PowerPoint PresentationAlcatel-Lucent University
University
*
Describe the different types of cross-connect modes (S-, C-, S/C-)
Retrieve VLAN information on the system.
Associate a VLAN in cross-connect mode to a port on the ASAM-CORE and to ports on the SHUB.
Unstacked C-VLAN cross-connect
Network
side
User
side
Eth-VLAN
L3+
L3
L2+
L2
Decision
ANT
Different forwarding modes are supported in order to make it fit into different network models of different operators.
If the DSLAMs are mainly connected to a bridged metro(politan) ethernet network (E-MAN), the MAC scalability may become an issue when only layer 2 forwarding is done in the DSLAM.
In that case the MAC addresses of all end-user terminals will have to be learned in the metro-Ethernet network, while the MAC tables of bridges are quite limited. In that case, it will probably be better to use the layer 2+ or L3 forwarding function of the ISAM.
However, if IP routers are used in the metro Ethernet Network close to the DSLAMs, MAC scalability will not be an issue, and layer 2 forwarding in the DSLAM may be an interesting option, because in general layer 2 means less configuration effort. With 7302 ISAM, operators have the flexibility to choose the forwarding mode which best fits in their network.
In general, the previous layer 2 and layer 3 forwarding functions are an overkill for network-VPN services towards business customers, given the number of connections to the same VPN from one DSLAM will be mostly only one, or only very few connections per VPN. In such cases, the VLAN cross-connect mode of the ISAM is much more appropriate for these business users:
less configuration effort,
*
Conceptually very similar to classical ATM PVC cross-connect
One “customer”-VLAN (C-VLAN) contains strictly one user
User port or user logical port or user on subtended interface
Two variants: residential & business cross-connect
One user can be cross-connected to multiple VLANs
in this case user frames need to be tagged
In cross-connect mode, the ISAM does not care about MAC addresses. The model is conceptually identical to ATM cross-connect.
Each ATM PVC which is configured in a cross-connect mode is mapped on a unique VLAN.
Each Ethernet frame on that ATM PVC is transported transparently to this VLAN, and frames received over the Ethernet interface with the VLAN-tag are forwarded to the PVC identified by this VLAN-tag.
It is clear that a VLAN in cross-connect mode also has the two basic properties which differentiate Intelligent Bridging from standard bridging: no user-to-user communication is possible in the ISAM and broadcast storms are avoided. This is because there is only a single user in case of a VLAN cross-connection.
One bit pipe per subscriber since the subscriber is identified by:
Network side: Single or stacked (see later) VLAN tag
*
1 PVC / DSL line
any protocol : IP, PPP, IPX, AppleTalk,...
IP
Internet
ISAM
VP/VC
VLAN
2/100
10
2/101
20
E-MAN
Network
CPE
CPE
CPE
CPE
CPE
ISP2
ISP1
BAS
In VLAN cross-connect mode one Customer VLAN (C-VLAN) contains only one user port.
Tagged frames supported for cross-connect mode.
*
1 VLAN = 1 VP/VC
MAC-address not used in the forwarding decision
Security
Edge can limit number of PPP sessions per line (VP/VC)
Separation of broadcast traffic per user
Number of MAC-addresses can be limited
enable self-learning on the DSL port
No customer segregation
In the case of cross connect mode, user-identification can be easily done on basis of this VLAN, given there is a VLAN per user or DSL-line (even per ATM PVC). This user-identification feature should then be available in a device higher up in the network: e.g. in a BAS where these VLANs are “terminated”. So no problem in case of dual MAC addresses, as they are in a different VLAN anyway.
No user to user communication within ISAM
Note : this requirement is applicable for IB mode, because ASAM, user or subtending ports may be in the same VLAN.
The requirement is fulfilled for cross-connections by construction, as the isolation is achieved by the one to one port assignment (from a network interface to one user, ASAM or subtending port) of the VLANs.
All responsibilities are moved to the IP edge.
*
LT Cross connect mode configurable
C-VLAN cross connect
S-VLAN cross connect
SC-VLAN cross connect
VLAN
x
30
In the upstream direction, the incoming user port without the MAC DA is sufficient for the 7302 ISAM to identify the outgoing upstream port and the C-VLAN tag. This C-VLAN is the port-based default VLAN configured for this user port.
In the downstream direction, only the C-VLAN (without the MAC DA) is sufficient for the 7302 ISAM to identify the outgoing user port.
A particular VLAN ID can be configured only once:
on any of the user ports in the 7302 ISAM.
*
Scalability issue:
Switches learn all MAC-addresses of all end-users
IP edge learns all MAC-address<->IP-address of all end-users in ARP table
ISAM-1
ISAM-2
IP1
MAC1
IP2
MAC2
IP3
MAC3
IP101
MAC101
IP102
MAC102
IP103
MAC103
IP201
MAC201
IP202
MAC202
IP203
MAC203
BR
Scalabality issue is solved by VLAN stacking:
Customer VLAN : C-VLAN
SC-VLAN cross connect
*
VLAN 333 is sent untagged towards CPE
Untagged frames are tagged with pvid (e.g. 333)
Unknown VLAN IDs for that port are discarded
VLAN 333
VLAN 444
VLAN 555
*
Stack type: S-VLANs
User is allowed to send tagged traffic (even S-tags!)
We ignore the C-VLAN ID:
untagged means here: no S-tag present (C-tag can be present, though!)
single-tagged means: S-tag present (and maybe also C-tag)
S-VLAN 400 - pvid
S-VLAN cross-connect (C-VLAN transparency) is interesting for business users. It can offer a VPN-like service.
e.g. tag 400 used between business sites 1 and 2 and tag 401 used between sites 1 and 3 etc.
*
Create and deploy “Stacking VLAN” (from the AWS or CLI)
Unknown C-VLAN IDs for a bridge port are discarded
C-VLAN ID is unique within S-VLAN
Multiple bridge ports can share the same S-VLAN
c
#1
c
#2
#3
c
#4
s
c
#2
s
c
#1
s
c
#4
S-VLAN
Ethernet
SC-VLAN cross-connect can be interesting for both business and residential users.
SC-VLAN cross-connect is a dual tag mode (you configure the system settings for VLAN on the ISAM to dual tag and all VLAN associations use dual tags).
With SC-VLAN cross-connect, the same S-tags can be used for different C-tags. Likewise, a C-tag can be reused in combination with different S-tags.
E.g. the stacking VLAN can identify an ISAM and the C-VLAN is unique on that ISAM (e.g. each user gets a C-VLAN id that reflects the position of the port in the ISAM VLAN 101 = LT 1 port 1; VLAN 1648 = LT16 port 48) Make sure that those VLAN-ids don’t occur for a residential bridge or layer 2-terminated VLAN on the same ISAM! In that case it will not be possible to reuse the VLAN-id.
On the service hub, only the outer tag is considered.
S-VLAN 502
Voice / Untagged / PVC = 8/36
HSI / Untagged / PVC = 8/37
Voice / Untagged / PVC = 8/36
HSI / Untagged / PVC = 8/37
Upstream: map PVC with VLAN + p-bit
Downstream: Select PVC according to p-bit value
Applicable for all cross connect modes
VLAN 444
VLAN 333
The QoS-aware VLAN cross-connect adds the possibility to support PVC-bundles as subscriber interfaces.
When transferring packets without cell interleaving, small real-time packets (for example, voice) might suffer some high jitter due to the high serialization delay on slow DSL links caused by transmitting long packets. These DSL links have an ATM layer, which is a transport mechanism on top of DSL that allows cell interleaving between PVCs. At the same time, you do not want to extend this local issue through the complete network. Consequently, for highly QoS sensitive traffic, one might require to set up several PVCs and associate each PVC with a given traffic priority, identified by the priority bits (p-bits) associated with the VLAN tag. One ends up with extending the VLAN cross-connect concept by associating each PVC with one or two VLAN IDs and a p-bits value.
In the downstream direction, the NE selects the PVC according to the p-bits value (that is, the QoS classification will be based on the p-bits contained in the C-VLAN). This means the p-bits are considered in the forwarding decision depending on the p-bit value, the traffic will be sent to a certain bridge port.
In the upstream direction, the NE assigns p-bits as a function of the PVC the frames originate from (that is, in case the subsciber sends single-tagged frames and the second tag (for the S-VLAN) is added, the p-bits received from the user are copied into the S-VLAN p-bits. Thus, the original p-bits from the C-VLAN sent by the user and stacked in NE do not change.
The QoS-aware VLAN cross-connect mode only applies to ATM-based access technologies such as ADSL. It does not apply to EFM technology.
*
VLAN 333
VLAN 444
Support for “residential bridge” alike features:
DHCP option 82
PPPoE Relay tag
The protocol-aware VLAN cross-connect mode has the following features:
xDSL interfaces types:
Bridged encapsulation carrying both PPPoE and IPoE traffic
PPPoA with the required interworking to convert the traffic to PPPoE
IPoA with the required interworking to convert the traffic to IPoE
Encapsulation auto-detection
Subscriber identification:
A single (C-VLAN) or a stacked (S-VLAN/C-VLAN) VLAN tag towards the network is associated with either a PVC (in the case of ATM) or a DSL port (in the case of EFM)
Optional addition of the PPPoE relay tag in the PPPoE control messages
Optional addition of the DHCP Option 82 in the DHCP messages
No MAC address or IP address anti-spoofing since the scope of these addresses remain limited within the protocol-aware cross-connect mode. The IP edge router or the BRAS must keep the freedom of allocating them as they want. This control will typically be performed centrally.
Policing per PVC (ATM) or DSL line (EFM)
*
VLAN 333
VLAN 444
Ethernet
*
Why VLAN translation ?
In case a separate VLAN needs to be used to identify a service, emulating the PVC (EFM, VDSL) we can decouple the subsciber interface from the forwarding interface so that the user side vlan can be the same for all users even in case of 1:1 forwarders like the Cross-connect model.
This is made possible by defining 2 vlans on a bridge port :
a network vlan and a subscriber (user) VLAN.
Note: it even goes further also in case of higher layer forwarding models (IP aware bridging, routing… there can be a subscriber vlan! In that case there;s no network vlan associated to the subscriber vlan (see further)
If both are different this means that VLAN translation (substitution) will take place.
Alcatel-Lucent University Antwerp
Select bridge port
No VLAN service deployment needed
VLAN creation at VLAN association
Add port to SC-VLAN CC
Deploy stacking S-VLAN first
Residential Bridge VLAN
Cross Connect VLAN
QOS aware VLAN
When you create a C-VLAN or S-VLAN CC, the VLAN is created on the fly.
When you want to associate a SC-VLAN CC to a port, the S-VLAN needs to be deployed to the ISAM already (similar to IB-VLAN association).
91.bin
Select bridge port
No VLAN service deployment needed
VLAN creation at VLAN association
Add port to SC-VLAN CC
Deploy stacking S-VLAN first
System mode : Cross-connect
VLAN Create
CC-vlan properties
In the example above the stack type was unstacked C-VLAN. In that case you simply have to enter a C-VLAN id and and a VLAN name. There’s no stacking VLAN.
You can also specify some protocol aware settings (for PPPoE and DHCP). In that case you create a protocol-aware cross-connection.
93.bin
94.bin
Association TAB :
ANEL
USM
Service
Definition
Create
Creating an S-VLAN
After creation, the VLAN service template needs to be deployed to the target ISAM before the associated SVLAN can be used for the Stacked cross-connect mode.
95.bin
Activate VLAN translation
Create
If you want to configure a stacked C-VLAN association (S/C-VLAN cross-connect), you need to select VLAN translation. Only then the stack type can be stacked!
*
Stacking S-VLAN
CC-vlan properties
*
Fill in the Subscriber VLAN
If the Subscriber VLAN is different from the C-VLAN in the Network VLAN then C-VLAN translation is done.
The upstream tagged frames will first get a C-tag substitution ( as configured in the Network Vlan ), followed by adding an S-tag
*
*
ASAM Core: Create VLAN in CC mode
Aggregation function
Create vlan on service hub and add egress ports
configure vlan shub id <C-VID> mode cross-connect
egress port LT:1/1/…
C-VLAN CC-association on bridge port:
Configure bridge port 1/1/./….. vlan id <C-VID>
pvid <C-VID>
Service hub:
Optional parameters
Optional parameters:
[no] vlan-scope: local ( used for vlan translation where related vid is subscriber vlan )
default = network ( no vlan translation )
no] pvid : default vlan id for untagged frames
default = stacked:0:4097 ( = no pvid )
default = 0
[no] max-unicast-mac : max unicast mac addresses
default = 1
default = untagged
Create vlan on service hub and add egress ports
configure vlan shub id <S-VID> mode cross-connect
egress port LT:1/1/…
configure vlan id stacked:<S-VID>:0 mode cross-connect name <name>
C-VLAN CC-association on bridge port:
Configure bridge port 1/1/./….. vlan id stacked:<S-VID>:0
pvid stacked:<S-VID>:0
*
Create stacking vlan on service hub and add egress ports
configure vlan shub id <S-VID> mode layer2-terminated
egress port LT:1/1/[…]
configure vlan id stacked:<S-VID>:0 mode layer2-terminated
Create cross-connect vlan on ASAM-core :
configure vlan id stacked:<S-VID>:<C-VID> mode cross-connect name <name>
C-VLAN CC-association on bridge port:
for all releases:
pvid stacked:<S-VID>:<C-VID>
or – from R3.3 only:
Configure bridge port X vlan id < subscriber C-VID> scope local
network-vlan stacked:<S-VID>:<network C-VID>
pvid < subscriber C-VID>
*
Cross-connect with vlan-translation (ASAM-CORE) via CLI
Besides creation of vlan(s) (cfr network-vlan) as described in former slides, the vlan-association is as follows :
For C-VLAN CC :
network-vlan <network-C-VID>
pvid <subscr-C-VID>
network-vlan <network-S-VID>
pvid <subscr-S-VID>
network-vlan stacked:<S-VID>:<C-VID>
pvid <subscr-C-VID>
the subscriber vlan is the one used by the subscriber to tag frames, and is created on the fly
For C-VLAN cross-connect:
Configure bridge port X pvid <subscr-C-VID>
For S-VLAN cross-connect:
Configure bridge port X pvid <subscr-S-VID>
For S/C-VLAN cross-connect (stacked VLAN cross-connect):
Configure bridge port X vlan id <subscr-C-VID> vlan-scope local
Configure bridge port X vlan id <subscr-C-VID> network-vlan stacked:<S-VID>:<C-VID>
Configure bridge port X pvid <subscr-C-VID>
*
on ASAM-CORE:
all bridge ports connected to C- vlan
Show vlan bridge-port-fdb < bridge port id >
all MAC-addresses learned or configured on that port
Show vlan fdb <VLAN ID>
all MAC -adresses learned on all ports of that vlan
Show vlan shub-vlan-port-map <vlan id>
all the VLANS to which that port is mapped
Similar commands available on shub: show vlan shub ...
*
Delete a VLAN
You can’t delete a VLAN that has ports attached it
And you can’t delete the VLAN-association with VLAN-id = PVID
Delete VLAN on ASAM-CORE
Delete VLAN on SHUB
configure VLAN shub no id <VID>
Before you can delete a VLAN, you need to be certain that there are no member ports to this VLAN anymore:
Example for logical user port:
configure bridge port 1/1/4/1:8:35 no vlan-id 150
Example on service hub:
Configure vlan shub id 150 no egress-port network:2
Configure vlan shub id 150 no egress-port lt:1/1/4
You can’t delete the VLAN if the VLAN-id = PVID. You have to delete the pvid first.
E.g. configure bridge port 1/1/4/1:8:35 no pvid
Alcatel-Lucent University Antwerp
*
Exercises
VLAN setup and end-user setup
 
What is the forwarding mode of VLAN 333 (cross-connect, bridged, …)? Check with AWS and CLI .
What are the ports assigned to VLAN 333 on the ASAM-CORE and on the service hub . Explain what you see.
*