Docstoc

VLAN bridging and routing_v03

Document Sample
VLAN bridging and routing_v03 Powered By Docstoc
					SpeedTouch R6.1

L2QOS




>Jan Wuyts@thomson.net
>Technical Presales Manager
Hierarchical module overview
      Interface Architecture Modules
>According to OSI model                                                                                                           LoopBack
             Layer 1 : Physical
                 >   ATM Phonebook menu
                 >   ATM menu
             Layer 2 : Datalink                                                                                                IP Forwarding
                 >   IP menu =>IPoA interface
  •                     IPoA with destination an ATM interface
                 >   Eth menu => ETHoA interface
  •                     Ethoa with destination an ATM interface
                 >   Eth bridge menu => bridge interfaces                                                                       IP Interface(s)
  •                     Bridge with destination an ATM interface
  •                     Part of the bridge (also eth1, eth2, eth3 and eth4 and
  OBC)
                 >   PPPoA and PPPoE
             Layer 3 : Network                                                         ARP

                 >   IP menu => IP interface
  •                     IP with destination IPoA, EthoA or LAN interface                                                                             iARP

  •                     IP routing, receive-only RIPv1/2
                 >   NAT : NAT menu                                                     IPoE /            PPPoE             PPPoE RELAY                   IPoA   Multilink PPP
                                                                                        IPoEoA
                 >   Streams : connection menu
                 >   ALG : connection menu
             Layer 4/5 : Transport                                                             Ethernet Interface(s)
                 >   Firewall menu : stateful firewall                                  (Physical Ports, OBC Bridge Port, VLAN)                   PPPoA

             Layer 6 : Presentation
                 >
                                                                                 VLAN
                     Not applicable
             Layer 7 : Application                                                                    Bridge
                                                                                                                                       EthoA
                 >   Not applicable




                                                                                                                   ATM Bundle




      4
VLAN (802.1p & 802.1q)
Bridging and Routing
over a single PVC
in SpeedTouch
Business Products
Ethernet Protocol Structure
                                                                     Logical Link Control      802.2
                                                                            (LLC)
    Layer 7       Application
                                                                                               802.1D
                                                                        MAC Bridging           802.1Q
    Layer 6       Presentation
                                                                                               802.1p
    Layer 5         Session                                        Media Access Control                     Ethernet-Specific
                                                                         (MAC)
    Layer 4        Transport

    Layer 3        Network                                            Physical Signaling       802.3

    Layer 2        Data Link
                                                                           Media
    Layer 1         Physical


                 OSI Model                                      Major IEEE Sublayers
                                                      1518 Bytes  Length  64 Bytes



               64 bits          48 bits     48 bits        16 bits          46 to 1500 Bytes             32 bits

                              Destination   Source                                                       Frame
                                                         Length/
              Preamble          MAC          MAC                                   Data/LLC              Check
                                                          Type
                               Address      Address                                                     Sequence


6                                             Ethernet Frame Structure
  Virtual LAN (VLAN) Capability

> Virtual LAN and priority capabilities are provided by 802.1q/p:
       a VLAN tag is provided by 802.1Q to identify VLAN membership
           >   Limited to 4096 VLANs
       the VLAN tag has a 3-bit priority field that allows 8 possible service classes
        (matches DiffServ’s 8 possible classes)
> Why VLANS?
       LAN scalability:
           >   limits broadcast domains (limits broadcast storms);
           >   also limits multicast, chatty protocols, etc., reducing overall network traffic.
         Network efficiency: traffic flows from different VLANS can be segregated
         Allows non-physical grouping of nodes that share similar resources
         Allows easy changing of LAN membership
         Reduces the amount of level 3 (IP) routing
         Security: limits snooping




  7
Standardization and tagging
    > IEEE 802.1Q : Virtual Bridged Local Area Networks
          Defines VLAN bridge operation (extension of 802.1D)
          Defines VLAN tag

       Ethernet Frame
       Dest MAC SourceMAC   EthType                           Ethernet SDU                            Padding   FCS
          6         6         2                                                                                 4
                                                                    Max 1500 bytes

                                                     Max 1518 bytes

       VLAN Frame
       Dest MAC SourceMAC     TPID        TCI       EthType              Ethernet SDU                 Padding   FCS
          6         6          2          2           2                                                         4
                                                                                Max 1500 bytes

                                                     Max 1522 bytes

       VLAN Stack Frame
         TPID SourceMAC TCI
       Dest MAC = 0x8100, TPID     = priority (3bit) + CFIEthType + VID (12bit) SDU
                                     TCI     TPID    TCI   (1bit)        Ethernet                     Padding   FCS
          6         6         2       2         2     2         2                                                4
                                                                                     Max 1500 bytes
          Defines dynamic VLAN group membership mechanism, STP protocol
                                  Max 1526 bytes
           impact, etc.


8
   Ethernet 802.1Q/p Class of Service
                                           TAG
   Pream.    SFD       DA   SA    Type    2 bytes     PT          Data              FCS

                                                                         Ethernet Frame
Three Bits Used for CoS
 (802.1p User Priority)
                            PRI     CFI             VLAN ID        802.1Q/p
                                                                    Header

                                                           CoS        Application
• 802.1p User Priority field also called                      7          Reserved
  Class of Service (CoS)                                      6          Reserved
• Different types of traffic are                              5       Voice Bearer
  assigned different CoS values                               4    Video Conferencing

       E.g. IP Phone                                          3      Call Signaling
                                                              2    High Priority Data
• CoS 6 and 7 are reserved for
                                                              1   Medium Priority Data
  network use
                                                              0     Best Effort Data
   9
Benefits of using VLAN

> Increased performance : less broadcast traffic on segment, no latency
     added by routers

> Topology independence : logical networks are independent of physical
     locations

> Ease of administration : topology changes no longer require HW changes
     but can be done in SW

> Additional features : layer 2 segregation of traffic by means of VLAN
     priority

> Cost-effectiveness : less routers needed, VLAN-aware switches are used
     instead




10
VLAN implementation overview

 > Business segment modems (620, 608, 608WL, 605)
      Most complete VLAN implementation
        > Fullblown port isolation capabilities on all interfaces
        > VLAN tagging/untagging
        > 802.1p and IPQos priority mapping
        > VLAN routing, …




11
The Default configuration of the bridge
 > Defaults on e.g. ST620 (type ‘eth bridge iflist’)
                                    OBC

                                                                                        bridge
                                    bridge                                            interfaces


      eth1   eth2   eth3   eth4              wlan    wds1 wds2 atm_2
                                                     atm_1       wds3        wds4

      ethif1 ethif2 ethif3 ethif4                                                      Physical
                                             wlif1                  wlif_4
                                                     wlif_2 wlif_3atm0_36
                                                     atm0_35                 wlif_5
                switch                                                                interfaces

 > Bridge interfaces
       All except OBC are connected to physical interfaces
       All except OBC and ethport1 can be detached/deleted
       Others can be added e.g. towards ATM interface
 > Functional : classical IEEE 802.1D self-learning bridging


12
The bridge filters

> WAN broadcast filter
        Filters broadcast from OBC to WAN bridge interfaces
        Applies to the whole bridge
        Enabled by default
        CLI : ‘eth bridge config’, parameter ‘filter’
        GUI: NOT

> Multicast filter
        Filters multicast traffic in both directions
        Can be set for each bridge port separately
        Disabled by default
        CLI : ‘eth bridge ifconfig’, parameter ‘mcastfilter’
        GUI: Expert > Connections > Bridged Ethernet (not ST612s)




13
The VLAN bridge

> Bridge becomes VLAN aware
      When the corresponding parameter is set manually
      In one of the following cases (automatically toggled)
         >A  physical interface is added to a newly created VLAN
         > Ethernet is directly terminated on physical interface
         > switch grouping is used




14
Moving ports around

> The basic functionality of a VLAN switch/bridge is the capability to
     specify VLAN membership for each port
       The OBC can only be untagged member of one VLAN
       A port can be untagged member of 1 or more VLANs
           >   If no default group member wanted => Dummy VLAN
       A port can be tagged member of 0 or more a VLANs
       A port can never be tagged/untagged in same VLAN
       ‘eth bridge vlan iflist’ lists all memberships

> The term ‘port isolation’
       often used term for a port (can be ETH, ATM, wireless) added to a new
        VLAN and removed from default
       remember traffic is NOT bridged/switched between switch ports in different
        VLANs



15
VLAN tagging concept

> Concept :
      VLAN = Bridge group with VLAN
       tagging/untagging/forwarding capabilities
      Step 1 : Create a VLAN




         > Addrule   option :
            • Enabled : shared MAC@ list
                     No identical MAC@ in different VLANs possible !
            • Disabled : independent MAC@ list


16
VLAN tagging concept

> Concept continued
      Step 2 : Create the WAN port(s) and adapt LAN ports if required
         > ATM PVC with LLC encapsulation and ULP=MAC
         > Add the port to the list of bridged ports



                     -Disabled : no mapping of 802.1p to internal class
                     -Overwrite : set new priority
                     -Increase : only change when new priority is ‘better’
                                     -disabled : don’set TOS byte
                                     -Precedence interpretation
                                     -DSCP interpretation

                                 Enable/disable discard of tagged ingress packets if the
                                 interface is not part of the VLAN
                                 Enable/disable receiving of untagged packets

17
VLAN tagging concept

> Concept continued :
      Step 3 :
         >   add ports to the VLAN and set them tagged or untagged
         >   Remove ports from default VLAN/group, if required !




                                             * : untagged




18
Enabling VLAN and statistics
 > Enable VLAN
                                      Allow or disallow upstream broadcasts

 > View Rx/Tx statistics




 > ! When removing a port from the ‘default’ group, all connectivity with the CPE is lost


19
 SpeedTouch 6xx priority mapping table




Regeneration
  Priority




 20
VLAN classification scenario’s

> Scenario 1 : LAN tagged, WAN tagged
                                Tagged in                    Tagged out
                                             eth4   pvc835
                                Tagged out                   Tagged in




      AcceptVLANonly and IngressFiltering enabled on both
       ports                                       All 600 series




21
VLAN classification scenario’s

> Scenario 2 : LAN untagged, WAN tagged
                            Untagged in                         Tagged out
                                           eth4   pvc835
                            Untagged out                        Tagged in

      AcceptVLANonly only on WAN port


                                                           All 600 series




22
VLAN classification scenario’s

> Scenario 3 : LAN tagged, WAN untagged
                             Tagged in                         Untagged out
                                          eth4   pvc835
                             Tagged out                        Untagged in

      AcceptVLANonly only on LAN port


                                                          All 600 series




23
VLAN classification scenario’s

> Scenario 4 : LAN untagged, WAN untagged
                              Untagged in                         Untagged out
                                             eth4   pvc835
                              Untagged out                        Untagged in

      AcceptVLANonly and IngressFiltering disabled, also
       VLAN state disabled
                                                             All 600 series




24
P-bit classification concept

> Step 0 : decide whether to use IP prec or p-bits as
     inbound classification criterium
       IP precendence (or DSCP) :

       P-bits :




25
VLAN routing basics

> Remember
      routing is needed to communicate between two VLANs
      the router must be member of all VLANs




26
The OBC as port to the upper layer

> Routing between VLANs in SpeedTouch devices?
      create multiple IP interfaces (which are connected to the router)
      associate the IP interfaces with the VLANs you want to route between
      add IP addresses, set the necessary routes, …

> Which steps are needed to set this up?
      Add OBC as tagged (!) member to the VLANs
      Create logical Ethernet interfaces, associated with the VID of the correct
       VLAN and bridge as destination
      Create IP interfaces with the corresponding logical Ethernet interfaces as
       destination




27
The OBC as port to the upper layer

> Defaults on e.g. ST620 (type ‘interface list’)
                                                    Router

                                                                                    L3
       lan1          guest1         dmz1            wan1       Internet


                                                               Internet
                                                                 PPP
                                                                                    L2b
                                                               Relay


                      eth_          eth_            eth_       Ethoa      Ethoa
                     guest1         dmz1            wan1       0_35       8_35
                         5             4               3
                                   OBC                                              L2a
                                   Bridge

     eth1     eth2   eth3   eth4            wlan      wds_x

     ethif1 ethif2 ethif3 ethif4
               switch
                                            wlif1     wlif_x   atm0_35    atm8_35   L1

28
Routed VLAN on CLI
 > Add OBC as tagged (!) member to VLAN
       {pol}=>eth bridge vlan ifadd intf OBC name dmz untagged disabled

 > Create a logical Ethernet interface, associated with the VID of the correct
     VLAN and bridge as destination
       {pol}=>eth ifadd intf eth_dmz1
       {pol}=>eth ifconfig intf eth_dmz1 dest bridge vlan dmz
       {pol}=>eth ifattach intf eth_dmz1


 > Create IP interface with the corresponding logical Ethernet interface as
     destination
       {pol}=>ip ifadd intf dmz1 dest eth_dmz1
       {pol}=>ip ifattach intf dmz1




29
Routed VLAN on Web GUI

> Adding the OBC to VLAN
      Expert > Connections > Bridged Ethernet > VLAN
> Creating Logical ETH and IP interfaces:
      Cannot be created/modified/deleted separately
      Only Routed Ethernet page to configure them together




30
Layer 2 IPQOS
Layer 2 IPQOS

> To enable IPQOS on PVC
      Ipqos config intf <PVC> state enabled
> System reboot required !
      Or bring down all interfaces from top to bottom and
       enable all again




32
Classification

> Labels cannot be used : only for routed scenarios
> Eth bridge port can be configured for traffic
     classification :


       Prioconfig = overwrite
       IPprec :
          > disabled: user 802.1p
          > Precedence : use IP precedence
          > DSCP : use DSCP




33
 SpeedTouch 6xx priority mapping table




Regeneration
  Priority




 34
35
     Use QosFlow Generator
> Select interface
> Fix remote MAC address (do
    ipconfig /all on other PC)
>   Select ‘Virtual LAN’
       802.1q ID = VLAN ID
       802.1p Priority
>   Fill local and remote IP@
       E.g. 172.16.10.1 and
           172.16.10.2
>   Send traffic with PCR=100,
    #packets=0 (send traffic forever)
>   Push ‘start’ button




     36
Use QosFlow Monitor

> Select interface
> Tick the ‘filter’ box
> Optionally the filter
     arguments can be
     specified




Reference : http://users.skynet.be/dvdp/
37
Thank you!

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:15
posted:10/6/2011
language:English
pages:38