6 Ipdslamprotocols Eth Vlan

40
Alcatel-Lucent University Antwerp 1 University Ethernet framing & VLAN technology Alcatel-Lucent University Antwe University

description

6 Ipdslamprotocols Eth Vlan

Transcript of 6 Ipdslamprotocols Eth Vlan

PowerPoint PresentationUniversity
During class please switch off your mobile, pager or other that may interrupt.
Entry level requirements:
Alcatel-Lucent University Antwerp
IEEE-802.3 protocol: commonly called Ethernet.
3 different versions exist:
IEEE 802.3 frame with Type field and any protocol in payload
IEEE 802.3 frame with Length field and LLC header
IEEE 802.3 frame with Length field and LLC/SNAP header
Ethernet v2 is a valid IEEE 802.3 frame.
used in Local Area Networks
uses CSMA/CD
LAN
When somebody says that they are running Ethernet on their network, inevitably you have to ask: "Which Ethernet?". Currently, there are many versions of the Ethernet Frame Format in the commercial marketplace, all subtly different and not necessarily compatible with each other.
The explanation for the many types of Ethernet Frame Formats currently on the marketplace lies in Ethernet's history.
In 1972, work on the original version of Ethernet, Ethernet Version 1, began at the Xerox Palo Alto Research Center.
Version 1 Ethernet as released in 1980 by a consortium of companies comprising DEC, Intel, and Xerox. In the same year, the IEEE meetings on Ethernet began.
In 1982, the DIX (DEC/Intel/Xerox) consortium released Version II Ethernet and since then it has almost completely replaced Version I in the marketplace.
In 1983 Novell NetWare '86 was released, with a proprietary frame format based on a preliminary release of the 802.3 spec.
Two years later, when the final version of the 802.3 spec was released, it had been modified to include the 802.2 LLC Header, making NetWare's proprietary format incompatible.
Finally, the 802.3 SNAP format was created to address backwards compatibility issues between Version 2 and 802.3 Ethernet.
As you can see, the large number of players in the Ethernet world has created a number of different choices. The bottom line is this: either a particular driver supports a particular frame format, or it doesn't. Typically, Novell stations can support any of the frame formats, while TCP/IP stations will support only one although there are no hard and fast rules in Networking.
CSMA/CD: Carrier Sense Multiple Access with Collision Detection
*
SFD
DA
7B
1B
6B
6B
4B
pre-
amble
In the following slides we will outline the specific fields in the different types of Ethernet frames.
But first let’s look at the fields that are common for each type of Ethernet frame.
The Preamble and SFD (Start Frame delimiter)
Regardless of the frame type being used, the means of digital signal encoding on an Ethernet network is the same. While a discussion of Manchester Encoding is beyond the scope of this course, it is sufficient to say that on an idle Ethernet network, there is no signal. Because each station has its own oscillating clock, the communicating stations have to have some way to "synch up" their clocks and thereby agree on how long one bit time is. The preamble facilitates this. The preamble with SFD consists of 8 bytes of alternating ones and zeros, ending in 11.
A station on an Ethernet network detects the change in voltage that occurs when another station begins to transmit and uses the preamble to "lock on" to the sending station's clock signal. Because it takes some time for a station to "lock on", it doesn't know how many bits of the preamble have gone by. For this reason, we say that the preamble is "lost" in the "synching up" process. No part of the preamble ever enters the adapter's memory buffer. Once locked on, the receiving station waits for the 11 that signals that the Ethernet frame follows.
The Destination MAC address and Source MAC address fields are 6-bytes in length The first three bytes of the MAC Address are assigned by the IEEE to the vendor of the adapter are specific to the vendor.
FCS = Frame Check Sequence
Based on type or length field
Frame length (<=1500) or
2B
6B
6B
4B
*
Commonly called Ethernet v2 Frame
DA
SA
Type
P A Y L O A D (46–1500 Bytes)
0806
2B
6B
6B
4B
0800
8035
(18 Bytes)
The 802.3 specifications include the possibility to have a frame with type field and any protocol in the payload. This way the Ethernet II frame defined by DIX (DEC, Intel, and Xerox) is also a valid 802.3 frame.
Like the 802.3 spec (see later), the Version II spec defines a Data Link Header consisting of 14 bytes (6+6+2) of information, but the Version II spec does not specify an LLC header.
The Type field is 2-bytes and contains the value that defines the protocol that is being encapsulated in the data payload. This Ethertype is expressed in hexadecimal (all these values are greater than 1500 (decimal))
At the physical layer, the DST MAC field could be preceded by a 7-byte preamble and 1-byte start of frame delimiter.
At the end of the Data field is a 4-byte FCS..
The minimum frame size for Ethernet media without the preamble is 64 bytes and the maximum frame size without the preamble is 1518 bytes.
Hence the minimum frame size on Ethernet with the preamble is 72 bytes and the maximum is 1526 bytes
*
Defining Service Access Points (SAPs)
SAPs ensure that the same Network Layer protocol is used at the source and at the destination.
TCP/IP talks to TCP/IP, IPX/SPX talks to IPX/SPX,…
Destination SAP/Source SAP
P A Y L O A D (43–1497 Bytes)
DSAP
1B
SSAP
1B
CONTR
1B
06 = ARPANET Internet Protocol (IP)
AA = SubNetwork Access Protocl (SNAP)
E0 = Novell NetWare
F0 = IBM NetBIOS
Data Link Header
Frame length
(<=1500)
The following describes the LLC frame format. The Destination MAC address and Source MAC-address fields are 6-bytes in length.
The length field is 2-bytes and contains the length of the frame, not including the preamble, 32 bit CRC, Datalink connection addresses, or the Length field itself. An Ethernet frame can be no shorter than 64 bytes total length, and no longer than 1518 bytes total length
The DSAP and SSAP fields are used to identify the type of the protocol that is encapsulated in the payload.
The DSAP, or Destination Service Access Point, is a 1 byte field that simply acts as a pointer to a memory buffer in the receiving station. It tells the receiving network interface card in which buffer to put this information. This functionality is crucial in situations where users are running multiple protocol stacks, etc...
The SSAP, or Source Service Access Point is analogous to the DSAP and specifies the Source of the sending process.
*
IIEE 802.3 SNAP header
Due to growing number of applications using the IEEE LLC 802.2 header, an extension was made.
Introduction of the IEEE 802.3 Sub Network Access Protocol (SNAP) header
SSAP=H’AA, DSAP=H’AA indicates that a SNAP-header is used
SNAP
AA
1B
AA
1B
03
1B
00-00-00
3B
TYPE
2B
LLC
While the original 802.3 specification worked well, the IEEE realized that some upper layer protocols required an Ethertype to work properly.
For example, TCP/IP uses the Ethertype to differentiate between ARP packets and normal IP data frames. In order to provide this backwards compatibility with the Version II frame type, the 802.3 SNAP (SubNetwork Access Protocol) format was created.
The SNAP Frame Format consists of a normal 802.3 Data Link Header followed by a 802.2 LLC Header and then a 5 byte SNAP field, followed by the normal user data and FCS.
The Sub-Network Access Protocol (SNAP) Header
The first 3 bytes of the SNAP header is the vendor code, generally the same as the first three bytes of the source address although it is sometimes set to zero.
*
P A Y L O A D
(38–1492 Bytes)
AA
1B
03
1B
802.2 LLC
802.2 SNAP
*
has Ethertype field
Value always > 05-DC hex.
if < 05-DC IEEE802.3 Length field
if >= 05-DC IEEE802.3 Type field
Type field gives a protocol identification (same as Ethertype)
802.3 incorporates aspects of Ethernet version 2 and will replace it for high-speed Ethernet networks
Ethernet v2 is a valid 802.3 frame
*
0800
3 Byte
5 Byte
*
Routing required between LANs
each other on the LAN
*
Logical broadcast / multicast domain
LAN membership defined by the network manager
Virtual
Corporate LAN
Marketing LAN
Engineering LAN
Administration LAN
VLAN allows a network manager to logically segment a LAN into different broadcast domains. Since this is a logical segmentation but not a physical one, workstations do not have to be physically located together. Users on different floors of the same building, or even in different buildings can now belong to the same LAN.
VLAN also allows broadcast domains to be defined without using routers. Bridging software is used instead to define which workstations are included in the broadcast domain. Routers would only have to be used to communicate between two VLANs.
Communication between nodes that are attached to a single physical LAN infrastructure is only possible if they are member of the same VLAN. Inter-VLAN communication requires a higher layer packet forwarder like a router to forward packets packets between the VLANs it belongs to.
*
Formation of Virtual Workgroups
Users and resources that communicate frequently with each other can be grouped into a VLAN, regardless of physical location.
Simplified Administration
Adding or moving nodes => can be dealt with quickly and conveniently from the management console rather than the wiring closet
Reduced Cost
Use of VLANs can eliminate the need for expensive routers
With a VLAN-enabled adapter, a server can be a member of multiple VLANs.
Security
VLANs create virtual boundaries that can only be crossed through a router.
VLAN's offer a number of advantages over traditional LAN's. They are:
1) Performance
In networks where traffic consists of a high percentage of broadcasts and multicasts, VLANs can reduce the need to send such traffic to unnecessary destinations. E.g., in a broadcast domain consisting of 10 users, if the broadcast traffic is intended only for 5 of the users, then placing those 5 users on a separate VLAN can reduce traffic
Compared to switches, routers require more processing of incoming traffic. As the volume of traffic passing through the routers increases, so does the latency in the routers, which results in reduced performance. The use of VLANs reduces the number of routers needed, since VLANs create broadcast domains using switches instead of routers.
2) Formation of Virtual Workgroups
Nowadays, it is common to find cross-functional product development teams with members from different departments such as marketing, sales, accounting, and research. These workgroups are usually formed for a short period of time. During this period, communication between members of the workgroup will be high. To contain broadcasts and multicasts within the workgroup, a VLAN can be set up for them. Each group's traffic is largely contained within the VLAN. With VLANs it is easier to place members of a workgroup together. Without VLANs, the only way this would be possible is to physically move all the members of the workgroup closer together.
3) Simplified Administration
Seventy percent of network costs are a result of adds, moves, and changes of users in the network. Every time a user is moved in a LAN, recabling, new station addressing, and reconfiguration of hubs and routers becomes necessary. Some of these tasks can be simplified with the use of VLAN's. If a user is moved within a VLAN, reconfiguration of routers is unnecessary. In addition, depending on the type of VLAN, other administrative work can be reduced or eliminated.
4) Reduced Cost
VLAN's can be used to create broadcast domains which eliminate the need for expensive routers.
With a VLAN-enabled adapter, a server can be a member of multiple VLANs. This reduces the need to route traffic to and from the server.
5) Security
VLANs create virtual boundaries that can only be crossed through a router. So standard, router-based security measures can be used to restrict access to each VLAN as required.
*
How VLANs work
VLAN can be distinguished by the method used to indicate membership when a packet travels between switches.
Implicit
Explicit
Port,
Port and Protocol based
In order to understand how VLANs work, we need to look at the types of VLANs, the types of connections between devices on VLANs, the filtering database which is used to send traffic to the correct VLAN, and tagging, a process used to identify the VLAN originating the data.
A first and important distinction between VLAN implementations is the method used to indicate membership when a packet travels between switches. Two methods exist – implicit and explicit.
When a LAN bridge receives data from a workstation, it tags the data with a VLAN identifier indicating the VLAN from which the data came. This is called explicit tagging. A tag is added to the packet to indicate VLAN membership. The IEEE 802.1q VLAN specifications use this method. Tagging can be based on the port from which it came, the source Media Access Control (MAC) field, the source network address, or some other field or combination of fields. VLANs are classified based on the method used.
It is also possible to determine to which VLAN the data received belongs using implicit tagging. In implicit tagging the data is not tagged, but the VLAN from which the data came is determined based on information like the port on which the data arrived or VLAN membership is indicated by the MAC address. In this case, all switches that support a particular VLAN must share a table of member MAC addresses.
*
Layer 1 VLAN: Membership by port
Membership in a VLAN is defined based on the ports that belong to the VLAN.
Also refered to as Port switching
Does not allow user mobility
Does not allow multiple VLANs to include the same physical segment (or switch port)
PORT
VLAN
1
2
5
7
1
2
3
4
5
6
7
8
9
In this implementation, the administrator assigns each port of a switch to a VLAN.
The switch determines the VLAN membership of each packet by noting the port on which it arrives.
The primary limitation of defining VLANs by port is that the network manager must reconfigure VLAN membership when a user moves from one port to another. He needs to reassign the new port to the user’s old VLAN. The network change is then completely transparent to the user, and the administrator saves a trip to the wiring closet.
*
Layer 2 VLAN: Memberschip by MAC address
Membership in a VLAN is based on the MAC address of the workstation.
The switch tracks the MAC addresses which belong to each VLAN
Provides full user movement
Clients and server always on the same LAN regardless of location
Disadvantages
Notebook PCs change docking stations
MAC@A
MAC@B
MAC@C
MAC@D
MAC@
VLAN
MAC@A
MAC@B
MAC@C
MAC@D
1
2
3
4
5
6
7
8
9
The VLAN membership of a packet in this case is determined by its source or destination MAC address. Each switch maintains a table of MAC addresses and their corresponding VLAN memberships.
A key advantage of this method is that the switch doesn’t need to be reconfigured when a user moves to a different port.
*
Layer 3 VLAN: Membership by protocol type
Membership implied by MAC protocol type field
This is the most flexible method and provides the most logical grouping of users
PROTOCOL
VLAN
IP
1
IPX
2
SFD
pre-
amble
DA
SA
P A Y L O A D (46–1500 Bytes)
FCS
Length
or Type
VLANs based on layer 3 information take into account protocol type (if multiple protocols are supported) and possibly network-layer address (e.g., subnet address for TCP/IP networks) in determining VLAN membership. An IP subnet or an IPX network, for example, can each be assigned their own VLAN.
Although these VLANs are based on layer 3 information, this does not constitute a “routing” function and should not be confused with network-layer routing.
*
Layer 3 VLAN: Membership by IP subnet address
The network IP subnet address (layer 3 header) can be used to classify VLAN membership
IP@: 138.22.24.5
IP@: 138.21.35.47
IP@: 138.21.35.58
IP@: 138.22.24.10
SUBNET /MASK
VLAN
138.22.24.0/24
138.21.35.0/24
1
2
3
4
5
6
7
8
9
In this method, IP addresses are used only as a mapping to determine membership in VLAN's. No other processing of IP addresses is done. No route calculation is undertaken, RIP or OSPF protocols are not employed, and frames traversing the switch are usually bridged according to implementation of the Spanning Tree Algorithm. Therefore, from the point of view of a switch employing layer 3–based VLANs, connectivity within any given VLAN is still seen as a flat, bridged topology..
Having made the distinction between VLANs based on layer 3 information and routing, it should be noted that some vendors are incorporating varying amounts of layer 3 intelligence into their switches, enabling functions normally associated with routing.
Nevertheless, a key point remains: no matter where it is located in a VLAN solution, routing is necessary to provide connectivity between distinct VLANs. There are several advantages to defining VLANs at layer 3. First, it enables partitioning by protocol type. This may be an attractive option for network managers who are dedicated to a service- or application-based VLAN strategy. Secondly, users can physically move their workstations without having to reconfigure each workstation’s network address—a benefit primarily for TCP/IP users.
*
Default VID
Often equals PVID
Port-and-protocol-based VLAN classification
VID based on port of arrival and the protocol identifier of the frame
Multiple VLAN-Ids associated with port of the bridge – VID set
A VLAN bridge supports port-based VLAN classification, and may, in addition, support port-and-protocol-based VLAN classification
In port-based VLAN classification within a bridge, the VLAN-ID associated with an untagged or priority tagged frame is determined based on the port of arrival of the frame into the bridge. This classification mechanism requires the association of a specific Port VLAN Identifier, or PVID, with each of the bridge’s ports. In this case, the PVID for a given port provides the VLAN-ID for untagged and priority tagged frames received through that port.
For bridges that implement port-and-protocol-based VLAN classification, the VLAN-ID associated with an untagged or priority-tagged frame is determined based on the port of arrival of the frame into the bridge and on the protocol identifier of the frame.
*
Access link
Contain VLAN unaware devices
All frames on access link are untagged
Normal ports to which we connect our network devices such as PCs.
Access Link
VLAN aware Bridge
VLAN unaware workstation
Inside the world of VLANs there are three types of interfaces / links. These links allow us to connect multiple switches together or just simple network devices e.g PC, that will access the VLAN network. Depending on their configuration, they are called Access Links, Trunk Links or Hybrid Links.
The division is based on whether the connected devices are VLAN-aware or VLAN-unaware. Recall that a VLAN-aware device is one which understands VLAN memberships (i.e. which users belong to a VLAN) and VLAN formats.
The type of link, where only traffic for a single VLAN is passed, is referred to as an "Access Link".
When configuring ports on a switch to act as Access Links, we configure only one VLAN per port, that is, the VLAN our device will be allowed to access. An access link is a link that belongs to one, and only one VLAN. The port is not capable of receiving information from another VLAN unless the information has been routed. The port is not capable of sending information to another VLAN unless the port has access to a router.
The access link connects a VLAN-unaware device to the port of a VLAN-aware bridge. Any device connected to an Access Link (port) is totally unaware of the VLAN assigned to the port. The device simply assumes it is part of a single broadcast domain, just as it happens with any normal switch. During data transfers, any VLAN information or data from other VLANs is removed so the recipient has no information about them
*
Trunk Link
Allowing VLANS to span over all network switches
VLAN aware Bridge
VLAN aware Bridge
VLAN aware workstation
Trunk Link
Trunk Link
What we've seen so far is a switch port configured to carry only one VLAN, that is, an Access Link port. Another type of port configuration is the Trunk port.
While an access link does the job for a single VLAN environment, multiple access links would be required if you wanted traffic from multiple VLANs to be passed between switches. Having multiple access links between the same pair of switches would be a big waste of switch ports. Obviously another solution is required when traffic for multiple VLANs needs to be transferred across a single trunk link. The solution for this comes through the use of VLAN tagging.
When you want traffic from multiple VLANs to be able to traverse a link that interconnects two switches, you need to configure a VLAN tagging (explicit tagging) method on the ports that supply the link. A trunk link is capable of transferring frames from many different VLANs through the use of technologies like 802.1q.
A Trunk Link, or 'Trunk' is a port configured to carry packets for any VLAN. These type of ports are usually found in connections between switches. These links require the ability to carry packets from all available VLANs because VLANs span over multiple switches.
*
Hybrid Link
All frames for specific VLAN are tagged or untagged
Hybrid Link
VLAN aware workstation
VLAN unaware workstation
VLAN aware Bridge
VLAN aware Bridge
*
Customer VLAN tag
SFD
pre-
amble
DA
SA
length
type
P A Y L O A D (46–1500 Bytes)
FCS
TPID
TCI
2 bytes
2 bytes
3 bits
12 bits
Tag Control Information
We saw that when frames are sent across the network, there needs to be a way of indicating to which VLAN the frame belongs, so that the bridge will forward the frames only to those ports that belong to that VLAN, instead of to all output ports as would normally have been done. This information is added to the frame in the form of a tag header and there are different ways to determine VLAN membership
Tagging of an Ethernet frame consists in adding a 4-byte tag that allows to specify the VLAN-ID and the priority. Since a VLAN tag is 4 bytes for a frame that is tagged, the frame size ranges between 68 and 1522 bytes. When padding has to be used to reach minimum frame size, tagged frames can be of 64 bytes.
TPID is the tag protocol identifier which indicates that a tag header is following. TPID has a defined value of 8100 in hex. When a frame has the Ethertype equal to 8100, this frame carries the tag IEEE 802.1Q / 802.1P.
The TCI (Tag Control Information) contains three parts. the user priority, canonical format indicator (CFI), and the VLAN ID.
User priority is a 3 bit field which allows priority information to be encoded in the frame. Eight levels of priority are allowed, where zero is the lowest priority and seven is the highest priority. How this field is used is described in the supplement 802.1p.
The CFI bit is used to indicate that all MAC addresses present in the MAC data field are in canonical format. This field is interpreted differently depending on whether it is an Ethernet-encoded tag header or a SNAP-encoded tag header..
*
Priority-tagged frame
A frame with tag header carries priority but no VLAN ID (VID=0)
VLAN-tagged frame
A frame with Q-tag header carries both priority and VID.
802.1Q Tag VLAN
Each member of VLAN group can talk to each other
VLAN-aware
VLAN-unaware
The device can't recognize VLAN-tagged frame
Untagged frame: An untagged frame is a frame that does not contain a tag header immediately following the Source MAC Address field of the frame or, if the frame contained a Routing Information field, immediately following the Routing Information field.
Priority-tagged frame : A tagged frame whose tag header carries priority information, but carries no VLAN identification information.
VLAN-tagged frame : A tagged frame whose tag header carries both VLAN identification and priority information.
An untagged frame or a priority-tagged frame does not carry any identification of the VLAN to which it belongs. Such frames are classified as belonging to a particular VLAN based on parameters associated with the receiving port, or, through proprietary extensions to this standard, based on the data content of the frame (e.g., MAC Address, layer 3 protocol ID, etc.- implicit tagging).
Priority tagged frames, which, by definition, carry no VLAN identification information, are treated the same as untagged frames.
A VLAN-tagged frame carries an explicit identification of the VLAN to which it belongs; i.e., it carries a tag header that carries a non-null VID. Such a frame is classified as belonging to a particular VLAN based on the value of the VID that is included in the tag header.
Each VLAN group has unique VID and the ports with the same VID can communicate with each other. It is important for a LAN bridge (switch) to determine what devices are VLAN-aware or VLAN-unaware. VLAN-aware device can recognize and support VLAN-tagged frame but VLAN-unaware device can't.
*
Upstream
Forwarding Process
Egress Rule
Decide if the frames must be sent tagged or untagged
Forwarding
Process
Packet
Transmit
When the bridge receives the data/Ethernet frames, it determines to which VLAN the data belongs either by implicit or explicit tagging. In explicit tagging a tag header is added to the data.
According to the VID information the switch forwards and filters the frames among ports . The bridge keeps track of VLAN members in a filtering database which it uses to determine where the data is to be sent.
The ports with the same VID can communicate with each other.
IEEE 802.1Q VLAN function contains the following three tasks, ingress process, forwarding process and egress process.
*
Tagged frame:
Untagged frame:
A tag is added onto this untagged frame (with the PVID)
Then the tagged frame is sent to the forwarding engine
PVID
Tagged frame
Ingress Rule
PVID
Towards
Forwarding
Process
Each port is capable of passing tagged or untagged frames. The ingress process identifies if the incoming frames contain a tag, and classifies the incoming frames belonging to a VLAN. Each port has its own ingress rule. If the ingress rule accepts tagged frames only, the switch port will drop all incoming untagged frames. If the ingress rule accepts all frame types, the switch port simultaneously allows incoming tagged and untagged frames :
When a tagged frame is received on a port, it carries a tag header that has a explicit VID. The ingress process directly passes the tagged frame to the forwarding process.
An untagged frame does not carry any VID to which it belongs. When a untagged frame is received, the ingress process inserts a tag containing the PVID into the untagged frame. Each physical port has a default VID called PVID (Port VID). This PVID is assigned to untagged frames or priority tagged frames received on this port.
*
Filtering database contains two tables.
- MAC table and VLAN table
First, check destination MAC address based on the MAC table
Second, check the VLAN ID based on the VLAN table
Egress port is the allowed outgoing member port of VLAN
3
3
2
Egress
Port
Static
Static
Static
Register
Untag
100
Tag
1
Untag
1
MAC Address
MAC Table
VLAN Table
Filtering Database
*
VID
*
C-VID of incoming frames is determined:
If TAG is present, C-VLAN ID is taken from tag (no translation!)
If TAG is not present,
* port and protocol are used for VLAN ID classification.
* else, the default VLAN ID for that port is used (PVID);
Outgoing frame may carry C-TAG or not, depending on egress rule.
VLAN tag added by CPE
= Q/C-VLAN tag
The bridging entity of a VLAN Bridge consists of a single “Customer-VLAN aware Bridge component”.
Each port is capable of connecting to an 802 LAN.
Adding/removing of Q/C-TAGs is supported on all ports.
*
Inroduction of second VLAN tag (IEEE 802.1ad):
Servider Provider tag: S-TAG
Customer Bridge:
C-tag treatment
FCS
S-TAG
C-TAG
The number of VLAN identifiers is limited to 4K. Since the VLAN is a E-MAN wide identifier, we end up with a scalability issue : in case of one-to-one mapping (Cross-connect mode) there cannot be more than 4K end users connected to the whole E-MAN. To solve this issue, two VLANs are stacked and the cross-connection is then performed on the combination (S-VLAN, C-VLAN) allowing to theoretically reach up to 16M end users.
It is impossible to allocate the same VID to different customers. There’s no customer traffic segregation! VLANs of different customers with the same VID will be managed as the same VLAN in the carrier network.
IEEE 802.1ad does not only describe S-VLAN for use in VLAN stacking. IEEE802.1ad is an amendment to 802.1q
VLAN Bridge = Customer Bridge = 802.1Q Bridge
A customer bridge = a VLAN-aware bridge as we used to know them before people started to talk about VLAN stacking.
A Provider Bridge (in provider networks) provides the same functionality as a Customer Bridge, but it uses a different tag: the S-TAG (instead of the C-TAG).
comprising a single S-VLAN component
If the customer is sending untagged Ethernet frames, these are sent toward the carrier network as a single S-VLAN tagged frames. A provider bridge cannot add a C-TAG to an untagged frame!
Provider Edge Bridge (new)
A Provider Bridge can additionally contain a Customer VLAN aware Bridge component, which duplicates the functionality of a VLAN Bridge.
comprising configuration of both C-VLAN and S-VLAN components.
*
S-VID of incoming frames is defined:
If S-TAG is present, S-VID is taken from tag
If S-TAG is not present,
Same rules as for C-TAG in VLAN bridge.
Incoming frame is forwarded according to forwarding information base associated with the S-VLAN.
Outgoing frame may carry S-TAG or not (egress rule).
C-VLAN aware Bridge
Operation in a provider edge bridge: single tag
An incoming frame on a provider edge port is forwarded internally depending on the C-TAG.
This two-step approach enables a translation of C-VID to S-VID.
Incoming frame is forwarded according to forwarding information base associated with respectively the C-VLAN / S-VLAN to which the frame belongs.
Outgoing frame may carry S-TAG or not (egress rule)
C-VLAN aware bridge
= Q/C-VLAN tag
= S-VLAN tag
like Alcatel,…
P A Y L O A D (46–1500 Bytes)
FCS
TPID
TCI
SFD
pre-
amble
DA
SA
length
type
P A Y L O A D (46–1500 Bytes)
FCS
TPID
TCI
TPID
TCI
S-Vlan
C-Vlan
Tag Control Information (TBD)
*
Q-in-Q VLAN
Not standardized
The second VLAN tag protocol identifier is 802.1Q tag type just like in Single VLAN tagged frames
SFD
pre-
amble
DA
SA
length
type
P A Y L O A D (46–1500 Bytes)
FCS
TPID
TCI
TPID
TCI
S-Vlan
C-Vlan
Tag Control Information
*
We now have two tags
The S-TAG may be added and removed independently of the C-tag.
A Provider Bridge ignores C-tags, except on Provider Edge Ports
VLAN-stacking can occur even if the incoming frame is untagged (at provider edge port).
C-VLAN aware bridge
VLAN-stacking occurs when …
*