802.1Q Tunneling
| A carrier can use four methods to transport your Ethernet frames between MAN sites:
Access links and 802.1Q were discussed previously. The access link method is equivalent to TLS and is typically implemented using SONET. One problem with access link connections is that they don't scale: The service provider is limited to 4,096 801.1Q VLANs on his trunk, which limits the number of customers it can support. Another problem with access links is that it becomes more difficult for a service provider to manage as you continually add MAN connections. The more connections you have, the more impact they will have on the provider's network. Your connected switches flood broadcasts and multicasts into the carrier's network. And because the carrier typically uses SONET, it becomes difficult for the carrier to implement service level agreements and traffic policing. The 802.1Q method is equivalent to DVS. As a service provider MAN transport method, 802.1Q actually provides many advantages. First, it is cost-effective and can easily be integrated into an existing network. Because connectivity within a customer is done within a VLAN or VLANs, it is easy to set up either point-to-point or multipoint connections: The carrier's 802.1Q switches perform like normal Ethernet switches. The main problem with 802.1Q is the limited number of VLANs that the provider can support: 4,096. The 802.1Q method is also more difficult for the provider to implement: The provider has to know which VLAN numbers you're using (or it assigns them to you) and must then configure its trucks to restrict your traffic to just these VLANs. If you need more VLANs, the provider must manually change its configuration for your trunk connections. Therefore, VLANs are not transparent: A service provider really doesn't want to deal with your VLANs just the connections between your sites. Because your traffic, as well as other customers' traffic, is using the same trunking infrastructure inside the provider's networks, problems that other customers create (such as broadcast storms) could indirectly affect your bandwidth throughput. The remainder of this section discusses the third method, Q-in-Q, and the last part of the chapter briefly discuses EoMPLS tunneling. OverviewBefore I begin discussing the Q-in-Q transport method, I'd like to quickly refresh you on some important aspects of 802.1Q itself because Q-in-Q solely relies on 802.1Q for transporting your information across the MAN. Recall from Chapter 3, "VLANs, Trunks, and VTP," that 802.1Q is a trunking mechanism. For trunk connections, there are two types of frames: tagged and untagged. Untagged frames are associated with the native VLAN. These frames are unmodified Ethernet frames. Tagged frames carry VLAN information in them and have a 4-byte tag inserted into them. Given these supported framing types, 802.1Q and normal Ethernet devices can coexist on the same segment. For tagged trunk connections, 802.1Q inserts a 4-byte value between the source MAC address and the length or type field of the Ethernet frame. This 4-byte value contains two components: a 2-byte TPID field and a 2-byte TCI field. The TCI field's first 3 bits are used to assign a priority (802.1P), the next bit is a canonical form indicator, and the last 12 bits are for VLAN identifiers (4,096 VLANs can be specified here). When inserting this 4-byte value, the length of the frame is extended to a maximum of 1522 bytes. And because the frame is modified, 802.1Q devices will recompute the FCS (checksum) value at the end of the frame. 802.1Q actually specifies much more than just the frame encapsulation. It also includes the General Attribute Registration Protocol (GARP), 801.1P QoS tagging, and STP enhancements.
Tag Stacking: Q-in-Q TunnelingQ-in-Q tunneling is commonly referred to as tag stacking. When you send tagged VLAN traffic into a service provider's network, the service provider's switches add their own VLAN tag to isolate your traffic from other customers' traffic. This is accomplished by inserting another 802.1Q tag (the service provider's) into your 802.1Q tagged frame. The link between the customer device and the service provider edge switch is called an asymmetric link because one end is a trunk port (your end) and the other is a tunnel port (the provider's end). Actually, all of your traffic can be tagged, including STP BPDUs and CDP frames, making the service provider's network appear completely transparent. The Generic Bridge PDU Tunneling (GBPT) solution allows the tunneling of protocol data units through a service provider cloud. Note that this requires the service provider to enable this feature. The advantage of this approach is that you can have your own VLAN numbering scheme that is transparent to the service provider, who can be using the same numbers. The one downside of tag stacking is that the originator of the original frame is hidden from the service provider because the provider doesn't examine your tagged information.
Encapsulation ProcessLet's look at the encapsulation process used in tag stacking. I'll use Figure 11.5 as an example. At the top of the figure is the user's original Ethernet frame. When this frame hits your switched network and traverses your internal 802.1Q trunks, it is tagged with your personal VLAN information, as shown in the middle part of the figure. Figure 11.5. Tag stacking process.
When this frame traverses an 802.1Q trunk and is received by the provider, the provider inserts its own tag before yours and recomputes a new FCS. This is shown in the bottom part of Figure 11.5. This tag includes both a TPID and TCI 4-byte field, as described in Chapter 3. At this point, the frame has two tags: the provider's and your own. The service provider uses its tag to make switching decisions inside its network. Before the frame leaves the provider's network, the provider strips off its tag and recomputes the FCS value. When your remote network receives this frame, it appears as it did when it left the other side of your network. STPAs I mentioned in the "Tag Stacking: Q-in-Q Tunneling" section, Q-in-Q tunnels STP BPDUs. This is important for networks like the one shown in Figure 11.6. In this example, two networks are connected via 802.1Q trunks, and are transparently connected via Q-in-Q. The provider's network is transparent, so from the network's perspective, it appears that Switch1 and Switch4 are on the same segment. Figure 11.6. Tag stacking and STP.
As I mentioned earlier, you have two choices with STP: have the provider tunnel your CDP and BPDUs between sites or have the provider drop these frames. If you choose the former case, one switch in this network is chosen as the root. Based on the root, accumulated path costs, and priorities, a single loop-free topology is created. However, STP never guarantees a loop-free topology. So, the topology that STP comes up with might be optimal for one site but not another. Therefore, you'll have to spend a lot of time tuning STP to optimize it. Your other choice is to have the provider drop BPDU and CDP frames. In this instance, each site is its own STP island, with its own root and its own STP topology. Using this approach, it becomes much easier to tune STP on a site-by-site basis. Care must be taken in this example if you have a partially meshed design in the MAN. For instance, you might have three sites connected together: sites 1, 2, and 3. Site 1 is connected to site 2, site 2 is connected to site 3, and site 3 is connected to site 1. In this situation, there is a Layer 2 loop within the provider's network. If you have this type of design, you must enable BPDUs across the provider's network to detect and remove loops from your own infrastructure. Otherwise, you'll create a broadcast storm between your sites and wasting bandwidth. STP issues can become complicated when using Q-in-Q. Let's look at another example by examining Figure 11.7. Let's assume that these are three separate companies, where Switches 1, 2, and 3 are in one company, Switches 4, 5, and 6 are in a second company, and Switches 7, 8, and 9 are in a third company. Figure 11.7. Service provider connections and STP.
In the first company, there are redundant links to the carrier via Switch 1 and Switch 3, where a loop is formed between Switch 1, 3, and the provider's switch (SP Switch 1). You have to remember that the provider's switches will not participate in your STP process they either drop your BPDUs or tunnel them. If the provider drops the frames, you have a Layer 2 loop that STP will not detect. If the carrier tunnels the frames, Switch 1 and Switch 3 will see two connections to themselves, and either use the direct connection or disable one of the provider connections. If you want to use both connections, you might want to consider using an EtherChannel between you and the provider, as shown with Switch 7 in Figure 11.7. This increases your bandwidth, but its main disadvantage is a single point of failure: both with your switch and the provider's switch. I already talked about dual-homing your location to the MAN in the last paragraph, so let's discuss your second option: having your switch connected to two different provider switches, as shown by Switch 4 in Figure 11.7. If the provider is dropping your BPDUs, you've created a loop from Switch 4 to itself. And if you have the provider tunnel STP information, the switch will see that it has a connection, via the provider, that appears to be connected back to itself on a different port. In this situation, STP will disable one of the two ports to the carrier. As you can see from these examples, dealing with STP in a MAN is not a simple task. Q-in-Q Versus 802.1QQ-in-Q has many advantages and disadvantages, just like any network solution. Its advantages include
The disadvantages of Q-in-Q include the following:
|
EAN: 2147483647
Pages: 171