PowerPoint PresentationUniversity
During class please switch off your mobile, pager or other that may
interrupt.
Entry level requirements:
Alcatel-Lucent University Antwerp
IEEE-802.3 protocol: commonly called Ethernet.
3 different versions exist:
IEEE 802.3 frame with Type field and any protocol in payload
IEEE 802.3 frame with Length field and LLC header
IEEE 802.3 frame with Length field and LLC/SNAP header
Ethernet v2 is a valid IEEE 802.3 frame.
used in Local Area Networks
uses CSMA/CD
LAN
When somebody says that they are running Ethernet on their network,
inevitably you have to ask: "Which Ethernet?". Currently, there are
many versions of the Ethernet Frame Format in the commercial
marketplace, all subtly different and not necessarily compatible
with each other.
The explanation for the many types of Ethernet Frame Formats
currently on the marketplace lies in Ethernet's history.
In 1972, work on the original version of Ethernet, Ethernet Version
1, began at the Xerox Palo Alto Research Center.
Version 1 Ethernet as released in 1980 by a consortium of companies
comprising DEC, Intel, and Xerox. In the same year, the IEEE
meetings on Ethernet began.
In 1982, the DIX (DEC/Intel/Xerox) consortium released Version II
Ethernet and since then it has almost completely replaced Version I
in the marketplace.
In 1983 Novell NetWare '86 was released, with a proprietary frame
format based on a preliminary release of the 802.3 spec.
Two years later, when the final version of the 802.3 spec was
released, it had been modified to include the 802.2 LLC Header,
making NetWare's proprietary format incompatible.
Finally, the 802.3 SNAP format was created to address backwards
compatibility issues between Version 2 and 802.3 Ethernet.
As you can see, the large number of players in the Ethernet world
has created a number of different choices. The bottom line is this:
either a particular driver supports a particular frame format, or
it doesn't. Typically, Novell stations can support any of the frame
formats, while TCP/IP stations will support only one although there
are no hard and fast rules in Networking.
CSMA/CD: Carrier Sense Multiple Access with Collision
Detection
*
SFD
DA
7B
1B
6B
6B
4B
pre-
amble
In the following slides we will outline the specific fields in the
different types of Ethernet frames.
But first let’s look at the fields that are common for each type of
Ethernet frame.
The Preamble and SFD (Start Frame delimiter)
Regardless of the frame type being used, the means of digital
signal encoding on an Ethernet network is the same. While a
discussion of Manchester Encoding is beyond the scope of this
course, it is sufficient to say that on an idle Ethernet network,
there is no signal. Because each station has its own oscillating
clock, the communicating stations have to have some way to "synch
up" their clocks and thereby agree on how long one bit time is. The
preamble facilitates this. The preamble with SFD consists of 8
bytes of alternating ones and zeros, ending in 11.
A station on an Ethernet network detects the change in voltage that
occurs when another station begins to transmit and uses the
preamble to "lock on" to the sending station's clock signal.
Because it takes some time for a station to "lock on", it doesn't
know how many bits of the preamble have gone by. For this reason,
we say that the preamble is "lost" in the "synching up" process. No
part of the preamble ever enters the adapter's memory buffer. Once
locked on, the receiving station waits for the 11 that signals that
the Ethernet frame follows.
The Destination MAC address and Source MAC address fields are
6-bytes in length The first three bytes of the MAC Address are
assigned by the IEEE to the vendor of the adapter are specific to
the vendor.
FCS = Frame Check Sequence
Based on type or length field
Frame length (<=1500) or
2B
6B
6B
4B
*
Commonly called Ethernet v2 Frame
DA
SA
Type
P A Y L O A D (46–1500 Bytes)
0806
2B
6B
6B
4B
0800
8035
(18 Bytes)
The 802.3 specifications include the possibility to have a frame
with type field and any protocol in the payload. This way the
Ethernet II frame defined by DIX (DEC, Intel, and Xerox) is also a
valid 802.3 frame.
Like the 802.3 spec (see later), the Version II spec defines a Data
Link Header consisting of 14 bytes (6+6+2) of information, but the
Version II spec does not specify an LLC header.
The Type field is 2-bytes and contains the value that defines the
protocol that is being encapsulated in the data payload. This
Ethertype is expressed in hexadecimal (all these values are greater
than 1500 (decimal))
At the physical layer, the DST MAC field could be preceded by a
7-byte preamble and 1-byte start of frame delimiter.
At the end of the Data field is a 4-byte FCS..
The minimum frame size for Ethernet media without the preamble is
64 bytes and the maximum frame size without the preamble is 1518
bytes.
Hence the minimum frame size on Ethernet with the preamble is 72
bytes and the maximum is 1526 bytes
*
Defining Service Access Points (SAPs)
SAPs ensure that the same Network Layer protocol is used at the
source and at the destination.
TCP/IP talks to TCP/IP, IPX/SPX talks to IPX/SPX,…
Destination SAP/Source SAP
P A Y L O A D (43–1497 Bytes)
DSAP
1B
SSAP
1B
CONTR
1B
06 = ARPANET Internet Protocol (IP)
AA = SubNetwork Access Protocl (SNAP)
E0 = Novell NetWare
F0 = IBM NetBIOS
Data Link Header
Frame length
(<=1500)
The following describes the LLC frame format. The Destination MAC
address and Source MAC-address fields are 6-bytes in length.
The length field is 2-bytes and contains the length of the frame,
not including the preamble, 32 bit CRC, Datalink connection
addresses, or the Length field itself. An Ethernet frame can be no
shorter than 64 bytes total length, and no longer than 1518 bytes
total length
The DSAP and SSAP fields are used to identify the type of the
protocol that is encapsulated in the payload.
The DSAP, or Destination Service Access Point, is a 1 byte field
that simply acts as a pointer to a memory buffer in the receiving
station. It tells the receiving network interface card in which
buffer to put this information. This functionality is crucial in
situations where users are running multiple protocol stacks,
etc...
The SSAP, or Source Service Access Point is analogous to the DSAP
and specifies the Source of the sending process.
*
IIEE 802.3 SNAP header
Due to growing number of applications using the IEEE LLC 802.2
header, an extension was made.
Introduction of the IEEE 802.3 Sub Network Access Protocol (SNAP)
header
SSAP=H’AA, DSAP=H’AA indicates that a SNAP-header is used
SNAP
AA
1B
AA
1B
03
1B
00-00-00
3B
TYPE
2B
LLC
While the original 802.3 specification worked well, the IEEE
realized that some upper layer protocols required an Ethertype to
work properly.
For example, TCP/IP uses the Ethertype to differentiate between ARP
packets and normal IP data frames. In order to provide this
backwards compatibility with the Version II frame type, the 802.3
SNAP (SubNetwork Access Protocol) format was created.
The SNAP Frame Format consists of a normal 802.3 Data Link Header
followed by a 802.2 LLC Header and then a 5 byte SNAP field,
followed by the normal user data and FCS.
The Sub-Network Access Protocol (SNAP) Header
The first 3 bytes of the SNAP header is the vendor code, generally
the same as the first three bytes of the source address although it
is sometimes set to zero.
*
P A Y L O A D
(38–1492 Bytes)
AA
1B
03
1B
802.2 LLC
802.2 SNAP
*
has Ethertype field
Value always > 05-DC hex.
if < 05-DC IEEE802.3 Length field
if >= 05-DC IEEE802.3 Type field
Type field gives a protocol identification (same as
Ethertype)
802.3 incorporates aspects of Ethernet version 2 and will replace
it for high-speed Ethernet networks
Ethernet v2 is a valid 802.3 frame
*
0800
3 Byte
5 Byte
*
Routing required between LANs
each other on the LAN
*
Logical broadcast / multicast domain
LAN membership defined by the network manager
Virtual
Corporate LAN
Marketing LAN
Engineering LAN
Administration LAN
VLAN allows a network manager to logically segment a LAN into
different broadcast domains. Since this is a logical segmentation
but not a physical one, workstations do not have to be physically
located together. Users on different floors of the same building,
or even in different buildings can now belong to the same
LAN.
VLAN also allows broadcast domains to be defined without using
routers. Bridging software is used instead to define which
workstations are included in the broadcast domain. Routers would
only have to be used to communicate between two VLANs.
Communication between nodes that are attached to a single physical
LAN infrastructure is only possible if they are member of the same
VLAN. Inter-VLAN communication requires a higher layer packet
forwarder like a router to forward packets packets between the
VLANs it belongs to.
*
Formation of Virtual Workgroups
Users and resources that communicate frequently with each other can
be grouped into a VLAN, regardless of physical location.
Simplified Administration
Adding or moving nodes => can be dealt with quickly and
conveniently from the management console rather than the wiring
closet
Reduced Cost
Use of VLANs can eliminate the need for expensive routers
With a VLAN-enabled adapter, a server can be a member of multiple
VLANs.
Security
VLANs create virtual boundaries that can only be crossed through a
router.
VLAN's offer a number of advantages over traditional LAN's. They
are:
1) Performance
In networks where traffic consists of a high percentage of
broadcasts and multicasts, VLANs can reduce the need to send such
traffic to unnecessary destinations. E.g., in a broadcast domain
consisting of 10 users, if the broadcast traffic is intended only
for 5 of the users, then placing those 5 users on a separate VLAN
can reduce traffic
Compared to switches, routers require more processing of incoming
traffic. As the volume of traffic passing through the routers
increases, so does the latency in the routers, which results in
reduced performance. The use of VLANs reduces the number of routers
needed, since VLANs create broadcast domains using switches instead
of routers.
2) Formation of Virtual Workgroups
Nowadays, it is common to find cross-functional product development
teams with members from different departments such as marketing,
sales, accounting, and research. These workgroups are usually
formed for a short period of time. During this period,
communication between members of the workgroup will be high. To
contain broadcasts and multicasts within the workgroup, a VLAN can
be set up for them. Each group's traffic is largely contained
within the VLAN. With VLANs it is easier to place members of a
workgroup together. Without VLANs, the only way this would be
possible is to physically move all the members of the workgroup
closer together.
3) Simplified Administration
Seventy percent of network costs are a result of adds, moves, and
changes of users in the network. Every time a user is moved in a
LAN, recabling, new station addressing, and reconfiguration of hubs
and routers becomes necessary. Some of these tasks can be
simplified with the use of VLAN's. If a user is moved within a
VLAN, reconfiguration of routers is unnecessary. In addition,
depending on the type of VLAN, other administrative work can be
reduced or eliminated.
4) Reduced Cost
VLAN's can be used to create broadcast domains which eliminate the
need for expensive routers.
With a VLAN-enabled adapter, a server can be a member of multiple
VLANs. This reduces the need to route traffic to and from the
server.
5) Security
VLANs create virtual boundaries that can only be crossed through a
router. So standard, router-based security measures can be used to
restrict access to each VLAN as required.
*
How VLANs work
VLAN can be distinguished by the method used to indicate membership
when a packet travels between switches.
Implicit
Explicit
Port,
Port and Protocol based
In order to understand how VLANs work, we need to look at the types
of VLANs, the types of connections between devices on VLANs, the
filtering database which is used to send traffic to the correct
VLAN, and tagging, a process used to identify the VLAN originating
the data.
A first and important distinction between VLAN implementations is
the method used to indicate membership when a packet travels
between switches. Two methods exist – implicit and explicit.
When a LAN bridge receives data from a workstation, it tags the
data with a VLAN identifier indicating the VLAN from which the data
came. This is called explicit tagging. A tag is added to the packet
to indicate VLAN membership. The IEEE 802.1q VLAN specifications
use this method. Tagging can be based on the port from which it
came, the source Media Access Control (MAC) field, the source
network address, or some other field or combination of fields.
VLANs are classified based on the method used.
It is also possible to determine to which VLAN the data received
belongs using implicit tagging. In implicit tagging the data is not
tagged, but the VLAN from which the data came is determined based
on information like the port on which the data arrived or VLAN
membership is indicated by the MAC address. In this case, all
switches that support a particular VLAN must share a table of
member MAC addresses.
*
Layer 1 VLAN: Membership by port
Membership in a VLAN is defined based on the ports that belong to
the VLAN.
Also refered to as Port switching
Does not allow user mobility
Does not allow multiple VLANs to include the same physical segment
(or switch port)
PORT
VLAN
1
2
5
7
1
2
3
4
5
6
7
8
9
In this implementation, the administrator assigns each port of a
switch to a VLAN.
The switch determines the VLAN membership of each packet by noting
the port on which it arrives.
The primary limitation of defining VLANs by port is that the
network manager must reconfigure VLAN membership when a user moves
from one port to another. He needs to reassign the new port to the
user’s old VLAN. The network change is then completely transparent
to the user, and the administrator saves a trip to the wiring
closet.
*
Layer 2 VLAN: Memberschip by MAC address
Membership in a VLAN is based on the MAC address of the
workstation.
The switch tracks the MAC addresses which belong to each VLAN
Provides full user movement
Clients and server always on the same LAN regardless of
location
Disadvantages
Notebook PCs change docking stations
MAC@A
MAC@B
MAC@C
MAC@D
MAC@
VLAN
MAC@A
MAC@B
MAC@C
MAC@D
1
2
3
4
5
6
7
8
9
The VLAN membership of a packet in this case is determined by its
source or destination MAC address. Each switch maintains a table of
MAC addresses and their corresponding VLAN memberships.
A key advantage of this method is that the switch doesn’t need to
be reconfigured when a user moves to a different port.
*
Layer 3 VLAN: Membership by protocol type
Membership implied by MAC protocol type field
This is the most flexible method and provides the most logical
grouping of users
PROTOCOL
VLAN
IP
1
IPX
2
SFD
pre-
amble
DA
SA
P A Y L O A D (46–1500 Bytes)
FCS
Length
or Type
VLANs based on layer 3 information take into account protocol type
(if multiple protocols are supported) and possibly network-layer
address (e.g., subnet address for TCP/IP networks) in determining
VLAN membership. An IP subnet or an IPX network, for example, can
each be assigned their own VLAN.
Although these VLANs are based on layer 3 information, this does
not constitute a “routing” function and should not be confused with
network-layer routing.
*
Layer 3 VLAN: Membership by IP subnet address
The network IP subnet address (layer 3 header) can be used to
classify VLAN membership
IP@: 138.22.24.5
IP@: 138.21.35.47
IP@: 138.21.35.58
IP@: 138.22.24.10
SUBNET /MASK
VLAN
138.22.24.0/24
138.21.35.0/24
1
2
3
4
5
6
7
8
9
In this method, IP addresses are used only as a mapping to
determine membership in VLAN's. No other processing of IP addresses
is done. No route calculation is undertaken, RIP or OSPF protocols
are not employed, and frames traversing the switch are usually
bridged according to implementation of the Spanning Tree Algorithm.
Therefore, from the point of view of a switch employing layer
3–based VLANs, connectivity within any given VLAN is still seen as
a flat, bridged topology..
Having made the distinction between VLANs based on layer 3
information and routing, it should be noted that some vendors are
incorporating varying amounts of layer 3 intelligence into their
switches, enabling functions normally associated with
routing.
Nevertheless, a key point remains: no matter where it is located in
a VLAN solution, routing is necessary to provide connectivity
between distinct VLANs. There are several advantages to defining
VLANs at layer 3. First, it enables partitioning by protocol type.
This may be an attractive option for network managers who are
dedicated to a service- or application-based VLAN strategy.
Secondly, users can physically move their workstations without
having to reconfigure each workstation’s network address—a benefit
primarily for TCP/IP users.
*
Default VID
Often equals PVID
Port-and-protocol-based VLAN classification
VID based on port of arrival and the protocol identifier of the
frame
Multiple VLAN-Ids associated with port of the bridge – VID
set
A VLAN bridge supports port-based VLAN classification, and may, in
addition, support port-and-protocol-based VLAN classification
In port-based VLAN classification within a bridge, the VLAN-ID
associated with an untagged or priority tagged frame is determined
based on the port of arrival of the frame into the bridge. This
classification mechanism requires the association of a specific
Port VLAN Identifier, or PVID, with each of the bridge’s ports. In
this case, the PVID for a given port provides the VLAN-ID for
untagged and priority tagged frames received through that
port.
For bridges that implement port-and-protocol-based VLAN
classification, the VLAN-ID associated with an untagged or
priority-tagged frame is determined based on the port of arrival of
the frame into the bridge and on the protocol identifier of the
frame.
*
Access link
Contain VLAN unaware devices
All frames on access link are untagged
Normal ports to which we connect our network devices such as
PCs.
Access Link
VLAN aware Bridge
VLAN unaware workstation
Inside the world of VLANs there are three types of interfaces /
links. These links allow us to connect multiple switches together
or just simple network devices e.g PC, that will access the VLAN
network. Depending on their configuration, they are called Access
Links, Trunk Links or Hybrid Links.
The division is based on whether the connected devices are
VLAN-aware or VLAN-unaware. Recall that a VLAN-aware device is one
which understands VLAN memberships (i.e. which users belong to a
VLAN) and VLAN formats.
The type of link, where only traffic for a single VLAN is passed,
is referred to as an "Access Link".
When configuring ports on a switch to act as Access Links, we
configure only one VLAN per port, that is, the VLAN our device will
be allowed to access. An access link is a link that belongs to one,
and only one VLAN. The port is not capable of receiving information
from another VLAN unless the information has been routed. The port
is not capable of sending information to another VLAN unless the
port has access to a router.
The access link connects a VLAN-unaware device to the port of a
VLAN-aware bridge. Any device connected to an Access Link (port) is
totally unaware of the VLAN assigned to the port. The device simply
assumes it is part of a single broadcast domain, just as it happens
with any normal switch. During data transfers, any VLAN information
or data from other VLANs is removed so the recipient has no
information about them
*
Trunk Link
Allowing VLANS to span over all network switches
VLAN aware Bridge
VLAN aware Bridge
VLAN aware workstation
Trunk Link
Trunk Link
What we've seen so far is a switch port configured to carry only
one VLAN, that is, an Access Link port. Another type of port
configuration is the Trunk port.
While an access link does the job for a single VLAN environment,
multiple access links would be required if you wanted traffic from
multiple VLANs to be passed between switches. Having multiple
access links between the same pair of switches would be a big waste
of switch ports. Obviously another solution is required when
traffic for multiple VLANs needs to be transferred across a single
trunk link. The solution for this comes through the use of VLAN
tagging.
When you want traffic from multiple VLANs to be able to traverse a
link that interconnects two switches, you need to configure a VLAN
tagging (explicit tagging) method on the ports that supply the
link. A trunk link is capable of transferring frames from many
different VLANs through the use of technologies like 802.1q.
A Trunk Link, or 'Trunk' is a port configured to carry packets for
any VLAN. These type of ports are usually found in connections
between switches. These links require the ability to carry packets
from all available VLANs because VLANs span over multiple
switches.
*
Hybrid Link
All frames for specific VLAN are tagged or untagged
Hybrid Link
VLAN aware workstation
VLAN unaware workstation
VLAN aware Bridge
VLAN aware Bridge
*
Customer VLAN tag
SFD
pre-
amble
DA
SA
length
type
P A Y L O A D (46–1500 Bytes)
FCS
TPID
TCI
2 bytes
2 bytes
3 bits
12 bits
Tag Control Information
We saw that when frames are sent across the network, there needs to
be a way of indicating to which VLAN the frame belongs, so that the
bridge will forward the frames only to those ports that belong to
that VLAN, instead of to all output ports as would normally have
been done. This information is added to the frame in the form of a
tag header and there are different ways to determine VLAN
membership
Tagging of an Ethernet frame consists in adding a 4-byte tag that
allows to specify the VLAN-ID and the priority. Since a VLAN tag is
4 bytes for a frame that is tagged, the frame size ranges between
68 and 1522 bytes. When padding has to be used to reach minimum
frame size, tagged frames can be of 64 bytes.
TPID is the tag protocol identifier which indicates that a tag
header is following. TPID has a defined value of 8100 in hex. When
a frame has the Ethertype equal to 8100, this frame carries the tag
IEEE 802.1Q / 802.1P.
The TCI (Tag Control Information) contains three parts. the user
priority, canonical format indicator (CFI), and the VLAN ID.
User priority is a 3 bit field which allows priority information to
be encoded in the frame. Eight levels of priority are allowed,
where zero is the lowest priority and seven is the highest
priority. How this field is used is described in the supplement
802.1p.
The CFI bit is used to indicate that all MAC addresses present in
the MAC data field are in canonical format. This field is
interpreted differently depending on whether it is an
Ethernet-encoded tag header or a SNAP-encoded tag header..
*
Priority-tagged frame
A frame with tag header carries priority but no VLAN ID
(VID=0)
VLAN-tagged frame
A frame with Q-tag header carries both priority and VID.
802.1Q Tag VLAN
Each member of VLAN group can talk to each other
VLAN-aware
VLAN-unaware
The device can't recognize VLAN-tagged frame
Untagged frame: An untagged frame is a frame that does not contain
a tag header immediately following the Source MAC Address field of
the frame or, if the frame contained a Routing Information field,
immediately following the Routing Information field.
Priority-tagged frame : A tagged frame whose tag header carries
priority information, but carries no VLAN identification
information.
VLAN-tagged frame : A tagged frame whose tag header carries both
VLAN identification and priority information.
An untagged frame or a priority-tagged frame does not carry any
identification of the VLAN to which it belongs. Such frames are
classified as belonging to a particular VLAN based on parameters
associated with the receiving port, or, through proprietary
extensions to this standard, based on the data content of the frame
(e.g., MAC Address, layer 3 protocol ID, etc.- implicit
tagging).
Priority tagged frames, which, by definition, carry no VLAN
identification information, are treated the same as untagged
frames.
A VLAN-tagged frame carries an explicit identification of the VLAN
to which it belongs; i.e., it carries a tag header that carries a
non-null VID. Such a frame is classified as belonging to a
particular VLAN based on the value of the VID that is included in
the tag header.
Each VLAN group has unique VID and the ports with the same VID can
communicate with each other. It is important for a LAN bridge
(switch) to determine what devices are VLAN-aware or VLAN-unaware.
VLAN-aware device can recognize and support VLAN-tagged frame but
VLAN-unaware device can't.
*
Upstream
Forwarding Process
Egress Rule
Decide if the frames must be sent tagged or untagged
Forwarding
Process
Packet
Transmit
When the bridge receives the data/Ethernet frames, it determines to
which VLAN the data belongs either by implicit or explicit tagging.
In explicit tagging a tag header is added to the data.
According to the VID information the switch forwards and filters
the frames among ports . The bridge keeps track of VLAN members in
a filtering database which it uses to determine where the data is
to be sent.
The ports with the same VID can communicate with each other.
IEEE 802.1Q VLAN function contains the following three tasks,
ingress process, forwarding process and egress process.
*
Tagged frame:
Untagged frame:
A tag is added onto this untagged frame (with the PVID)
Then the tagged frame is sent to the forwarding engine
PVID
Tagged frame
Ingress Rule
PVID
Towards
Forwarding
Process
Each port is capable of passing tagged or untagged frames. The
ingress process identifies if the incoming frames contain a tag,
and classifies the incoming frames belonging to a VLAN. Each port
has its own ingress rule. If the ingress rule accepts tagged frames
only, the switch port will drop all incoming untagged frames. If
the ingress rule accepts all frame types, the switch port
simultaneously allows incoming tagged and untagged frames :
When a tagged frame is received on a port, it carries a tag header
that has a explicit VID. The ingress process directly passes the
tagged frame to the forwarding process.
An untagged frame does not carry any VID to which it belongs. When
a untagged frame is received, the ingress process inserts a tag
containing the PVID into the untagged frame. Each physical port has
a default VID called PVID (Port VID). This PVID is assigned to
untagged frames or priority tagged frames received on this
port.
*
Filtering database contains two tables.
- MAC table and VLAN table
First, check destination MAC address based on the MAC table
Second, check the VLAN ID based on the VLAN table
Egress port is the allowed outgoing member port of VLAN
3
3
2
Egress
Port
Static
Static
Static
Register
Untag
100
Tag
1
Untag
1
MAC Address
MAC Table
VLAN Table
Filtering Database
*
VID
*
C-VID of incoming frames is determined:
If TAG is present, C-VLAN ID is taken from tag (no
translation!)
If TAG is not present,
* port and protocol are used for VLAN ID classification.
* else, the default VLAN ID for that port is used (PVID);
Outgoing frame may carry C-TAG or not, depending on egress
rule.
VLAN tag added by CPE
= Q/C-VLAN tag
The bridging entity of a VLAN Bridge consists of a single
“Customer-VLAN aware Bridge component”.
Each port is capable of connecting to an 802 LAN.
Adding/removing of Q/C-TAGs is supported on all ports.
*
Inroduction of second VLAN tag (IEEE 802.1ad):
Servider Provider tag: S-TAG
Customer Bridge:
C-tag treatment
FCS
S-TAG
C-TAG
The number of VLAN identifiers is limited to 4K. Since the VLAN is
a E-MAN wide identifier, we end up with a scalability issue : in
case of one-to-one mapping (Cross-connect mode) there cannot be
more than 4K end users connected to the whole E-MAN. To solve this
issue, two VLANs are stacked and the cross-connection is then
performed on the combination (S-VLAN, C-VLAN) allowing to
theoretically reach up to 16M end users.
It is impossible to allocate the same VID to different customers.
There’s no customer traffic segregation! VLANs of different
customers with the same VID will be managed as the same VLAN in the
carrier network.
IEEE 802.1ad does not only describe S-VLAN for use in VLAN
stacking. IEEE802.1ad is an amendment to 802.1q
VLAN Bridge = Customer Bridge = 802.1Q Bridge
A customer bridge = a VLAN-aware bridge as we used to know them
before people started to talk about VLAN stacking.
A Provider Bridge (in provider networks) provides the same
functionality as a Customer Bridge, but it uses a different tag:
the S-TAG (instead of the C-TAG).
comprising a single S-VLAN component
If the customer is sending untagged Ethernet frames, these are sent
toward the carrier network as a single S-VLAN tagged frames. A
provider bridge cannot add a C-TAG to an untagged frame!
Provider Edge Bridge (new)
A Provider Bridge can additionally contain a Customer VLAN aware
Bridge component, which duplicates the functionality of a VLAN
Bridge.
comprising configuration of both C-VLAN and S-VLAN
components.
*
S-VID of incoming frames is defined:
If S-TAG is present, S-VID is taken from tag
If S-TAG is not present,
Same rules as for C-TAG in VLAN bridge.
Incoming frame is forwarded according to forwarding information
base associated with the S-VLAN.
Outgoing frame may carry S-TAG or not (egress rule).
C-VLAN aware Bridge
Operation in a provider edge bridge: single tag
An incoming frame on a provider edge port is forwarded internally
depending on the C-TAG.
This two-step approach enables a translation of C-VID to
S-VID.
Incoming frame is forwarded according to forwarding information
base associated with respectively the C-VLAN / S-VLAN to which the
frame belongs.
Outgoing frame may carry S-TAG or not (egress rule)
C-VLAN aware bridge
= Q/C-VLAN tag
= S-VLAN tag
like Alcatel,…
P A Y L O A D (46–1500 Bytes)
FCS
TPID
TCI
SFD
pre-
amble
DA
SA
length
type
P A Y L O A D (46–1500 Bytes)
FCS
TPID
TCI
TPID
TCI
S-Vlan
C-Vlan
Tag Control Information (TBD)
*
Q-in-Q VLAN
Not standardized
The second VLAN tag protocol identifier is 802.1Q tag type just
like in Single VLAN tagged frames
SFD
pre-
amble
DA
SA
length
type
P A Y L O A D (46–1500 Bytes)
FCS
TPID
TCI
TPID
TCI
S-Vlan
C-Vlan
Tag Control Information
*
We now have two tags
The S-TAG may be added and removed independently of the
C-tag.
A Provider Bridge ignores C-tags, except on Provider Edge
Ports
VLAN-stacking can occur even if the incoming frame is untagged (at
provider edge port).
C-VLAN aware bridge
VLAN-stacking occurs when …
*