunnel establishes:
# Check tunnel status/interface vpls monitor vpls1
# Expected output shows state="established" and connected=yesCommon vpls-id Format Errors
Section titled “Common vpls-id Format Errors”| Error | Example | Correct Format |
|---|---|---|
| Missing colon | 1001 | 100:1 |
| Wrong separator | 100-1 | 100:1 |
| Extra spaces | 100 : 1 | 100:1 |
| Leading zeros | 0100:001 | 100:1 |
Command Reference
Section titled “Command Reference”Interface VPLS
Section titled “Interface VPLS”The /interface vpls menu manages VPLS interface configuration including Control Word settings.
| Property | Description |
|---|---|
pw-control-word | Controls Control Word usage: enabled, disabled, or default |
use-control-word | Alternative property name for Control Word configuration |
mtu | Maximum Transmission Unit for the VPLS interface |
pw-l2mtu | L2MTU value advertised to remote peer |
pw-type | Pseudowire type: raw-ethernet, tagged-ethernet, or vpls |
vpls-id | Unique identifier for the VPLS tunnel |
remote-peer | IP address of the remote VPLS endpoint |
cisco-static-id | Cisco-style static pseudowire identifier |
Monitoring Commands
Section titled “Monitoring Commands”Monitor VPLS tunnel status and statistics:
/interface vpls monitor [name]The monitor command displays real-time tunnel parameters including imposed labels and transport information.
MTU and Hardware Considerations
Section titled “MTU and Hardware Considerations”RouterBOARD L2MTU Capabilities
Section titled “RouterBOARD L2MTU Capabilities”Different RouterBOARD platforms support different maximum L2MTU values. Verify your hardware capabilities before deploying VPLS without Control Word fragmentation:
| RouterBOARD Series | Maximum L2MTU |
|---|---|
| CRS3xx/CRS5xx/CCR2216 | Up to 65536 bytes |
| CRS1xx/CRS2xx | 4078-9214 bytes (varies by switch chip) |
| hEX/rb750Gr3 | 2028 bytes |
| CCR series | 65536 bytes |
Check specific L2MTU capabilities for your device:
/interface ethernet print detailWhen to Use Control Word
Section titled “When to Use Control Word”Enable Control Word in the following scenarios:
- When network path includes devices with L2MTU below 1524 bytes
- When connecting to equipment with unknown or limited MTU capabilities
- When VLAN tagging is required and interface L2MTU is constrained
- When deploying VPLS across multi-vendor MPLS networks
Consider disabling Control Word when:
- All network devices support sufficient L2MTU for non-fragmented VPLS
- Connecting to legacy equipment without RFC 4623 support
- Performance is critical and software fragmentation overhead is unacceptable
- Network path is fully controlled and MTU is well-documented
Related Information
Section titled “Related Information”RFC References
Section titled “RFC References”| RFC | Title | Relevance |
|---|---|---|
| RFC 4623 | PWE3 Fragmentation and Reassembly | Defines Control Word structure and fragmentation procedures |
| RFC 4447 | L2VPN Signaling (FEC Type 0x80) | Cisco-style static VPLS pseudowires |
| RFC 4761 | BGP-Based VPLS Signaling | BGP-based VPLS autodiscovery and signaling |
| RFC 4762 | VPLS Using LDP Signaling | LDP-based VPLS tunnel establishment |
Related Topics
Section titled “Related Topics”- VPLS - Complete VPLS documentation
- Multi Protocol Label Switching - MPLS - MPLS overview and configuration
- LDP Configuration - Label Distribution Protocol setup
- MPLS Interface Configuration - MPLS interface settings
- Interface MTU Settings - MTU configuration across RouterOS
Related Commands
Section titled “Related Commands”/interface vpls- VPLS interface configuration/mpls ldp- LDP protocol settings/mpls interface- MPLS interface configuration/interface ethernet- Ethernet interface settings including L2MTU