300 likes | 374 Vues
Introduction. http://www.ieee802.org/1/files/public/docs2010/liaison-nfinn-split-horizon-vid-filtering-0710-v04.pdf describes in pages 19 and 20 the “ Optimal distribution of data: Non-802.1aq ” and “ Using VIDs for manually configured optimum data distribution ”
E N D
Introduction • http://www.ieee802.org/1/files/public/docs2010/liaison-nfinn-split-horizon-vid-filtering-0710-v04.pdf describes in pages 19 and 20 the “Optimal distribution of data: Non-802.1aq” and “Using VIDs for manually configured optimum data distribution” • The following slides expand the description in those two pages with • Multi (e.g. 2) domain E-LAN example • 1 root and 2 roots E-Tree examples • Internal node configuration details for E-LAN and E-Tree cases, including • Relay VIDs and switch configurations • Egress filtering • Egress and ingress VID translation, • Per domain local VID values • Per link local VID values (used in transport networks) • Primary VID values in MEPs and MIPs • v02 adds some E-Tree cases, corrections of some mistakes in v01, an evaluation of UP and Down MEP/MIP primary VID values and support of those multi-VID models in G.8021 • v03 includes some corrections in the B1 and B2 node expansion figures on slides 5,17,20,26.
Configuration of ‘I’ and ‘V’ relay-VIDs, local VIDs, egress filtering and VID translation Internal configuration of node B1 with the E-LAN FID including the ‘I’ and ‘V’ relay-VID learning and forwarding processes and VID translation at the egress ports V I V V I I E-LAN (1 domain) C11 V P11 B1 C12 I V P10 P13 P12 B3 P31 P30 V I C3 P32 P21 P23 B2 V P20 I C2 B1 V VLAN has common local VID value ‘I’ on the inner links B1-B2, B2-B3 and B3-B1 C11 P11 VID Translation at egress port V IV V,I P10 B1 VI C12 VI V V SVL V V,I V V IV I V I I IV B3 V V,I V I C3 IV V I VI I V IV V B2 V V,I P13 C2 VI VI VLAN has 2 relay-VID values ‘I’ and ‘V’ which operate in SVL mode P12 I X: Local VID XY, YX: relay-VID X to local-VID Y Translation at egress port X: Relay-VID SVL: Shared VLAN Learning
Extension of previous example with a 2nd domain with edge nodes B2-B4-B5 VLAN with two domains interconnected by node B2 Next slide illustrates Need for two inner domain VIDs (Ia, Ib) in this case Relay-VIDs registered at each output port VID translation at egress ports VID values used on the links between the nodes Detailed architecture in node B2 (FID with 3 relay-VIDs, SVL, VID Translation) E-LAN (2 domains) C11 P11 B1 C12 P10 P13 P12 B3 P31 P30 C3 P32 P21 P23 B2 P20 C2 VLAN has two domains with a full mesh of links P24 P25 P42 P52 P55 P40 B4 P45 P54 B5 C4 C52 P50 C51
Ia Ia V Ib V Ia Ib Ia V Ia V Ib V V Ib Ib Ia Ia Ib Ib E-LAN (2 domains) C11 VLAN has common local VID value ‘Ia’ on the inner links B1-B2, B2-B3 and B3-B1 V IV V,I VLAN in Node B2 has 3 relay-VID values ‘Ia’, ‘Ib’ and ‘V’ which operate in SVL mode B1 VIa C12 VIa V V,Ia V Ia IaV V IaV B3 V V,Ia V C3 Ia IaV V V,IbIa V,Ib Ia IaV Ia V,Ib B2 B2 V V,Ia,Ib P21 C2 V,IbIa VIa,Ib V,Ia V,Ia IbV,Ia V,IaIb VLAN has common local VID value ‘Ib’ on the inner links B2-B4, B4-B5 and B5-B2 SVL Ib Ib P20 Ia V V IbV VIb V V P23 Ia V V Ib V V,Ib B4 V B5 V,Ib C4 C52 VIb VIb IbV IbV Ib V,Ib IbV V VID Translation at egress port P24 C51 Ib Ib P25 X: Local VID XY, YX: relay-VID X to local-VID Y Translation at egress port X: Relay-VID SVL: Shared VLAN Learning
V I V I V I R R E-LAN (1 domain) C11 P11 VID translation at the ingress ports in the domain enables the usage of different local VID values on each of the inner domain links. A requirement in transport networks. B1 C12 Q P10 P13 P12 B3 P31 P30 P C3 P32 P21 P23 R B2 P20 C2 VLAN has different local VID values ‘P’, ‘Q’ and ‘R’ on the inner links B1-B2, B2-B3 and B3-B1 B1 V C11 P11 V P10 IV V,I IQ VQ B1 VI C12 V V SVL QI QV V V,I V PI PV Q V I V B3 V V,I V Q P C3 IV IP VP V I R Q RI RV V Q V B2 V V,I C2 P13 IR VR VI VID Translation at ingress port P12 P XY, YX: local-VID Y to relay-VID X Translation at ingress port X: local VID X: Relay-VID XY, YX: relay-VID X to local-VID Y Translation at egress port SVL: Shared VLAN Learning
P P P V Ib Ia V R Ia Ib R R V Ia V Ib V V K L Ia Ib Ib Ia L K L K E-LAN (2 domains) VLAN has different local VID values ‘P’, ‘Q’ and ‘R’ on the inner links B1-B2, B1-B3 and B3-B2 C11 VID translation at the ingress ports in the domain enables the usage of different local VID values on each of the inner domain links in both domains. A requirement in transport networks. V IV V,I IQ VQ B1 VI C12 QI QV V V,I V Q V PI PV B3 V V,I V P C3 IaP V,IbP IV V R V,Ib RI RV P V,Ib B2 B2 V V,Ia,Ib IaR V,IbR P21 C2 VIa,Ib VLAN has different local VID values ‘K’, ‘L’ and ‘M’ on the inner links B2-B4, B2-B5 and B5-B4 V,Ia KIb KV,Ia IbL V,IaL V,Ia SVL K L P20 R V V LI LV VK IK V V P23 Ia M V V V V,I B4 V B5 V,I C4 C52 VI VM IM MV MI IV Ib V,I IV V P24 C51 VID Translation at ingress port K L P25 XY, YX: local-VID Y to relay-VID X Translation at ingress port X: Local VID XY, YX: relay-VID X to local-VID Y Translation at egress port X: Relay-VID SVL: Shared VLAN Learning
Security in transport networks • In the previous E-LAN examples ingress VID Translation is not deployed at all input ports (e.g. not on P20) • With the “Ingress Filtering” parameter set to ‘disabled’ those VLAN connections are not secured; frames arriving on other input ports of e.g. node B4 with a local VID value ‘V’ can enter the E-LAN VLAN • This security issue is resolved when ingress VID translation is deployed at every input port • This prevents that frames with unexpected local VID values can access the port and intrude the VLANs
When using different VID values on the links between nodes it is required to identify the ports which form a group and ports which are individual All individual ports must be associated with a relay VID (R-VID) value identifying Individual ports Ports which form a group must be associated with a R-VID value identifying that group Administration of individual ports and grouped ports is done via the Ingress VID Translation tables in each port(see next slide for example) For node B2 the following applies: Group 1: (P21,P23): R-VID: Ia Group 2: (P24,P25): R-VID: Ib Individual: P20: R-VID: V For node B5: Group 1: (P52,P54): R-VID: I Individual: P50,P55: R-VID: V VID Translation for E-LAN (2 domains) example C11 VID: G P11 VID: A B1 C12 VID: Q P10 P13 P12 B3 P31 P30 VID: P C3 P32 VID: F P21 VID: R P23 VID: B B2 P20 C2 P24 P25 VID: K VID: L P42 P52 P55 P40 B4 P45 P54 B5 C4 C52 VID: C VID: M VID: E P50 VID: D C51
Using VIDs for manually configured optimum data distribution for E-LAN (2 domains) example using ingress VID translation on all ports
Port Group concept in transport networks • The logical concept of a “Port Group” could be maintained in a transport network as a configuration element in the manually configured optimum data distribution for E-LAN connection management • Each port in a node in such E-LAN is marked as either an Individual Port or as a port in a Port Group #i (i≥1) • The ports in a Port Group will see their local VID values translated into a common relay VID value in the ingress VID translation process • Relay VID values for the individual and the port group ports have a node local scope; each node can select those values independent of other nodes
E-Tree types • There are four types of E-Tree • Unidirectional P2MP E-Tree (outside scope of this document) • Bidirectional RMP E-Tree with single root and individual leaves • Bidirectional RMP E-Tree with multiple roots and individual leaves • Bidirectional RMP E-Tree with multiple roots, individual leaves and one or more leaf groups • The 4th type requires the use of the largest set of relay VID values and local VID values • Relay VIDs identify the frame’s source and potential set of destination ports: R, I, VG1 to VGN • Local VIDs identify the frame’s source port: root, individual leaf, leaf group #i • The 2nd type requires the use of two relay VID values (R, I) and one local VID value per link • Local VID identifies in the frame’s source port: root, individual leaf • Ingress VID translation converts local VID value to appropriate relay VID value • Egress VID translation converts both relay VID values to same local VID value • The 3rd type requires the use of two relay VID values (R, I) and one or two local VID values per link • Local VID values can not be pruned to single value on the links between the root ports • Next slides illustrate the 2nd, 3rd and 4th E-Tree types and their configuration details from the viewpoint of a transport network
Ports Root: R1 Leaf: L1,L2,L3,L4,L51,L52 Local VID values A to G, K, L, P, Q Relay VID values I, R Single local VID value for both directions of transport per link, e.g. B2-B4 link: K Possible due to usage of ingress and egress VID translation single root E-Tree (1 root, no leaf groups) R1 G P11 A B1 L1 Q P10 P13 P12 B3 P31 P30 P L3 F P21 B B2 L2 P20 P24 P25 K L P42 P52 E P40 B4 B5 L4 L52 C P55 P50 D L51
P P P R I R R R L K I I K L B I E-Tree (1 root, no leaf groups) R1 • Graphical representation of configuration details… G RG R,IG R,I AI AR IQ RQ A B1 L1 Q,IR QI R R Q R PI PR F B2 P B3 P21 R P R,I L3 RP R,IP IF RF R,I B B2 R L2 BI BR P20 IL RL SVL R R KI KR B B R R K L I LR LI,R RK R,IK R,I R,I IE RE C R B4 B5 L4 L52 CI CR R E R ID RD P24 D L P25 K L51 XY, YX: local-VID Y to relay-VID X Translation at ingress port X: Local VID XY, YX: relay-VID X to local-VID Y Translation at egress port X: Relay-VID SVL: Shared VLAN Learning
Using VIDs for manually configured optimum data distribution for E-Tree (1 root, no leaf groups) example
Ports Root: R1, R5 Leaf: L1,L2,L3,L4,L5 Local VID values A to G, K, L, M, P, Q, R Relay VID values I, R Single local VID value for both directions of transport for subset of links with only individual leaves behind it B2-B4 link: K Two local VID values for other subset of links with roots plus individual leaves behind it; i.e. B1-B2 link: P, R B2-B5 link: L, M Possible due to usage of ingress and egress VID translation E-Tree (2 roots, no leaf groups) R1 G P11 A B1 L1 Q P10 P13 P12 B3 P31 P30 P R L3 F P21 B B2 P20 L2 1 local VID value P24 P25 2 local VID values M K L P42 P52 P55 P40 B4 B5 L4 R5 C E P50 D L5
P R P R R R I I I R R M L K R I I M K L B I E-Tree (2 roots, no leaf groups) R1 • Graphical representation of configuration details… G RG R,IG R,I AI AR IQ RQ A B1 L1 QR QR,I PI PI RR RR R R Q R,I F B2 P R B3 P21 R,I R RR RR IP IP R P L3 IF RF R,I B B2 R IL IL RM RM L2 BI BR P20 SVL R R,I KI KR B B R R M L LI LI MR MR K I RK R,IK R,I R,I RE R,IE C R B4 B5 L4 R5 CI CR R,I E R M ID RD P24 P25 D L K L5 XY, YX: local-VID Y to relay-VID X Translation at ingress port X: Local VID XY, YX: relay-VID X to local-VID Y Translation at egress port SVL: Shared VLAN Learning X: Relay-VID
Using VIDs for manually configured optimum data distribution for E-Tree (2 roots, no leaf groups) example
Ports Root: R1, R5 Leaf: L1,L2,L3,L4,L5 Leaf group 1: LG14,LG13 Local VID values A to H,J, K, L, M, N,O,P,Q, R,S,T Relay VID values I, R, VG1 E-Tree (2 roots, 1 leaf group) R1 LG13 G P11 A J B1 L1 Q P10 P13 P33 T P12 B3 P30 P R S P31 L3 F P21 B B2 P20 L2 2 local VID values P24 P25 3 local VID values M K O N L P42 P52 P55 P40 B4 B5 L4 R5 C E P50 P41 H D LG14 L5
R S R S P P I R I R VG1 VG1 VG1 VG1 I R R O N L M K I R I VG1 VG1 N K M O L B I E-Tree (2 roots, 1 leaf group) R1 • Graphical representation of configuration details… G RG R,I,VG1G LG13 IQ RQ VG1T VG1T VG1J VG1J RJ R,I,VG1 AI AR SVG1 SVG1 PI PI RR RR A J B1 L1 Q QR QI TVG1 TVG1 R R, VG1 R,VG1 VG1S VG1S IP IP RR RR T R,I,VG1 F B2 S P R B3 P21 R P R S L3 IF RF VG1O VG1O IL IL RM RM R,I,VG1 B B2 R L2 BI BR KI KR NVG1 NVG1 P20 SVL R,I,VG1 B B R,VG1 R OVG1 OVG1 LI LI MR MR R O M L K RK R,IK VG1N VG1N N I VG1 R,I,VG1 R,I,VG1 RE R,I,VG1E C R B4 B5 L4 R5 CI CR R,I,VG1 M E R,VG1 P25 R HR HVG1 HVG1 ID RD H D N L P24 K LG14 O L5 XY, YX: local-VID Y to relay-VID X Translation at ingress port X: Local VID XY, YX: relay-VID X to local-VID Y Translation at egress port SVL: Shared VLAN Learning X: Relay-VID
Using VIDs for manually configured optimum data distribution for E-Tree (2 roots, 1 leaf group) example
G.8021 E-LAN/E-Tree modelling • 802.1Q multi-VID E-LAN/E-Tree models can be 1-to-1 translated into G.8021 ETH layer model • Each relay VID reference point is represented by an ETH_FP (Flow Point) reference point • The multi relay-VID FID is represented by an “ETH Flow Forwarding (FF) process in SVL mode” within an ETH Connection function (see clause 9.1.1/G.8021) Relay-VID ‘I’ learning and forwarding process ‘I’ Set of ETH_FPs represents EISS Relay-VID reference point Relay-VID ‘R’ learning and forwarding process ‘R’ VID Translation relates local VID with one or more ETH_FPs ETH_AP represents ISS reference point G.8021 ETH Flow Forwarding (FF) process in SVL mode G.8021 ETH to ETH multiplexing adaptation function
P P P V Ib Ia V R Ib Ia R R B Ia B Ib V V K L Ib Ia Ib Ia L K L K B V MEPs and MIPs in these E-LAN cases • Looking at the model of E-LAN Node B2 I am wondering where the MEP and MIP functions should be located • Two locations are considered • Red • Green • Red locations imply that the VIDTranslation is located betweenthe UP MEPs and the MAC Relay, which is not consistent with itscurrent location in the clause 6.9Support of the EISS function • Green locations are consistent with802.1Q functionality order, but requireextensions to the G.8021 MEP Sink andMIP Sink functions, which currently do notsupport to read OAM from “multiple VIDs” P B2 P21 SVL R P20 B V V P23 Ia Ib P24 K L P25
P R P R R I R I R R I M L K R I I L K M B I MEPs and MIPs in these E-Tree cases • Looking at the model of E-Tree Node B2 I am wondering where the MEP and MIP functions should be located • Two locations are considered • Red • Green • Red locations imply that the VIDTranslation is located betweenthe UP MEPs and the MAC Relay, which is not consistent with itscurrent location in the clause 6.9Support of the EISS function • Green locations are consistent with802.1Q functionality order • Both Red and Green locations requireextensions to the G.8021 MEP Sink and MIP Sinkfunctions to support reading from “multiple VIDs” B2 P P21 R P20 SVL B B R R I M P24 P25 L K
Up MEP and Half MIP functions have different primary VID (Ia) than Down MEP/Half MIP (V) Up MEP and Half MIP functions have different primary VID (Ib) than Down MEP/Half MIP (V) .. B .. .. B .. B B .. .. Ia Ia V Ib Ib V V Ia V Ib MEP and MIP primary VID assignments in E-LAN node B2 MAC Relay Primary VID: V Primary VID: Ia Primary VID: Ib Primary VID: V Primary VID: Ia Primary VID: Ib Primary VID: V Primary VID: V Primary VID: V Primary VID: V Primary VID: V Primary VID: V V Ia Ib Ia Ib V Ib V Ia V P20 P21 and P23 P24 and P25 LAN LAN LAN • Up and Down MEP and Half MIP functions have same primary VID (V) • Primary VID values for the Up MEP/HalfMIP functions on the three port sets are different (V, Ia and Ib); configuration should be performed carefully
Up MEP and Half MIP functions have different primary VID (I) than Down MEP/Half MIP (R) .. .. .. .. .. .. R R I I R I MEP and MIP primary VID assignments in 3rd type E-Tree node B2 MAC Relay Primary VID: R Primary VID: I Primary VID: R Primary VID: I Primary VID: R Primary VID: R Primary VID: R Primary VID: R I I R I R R P21 and P25 P20 and P24 LAN LAN • Up and Down MEP and Half MIP functions have same primary VID (R) • Primary VID values for the Up MEP/HalfMIP functions on the two port sets are different (R and I); configuration should be performed carefully
Up MEP and Half MIP functions have different primary VID (I) than Down MEP/Half MIP (R) .. K B N .. B .. .. .. .. K N R I R R R I I I VG1 VG1 VG1 VG1 MEP and MIP primary VID assignments in 4th type E-Tree node B2 MAC Relay Primary VID: R Primary VID: I Primary VID: I Primary VID: R Primary VID: I Primary VID: I Primary VID: R Primary VID: R Primary VID: R Primary VID: R Primary VID: R Primary VID: R VG1 I I I R I R R VG1 VG1 R VG1 P21 and P25 P20 P24 LAN LAN LAN • Up and Down MEP and Half MIP functions have same primary VID (R) • Up MEP and Half MIP functions have different primary VID (I) than Down MEP/Half MIP (R) • Primary VID values for the Up MEP/HalfMIP functions on the three port sets are different (R and I); configuration should be performed carefully
G.8021 MEP/MIP functions • G.8021 ETH MIP function has single ETH_FP • To support the multi-VID E-Tree the G.8021 MIP function should get multiple ETH_FPs • OAM XXM frames may ingress on each of those ETH_FPs and the associated XXR frames may egress on the primary_ETH_FP • G.8021 specifies ETH MEP and ETHG MEP functions • ETH MEP function contains a single ETH_FP • ETHG MEP function contains multiple ETH_FPs • OAM frames can be read/extracted from one ETH_FP only • OAM frames can be generated/inserted into one ETH_FP only • The multi-VID E-Tree models require and ETH MEP function with multiple ETH_FPs, with reading/extracting capabilities of OAM frames on every ETH_FP and generating/inserting capabilities of OAM frames on the primary_ETH_FP only • ETH and ETHG MEP functions could be merged into one ETH MEP function, or alternatively the ETH MEP function can be left unchanged and the ETHG MEP function can be extended to read/extract OAM from every ETH_FP