1 / 24

MXK Training Module 4 SLMS bridging

MXK Training Module 4 SLMS bridging. SLMS bridging. This modules covers Bridge types Asymmetric and symmetric IGMP Bridge rules Bridging examples. Bridges, overview. Bridging involves configuring the MXK to direct traffic based on Ethernet MAC addresses

thy
Télécharger la présentation

MXK Training Module 4 SLMS bridging

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MXK TrainingModule 4SLMS bridging

  2. SLMS bridging This modules covers Bridge types Asymmetric and symmetric IGMP Bridge rules Bridging examples

  3. Bridges, overview Bridging involves configuring the MXK to direct traffic based on Ethernet MAC addresses The MXK supports two principal modes of bridging – asymmetric and symmetric. Both modes can be used at the same time, but not on the same VLAN. The MXK ports can support both IP termination or bridging on VLANs. In addition, it can also attach an IP address to a bridge interface without terminating the vlan. This feature is called IP on a bridge. You can have one IPoBridge interface per system.

  4. Asymmetric and symmetric Asymmetrical Normally used in residential applications, for a large number of users sharing an uplink to a BRAS. Does not learn MAC addresses on the uplink side Uses a “default route” (bridge-path) to send all packets upstream In general, broadcasts sent from a downlink will traverse the uplink, but will not be sent down other downlinks, even within the same VLAN. This prevents subscribers from maliciously or unintentionally sending or receiving broadcasts between ports on the same system. Downstream (cpe-side) bridge configured using downlink keyword Upstream (co-side) bridge configured using uplink keyword Symmetrical Best choice for a business applications Used in “layer two VPN” business applications Learns MAC addresses on all configured interfaces All interfaces configured using the tls keyword.

  5. Link aggregation Link aggregation is used to combine two or more ports into a larger logical connection Link Aggregation Control Protocol (LACP) maintains the integrity of this logical link and if one physical link goes down data can still travel over the remaining Link. Works with both asymmetric and symmetric bridges Link aggregation can be configured for dynamic or static mode Link aggregation bridges refer to the linkagg interface zSH> linkagg add group 1-a-1-0/linkagg link 1-a-7-0/eth • zSH> linkagg add group 1-a-1-0/linkagg link 1-a-8-0/eth • zSH> bridge add 1-a-1-0/linkagg tls vlan 800 tagged

  6. Asymmetric: Uplinks, downlinks and intralinks Interfaces towards the network are uplinks Interfaces towards the user are downlinks Interfaces towards a subtended MXK are intralinks Bridge-paths direct traffic from the CPE side to the CO side D U U I D

  7. AsymmetricBridge-paths inupstream direction Traffic from a downlink bridge is always sent to the uplink using the interface specified in the bridge-path The bridge-path contains parameters like MAC address aging and flap control When a packet arrives from a downlink bridge interface, the bridge-path is used as a lookup-table to determine the uplink bridge interface to forward the packet to Starting with SLMS 2.1, the bridge-path is automatically created downlink bridge interface bridge- path uplink bridge interface towards user towards core PACKET PATH zSH> bridge add 1-a-4-0/eth uplink vlan 500 zSH>bridge-path add ethernet4-500/bridge vlan 500 default zSH>bridge add 1-1-1-501/gponport gtp 1 downlink vlan 500 tagged

  8. IGMP snooping IGMP proxy For bridged video, IGMP snooping and IGMP proxy is controlled using the bridge-path for the multicast VLAN The IGMP parameters and multicast aging values are set in the bridge-path In addition, multicast control lists (ACL list for multicast addresses) can be specified in order to allow or disallow certain multicast channels, e.g. a gold, silver and bronze subscription.

  9. Residential setup Residential users should normally be provisioned using asymmetric bridges, this ensures user isolation MAC addresses from the upstream (uplink) side are not learnt. Broadcasts are not forwarded towards the downstream (downlink) side, except for ARP broadcasts. Normally, in a residential environment, three vlans are configured for each user; one vlan for HSIA, one for VoIP and one for video. The uplink side (CO side) of the bridge is common, regardless of the downstream line type zSH> bridge add 1-a-4-0/eth uplink vlan 500 zSH> bridge add 1-a-4-0/eth uplink vlan 700 • zSH>bridge-path add ethernet4-500/bridge vlan 500 default zSH>bridge-path add ethernet4-700/bridge vlan 700 default

  10. Residential setupGPON GPON The bridge needs a GTP, GPON traffic profile, describing the characteristics for the bridge interface Video will run on a multicast GEM port, i.e. a shared channel for all ONTs. HSIA and VoIP runs over private GEM port, i.e. private channels. zSH> new gpon-traffic-profile dba-enabled = true dba-fixed-us-ubr-bw = 10240 dba-max-us-bw = 20480 1 zSH> new gpon-traffic-profile dba-enabled = true dba-fixed-us-ubr-bw = 512 dba-max-us-bw = 512 2 zSH>bridge add 1-1-1-501/gponport gtp 1 downlink vlan 500 tagged zSH>bridge add 1-1-1-701/gponport gtp 2 downlink vlan 700 tagged

  11. Residential setupEFM EFM SHDSL (and N2NBOND) The bridge is always tied to the bond group The SHDSL line parameters define line speed There is no need for a traffic descriptor – bandwidth set by bridge rules zSH>bridge add 1-2-25-0/efmbond downlink vlan 500 tagged zSH>bridge add 1-2-25-0/n2nbond downlink vlan 700 tagged

  12. Residential setupADSL ADSL The bridge needs a traffic descriptor – this sets bandwidth for the bridge The bridge also needs a VP/VC pair defining the logical subchannel on ADSL zSH> new atm-traf-descr td_param1 = 30000 1 zSH> new atm-traf-descr td_param1 = 10000 1 zSH>bridge add 1-3-1-0/adsl td 1 vc 8/35 downlink vlan 500 zSH>bridge add 1-3-1-0/adsl td 2 vc 8/36 downlink vlan 700

  13. Residential setupVDSL VDSL The VDSL line parameters define line speed There is no need for a traffic descriptor – bandwidth set by bridge rules zSH>bridge add 1-4-1-0/vdsl downlink vlan 500 tagged zSH>bridge add 1-4-1-0/vdsl downlink vlan 700 tagged

  14. Symmetric Used in “layer two VPN” business applications, or in applications where for example OSPF is used Learns MAC addresses on both up and downlink side. Works as a layer two switch. Both upstream and downstream bridges configured using tls keyword. There is no defined up- or downstream side of the bridge layer 2 network A B D C

  15. Business setup Business customers are normally provisoned using TLS bridges MXK will forward broadcasts and unknowns to all ports in the same VLAN Provides for local switching on the MXK Allows for protocols such as OSPF to run No defined ”up” or ”down” side of the MXK as in asymmetric mode Example configuration zSH> bridge add 1-a-4-0/eth tls vlan 500 tagged zSH> bridge add 1-a-4-0/eth tls vlan 700 tagged zSH>bridge add 1-2-25-0/efmbond tls vlan 500 tagged zSH>bridge add 1-2-25-0/n2nbond tls vlan 700 tagged zSH>bridge add 1-2-26-0/efmbond tls vlan 500 tagged zSH>bridge add 1-2-26-0/n2nbond tls vlan 700 tagged

  16. Bridge rules Bridge rules allows the operator to pass, drop or alter traffic traversing the bridge More than one rule type can be used at the same time for the same bridge interface

  17. Bridge rules, cont’d Bridge rules are tied to either the egress or ingress part of the bridge interface. They may also be tied to both. Example; GPON upstream bandwidth is limited using GTPs, downstream bandwidth is limited using bridge rules Each rule can contain multiple members, i.e. a rule can both limit the bandwidth to 10Mbps and add Option82. First, create the bridge rule zSH> rule add ratelimitdiscard 10/1 rate 10000 Then, assign the rule to a bridge interface zSH> update bridge-interface-record bridgeIfEgressPacketRuleGroupIndex = 10 1-1-1-501-gponport/bridge

  18. Bridge rules, cont’d Multiple rules can be joined into a list. An example would be adding both Option 82 and destination MAC swap. Ingress Ethernet packet Bridge interface ipktrule 1 rule 1/1 Bridgeinsertoption82 rule 1/2 Ratelimitdiscard rule 1/3 Dstmacswapstatic Uplink bridge interface

  19. Destination MAC swapping Uses next hop router’s MAC as the destination MAC address. Forces all frames to the next hop router. Benefit Added Security Forces traffic to next-hop router – prevents subscriber-to-subscriber communication between chassis Provisioned using a bridge packet rule (“dstmacswapdynamic”) Add a dstmacswapdynamic rule and use the MAC address of the L3 router as parameter

  20. Secure bridge Secure Bridge Prevents users with statically configured IP addresses from connecting to the network When packets are received or sent out a secure downlink bridge interface, the MXK checks the IP address against the dynamic IP bridge filter. If a match is found (the address was provided by the DHCP server), the packet is allowed to pass through the filter. Otherwise, it is blocked. Unicast aging is determined based on DHCP Lease time Provisioned using secure keyword in bridge creation For GPON, adding secure to one VLAN will secure all bridges on this port DHCP discovery DHCP offer DHCP request DHCP acknowledge

  21. Basic bridge commands Show bridge zSH> bridge show zSH> bridge brief zSH> bridge showall zSH> bridge showdetail ethernet4-500/bridge zSH> bridge show mac 00:11:22:33:44:55 zSH> bridge show vlan 500 zSH> bridge show port 1-a-4-0/eth Show bridge statistics zSH> bridge stats Show bridge statistics per second zSH> bridge rates

  22. Basic bridge commands Flush learnt addresses zSH> bridge flush all Show IGMP channels zSH> bridge igmp Show IGMP statistics zSH> bridge igmpstats

  23. Introduction to SLMS Bridging Concepts Review Bridge types Asymmetric and symmetric IGMP Bridge rules Bridging examples

  24. Thank you!

More Related