L2 VPN

The Forward Platform can model L2 VPNs required to correctly capture enterprise network behavior that employs the L2 VPN service from their ISPs.

The L2 VPN service is emulated using a single device called an L2 VPN.

An L2 VPN is an extension of an L2 broadcast domain over the WAN. Therefore, the Forward L2 VPN emulates a distributed virtual bridge that aggregates all access circuits into a single broadcast domain. In RFC4664 terms, an L2 VPN corresponds to a single VSI (virtual switching instance).

An L2 VPN can be added via the Forward Enterprise GUI or REST APIs.

warning

Changes to an L2 VPN Node will be applied to the next collected snapshot.

tip

Creating, updating or adding a connection to an L2 VPN invalidates the Snapshot, requiring it to be reprocessed before it can be used again.

Add an L2 VPN via the Forward Enterprise GUI

To add an L2 VPN via the Forward Enterprise GUI, navigate to the Sources page, select the Synthetic Devices tab, and click Add synthetic devices.

The wizard will guide you through the entire setup process.

Step 1: Select a device type

Select L2 VPN from the list of synthetic devices and click Next:

Add L2 VPN

Step 2: Configure L2 VPN

Provide a name and location for the L2 VPN and add a connection.

To configure one or more connections, select + Add connections and choose one of the following options:

Batch-add NQE-based connections: This option allows you to add multiple connections at once based on an NQE query.
Add a connection manually: This option allows you to add connections individually, specifying detailed information for each connection.

Configure L2 VPN

Batch-add NQE-based connections

To add connections based on an NQE query, select Batch-add NQE based connections and select an NQE query from NQE query dropdown.

To create a new query, click + Add new query from example. This will navigate to the NQE Library, where you can edit the newly created query in the NQE editor and commit it when finished. Return to the Synthetic Devices page to add the NQE query.

Add NQE connections

note

When an NQE query attached to an L2 VPN is modified, the system recomputes and saves the dynamic connections. These changes take effect in the following processed snapshot.
Upon processing a new snapshot, the system recalculates the results for all NQE queries linked to existing L2 VPNs and updates the dynamic connections. These updates apply to the next processed snapshot.

Add a connection manually

To manually add a connection, select Add a connection manually, and provide the following:

Customer edge interface: Specify the interface on the customer edge (CE) device that connects to the L2 VPN. This is typically the physical or logical port on the CE device that will participate in the L2 VPN.
VLAN (optional): Optionally, specify the VLAN ID that should be used on the connection. This is useful if the L2 VPN connection is VLAN-tagged, allowing for traffic segregation on the same physical link.
Connection name (optional): Provide a name for the connection. This name should be descriptive and can include details such as the site name or the purpose of the connection, helping to easily identify it in the list of connections.

Manually add connection

Step 3: Edit and review connections

The newly added connections are displayed in a table with the following options:

Manage NQE-based connections

Change the query: Opens the Edit NQE-based connections drawer to modify the currently selected query.
Delete all: Deletes all NQE-based connections.

+ Add Connections

Batch-add NQE-based connections: Select this option to add an NQE-based query to batch-add connections. Only one NQE query can be selected at a time. To include additional connections, edit the existing NQE query.
Add a connection manually: Select this option to add a connection manually.

Editing manually added connections

Select the edit icon at the end of each row to edit a manually added connection.

Deleting manually added connections

Select the delete icon at the end of each row to delete a manually added connection.

Click Save when ready.

Edit L2 VPN connections

Managing L2 VPNs

You can edit or delete an L2 VPN by clicking the Edit or Delete icon on the right side of the Synthetic Devices page.

Newly added L2 VPNs, or any change to existing L2 VPNs, will be shown in the following collected snapshot.

Show L2 VPN

Add an L2 VPN via the Forward Enterprise REST APIs

An L2 VPN can be added via the Forward Enterprise REST APIs via the endpoint PUT: /api/snapshots/{snapshotId}/l2Vpns/{l2VpnName} as well.

The API requires the following parameters for each site the L2 VPN node is connected to:

Device and interface of the site to which the L2 VPN connects to
Optionally the location, a vlan on the link that connects the L2 VPN and a connection name

Here is an example of the request body:

{
  "l2Vpns": [
    {
      "name": "l2vpnatl-sjc-01",
      "locationId": "29",
      "connections": [
        {
          "device": "atl-ce01",
          "port": "ge-0/0/1",
          "name": "to_sjc_ce01"
        },
        {
          "device": "sjc-ce01",
          "port": "ge-0/0/1"
        }
      ]
    }
  ]
}

For more information on L2 VPN APIs, including endpoints to add/remove connections and update/remove an L2 VPN, please check the Synthetic Devices REST API documentation.

Add an L2 VPN via the Forward Enterprise GUI​

Step 1: Select a device type​

Step 2: Configure L2 VPN​

Batch-add NQE-based connections​

Add a connection manually​

Step 3: Edit and review connections​

Managing L2 VPNs​

Add an L2 VPN via the Forward Enterprise REST APIs​