PowerPoint PresentationAlcatel-Lucent University
University
*
Describe the different types of cross-connect modes (S-, C-,
S/C-)
Retrieve VLAN information on the system.
Associate a VLAN in cross-connect mode to a port on the ASAM-CORE
and to ports on the SHUB.
Unstacked C-VLAN cross-connect
Network
side
User
side
Eth-VLAN
L3+
L3
L2+
L2
Decision
ANT
Different forwarding modes are supported in order to make it fit
into different network models of different operators.
If the DSLAMs are mainly connected to a bridged metro(politan)
ethernet network (E-MAN), the MAC scalability may become an issue
when only layer 2 forwarding is done in the DSLAM.
In that case the MAC addresses of all end-user terminals will have
to be learned in the metro-Ethernet network, while the MAC tables
of bridges are quite limited. In that case, it will probably be
better to use the layer 2+ or L3 forwarding function of the
ISAM.
However, if IP routers are used in the metro Ethernet Network close
to the DSLAMs, MAC scalability will not be an issue, and layer 2
forwarding in the DSLAM may be an interesting option, because in
general layer 2 means less configuration effort. With 7302 ISAM,
operators have the flexibility to choose the forwarding mode which
best fits in their network.
In general, the previous layer 2 and layer 3 forwarding functions
are an overkill for network-VPN services towards business
customers, given the number of connections to the same VPN from one
DSLAM will be mostly only one, or only very few connections per
VPN. In such cases, the VLAN cross-connect mode of the ISAM is much
more appropriate for these business users:
less configuration effort,
*
Conceptually very similar to classical ATM PVC cross-connect
One “customer”-VLAN (C-VLAN) contains strictly one user
User port or user logical port or user on subtended interface
Two variants: residential & business cross-connect
One user can be cross-connected to multiple VLANs
in this case user frames need to be tagged
In cross-connect mode, the ISAM does not care about MAC addresses.
The model is conceptually identical to ATM cross-connect.
Each ATM PVC which is configured in a cross-connect mode is mapped
on a unique VLAN.
Each Ethernet frame on that ATM PVC is transported transparently to
this VLAN, and frames received over the Ethernet interface with the
VLAN-tag are forwarded to the PVC identified by this
VLAN-tag.
It is clear that a VLAN in cross-connect mode also has the two
basic properties which differentiate Intelligent Bridging from
standard bridging: no user-to-user communication is possible in the
ISAM and broadcast storms are avoided. This is because there is
only a single user in case of a VLAN cross-connection.
One bit pipe per subscriber since the subscriber is identified
by:
Network side: Single or stacked (see later) VLAN tag
*
1 PVC / DSL line
any protocol : IP, PPP, IPX, AppleTalk,...
IP
Internet
ISAM
VP/VC
VLAN
2/100
10
2/101
20
E-MAN
Network
CPE
CPE
CPE
CPE
CPE
ISP2
ISP1
BAS
In VLAN cross-connect mode one Customer VLAN (C-VLAN) contains only
one user port.
Tagged frames supported for cross-connect mode.
*
1 VLAN = 1 VP/VC
MAC-address not used in the forwarding decision
Security
Edge can limit number of PPP sessions per line (VP/VC)
Separation of broadcast traffic per user
Number of MAC-addresses can be limited
enable self-learning on the DSL port
No customer segregation
In the case of cross connect mode, user-identification can be
easily done on basis of this VLAN, given there is a VLAN per user
or DSL-line (even per ATM PVC). This user-identification feature
should then be available in a device higher up in the network: e.g.
in a BAS where these VLANs are “terminated”. So no problem in case
of dual MAC addresses, as they are in a different VLAN
anyway.
No user to user communication within ISAM
Note : this requirement is applicable for IB mode, because ASAM,
user or subtending ports may be in the same VLAN.
The requirement is fulfilled for cross-connections by construction,
as the isolation is achieved by the one to one port assignment
(from a network interface to one user, ASAM or subtending port) of
the VLANs.
All responsibilities are moved to the IP edge.
*
LT Cross connect mode configurable
C-VLAN cross connect
S-VLAN cross connect
SC-VLAN cross connect
VLAN
x
30
In the upstream direction, the incoming user port without the MAC
DA is sufficient for the 7302 ISAM to identify the outgoing
upstream port and the C-VLAN tag. This C-VLAN is the port-based
default VLAN configured for this user port.
In the downstream direction, only the C-VLAN (without the MAC DA)
is sufficient for the 7302 ISAM to identify the outgoing user
port.
A particular VLAN ID can be configured only once:
on any of the user ports in the 7302 ISAM.
*
Scalability issue:
Switches learn all MAC-addresses of all end-users
IP edge learns all MAC-address<->IP-address of all end-users
in ARP table
ISAM-1
ISAM-2
IP1
MAC1
IP2
MAC2
IP3
MAC3
IP101
MAC101
IP102
MAC102
IP103
MAC103
IP201
MAC201
IP202
MAC202
IP203
MAC203
BR
Scalabality issue is solved by VLAN stacking:
Customer VLAN : C-VLAN
SC-VLAN cross connect
*
VLAN 333 is sent untagged towards CPE
Untagged frames are tagged with pvid (e.g. 333)
Unknown VLAN IDs for that port are discarded
VLAN 333
VLAN 444
VLAN 555
*
Stack type: S-VLANs
User is allowed to send tagged traffic (even S-tags!)
We ignore the C-VLAN ID:
untagged means here: no S-tag present (C-tag can be present,
though!)
single-tagged means: S-tag present (and maybe also C-tag)
S-VLAN 400 - pvid
S-VLAN cross-connect (C-VLAN transparency) is interesting for
business users. It can offer a VPN-like service.
e.g. tag 400 used between business sites 1 and 2 and tag 401 used
between sites 1 and 3 etc.
*
Create and deploy “Stacking VLAN” (from the AWS or CLI)
Unknown C-VLAN IDs for a bridge port are discarded
C-VLAN ID is unique within S-VLAN
Multiple bridge ports can share the same S-VLAN
c
#1
c
#2
#3
c
#4
s
c
#2
s
c
#1
s
c
#4
S-VLAN
Ethernet
SC-VLAN cross-connect can be interesting for both business and
residential users.
SC-VLAN cross-connect is a dual tag mode (you configure the system
settings for VLAN on the ISAM to dual tag and all VLAN associations
use dual tags).
With SC-VLAN cross-connect, the same S-tags can be used for
different C-tags. Likewise, a C-tag can be reused in combination
with different S-tags.
E.g. the stacking VLAN can identify an ISAM and the C-VLAN is
unique on that ISAM (e.g. each user gets a C-VLAN id that reflects
the position of the port in the ISAM VLAN 101 = LT 1 port 1; VLAN
1648 = LT16 port 48) Make sure that those VLAN-ids don’t occur for
a residential bridge or layer 2-terminated VLAN on the same ISAM!
In that case it will not be possible to reuse the VLAN-id.
On the service hub, only the outer tag is considered.
S-VLAN 502
Voice / Untagged / PVC = 8/36
HSI / Untagged / PVC = 8/37
Voice / Untagged / PVC = 8/36
HSI / Untagged / PVC = 8/37
Upstream: map PVC with VLAN + p-bit
Downstream: Select PVC according to p-bit value
Applicable for all cross connect modes
VLAN 444
VLAN 333
The QoS-aware VLAN cross-connect adds the possibility to support
PVC-bundles as subscriber interfaces.
When transferring packets without cell interleaving, small
real-time packets (for example, voice) might suffer some high
jitter due to the high serialization delay on slow DSL links caused
by transmitting long packets. These DSL links have an ATM layer,
which is a transport mechanism on top of DSL that allows cell
interleaving between PVCs. At the same time, you do not want to
extend this local issue through the complete network. Consequently,
for highly QoS sensitive traffic, one might require to set up
several PVCs and associate each PVC with a given traffic priority,
identified by the priority bits (p-bits) associated with the VLAN
tag. One ends up with extending the VLAN cross-connect concept by
associating each PVC with one or two VLAN IDs and a p-bits
value.
In the downstream direction, the NE selects the PVC according to
the p-bits value (that is, the QoS classification will be based on
the p-bits contained in the C-VLAN). This means the p-bits are
considered in the forwarding decision depending on the p-bit value,
the traffic will be sent to a certain bridge port.
In the upstream direction, the NE assigns p-bits as a function of
the PVC the frames originate from (that is, in case the subsciber
sends single-tagged frames and the second tag (for the S-VLAN) is
added, the p-bits received from the user are copied into the S-VLAN
p-bits. Thus, the original p-bits from the C-VLAN sent by the user
and stacked in NE do not change.
The QoS-aware VLAN cross-connect mode only applies to ATM-based
access technologies such as ADSL. It does not apply to EFM
technology.
*
VLAN 333
VLAN 444
Support for “residential bridge” alike features:
DHCP option 82
PPPoE Relay tag
The protocol-aware VLAN cross-connect mode has the following
features:
xDSL interfaces types:
Bridged encapsulation carrying both PPPoE and IPoE traffic
PPPoA with the required interworking to convert the traffic to
PPPoE
IPoA with the required interworking to convert the traffic to
IPoE
Encapsulation auto-detection
Subscriber identification:
A single (C-VLAN) or a stacked (S-VLAN/C-VLAN) VLAN tag towards the
network is associated with either a PVC (in the case of ATM) or a
DSL port (in the case of EFM)
Optional addition of the PPPoE relay tag in the PPPoE control
messages
Optional addition of the DHCP Option 82 in the DHCP messages
No MAC address or IP address anti-spoofing since the scope of these
addresses remain limited within the protocol-aware cross-connect
mode. The IP edge router or the BRAS must keep the freedom of
allocating them as they want. This control will typically be
performed centrally.
Policing per PVC (ATM) or DSL line (EFM)
*
VLAN 333
VLAN 444
Ethernet
*
Why VLAN translation ?
In case a separate VLAN needs to be used to identify a service,
emulating the PVC (EFM, VDSL) we can decouple the subsciber
interface from the forwarding interface so that the user side vlan
can be the same for all users even in case of 1:1 forwarders like
the Cross-connect model.
This is made possible by defining 2 vlans on a bridge port :
a network vlan and a subscriber (user) VLAN.
Note: it even goes further also in case of higher layer forwarding
models (IP aware bridging, routing… there can be a subscriber vlan!
In that case there;s no network vlan associated to the subscriber
vlan (see further)
If both are different this means that VLAN translation
(substitution) will take place.
Alcatel-Lucent University Antwerp
Select bridge port
No VLAN service deployment needed
VLAN creation at VLAN association
Add port to SC-VLAN CC
Deploy stacking S-VLAN first
Residential Bridge VLAN
Cross Connect VLAN
QOS aware VLAN
When you create a C-VLAN or S-VLAN CC, the VLAN is created on the
fly.
When you want to associate a SC-VLAN CC to a port, the S-VLAN needs
to be deployed to the ISAM already (similar to IB-VLAN
association).
91.bin
Select bridge port
No VLAN service deployment needed
VLAN creation at VLAN association
Add port to SC-VLAN CC
Deploy stacking S-VLAN first
System mode : Cross-connect
VLAN Create
CC-vlan properties
In the example above the stack type was unstacked C-VLAN. In that
case you simply have to enter a C-VLAN id and and a VLAN name.
There’s no stacking VLAN.
You can also specify some protocol aware settings (for PPPoE and
DHCP). In that case you create a protocol-aware
cross-connection.
93.bin
94.bin
Association TAB :
ANEL
USM
Service
Definition
Create
Creating an S-VLAN
After creation, the VLAN service template needs to be deployed to
the target ISAM before the associated SVLAN can be used for the
Stacked cross-connect mode.
95.bin
Activate VLAN translation
Create
If you want to configure a stacked C-VLAN association (S/C-VLAN
cross-connect), you need to select VLAN translation. Only then the
stack type can be stacked!
*
Stacking S-VLAN
CC-vlan properties
*
Fill in the Subscriber VLAN
If the Subscriber VLAN is different from the C-VLAN in the Network
VLAN then C-VLAN translation is done.
The upstream tagged frames will first get a C-tag substitution ( as
configured in the Network Vlan ), followed by adding an S-tag
*
*
ASAM Core: Create VLAN in CC mode
Aggregation function
Create vlan on service hub and add egress ports
configure vlan shub id <C-VID> mode cross-connect
egress port LT:1/1/…
C-VLAN CC-association on bridge port:
Configure bridge port 1/1/./….. vlan id <C-VID>
pvid <C-VID>
Service hub:
Optional parameters
Optional parameters:
[no] vlan-scope: local ( used for vlan translation where related
vid is subscriber vlan )
default = network ( no vlan translation )
no] pvid : default vlan id for untagged frames
default = stacked:0:4097 ( = no pvid )
default = 0
[no] max-unicast-mac : max unicast mac addresses
default = 1
default = untagged
Create vlan on service hub and add egress ports
configure vlan shub id <S-VID> mode cross-connect
egress port LT:1/1/…
configure vlan id stacked:<S-VID>:0 mode cross-connect name
<name>
C-VLAN CC-association on bridge port:
Configure bridge port 1/1/./….. vlan id
stacked:<S-VID>:0
pvid stacked:<S-VID>:0
*
Create stacking vlan on service hub and add egress ports
configure vlan shub id <S-VID> mode layer2-terminated
egress port LT:1/1/[…]
configure vlan id stacked:<S-VID>:0 mode
layer2-terminated
Create cross-connect vlan on ASAM-core :
configure vlan id stacked:<S-VID>:<C-VID> mode
cross-connect name <name>
C-VLAN CC-association on bridge port:
for all releases:
pvid stacked:<S-VID>:<C-VID>
or – from R3.3 only:
Configure bridge port X vlan id < subscriber C-VID> scope
local
network-vlan stacked:<S-VID>:<network C-VID>
pvid < subscriber C-VID>
*
Cross-connect with vlan-translation (ASAM-CORE) via CLI
Besides creation of vlan(s) (cfr network-vlan) as described in
former slides, the vlan-association is as follows :
For C-VLAN CC :
network-vlan <network-C-VID>
pvid <subscr-C-VID>
network-vlan <network-S-VID>
pvid <subscr-S-VID>
network-vlan stacked:<S-VID>:<C-VID>
pvid <subscr-C-VID>
the subscriber vlan is the one used by the subscriber to tag
frames, and is created on the fly
For C-VLAN cross-connect:
Configure bridge port X pvid <subscr-C-VID>
For S-VLAN cross-connect:
Configure bridge port X pvid <subscr-S-VID>
For S/C-VLAN cross-connect (stacked VLAN cross-connect):
Configure bridge port X vlan id <subscr-C-VID> vlan-scope
local
Configure bridge port X vlan id <subscr-C-VID> network-vlan
stacked:<S-VID>:<C-VID>
Configure bridge port X pvid <subscr-C-VID>
*
on ASAM-CORE:
all bridge ports connected to C- vlan
Show vlan bridge-port-fdb < bridge port id >
all MAC-addresses learned or configured on that port
Show vlan fdb <VLAN ID>
all MAC -adresses learned on all ports of that vlan
Show vlan shub-vlan-port-map <vlan id>
all the VLANS to which that port is mapped
Similar commands available on shub: show vlan shub ...
*
Delete a VLAN
You can’t delete a VLAN that has ports attached it
And you can’t delete the VLAN-association with VLAN-id = PVID
Delete VLAN on ASAM-CORE
Delete VLAN on SHUB
configure VLAN shub no id <VID>
Before you can delete a VLAN, you need to be certain that there are
no member ports to this VLAN anymore:
Example for logical user port:
configure bridge port 1/1/4/1:8:35 no vlan-id 150
Example on service hub:
Configure vlan shub id 150 no egress-port network:2
Configure vlan shub id 150 no egress-port lt:1/1/4
You can’t delete the VLAN if the VLAN-id = PVID. You have to delete
the pvid first.
E.g. configure bridge port 1/1/4/1:8:35 no pvid
Alcatel-Lucent University Antwerp
*
Exercises
VLAN setup and end-user setup
What is the forwarding mode of VLAN 333 (cross-connect, bridged,
…)? Check with AWS and CLI .
What are the ports assigned to VLAN 333 on the ASAM-CORE and on the
service hub . Explain what you see.
*