Network Working Group M. Lasserre, Ed. Request for Comments: 4762 V. Kompella, Ed. Category: Standards Track Alcatel-Lucent January 2007
Network Working Group M. Lasserre, Ed. Request for Comments: 4762 V. Kompella, Ed. Category: Standards Track Alcatel-Lucent January 2007
Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling
使用标签分发协议(LDP)信令的虚拟专用LAN服务(VPLS)
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The IETF Trust (2007).
版权所有(C)IETF信托基金(2007年)。
IESG Note
IESG注释
The L2VPN Working Group produced two separate documents, RFC 4761 and this document, that perform similar functions using different signaling protocols. Be aware that each method is commonly referred to as "VPLS" even though they are distinct and incompatible with one another.
L2VPN工作组编制了两份单独的文件RFC 4761和本文件,它们使用不同的信令协议执行类似的功能。请注意,每个方法通常被称为“VPL”,即使它们彼此不同且不兼容。
Abstract
摘要
This document describes a Virtual Private LAN Service (VPLS) solution using pseudowires, a service previously implemented over other tunneling technologies and known as Transparent LAN Services (TLS). A VPLS creates an emulated LAN segment for a given set of users; i.e., it creates a Layer 2 broadcast domain that is fully capable of learning and forwarding on Ethernet MAC addresses and that is closed to a given set of users. Multiple VPLS services can be supported from a single Provider Edge (PE) node.
本文档描述了一个使用伪线的虚拟专用LAN服务(VPLS)解决方案,该服务以前通过其他隧道技术实现,称为透明LAN服务(TLS)。VPLS为给定的一组用户创建模拟LAN段;i、 例如,它创建了一个第2层广播域,该域完全能够学习和转发以太网MAC地址,并且对给定的一组用户关闭。单个提供商边缘(PE)节点可以支持多个VPLS服务。
This document describes the control plane functions of signaling pseudowire labels using Label Distribution Protocol (LDP), extending RFC 4447. It is agnostic to discovery protocols. The data plane functions of forwarding are also described, focusing in particular on the learning of MAC addresses. The encapsulation of VPLS packets is described by RFC 4448.
本文档描述了使用标签分发协议(LDP)发送伪线标签的控制平面功能,扩展了RFC 4447。发现协议是不可知的。还描述了转发的数据平面功能,特别关注MAC地址的学习。RFC 4448描述了VPLS数据包的封装。
Table of Contents
目录
1. Introduction ....................................................3 2. Terminology .....................................................3 2.1. Conventions ................................................4 3. Acronyms ........................................................4 4. Topological Model for VPLS ......................................5 4.1. Flooding and Forwarding ....................................6 4.2. Address Learning ...........................................6 4.3. Tunnel Topology ............................................7 4.4. Loop free VPLS .............................................7 5. Discovery .......................................................7 6. Control Plane ...................................................7 6.1. LDP-Based Signaling of Demultiplexers ......................8 6.1.1. Using the Generalized PWid FEC Element ..............8 6.2. MAC Address Withdrawal .....................................9 6.2.1. MAC List TLV ........................................9 6.2.2. Address Withdraw Message Containing MAC List TLV ...11 7. Data Forwarding on an Ethernet PW ..............................11 7.1. VPLS Encapsulation Actions ................................11 7.2. VPLS Learning Actions .....................................12 8. Data Forwarding on an Ethernet VLAN PW .........................13 8.1. VPLS Encapsulation Actions ................................13 9. Operation of a VPLS ............................................14 9.1. MAC Address Aging .........................................15 10. A Hierarchical VPLS Model .....................................16 10.1. Hierarchical Connectivity ................................16 10.1.1. Spoke Connectivity for Bridging-Capable Devices ...17 10.1.2. Advantages of Spoke Connectivity ..................18 10.1.3. Spoke Connectivity for Non-Bridging Devices .......19 10.2. Redundant Spoke Connections ..............................21 10.2.1. Dual-Homed MTU-s ..................................21 10.2.2. Failure Detection and Recovery ....................22 10.3. Multi-domain VPLS Service ................................23 11. Hierarchical VPLS Model Using Ethernet Access Network .........23 11.1. Scalability ..............................................24 11.2. Dual Homing and Failure Recovery .........................24 12. Contributors ..................................................25 13. Acknowledgements ..............................................25 14. Security Considerations .......................................26 15. IANA Considerations ...........................................26 16. References ....................................................27 16.1. Normative References .....................................27 16.2. Informative References ...................................27 Appendix A. VPLS Signaling using the PWid FEC Element .............29
1. Introduction ....................................................3 2. Terminology .....................................................3 2.1. Conventions ................................................4 3. Acronyms ........................................................4 4. Topological Model for VPLS ......................................5 4.1. Flooding and Forwarding ....................................6 4.2. Address Learning ...........................................6 4.3. Tunnel Topology ............................................7 4.4. Loop free VPLS .............................................7 5. Discovery .......................................................7 6. Control Plane ...................................................7 6.1. LDP-Based Signaling of Demultiplexers ......................8 6.1.1. Using the Generalized PWid FEC Element ..............8 6.2. MAC Address Withdrawal .....................................9 6.2.1. MAC List TLV ........................................9 6.2.2. Address Withdraw Message Containing MAC List TLV ...11 7. Data Forwarding on an Ethernet PW ..............................11 7.1. VPLS Encapsulation Actions ................................11 7.2. VPLS Learning Actions .....................................12 8. Data Forwarding on an Ethernet VLAN PW .........................13 8.1. VPLS Encapsulation Actions ................................13 9. Operation of a VPLS ............................................14 9.1. MAC Address Aging .........................................15 10. A Hierarchical VPLS Model .....................................16 10.1. Hierarchical Connectivity ................................16 10.1.1. Spoke Connectivity for Bridging-Capable Devices ...17 10.1.2. Advantages of Spoke Connectivity ..................18 10.1.3. Spoke Connectivity for Non-Bridging Devices .......19 10.2. Redundant Spoke Connections ..............................21 10.2.1. Dual-Homed MTU-s ..................................21 10.2.2. Failure Detection and Recovery ....................22 10.3. Multi-domain VPLS Service ................................23 11. Hierarchical VPLS Model Using Ethernet Access Network .........23 11.1. Scalability ..............................................24 11.2. Dual Homing and Failure Recovery .........................24 12. Contributors ..................................................25 13. Acknowledgements ..............................................25 14. Security Considerations .......................................26 15. IANA Considerations ...........................................26 16. References ....................................................27 16.1. Normative References .....................................27 16.2. Informative References ...................................27 Appendix A. VPLS Signaling using the PWid FEC Element .............29
Ethernet has become the predominant technology for Local Area Network (LAN) connectivity and is gaining acceptance as an access technology, specifically in Metropolitan and Wide Area Networks (MAN and WAN, respectively). The primary motivation behind Virtual Private LAN Services (VPLS) is to provide connectivity between geographically dispersed customer sites across MANs and WANs, as if they were connected using a LAN. The intended application for the end-user can be divided into the following two categories:
以太网已成为局域网(LAN)连接的主要技术,并正在作为一种接入技术获得认可,特别是在城域网和广域网(分别为MAN和WAN)中。虚拟专用LAN服务(VPLS)背后的主要动机是提供跨MAN和WAN的地理位置分散的客户站点之间的连接,就像它们使用LAN连接一样。最终用户的预期应用可分为以下两类:
- Connectivity between customer routers: LAN routing application
- 客户路由器之间的连接:LAN路由应用程序
- Connectivity between customer Ethernet switches: LAN switching application
- 客户以太网交换机之间的连接:LAN交换应用
Broadcast and multicast services are available over traditional LANs. Sites that belong to the same broadcast domain and that are connected via an MPLS network expect broadcast, multicast, and unicast traffic to be forwarded to the proper location(s). This requires MAC address learning/aging on a per-pseudowire basis, and packet replication across pseudowires for multicast/broadcast traffic and for flooding of unknown unicast destination traffic.
广播和多播服务在传统局域网上可用。属于同一广播域且通过MPLS网络连接的站点期望广播、多播和单播流量被转发到适当的位置。这需要基于每条伪线的MAC地址学习/老化,以及针对多播/广播流量和未知单播目的地流量的泛洪跨伪线的数据包复制。
[RFC4448] defines how to carry Layer 2 (L2) frames over point-to-point pseudowires (PW). This document describes extensions to [RFC4447] for transporting Ethernet/802.3 and VLAN [802.1Q] traffic across multiple sites that belong to the same L2 broadcast domain or VPLS. Note that the same model can be applied to other 802.1 technologies. It describes a simple and scalable way to offer Virtual LAN services, including the appropriate flooding of broadcast, multicast, and unknown unicast destination traffic over MPLS, without the need for address resolution servers or other external servers, as discussed in [L2VPN-REQ].
[RFC4448]定义了如何在点到点伪线(PW)上传输第2层(L2)帧。本文档描述了[RFC4447]的扩展,用于跨属于同一L2广播域或VPL的多个站点传输以太网/802.3和VLAN[802.1Q]流量。请注意,相同的模型可应用于其他802.1技术。它描述了一种提供虚拟LAN服务的简单且可扩展的方法,包括通过MPLS适当地淹没广播、多播和未知单播目的地流量,而无需地址解析服务器或其他外部服务器,如[L2VPN-REQ]中所述。
The following discussion applies to devices that are VPLS capable and have a means of tunneling labeled packets amongst each other. The resulting set of interconnected devices forms a private MPLS VPN.
以下讨论适用于支持VPL且具有在彼此之间隧道标记数据包的方法的设备。由此产生的一组互连设备形成一个专用MPLS VPN。
Q-in-Q 802.1ad Provider Bridge extensions also known as stackable VLANs or Q-in-Q.
Q-in-Q 802.1ad提供程序网桥扩展也称为可堆叠VLAN或Q-in-Q。
Qualified learning Learning mode in which each customer VLAN is mapped to its own VPLS instance.
合格的学习模式,其中每个客户VLAN映射到其自己的VPLS实例。
Service delimiter Information used to identify a specific customer service instance. This is typically encoded in the encapsulation header of customer frames (e.g., VLAN Id).
用于标识特定客户服务实例的服务分隔符信息。这通常编码在客户帧的封装头中(例如,VLAN Id)。
Tagged frame Frame with an 802.1Q VLAN identifier.
使用802.1Q VLAN标识符标记帧。
Unqualified learning Learning mode where all the VLANs of a single customer are mapped to a single VPLS.
不合格学习模式,其中单个客户的所有VLAN映射到单个VPL。
Untagged frame Frame without an 802.1Q VLAN identifier.
不带802.1Q VLAN标识符的未标记帧。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。
AC Attachment Circuit
交流连接电路
BPDU Bridge Protocol Data Unit
桥接协议数据单元
CE Customer Edge device
客户边缘设备
FEC Forwarding Equivalence Class
转发等价类
FIB Forwarding Information Base
FIB转发信息库
GRE Generic Routing Encapsulation
通用路由封装
IPsec IP security
IPsec IP安全
L2TP Layer Two Tunneling Protocol
L2TP第二层隧道协议
LAN Local Area Network
局域网
LDP Label Distribution Protocol
LDP标签分发协议
MTU-s Multi-Tenant Unit switch
MTU-s多租户单元交换机
PE Provider Edge device
PE提供程序边缘设备
PW Pseudowire
伪线
STP Spanning Tree Protocol
生成树协议
VLAN Virtual LAN
虚拟局域网
VLAN tag VLAN Identifier
VLAN标记VLAN标识符
An interface participating in a VPLS must be able to flood, forward, and filter Ethernet frames. Figure 1, below, shows the topological model of a VPLS. The set of PE devices interconnected via PWs appears as a single emulated LAN to customer X. Each PE will form remote MAC address to PW associations and associate directly attached MAC addresses to local customer facing ports. This is modeled on standard IEEE 802.1 MAC address learning.
参与VPLS的接口必须能够泛洪、转发和过滤以太网帧。下图1显示了VPLS的拓扑模型。通过PWs互连的PE设备集显示为单个模拟LAN到客户X。每个PE将形成远程MAC地址到PW关联,并将直接连接的MAC地址与面向客户的本地端口关联。这是以标准IEEE 802.1 MAC地址学习为模型的。
+-----+ +-----+ | CE1 +---+ ........................... +---| CE2 | +-----+ | . . | +-----+ Site 1 | +----+ +----+ | Site 2 +---| PE | Cloud | PE |---+ +----+ +----+ . . . +----+ . ..........| PE |........... +----+ ^ | | | +-- Emulated LAN +-----+ | CE3 | +-----+ Site 3
+-----+ +-----+ | CE1 +---+ ........................... +---| CE2 | +-----+ | . . | +-----+ Site 1 | +----+ +----+ | Site 2 +---| PE | Cloud | PE |---+ +----+ +----+ . . . +----+ . ..........| PE |........... +----+ ^ | | | +-- Emulated LAN +-----+ | CE3 | +-----+ Site 3
Figure 1: Topological Model of a VPLS for Customer X with three sites
图1:具有三个站点的客户X的VPLS拓扑模型
We note here again that while this document shows specific examples using MPLS transport tunnels, other tunnels that can be used by PWs (as mentioned in [RFC4447]) -- e.g., GRE, L2TP, IPsec -- can also be used, as long as the originating PE can be identified, since this is used in the MAC learning process.
我们在这里再次注意到,虽然本文档显示了使用MPLS传输隧道的具体示例,但PWs可以使用的其他隧道(如[RFC4447]中所述),例如GRE、L2TP、IPsec,只要可以识别原始PE,也可以使用,因为这是在MAC学习过程中使用的。
The scope of the VPLS lies within the PEs in the service provider network, highlighting the fact that apart from customer service delineation, the form of access to a customer site is not relevant to the VPLS [L2VPN-REQ]. In other words, the attachment circuit (AC) connected to the customer could be a physical Ethernet port, a logical (tagged) Ethernet port, an ATM PVC carrying Ethernet frames, etc., or even an Ethernet PW.
VPLS的范围位于服务提供商网络中的PEs内,突出表明除客户服务划分外,访问客户站点的形式与VPLS无关[L2VPN-REQ]。换句话说,连接到客户的连接电路(AC)可以是物理以太网端口、逻辑(标记)以太网端口、承载以太网帧的ATM PVC等,甚至可以是以太网PW。
The PE is typically an edge router capable of running the LDP signaling protocol and/or routing protocols to set up PWs. In addition, it is capable of setting up transport tunnels to other PEs and delivering traffic over PWs.
PE通常是能够运行LDP信令协议和/或路由协议以建立PWs的边缘路由器。此外,它能够建立到其他PEs的运输隧道,并通过PWs传输流量。
One of attributes of an Ethernet service is that frames sent to broadcast addresses and to unknown destination MAC addresses are flooded to all ports. To achieve flooding within the service provider network, all unknown unicast, broadcast and multicast frames are flooded over the corresponding PWs to all PE nodes participating in the VPLS, as well as to all ACs.
以太网服务的一个属性是,发送到广播地址和未知目标MAC地址的帧被淹没到所有端口。为了在服务提供商网络内实现泛洪,所有未知的单播、广播和多播帧通过相应的pw泛洪到参与VPLS的所有PE节点以及所有ac。
Note that multicast frames are a special case and do not necessarily have to be sent to all VPN members. For simplicity, the default approach of broadcasting multicast frames is used.
请注意,多播帧是一种特殊情况,不一定要发送给所有VPN成员。为简单起见,使用了广播多播帧的默认方法。
To forward a frame, a PE MUST be able to associate a destination MAC address with a PW. It is unreasonable and perhaps impossible to require that PEs statically configure an association of every possible destination MAC address with a PW. Therefore, VPLS-capable PEs SHOULD have the capability to dynamically learn MAC addresses on both ACs and PWs and to forward and replicate packets across both ACs and PWs.
要转发帧,PE必须能够将目标MAC地址与PW相关联。要求PEs静态地配置每个可能的目标MAC地址与PW的关联是不合理的,也许是不可能的。因此,支持VPLS的PEs应该能够动态学习ACs和PWs上的MAC地址,并在ACs和PWs之间转发和复制数据包。
Unlike BGP VPNs [RFC4364], reachability information is not advertised and distributed via a control plane. Reachability is obtained by standard learning bridge functions in the data plane.
与BGP VPN[RFC4364]不同,可达性信息不是通过控制平面发布和分发的。可达性是通过数据平面上的标准学习桥函数获得的。
When a packet arrives on a PW, if the source MAC address is unknown, it needs to be associated with the PW, so that outbound packets to that MAC address can be delivered over the associated PW. Likewise, when a packet arrives on an AC, if the source MAC address is unknown, it needs to be associated with the AC, so that outbound packets to that MAC address can be delivered over the associated AC.
当数据包到达PW时,如果源MAC地址未知,则需要将其与PW关联,以便可以通过关联的PW传递到该MAC地址的出站数据包。类似地,当分组到达AC时,如果源MAC地址未知,则需要将其与AC相关联,以便可以通过相关联的AC传送到该MAC地址的出站分组。
Standard learning, filtering, and forwarding actions, as defined in [802.1D-ORIG], [802.1D-REV], and [802.1Q], are required when a PW or AC state changes.
当PW或AC状态发生变化时,需要[802.1D-ORIG]、[802.1D-REV]和[802.1Q]中定义的标准学习、过滤和转发操作。
PE routers are assumed to have the capability to establish transport tunnels. Tunnels are set up between PEs to aggregate traffic. PWs are signaled to demultiplex encapsulated Ethernet frames from multiple VPLS instances that traverse the transport tunnels.
假定PE路由器具有建立传输隧道的能力。在PEs之间设置隧道,以聚集交通。向PW发送信号,以从多个穿越传输隧道的VPLS实例解复用封装的以太网帧。
In an Ethernet L2VPN, it becomes the responsibility of the service provider to create the loop-free topology. For the sake of simplicity, we define that the topology of a VPLS is a full mesh of PWs.
在以太网L2VPN中,创建无环路拓扑成为服务提供商的责任。为了简单起见,我们将VPLS的拓扑定义为PWs的完整网格。
If the topology of the VPLS is not restricted to a full mesh, then it may be that for two PEs not directly connected via PWs, they would have to use an intermediary PE to relay packets. This topology would require the use of some loop-breaking protocol, like a spanning tree protocol.
如果VPLS的拓扑不限于全网,则可能是对于未通过PWs直接连接的两个PE,它们必须使用中间PE来中继数据包。这种拓扑需要使用一些循环中断协议,比如生成树协议。
Instead, a full mesh of PWs is established between PEs. Since every PE is now directly connected to every other PE in the VPLS via a PW, there is no longer any need to relay packets, and we can instantiate a simpler loop-breaking rule: the "split horizon" rule, whereby a PE MUST NOT forward traffic from one PW to another in the same VPLS mesh.
相反,在PEs之间建立完整的PWs网格。由于每个PE现在都通过PW直接连接到VPLS中的每个其他PE,因此不再需要中继数据包,我们可以实例化一个更简单的环路中断规则:“拆分地平线”规则,即PE不得在同一VPLS网格中将流量从一个PW转发到另一个PW。
Note that customers are allowed to run a Spanning Tree Protocol (STP) (e.g., as defined in [802.1D-REV]), such as when a customer has "back door" links used to provide redundancy in the case of a failure within the VPLS. In such a case, STP Bridge PDUs (BPDUs) are simply tunneled through the provider cloud.
请注意,允许客户运行生成树协议(STP)(例如,如[802.1D-REV]中所定义),例如,当客户有“后门”链路用于在VPLS内发生故障时提供冗余。在这种情况下,STP网桥PDU(BPDU)只是通过提供程序云进行隧道传输。
The capability to manually configure the addresses of the remote PEs is REQUIRED. However, the use of manual configuration is not necessary if an auto-discovery procedure is used. A number of auto-discovery procedures are compatible with this document ([RADIUS-DISC], [BGP-DISC]).
需要手动配置远程PEs地址的功能。但是,如果使用自动查找程序,则无需使用手动配置。许多自动查找程序与本文档兼容([RADIUS-DISC]、[BGP-DISC])。
This document describes the control plane functions of signaling of PW labels. Some foundational work in the area of support for multi-homing is laid. The extensions to provide multi-homing support should work independently of the basic VPLS operation, and they are not described here.
本文件描述了PW标签信令的控制平面功能。在支持多归宿方面做了一些基础性工作。提供多归宿支持的扩展应独立于基本VPLS操作工作,此处不作说明。
A full mesh of LDP sessions is used to establish the mesh of PWs. The requirement for a full mesh of PWs may result in a large number of targeted LDP sessions. Section 10 discusses the option of setting up hierarchical topologies in order to minimize the size of the VPLS full mesh.
LDP会话的完整网格用于建立PWs的网格。对PW的完整网格的要求可能导致大量目标LDP会话。第10节讨论了设置分层拓扑以最小化VPLS全网格大小的选项。
Once an LDP session has been formed between two PEs, all PWs between these two PEs are signaled over this session.
在两个PE之间形成LDP会话后,这两个PE之间的所有PW将通过该会话发出信号。
In [RFC4447], two types of FECs are described: the PWid FEC Element (FEC type 128) and the Generalized PWid FEC Element (FEC type 129). The original FEC element used for VPLS was compatible with the PWid FEC Element. The text for signaling using the PWid FEC Element has been moved to Appendix A. What we describe below replaces that with a more generalized L2VPN descriptor, the Generalized PWid FEC Element.
[RFC4447]中描述了两种类型的FEC:PWid FEC元素(FEC类型128)和广义PWid FEC元素(FEC类型129)。用于VPLS的原始FEC元件与PWid FEC元件兼容。使用PWid FEC元素的信令文本已移至附录A。我们下面描述的内容用更通用的L2VPN描述符(通用PWid FEC元素)替换了该文本。
[RFC4447] describes a generalized FEC structure that is be used for VPLS signaling in the following manner. We describe the assignment of the Generalized PWid FEC Element fields in the context of VPLS signaling.
[RFC4447]描述了一种通用FEC结构,该结构以以下方式用于VPLS信令。我们描述了VPLS信令上下文中广义PWid FEC元素字段的分配。
Control bit (C): This bit is used to signal the use of the control word as specified in [RFC4447].
控制位(C):该位用于表示[RFC4447]中规定的控制字的使用。
PW type: The allowed PW types are Ethernet (0x0005) and Ethernet tagged mode (0x004), as specified in [RFC4446].
PW类型:根据[RFC4446]中的规定,允许的PW类型为以太网(0x0005)和以太网标记模式(0x004)。
PW info length: As specified in [RFC4447].
PW信息长度:按照[RFC4447]中的规定。
Attachment Group Identifier (AGI), Length, Value: The unique name of this VPLS. The AGI identifies a type of name, and Length denotes the length of Value, which is the name of the VPLS. We use the term AGI interchangeably with VPLS identifier.
附件组标识符(AGI)、长度、值:此VPL的唯一名称。AGI标识一种类型的名称,Length表示值的长度,即VPL的名称。我们将术语AGI与VPLS标识符互换使用。
Target Attachment Individual Identifier (TAII), Source Attachment Individual Identifier (SAII): These are null because the mesh of PWs in a VPLS terminates on MAC learning tables, rather than on individual attachment circuits. The use of non-null TAII and SAII is reserved for future enhancements.
目标附件个体标识符(TAII)、源附件个体标识符(SAII):这些为空,因为VPLS中PW的网格终止于MAC学习表,而不是单个附件电路。非空TAII和SAII的使用保留用于将来的增强。
Interface Parameters: The relevant interface parameters are:
接口参数:相关接口参数为:
- MTU: The MTU (Maximum Transmission Unit) of the VPLS MUST be the same across all the PWs in the mesh.
- MTU:VPL的MTU(最大传输单位)在网格中的所有PW中必须相同。
- Optional Description String: Same as [RFC4447].
- 可选描述字符串:与[RFC4447]相同。
- Requested VLAN ID: If the PW type is Ethernet tagged mode, this parameter may be used to signal the insertion of the appropriate VLAN ID, as defined in [RFC4448].
- 请求的VLAN ID:如果PW类型为Ethernet tagged mode(以太网标记模式),则此参数可用于发出插入适当VLAN ID的信号,如[RFC4448]中所定义。
It MAY be desirable to remove or unlearn MAC addresses that have been dynamically learned for faster convergence. This is accomplished by sending an LDP Address Withdraw Message with the list of MAC addresses to be removed to all other PEs over the corresponding LDP sessions.
为了更快的收敛,可能需要删除或取消学习已动态学习的MAC地址。这是通过在相应的LDP会话上向所有其他PE发送LDP地址撤回消息,其中包含要删除的MAC地址列表来实现的。
We introduce an optional MAC List TLV in LDP to specify a list of MAC addresses that can be removed or unlearned using the LDP Address Withdraw Message.
我们在LDP中引入一个可选的MAC列表TLV,以指定可以使用LDP地址撤回消息删除或取消学习的MAC地址列表。
The Address Withdraw message with MAC List TLVs MAY be supported in order to expedite removal of MAC addresses as the result of a topology change (e.g., failure of the primary link for a dual-homed VPLS-capable switch).
可能支持带有MAC列表TLV的地址撤销消息,以加快由于拓扑更改(例如,双宿VPLS交换机的主链路故障)而删除MAC地址。
In order to minimize the impact on LDP convergence time, when the MAC list TLV contains a large number of MAC addresses, it may be preferable to send a MAC address withdrawal message with an empty list.
为了最小化对LDP收敛时间的影响,当MAC列表TLV包含大量MAC地址时,可能优选发送具有空列表的MAC地址撤回消息。
MAC addresses to be unlearned can be signaled using an LDP Address Withdraw Message that contains a new TLV, the MAC List TLV. Its format is described below. The encoding of a MAC List TLV address is the 6-octet MAC address specified by IEEE 802 documents [802.1D-ORIG] [802.1D-REV].
可以使用包含新TLV(MAC列表TLV)的LDP地址撤销消息来通知要取消学习的MAC地址。其格式如下所述。MAC列表TLV地址的编码是IEEE 802文档[802.1D-ORIG][802.1D-REV]指定的6个八位MAC地址。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |U|F| Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC address #1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC address #1 | MAC Address #2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC address #2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ ... ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC address #n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC address #n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |U|F| Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC address #1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC address #1 | MAC Address #2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC address #2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ~ ... ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC address #n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MAC address #n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
U bit: Unknown bit. This bit MUST be set to 1. If the MAC address format is not understood, then the TLV is not understood and MUST be ignored.
U位:未知位。此位必须设置为1。如果不理解MAC地址格式,则TLV不理解,必须忽略。
F bit: Forward bit. This bit MUST be set to 0. Since the LDP mechanism used here is targeted, the TLV MUST NOT be forwarded.
F位:正向位。此位必须设置为0。由于此处使用的LDP机制是有针对性的,因此不能转发TLV。
Type: Type field. This field MUST be set to 0x0404. This identifies the TLV type as MAC List TLV.
类型:类型字段。此字段必须设置为0x0404。这将TLV类型标识为MAC列表TLV。
Length: Length field. This field specifies the total length in octets of the MAC addresses in the TLV. The length MUST be a multiple of 6.
长度:长度字段。此字段指定TLV中MAC地址的总长度(以八位字节为单位)。长度必须是6的倍数。
MAC Address: The MAC address(es) being removed.
MAC地址:正在删除的MAC地址。
The MAC Address Withdraw Message contains a FEC TLV (to identify the VPLS affected), a MAC Address TLV, and optional parameters. No optional parameters have been defined for the MAC Address Withdraw signaling. Note that if a PE receives a MAC Address Withdraw Message and does not understand it, it MUST ignore the message. In this case, instead of flushing its MAC address table, it will continue to use stale information, unless:
MAC地址撤销消息包含FEC TLV(用于识别受影响的VPL)、MAC地址TLV和可选参数。没有为MAC地址撤回信令定义可选参数。请注意,如果PE接收到MAC地址撤销消息且不理解该消息,则必须忽略该消息。在这种情况下,它将继续使用过时信息,而不是刷新其MAC地址表,除非:
- it receives a packet with a known MAC address association, but from a different PW, in which case it replaces the old association; or
- 它接收具有已知MAC地址关联的数据包,但来自不同的PW,在这种情况下,它将替换旧关联;或
- it ages out the old association.
- 它使旧的联想过时了。
The MAC Address Withdraw message only helps speed up convergence, so PEs that do not understand the message can continue to participate in the VPLS.
MAC地址撤回消息仅有助于加快收敛速度,因此不理解该消息的PE可以继续参与VPL。
The processing for MAC List TLV received in an Address Withdraw Message is:
地址撤回消息中接收到的MAC列表TLV的处理为:
For each MAC address in the TLV:
对于TLV中的每个MAC地址:
- Remove the association between the MAC address and the AC or PW over which this message is received.
- 删除MAC地址与接收此消息的AC或PW之间的关联。
For a MAC Address Withdraw message with empty list:
对于具有空列表的MAC地址撤销消息:
- Remove all the MAC addresses associated with the VPLS instance (specified by the FEC TLV) except the MAC addresses learned over the PW associated with this signaling session over which the message was received.
- 删除与VPLS实例(由FEC TLV指定)关联的所有MAC地址,但通过与接收消息的该信令会话关联的PW学习的MAC地址除外。
The scope of a MAC List TLV is the VPLS specified in the FEC TLV in the MAC Address Withdraw Message. The number of MAC addresses can be deduced from the length field in the TLV.
MAC列表TLV的范围是MAC地址撤回消息中FEC TLV中指定的VPL。MAC地址的数量可以从TLV中的长度字段中推断出来。
This section describes the data plane behavior on an Ethernet PW used in a VPLS. While the encapsulation is similar to that described in [RFC4448], the functions of stripping the service-delimiting tag and using a "normalized" Ethernet frame are described.
本节描述VPLS中使用的以太网PW上的数据平面行为。虽然封装类似于[RFC4448]中描述的封装,但描述了剥离服务定界标签和使用“规范化”以太网帧的功能。
In a VPLS, a customer Ethernet frame without preamble is encapsulated with a header as defined in [RFC4448]. A customer Ethernet frame is defined as follows:
在VPLS中,无前导的客户以太网帧用[RFC4448]中定义的报头进行封装。客户以太网帧定义如下:
- If the frame, as it arrives at the PE, has an encapsulation that is used by the local PE as a service delimiter, i.e., to identify the customer and/or the particular service of that customer, then that encapsulation may be stripped before the frame is sent into the VPLS. As the frame exits the VPLS, the frame may have a service-delimiting encapsulation inserted.
- 如果帧在到达PE时具有被本地PE用作服务定界符的封装,即,用于标识客户和/或该客户的特定服务,则可在将帧发送到VPLS之前剥离该封装。当帧退出VPLS时,该帧可以插入服务定界封装。
- If the frame, as it arrives at the PE, has an encapsulation that is not service delimiting, then it is a customer frame whose encapsulation should not be modified by the VPLS. This covers, for example, a frame that carries customer-specific VLAN tags that the service provider neither knows about nor wants to modify.
- 如果帧在到达PE时具有非服务定界的封装,则它是一个客户帧,其封装不应由VPLS修改。例如,这包括一个框架,该框架承载服务提供商既不知道也不想修改的特定于客户的VLAN标记。
As an application of these rules, a customer frame may arrive at a customer-facing port with a VLAN tag that identifies the customer's VPLS instance. That tag would be stripped before it is encapsulated in the VPLS. At egress, the frame may be tagged again, if a service-delimiting tag is used, or it may be untagged if none is used.
作为这些规则的一个应用,客户帧可能到达一个面向客户的端口,该端口带有一个VLAN标记,标识客户的VPLS实例。该标签在封装到VPLS中之前将被剥离。在出口处,如果使用了服务定界标记,则可以再次标记帧,或者如果没有使用,则可以取消标记帧。
Likewise, if a customer frame arrives at a customer-facing port over an ATM or Frame Relay VC that identifies the customer's VPLS instance, then the ATM or FR encapsulation is removed before the frame is passed into the VPLS.
同样,如果客户帧通过识别客户VPLS实例的ATM或帧中继VC到达面向客户的端口,则在将帧传递到VPLS之前,ATM或FR封装被移除。
Contrariwise, if a customer frame arrives at a customer-facing port with a VLAN tag that identifies a VLAN domain in the customer L2 network, then the tag is not modified or stripped, as it belongs with the rest of the customer frame.
相反,如果客户帧到达一个面向客户的端口时带有一个VLAN标记,该标记标识客户L2网络中的VLAN域,那么该标记不会被修改或剥离,因为它属于客户帧的其余部分。
By following the above rules, the Ethernet frame that traverses a VPLS is always a customer Ethernet frame. Note that the two actions, at ingress and egress, of dealing with service delimiters are local actions that neither PE has to signal to the other. They allow, for example, a mix-and-match of VLAN tagged and untagged services at either end, and they do not carry across a VPLS a VLAN tag that has local significance only. The service delimiter may be an MPLS label also, whereby an Ethernet PW given by [RFC4448] can serve as the access side connection into a PE. An RFC1483 Bridged PVC encapsulation could also serve as a service delimiter. By limiting the scope of locally significant encapsulations to the edge, hierarchical VPLS models can be developed that provide the capability to network-engineer scalable VPLS deployments, as described below.
按照上述规则,通过VPLS的以太网帧始终是客户以太网帧。请注意,在入口和出口处处理服务分隔符的两个操作都是本地操作,两个PE都不必向另一个PE发送信号。例如,它们允许两端的VLAN标记和未标记服务混合匹配,并且它们不在VPLS中携带仅具有本地意义的VLAN标记。服务定界符也可以是MPLS标签,由此,[RFC4448]给出的以太网PW可以用作到PE的接入侧连接。RFC1483桥接PVC封装也可以用作服务分隔符。通过将本地重要封装的范围限制在边缘,可以开发分层VPLS模型,以提供网络工程师可扩展VPLS部署的能力,如下所述。
Learning is done based on the customer Ethernet frame as defined above. The Forwarding Information Base (FIB) keeps track of the mapping of customer Ethernet frame addressing and the appropriate PW to use. We define two modes of learning: qualified and unqualified learning. Qualified learning is the default mode and MUST be supported. Support of unqualified learning is OPTIONAL.
学习是基于上述定义的客户以太网帧完成的。转发信息库(FIB)跟踪客户以太网帧地址和要使用的适当PW的映射。我们定义了两种学习模式:合格学习和非合格学习。合格学习是默认模式,必须得到支持。支持不合格学习是可选的。
In unqualified learning, all the VLANs of a single customer are handled by a single VPLS, which means they all share a single broadcast domain and a single MAC address space. This means that MAC addresses need to be unique and non-overlapping among customer VLANs, or else they cannot be differentiated within the VPLS instance, and this can result in loss of customer frames. An application of unqualified learning is port-based VPLS service for a given customer (e.g., customer with non-multiplexed AC where all the traffic on a physical port, which may include multiple customer VLANs, is mapped to a single VPLS instance).
在非限定学习中,单个客户的所有VLAN都由单个VPL处理,这意味着它们都共享一个广播域和一个MAC地址空间。这意味着MAC地址在客户VLAN之间需要唯一且不重叠,否则它们在VPLS实例中无法区分,这可能导致客户帧丢失。非限定学习的应用是针对给定客户的基于端口的VPLS服务(例如,具有非多路复用AC的客户,其中物理端口上的所有流量(可能包括多个客户VLAN)映射到单个VPLS实例)。
In qualified learning, each customer VLAN is assigned to its own VPLS instance, which means each customer VLAN has its own broadcast domain and MAC address space. Therefore, in qualified learning, MAC addresses among customer VLANs may overlap with each other, but they will be handled correctly since each customer VLAN has its own FIB; i.e., each customer VLAN has its own MAC address space. Since VPLS broadcasts multicast frames by default, qualified learning offers the advantage of limiting the broadcast scope to a given customer VLAN. Qualified learning can result in large FIB table sizes, because the logical MAC address is now a VLAN tag + MAC address.
在合格学习中,每个客户VLAN都被分配到自己的VPLS实例,这意味着每个客户VLAN都有自己的广播域和MAC地址空间。因此,在合格的学习中,客户VLAN之间的MAC地址可能相互重叠,但由于每个客户VLAN都有自己的FIB,因此它们将得到正确的处理;i、 例如,每个客户VLAN都有自己的MAC地址空间。由于VPLS在默认情况下广播多播帧,因此合格学习提供了将广播范围限制到给定客户VLAN的优势。合格的学习可能导致较大的FIB表大小,因为逻辑MAC地址现在是VLAN标记+MAC地址。
For STP to work in qualified learning mode, a VPLS PE must be able to forward STP BPDUs over the proper VPLS instance. In a hierarchical VPLS case (see details in Section 10), service delimiting tags (Q-in-Q or [RFC4448]) can be added such that PEs can unambiguously identify all customer traffic, including STP BPDUs. In a basic VPLS case, upstream switches must insert such service delimiting tags. When an access port is shared among multiple customers, a reserved VLAN per customer domain must be used to carry STP traffic. The STP frames are encapsulated with a unique provider tag per customer (as the regular customer traffic), and a PEs looks up the provider tag to send such frames across the proper VPLS instance.
为了使STP在合格的学习模式下工作,VPLS PE必须能够通过适当的VPLS实例转发STP BPDU。在分级VPLS情况下(详见第10节),可以添加服务定界标签(Q-In-Q或[RFC4448]),以便PEs可以明确识别所有客户流量,包括STP BPDU。在基本的VPLS情况下,上游交换机必须插入这样的服务定界标记。当一个访问端口在多个客户之间共享时,必须使用每个客户域的保留VLAN来承载STP流量。STP帧使用每个客户的唯一提供者标记(作为常规客户流量)进行封装,PEs查找提供者标记以通过适当的VPLS实例发送此类帧。
This section describes the data plane behavior on an Ethernet VLAN PW in a VPLS. While the encapsulation is similar to that described in [RFC4448], the functions of imposing tags and using a "normalized" Ethernet frame are described. The learning behavior is the same as for Ethernet PWs.
本节描述VPLS中以太网VLAN PW上的数据平面行为。虽然封装类似于[RFC4448]中所述,但描述了施加标签和使用“规范化”以太网帧的功能。学习行为与以太网PWs相同。
In a VPLS, a customer Ethernet frame without preamble is encapsulated with a header as defined in [RFC4448]. A customer Ethernet frame is defined as follows:
在VPLS中,无前导的客户以太网帧用[RFC4448]中定义的报头进行封装。客户以太网帧定义如下:
- If the frame, as it arrives at the PE, has an encapsulation that is part of the customer frame and is also used by the local PE as a service delimiter, i.e., to identify the customer and/or the particular service of that customer, then that encapsulation is preserved as the frame is sent into the VPLS, unless the Requested VLAN ID optional parameter was signaled. In that case, the VLAN tag is overwritten before the frame is sent out on the PW.
- 如果帧在到达PE时具有作为客户帧一部分的封装,并且本地PE也将其用作服务分隔符,即,用于标识客户和/或该客户的特定服务,则在将帧发送到VPLS时保留该封装,除非发出了请求的VLAN ID可选参数的信号。在这种情况下,在PW上发送帧之前,VLAN标记被覆盖。
- If the frame, as it arrives at the PE, has an encapsulation that does not have the required VLAN tag, a null tag is imposed if the Requested VLAN ID optional parameter was not signaled.
- 如果帧在到达PE时具有不具有所需VLAN标记的封装,则如果未发出所请求的VLAN ID可选参数的信号,则施加空标记。
As an application of these rules, a customer frame may arrive at a customer-facing port with a VLAN tag that identifies the customer's VPLS instance and also identifies a customer VLAN. That tag would be preserved as it is encapsulated in the VPLS.
作为这些规则的一个应用,客户帧可以到达具有VLAN标记的面向客户的端口,该VLAN标记标识客户的VPLS实例,并且还标识客户VLAN。该标记将被保留,因为它被封装在VPLS中。
The Ethernet VLAN PW provides a simple way to preserve customer 802.1p bits.
以太网VLAN PW提供了一种保存客户802.1p位的简单方法。
A VPLS MAY have both Ethernet and Ethernet VLAN PWs. However, if a PE is not able to support both PWs simultaneously, it SHOULD send a Label Release on the PW messages that it cannot support with a status code "Unknown FEC" as given in [RFC3036].
VPLS可以同时具有以太网和以太网VLAN PW。但是,如果PE不能同时支持两个PW,则应在PW消息上发送其无法支持的标签释放,状态代码为[RFC3036]中给出的“未知FEC”。
We show here, in Figure 2, below, an example of how a VPLS works. The following discussion uses the figure below, where a VPLS has been set up between PE1, PE2, and PE3. The VPLS connects a customer with 4 sites labeled A1, A2, A3, and A4 through CE1, CE2, CE3, and CE4, respectively.
我们在下面的图2中展示了一个VPLS如何工作的示例。以下讨论使用下图,其中在PE1、PE2和PE3之间设置了VPLS。VPLS分别通过CE1、CE2、CE3和CE4将标有A1、A2、A3和A4的4个站点与客户连接起来。
Initially, the VPLS is set up so that PE1, PE2, and PE3 have a full mesh of Ethernet PWs. The VPLS instance is assigned an identifier (AGI). For the above example, say PE1 signals PW label 102 to PE2 and 103 to PE3, and PE2 signals PW label 201 to PE1 and 203 to PE3.
最初,VPL的设置使PE1、PE2和PE3具有完整的以太网PW网格。VPLS实例被分配了一个标识符(AGI)。对于上述示例,假设PE1向PW标签102发送信号至PE2,103向PE3发送信号,PE2向PW标签201发送信号至PE1,203向PE3发送信号。
----- / A1 \ ---- ----CE1 | / \ -------- ------- / | | | A2 CE2- / \ / PE1 \ / \ / \ / \---/ \ ----- ---- ---PE2 | | Service Provider Network | \ / \ / ----- PE3 / \ / |Agg|_/ -------- ------- -| | ---- / ----- ---- / \/ \ / \ CE = Customer Edge Router | A3 CE3 -CE4 A4 | PE = Provider Edge Router \ / \ / Agg = Layer 2 Aggregation ---- ----
----- / A1 \ ---- ----CE1 | / \ -------- ------- / | | | A2 CE2- / \ / PE1 \ / \ / \ / \---/ \ ----- ---- ---PE2 | | Service Provider Network | \ / \ / ----- PE3 / \ / |Agg|_/ -------- ------- -| | ---- / ----- ---- / \/ \ / \ CE = Customer Edge Router | A3 CE3 -CE4 A4 | PE = Provider Edge Router \ / \ / Agg = Layer 2 Aggregation ---- ----
Figure 2: Example of a VPLS
图2:VPLS的示例
Assume a packet from A1 is bound for A2. When it leaves CE1, say it has a source MAC address of M1 and a destination MAC of M2. If PE1 does not know where M2 is, it will flood the packet; i.e., send it to PE2 and PE3. When PE2 receives the packet, it will have a PW label of 201. PE2 can conclude that the source MAC address M1 is behind PE1, since it distributed the label 201 to PE1. It can therefore associate MAC address M1 with PW label 102.
假设来自A1的数据包绑定到A2。当它离开CE1时,假设它的源MAC地址为M1,目标MAC地址为M2。如果PE1不知道M2在哪里,它将淹没数据包;i、 例如,将其发送给PE2和PE3。当PE2接收到数据包时,其PW标签为201。PE2可以断定源MAC地址M1在PE1之后,因为它将标签201分发给PE1。因此,它可以将MAC地址M1与PW标签102相关联。
PEs that learn remote MAC addresses SHOULD have an aging mechanism to remove unused entries associated with a PW label. This is important both for conservation of memory and for administrative purposes. For example, if a customer site A, is shut down, eventually the other PEs should unlearn A's MAC address.
学习远程MAC地址的PE应具有老化机制,以删除与PW标签相关的未使用条目。这对于保存内存和管理目的都很重要。例如,如果一个客户站点a被关闭,最终其他PEs应该取消a的MAC地址。
The aging timer for MAC address M SHOULD be reset when a packet with source MAC address M is received.
当接收到具有源MAC地址M的数据包时,应重置MAC地址M的老化计时器。
The solution described above requires a full mesh of tunnel LSPs between all the PE routers that participate in the VPLS service. For each VPLS service, n*(n-1)/2 PWs must be set up between the PE routers. While this creates signaling overhead, the real detriment to large scale deployment is the packet replication requirements for each provisioned PWs on a PE router. Hierarchical connectivity, described in this document, reduces signaling and replication overhead to allow large-scale deployment.
上述解决方案要求参与VPLS服务的所有PE路由器之间有一个完整的隧道LSP网格。对于每个VPLS服务,必须在PE路由器之间设置n*(n-1)/2个PW。虽然这会产生信令开销,但大规模部署的真正危害是PE路由器上每个已配置PW的数据包复制需求。本文档中描述的分层连接减少了信令和复制开销,从而允许大规模部署。
In many cases, service providers place smaller edge devices in multi-tenant buildings and aggregate them into a PE in a large Central Office (CO) facility. In some instances, standard IEEE 802.1q (Dot 1Q) tagging techniques may be used to facilitate mapping CE interfaces to VPLS access circuits at a PE.
在许多情况下,服务提供商在多租户建筑中放置较小的边缘设备,并将其聚合到大型中央办公室(CO)设施中的PE中。在某些情况下,标准IEEE 802.1q(Dot 1q)标记技术可用于促进将CE接口映射到PE处的VPLS接入电路。
It is often beneficial to extend the VPLS service tunneling techniques into the access switch domain. This can be accomplished by treating the access device as a PE and provisioning PWs between it and every other edge, as a basic VPLS. An alternative is to utilize [RFC4448] PWs or Q-in-Q logical interfaces between the access device and selected VPLS enabled PE routers. Q-in-Q encapsulation is another form of L2 tunneling technique, which can be used in conjunction with MPLS signaling, as will be described later. The following two sections focus on this alternative approach. The VPLS core PWs (hub) are augmented with access PWs (spoke) to form a two-tier hierarchical VPLS (H-VPLS).
将VPLS服务隧道技术扩展到接入交换机领域通常是有益的。这可以通过将接入设备视为PE并将其与其他每一个边缘之间的PWs作为基本VPL来实现。另一种选择是在接入设备和选定的支持VPLS的PE路由器之间利用[RFC4448]PWs或Q-in-Q逻辑接口。Q-in-Q封装是L2隧道技术的另一种形式,它可以与MPLS信令结合使用,稍后将描述。以下两部分重点介绍这种替代方法。VPLS核心PWs(集线器)通过接入PWs(辐条)进行扩充,以形成两层分层VPLS(H-VPLS)。
Spoke PWs may be implemented using any L2 tunneling mechanism, and by expanding the scope of the first tier to include non-bridging VPLS PE routers. The non-bridging PE router would extend a spoke PW from a Layer-2 switch that connects to it, through the service core network, to a bridging VPLS PE router supporting hub PWs. We also describe how VPLS-challenged nodes and low-end CEs without MPLS capabilities may participate in a hierarchical VPLS.
辐条PW可以使用任何L2隧道机制来实现,并通过扩展第一层的范围来包括非桥接VPLS PE路由器。非桥接PE路由器将通过服务核心网络将分支PW从连接到它的第2层交换机扩展到支持集线器PWs的桥接VPLS PE路由器。我们还描述了VPLS挑战节点和没有MPLS功能的低端CE如何参与分层VPLS。
For rest of this discussion we refer to a bridging capable access device as MTU-s and a non-bridging capable PE as PE-r. We refer to a routing and bridging capable device as PE-rs.
对于本讨论的其余部分,我们将具有桥接能力的接入设备称为MTU-s,将不具有桥接能力的PE称为PE-r。我们将具有路由和桥接功能的设备称为PE-rs。
This section describes the hub and spoke connectivity model and describes the requirements of the bridging capable and non-bridging MTU-s devices for supporting the spoke connections.
本节描述了集线器和分支连接模型,并描述了支持分支连接的桥接和非桥接MTU-s设备的要求。
In Figure 3, below, three customer sites are connected to an MTU-s through CE-1, CE-2, and CE-3. The MTU-s has a single connection (PW-1) to PE1-rs. The PE-rs devices are connected in a basic VPLS full mesh. For each VPLS service, a single spoke PW is set up between the MTU-s and the PE-rs based on [RFC4447]. Unlike traditional PWs that terminate on a physical (or a VLAN-tagged logical) port, a spoke PW terminates on a virtual switch instance (VSI; see [L2FRAME]) on the MTU-s and the PE-rs devices.
在下图3中,三个客户站点通过CE-1、CE-2和CE-3连接到MTU-s。MTU-s与PE1-rs有一个单一连接(PW-1)。PE-rs设备连接在基本VPLS全网中。对于每个VPLS服务,基于[RFC4447]在MTU-s和PE-rs之间设置单辐PW。与在物理(或VLAN标记的逻辑)端口上终止的传统PW不同,分支PW在MTU-s和PE-rs设备上的虚拟交换机实例(VSI;请参阅[L2FRAME])上终止。
PE2-rs +--------+ | | | -- | | / \ | CE-1 | \S / | \ | -- | \ +--------+ \ MTU-s PE1-rs / | +--------+ +--------+ / | | | | | / | | -- | PW-1 | -- |---/ | | / \--|- - - - - - - - - - - | / \ | | | \S / | | \S / | | | -- | | -- |---\ | +--------+ +--------+ \ | / \ | ---- +--------+ |Agg | | | ---- | -- | / \ | / \ | CE-2 CE-3 | \S / | | -- | +--------+ PE3-rs Agg = Layer-2 Aggregation -- / \ \S / = Virtual Switch Instance --
PE2-rs +--------+ | | | -- | | / \ | CE-1 | \S / | \ | -- | \ +--------+ \ MTU-s PE1-rs / | +--------+ +--------+ / | | | | | / | | -- | PW-1 | -- |---/ | | / \--|- - - - - - - - - - - | / \ | | | \S / | | \S / | | | -- | | -- |---\ | +--------+ +--------+ \ | / \ | ---- +--------+ |Agg | | | ---- | -- | / \ | / \ | CE-2 CE-3 | \S / | | -- | +--------+ PE3-rs Agg = Layer-2 Aggregation -- / \ \S / = Virtual Switch Instance --
Figure 3: An example of a hierarchical VPLS model
图3:分层VPLS模型的示例
The MTU-s and the PE-rs treat each spoke connection like an AC of the VPLS service. The PW label is used to associate the traffic from the spoke to a VPLS instance.
MTU-s和PE-rs将每个分支连接视为VPLS服务的AC。PW标签用于将来自分支的通信量与VPLS实例相关联。
An MTU-s is defined as a device that supports layer-2 switching functionality and does all the normal bridging functions of learning and replication on all its ports, including the spoke, which is treated as a virtual port. Packets to unknown destinations are replicated to all ports in the service including the spoke. Once the MAC address is learned, traffic between CE1 and CE2 will be switched locally by the MTU-s, saving the capacity of the spoke to the PE-rs. Similarly traffic between CE1 or CE2 and any remote destination is switched directly onto the spoke and sent to the PE-rs over the point-to-point PW.
MTU-s被定义为支持第2层交换功能的设备,并在其所有端口(包括视为虚拟端口的分支)上执行学习和复制的所有正常桥接功能。到未知目的地的数据包被复制到服务中的所有端口,包括分支。MAC地址读入后,MTU-s将在本地切换CE1和CE2之间的通信量,从而将分支的容量保存到PE-rs。同样,CE1或CE2与任何远程目的地之间的通信量直接切换到分支上,并通过点对点PW发送到PE-rs。
Since the MTU-s is bridging capable, only a single PW is required per VPLS instance for any number of access connections in the same VPLS service. This further reduces the signaling overhead between the MTU-s and PE-rs.
由于MTU-s具有桥接功能,因此对于同一VPLS服务中的任意数量的访问连接,每个VPLS实例只需要一个PW。这进一步减少了MTU-s和PE-rs之间的信令开销。
If the MTU-s is directly connected to the PE-rs, other encapsulation techniques, such as Q-in-Q, can be used for the spoke.
如果MTU-s直接连接到PE-rs,则其他封装技术(例如Q-in-Q)可用于辐条。
A PE-rs is a device that supports all the bridging functions for VPLS service and supports the routing and MPLS encapsulation; i.e., it supports all the functions described for a basic VPLS, as described above.
PE rs是支持VPLS业务所有桥接功能,支持路由和MPLS封装的设备;i、 如上文所述,它支持基本VPLS的所有功能。
The operation of PE-rs is independent of the type of device at the other end of the spoke. Thus, the spoke from the MTU-s is treated as a virtual port, and the PE-rs will switch traffic between the spoke PW, hub PWs, and ACs once it has learned the MAC addresses.
PE rs的操作与辐条另一端的设备类型无关。因此,来自MTU-s的分支被视为一个虚拟端口,并且一旦PE-rs获知MAC地址,它将在分支PW、集线器PW和ACs之间切换通信量。
Spoke connectivity offers several scaling and operational advantages for creating large-scale VPLS implementations, while retaining the ability to offer all the functionality of the VPLS service.
辐条连接为创建大规模VPLS实施提供了若干扩展和操作优势,同时保留了提供VPLS服务所有功能的能力。
- Eliminates the need for a full mesh of tunnels and full mesh of PWs per service between all devices participating in the VPLS service.
- 无需在参与VPLS服务的所有设备之间为每个服务提供完整的隧道网格和PWs网格。
- Minimizes signaling overhead, since fewer PWs are required for the VPLS service.
- 最小化信令开销,因为VPLS服务需要更少的PW。
- Segments VPLS nodal discovery. MTU-s needs to be aware of only the PE-rs node, although it is participating in the VPLS service that spans multiple devices. On the other hand, every VPLS PE-rs must be aware of every other VPLS PE-rs and all of its locally connected MTU-s and PE-r devices.
- 节段VPLS节点发现。MTU-s只需要知道PE rs节点,尽管它正在参与跨多个设备的VPLS服务。另一方面,每个VPLS PE r必须知道每个其他VPLS PE r及其所有本地连接的MTU-s和PE-r设备。
- Addition of other sites requires configuration of the new MTU-s but does not require any provisioning of the existing MTU-s devices on that service.
- 添加其他站点需要配置新的MTU-s,但不需要在该服务上配置任何现有MTU-s设备。
- Hierarchical connections can be used to create VPLS service that spans multiple service provider domains. This is explained in a later section.
- 分层连接可用于创建跨多个服务提供商域的VPLS服务。这将在后面的一节中解释。
Note that as more devices participate in the VPLS, there are more devices that require the capability for learning and replication.
请注意,随着越来越多的设备参与VPL,越来越多的设备需要学习和复制功能。
In some cases, a bridging PE-rs may not be deployed, or a PE-r might already have been deployed. In this section, we explain how a PE-r that does not support any of the VPLS bridging functionality can participate in the VPLS service.
在某些情况下,可能没有部署桥接PE-r,或者可能已经部署了PE-r。在本节中,我们将解释不支持任何VPLS桥接功能的PE-r如何参与VPLS服务。
In Figure 4, three customer sites are connected through CE-1, CE-2, and CE-3 to the VPLS through PE-r. For every attachment circuit that participates in the VPLS service, PE-r creates a point-to-point PW that terminates on the VSI of PE1-rs.
在图4中,三个客户站点通过CE-1、CE-2和CE-3通过PE-r连接到VPLS。对于参与VPLS服务的每个连接电路,PE-r创建一个点对点PW,该PW终止于PE1-rs的VSI。
PE2-rs +--------+ | | | -- | | / \ | CE-1 | \S / | \ | -- | \ +--------+ \ PE-r PE1-rs / | +--------+ +--------+ / | |\ | | | / | | \ | PW-1 | -- |---/ | | ------|- - - - - - - - - - - | / \ | | | -----|- - - - - - - - - - - | \S / | | | / | | -- |---\ | +--------+ +--------+ \ | / \ | ---- +--------+ | Agg| | | ---- | -- | / \ | / \ | CE-2 CE-3 | \S / | | -- | +--------+ PE3-rs
PE2-rs +--------+ | | | -- | | / \ | CE-1 | \S / | \ | -- | \ +--------+ \ PE-r PE1-rs / | +--------+ +--------+ / | |\ | | | / | | \ | PW-1 | -- |---/ | | ------|- - - - - - - - - - - | / \ | | | -----|- - - - - - - - - - - | \S / | | | / | | -- |---\ | +--------+ +--------+ \ | / \ | ---- +--------+ | Agg| | | ---- | -- | / \ | / \ | CE-2 CE-3 | \S / | | -- | +--------+ PE3-rs
Figure 4: An example of a hierarchical VPLS with non-bridging spokes
图4:带有非桥接辐条的分层VPL示例
The PE-r is defined as a device that supports routing but does not support any bridging functions. However, it is capable of setting up PWs between itself and the PE-rs. For every port that is supported in the VPLS service, a PW is set up from the PE-r to the PE-rs. Once the PWs are set up, there is no learning or replication function required on the part of the PE-r. All traffic received on any of the ACs is transmitted on the PW. Similarly, all traffic received on a PW is transmitted to the AC where the PW terminates. Thus, traffic from CE1 destined for CE2 is switched at PE1-rs and not at PE-r.
PE-r被定义为支持路由但不支持任何桥接功能的设备。但是,它能够在自身和PE-rs之间设置PWs。对于VPLS服务中支持的每个端口,从PE-r到PE-rs设置PW。一旦设置了PWs,PE-r不需要学习或复制功能。在任何ACs上接收的所有通信量都在PW上传输。类似地,在PW上接收的所有通信量被传输到PW终止的AC。因此,从CE1到CE2的通信量在PE1RS而不是在PE-r进行切换。
Note that in the case where PE-r devices use Provider VLANs (P-VLAN) as demultiplexers instead of PWs, PE1-rs can treat them as such and map these "circuits" into a VPLS domain to provide bridging support between them.
请注意,在PE-r设备使用提供商VLAN(P-VLAN)作为解复用器而不是PW的情况下,PE1-r可以这样对待它们,并将这些“电路”映射到VPLS域中,以提供它们之间的桥接支持。
This approach adds more overhead than the bridging-capable (MTU-s) spoke approach, since a PW is required for every AC that participates in the service versus a single PW required per service (regardless of ACs) when an MTU-s is used. However, this approach offers the advantage of offering a VPLS service in conjunction with a routed internet service without requiring the addition of new MTU-s.
这种方法比桥接能力(MTU-s)分支方法增加了更多的开销,因为参与服务的每个AC都需要一个PW,而使用MTU-s时每个服务(无论ACs)都需要一个PW。然而,这种方法的优点是,在不需要添加新的MTU-s的情况下,提供VPLS服务和路由internet服务。
An obvious weakness of the hub and spoke approach described thus far is that the MTU-s has a single connection to the PE-rs. In case of failure of the connection or the PE-rs, the MTU-s suffers total loss of connectivity.
到目前为止所描述的中心辐射式方法的一个明显缺点是MTU-s与PE-rs之间只有一个连接。如果连接或PE-rs发生故障,MTU-s将完全失去连接。
In this section, we describe how the redundant connections can be provided to avoid total loss of connectivity from the MTU-s. The mechanism described is identical for both, MTU-s and PE-r devices.
在本节中,我们将介绍如何提供冗余连接,以避免MTU-s完全失去连接。所描述的机制对于MTU-s和PE-r设备都是相同的。
To protect from connection failure of the PW or the failure of the PE-rs, the MTU-s or the PE-r is dual-homed into two PE-rs devices. The PE-rs devices must be part of the same VPLS service instance.
为了防止PW的连接故障或PE-r的故障,MTU-s或PE-r被双驻留在两个PE-r设备中。PE rs设备必须是同一VPLS服务实例的一部分。
In Figure 5, two customer sites are connected through CE-1 and CE-2 to an MTU-s. The MTU-s sets up two PWs (one each to PE1-rs and PE3-rs) for each VPLS instance. One of the two PWs is designated as primary and is the one that is actively used under normal conditions, whereas the second PW is designated as secondary and is held in a standby state. The MTU-s negotiates the PW labels for both the primary and secondary PWs, but does not use the secondary PW unless the primary PW fails. How a spoke is designated primary or secondary is outside the scope of this document. For example, a spanning tree instance running between only the MTU-s and the two PE-rs nodes is one possible method. Another method could be configuration.
在图5中,两个客户站点通过CE-1和CE-2连接到MTU-s。MTU-s为每个VPLS实例设置两个PW(PE1 rs和PE3 rs各一个)。两个PW中的一个被指定为主要PW,在正常条件下被积极使用,而第二个PW被指定为次要PW,并保持在备用状态。MTU-s协商主要和次要PW的PW标签,但不使用次要PW,除非主要PW出现故障。如何将辐条指定为主辐条或辅助辐条不在本文档的范围内。例如,仅在MTU-s和两个PE-rs节点之间运行的生成树实例是一种可能的方法。另一种方法是配置。
PE2-rs +--------+ | | | -- | | / \ | CE-1 | \S / | \ | -- | \ +--------+ \ MTU-s PE1-rs / | +--------+ +--------+ / | | | | | / | | -- | Primary PW | -- |---/ | | / \ |- - - - - - - - - - - | / \ | | | \S / | | \S / | | | -- | | -- |---\ | +--------+ +--------+ \ | / \ \ | / \ +--------+ / \ | | CE-2 \ | -- | \ Secondary PW | / \ | - - - - - - - - - - - - - - - - - | \S / | | -- | +--------+ PE3-rs Figure 5: An example of a dual-homed MTU-s
PE2-rs +--------+ | | | -- | | / \ | CE-1 | \S / | \ | -- | \ +--------+ \ MTU-s PE1-rs / | +--------+ +--------+ / | | | | | / | | -- | Primary PW | -- |---/ | | / \ |- - - - - - - - - - - | / \ | | | \S / | | \S / | | | -- | | -- |---\ | +--------+ +--------+ \ | / \ \ | / \ +--------+ / \ | | CE-2 \ | -- | \ Secondary PW | / \ | - - - - - - - - - - - - - - - - - | \S / | | -- | +--------+ PE3-rs Figure 5: An example of a dual-homed MTU-s
The MTU-s should control the usage of the spokes to the PE-rs devices. If the spokes are PWs, then LDP signaling is used to negotiate the PW labels, and the hello messages used for the LDP session could be used to detect failure of the primary PW. The use of other mechanisms that could provide faster detection failures is outside the scope of this document.
MTU-s应控制PE-rs设备辐条的使用。如果辐条是PW,则LDP信令用于协商PW标签,并且用于LDP会话的hello消息可用于检测主PW的故障。使用其他可以更快地检测故障的机制超出了本文档的范围。
Upon failure of the primary PW, MTU-s immediately switches to the secondary PW. At this point, the PE3-rs that terminates the secondary PW starts learning MAC addresses on the spoke PW. All other PE-rs nodes in the network think that CE-1 and CE-2 are behind PE1-rs and may continue to send traffic to PE1-rs until they learn that the devices are now behind PE3-rs. The unlearning process can take a long time and may adversely affect the connectivity of higher-level protocols from CE1 and CE2. To enable faster convergence, the PE3-rs where the secondary PW got activated may send out a flush message (as explained in Section 6.2), using the MAC List
主PW发生故障时,MTU-s立即切换到辅助PW。此时,终止辅助PW的PE3 rs开始学习分支PW上的MAC地址。网络中的所有其他PE-rs节点认为CE-1和CE-2在PE1-rs之后,并且可能会继续向PE1-rs发送流量,直到它们知道设备现在在PE3-rs之后。取消学习过程可能需要很长时间,并且可能会对来自CE1和CE2的更高级别协议的连接产生不利影响。为了实现更快的收敛,激活辅助PW的PE3 rs可以使用MAC列表发送刷新消息(如第6.2节所述)
TLV, as defined in Section 6, to all PE-rs nodes. Upon receiving the message, PE-rs nodes flush the MAC addresses associated with that VPLS instance.
TLV,如第6节所定义,适用于所有PE rs节点。收到消息后,PE rs节点刷新与该VPLS实例关联的MAC地址。
Hierarchy can also be used to create a large-scale VPLS service within a single domain or a service that spans multiple domains without requiring full mesh connectivity between all VPLS-capable devices. Two fully meshed VPLS networks are connected together using a single LSP tunnel between the VPLS "border" devices. A single spoke PW per VPLS service is set up to connect the two domains together.
层次结构还可用于在单个域内创建大规模VPLS服务,或创建跨多个域的服务,而无需在所有支持VPLS的设备之间建立完全的网状连接。两个完全网状的VPLS网络通过VPLS“边界”设备之间的单个LSP隧道连接在一起。每个VPLS服务设置一个单分支PW,以将两个域连接在一起。
When more than two domains need to be connected, a full mesh of inter-domain spokes is created between border PEs. Forwarding rules over this mesh are identical to the rules defined in Section 4.
当需要连接两个以上的域时,将在边界PE之间创建域间辐条的完整网格。此网格上的转发规则与第4节中定义的规则相同。
This creates a three-tier hierarchical model that consists of a hub-and-spoke topology between MTU-s and PE-rs devices, a full-mesh topology between PE-rs, and a full mesh of inter-domain spokes between border PE-rs devices.
这将创建一个三层分层模型,其中包括MTU-s和PE-rs设备之间的中心辐射拓扑、PE-rs设备之间的全网状拓扑以及边界PE-rs设备之间的域间辐射的全网状拓扑。
This document does not specify how redundant border PEs per domain per VPLS instance can be supported.
本文档未指定如何支持每个VPLS实例中每个域的冗余边界PE。
In this section, the hierarchical model is expanded to include an Ethernet access network. This model retains the hierarchical architecture discussed previously in that it leverages the full-mesh topology among PE-rs devices; however, no restriction is imposed on the topology of the Ethernet access network (e.g., the topology between MTU-s and PE-rs devices is not restricted to hub and spoke).
在本节中,分层模型被扩展为包括以太网接入网络。该模型保留了前面讨论的层次结构,因为它利用了PE-rs设备之间的全网状拓扑结构;然而,以太网接入网络的拓扑结构不受限制(例如,MTU-s和PE-rs设备之间的拓扑结构不限于集线器和辐条)。
The motivation for an Ethernet access network is that Ethernet-based networks are currently deployed by some service providers to offer VPLS services to their customers. Therefore, it is important to provide a mechanism that allows these networks to integrate with an IP or MPLS core to provide scalable VPLS services.
以太网接入网络的动机是,一些服务提供商目前部署了基于以太网的网络,以向其客户提供VPLS服务。因此,重要的是提供一种机制,允许这些网络与IP或MPLS核心集成,以提供可扩展的VPLS服务。
One approach of tunneling a customer's Ethernet traffic via an Ethernet access network is to add an additional VLAN tag to the customer's data (which may be either tagged or untagged). The additional tag is referred to as Provider's VLAN (P-VLAN). Inside the provider's network each P-VLAN designates a customer or more specifically a VPLS instance for that customer. Therefore, there is a one-to-one correspondence between a P-VLAN and a VPLS instance. In
通过以太网接入网络将客户的以太网通信量隧道化的一种方法是向客户的数据(可以是标记的或未标记的)添加额外的VLAN标记。附加标记称为提供者的VLAN(P-VLAN)。在提供商的网络内,每个P-VLAN指定一个客户,或者更具体地说,指定该客户的VPLS实例。因此,P-VLAN和VPLS实例之间存在一对一的对应关系。在里面
this model, the MTU-s needs to have the capability of adding the additional P-VLAN tag to non-multiplexed ACs where customer VLANs are not used as service delimiters. This functionality is described in [802.1ad].
在这种模式下,MTU-s需要具备向非多路复用ACs添加额外P-VLAN标记的能力,其中客户VLAN不用作服务分隔符。[802.1ad]中描述了此功能。
If customer VLANs need to be treated as service delimiters (e.g., the AC is a multiplexed port), then the MTU-s needs to have the additional capability of translating a customer VLAN (C-VLAN) to a P-VLAN, or to push an additional P-VLAN tag, in order to resolve overlapping VLAN tags used by different customers. Therefore, the MTU-s in this model can be considered a typical bridge with this additional capability. This functionality is described in [802.1ad].
如果需要将客户VLAN视为服务分隔符(例如,AC是多路复用端口),则MTU-s需要具有将客户VLAN(C-VLAN)转换为P-VLAN的额外能力,或者推送额外的P-VLAN标记,以便解析不同客户使用的重叠VLAN标记。因此,此模型中的MTU-s可被视为具有此附加能力的典型桥梁。[802.1ad]中描述了此功能。
The PE-rs needs to be able to perform bridging functionality over the standard Ethernet ports toward the access network, as well as over the PWs toward the network core. In this model, the PE-rs may need to run STP towards the access network, in addition to split-horizon over the MPLS core. The PE-rs needs to map a P-VLAN to a VPLS-instance and its associated PWs, and vice versa.
PE-rs需要能够通过标准以太网端口向接入网络以及通过PWs向网络核心执行桥接功能。在该模型中,除了在MPLS核心上拆分地平线之外,PE rs可能还需要向接入网络运行STP。PE-rs需要将P-VLAN映射到VPLS实例及其相关PW,反之亦然。
The details regarding bridge operation for MTU-s and PE-rs (e.g., encapsulation format for Q-in-Q messages, customer's Ethernet control protocol handling, etc.) are outside the scope of this document and are covered in [802.1ad]. However, the relevant part is the interaction between the bridge module and the MPLS/IP PWs in the PE-rs, which behaves just as in a regular VPLS.
有关MTU-s和PE-rs桥接操作的详细信息(例如,Q-in-Q消息的封装格式、客户的以太网控制协议处理等)不在本文件的范围内,并在[802.1ad]中介绍。然而,相关部分是网桥模块与PE rs中的MPLS/IP PW之间的交互,其行为与常规VPLS中的行为相同。
Since each P-VLAN corresponds to a VPLS instance, the total number of VPLS instances supported is limited to 4K. The P-VLAN serves as a local service delimiter within the provider's network that is stripped as it gets mapped to a PW in a VPLS instance. Therefore, the 4K limit applies only within an Ethernet access network (Ethernet island) and not to the entire network. The SP network consists of a core MPLS/IP network that connects many Ethernet islands. Therefore, the number of VPLS instances can scale accordingly with the number of Ethernet islands (a metro region can be represented by one or more islands).
由于每个P-VLAN对应一个VPLS实例,因此支持的VPLS实例总数限制为4K。P-VLAN充当提供商网络中的本地服务定界符,该定界符在映射到VPLS实例中的PW时被剥离。因此,4K限制仅适用于以太网接入网络(以太网岛),而不适用于整个网络。SP网络由连接多个以太网岛的核心MPLS/IP网络组成。因此,VPLS实例的数量可以随着以太网孤岛的数量相应地扩展(城域可以由一个或多个孤岛表示)。
In this model, an MTU-s can be dual homed to different devices (aggregators and/or PE-rs devices). The failure protection for access network nodes and links can be provided through running STP in each island. The STP of each island is independent of other islands and do not interact with others. If an island has more than one PE-rs, then a dedicated full-mesh of PWs is used among these PE-rs
在此模型中,MTU-s可以双驻留到不同的设备(聚合器和/或PE-rs设备)。通过在每个岛上运行STP,可以为接入网节点和链路提供故障保护。每个岛的STP独立于其他岛,不与其他岛交互。如果岛上有多个PE R,则在这些PE R之间使用专用的PWs全网
devices for carrying the SP BPDU packets for that island. On a per-P-VLAN basis, STP will designate a single PE-rs to be used for carrying the traffic across the core. The loop-free protection through the core is performed using split-horizon, and the failure protection in the core is performed through standard IP/MPLS re-routing.
用于承载该岛的SP BPDU数据包的设备。在每个P-VLAN的基础上,STP将指定一个单独的PE rs,用于跨核心承载流量。通过核心的无环保护使用分割地平线执行,核心中的故障保护通过标准IP/MPLS重新路由执行。
Loa Andersson, TLA Ron Haberman, Alcatel-Lucent Juha Heinanen, Independent Giles Heron, Tellabs Sunil Khandekar, Alcatel-Lucent Luca Martini, Cisco Pascal Menezes, Independent Rob Nath, Alcatel-Lucent Eric Puetz, AT&T Vasile Radoaca, Independent Ali Sajassi, Cisco Yetik Serbest, AT&T Nick Slabakov, Juniper Andrew Smith, Consultant Tom Soon, AT&T Nick Tingle, Alcatel-Lucent
洛阿·安德森、特拉·罗恩·哈贝曼、阿尔卡特·朗讯·朱哈·海纳南、独立贾尔斯·赫隆、泰拉布·苏尼尔·坎德卡尔、阿尔卡特·朗讯·马蒂尼、思科·帕斯卡尔·梅内泽斯、独立罗布·纳特、阿尔卡特·朗讯·埃里克·普埃茨、AT&T瓦西里·拉多卡、独立阿里·萨哈西、思科·叶提克·塞贝斯特、AT&T尼克·斯拉巴科夫、朱尼珀·安德鲁·史密斯、顾问汤姆·索恩、,AT&T Nick Tingle,阿尔卡特朗讯
We wish to thank Joe Regan, Kireeti Kompella, Anoop Ghanwani, Joel Halpern, Bill Hong, Rick Wilder, Jim Guichard, Steve Phillips, Norm Finn, Matt Squire, Muneyoshi Suzuki, Waldemar Augustyn, Eric Rosen, Yakov Rekhter, Sasha Vainshtein, and Du Wenhua for their valuable feedback.
我们要感谢乔·里根、基里蒂·科佩拉、阿努普·加瓦尼、乔尔·哈尔彭、比尔·洪、里克·怀尔德、吉姆·吉查德、史蒂夫·菲利普斯、诺姆·芬恩、马特·斯奎尔、穆内奥希·铃木、瓦尔德马尔·奥古斯丁、埃里克·罗森、雅科夫·雷克特、萨莎·范斯坦和杜文华,感谢他们的宝贵反馈。
We would also like to thank Rajiv Papneja (ISOCORE), Winston Liu (Ixia), and Charlie Hundall for identifying issues with the draft in the course of the interoperability tests.
我们还要感谢Rajiv Papneja(ISOCORE)、Winston Liu(Ixia)和Charlie Hundall在互操作性测试过程中发现了草案中的问题。
We would also like to thank Ina Minei, Bob Thomas, Eric Gray and Dimitri Papadimitriou for their thorough technical review of the document.
我们还要感谢Ina Minei、Bob Thomas、Eric Gray和Dimitri Papadimitriou对该文件进行的全面技术审查。
A more comprehensive description of the security issues involved in L2VPNs is covered in [RFC4111]. An unguarded VPLS service is vulnerable to some security issues that pose risks to the customer and provider networks. Most of the security issues can be avoided through implementation of appropriate guards. A couple of them can be prevented through existing protocols.
[RFC4111]对L2VPN中涉及的安全问题进行了更全面的描述。无防护的VPLS服务容易受到一些安全问题的攻击,这些问题会给客户和提供商网络带来风险。大多数安全问题都可以通过实施适当的防护措施来避免。可以通过现有的协议来防止其中的一些问题。
- Data plane aspects
- 数据平面方面
- Traffic isolation between VPLS domains is guaranteed by the use of per VPLS L2 FIB table and the use of per VPLS PWs.
- 通过使用每VPLS L2 FIB表和每VPLS PWs,可以保证VPLS域之间的流量隔离。
- The customer traffic, which consists of Ethernet frames, is carried unchanged over VPLS. If security is required, the customer traffic SHOULD be encrypted and/or authenticated before entering the service provider network.
- 由以太网帧组成的客户流量在VPL上保持不变。如果需要安全性,则应在进入服务提供商网络之前对客户流量进行加密和/或身份验证。
- Preventing broadcast storms can be achieved by using routers as CPE devices or by rate policing the amount of broadcast traffic that customers can send.
- 防止广播风暴可以通过使用路由器作为CPE设备或通过对客户可以发送的广播流量进行速率监控来实现。
- Control plane aspects
- 控制平面方面
- LDP security (authentication) methods as described in [RFC3036] SHOULD be applied. This would prevent unauthenticated messages from disrupting a PE in a VPLS.
- 应采用[RFC3036]中所述的LDP安全(认证)方法。这将防止未经验证的消息中断VPLS中的PE。
- Denial of service attacks
- 拒绝服务攻击
- Some means to limit the number of MAC addresses (per site per VPLS) that a PE can learn SHOULD be implemented.
- 应该实施一些方法来限制PE可以学习的MAC地址的数量(每个站点每个VPL)。
The type field in the MAC List TLV is defined as 0x404 in Section 6.2.1.
MAC列表TLV中的类型字段在第6.2.1节中定义为0x404。
[RFC4447] Martini, L., Rosen, E., El-Aawar, N., Smith, T., and G. Heron, "Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP)", RFC 4447, April 2006.
[RFC4447]Martini,L.,Rosen,E.,El Aawar,N.,Smith,T.,和G.Heron,“使用标签分发协议(LDP)的伪线设置和维护”,RFC 4447,2006年4月。
[RFC4448] Martini, L., Rosen, E., El-Aawar, N., and G. Heron, "Encapsulation Methods for Transport of Ethernet over MPLS Networks", RFC 4448, April 2006.
[RFC4448]Martini,L.,Rosen,E.,El Aawar,N.,和G.Heron,“通过MPLS网络传输以太网的封装方法”,RFC 4448,2006年4月。
[802.1D-ORIG] Original 802.1D - ISO/IEC 10038, ANSI/IEEE Std 802.1D-1993 "MAC Bridges".
[802.1D-ORIG]原始802.1D-ISO/IEC 10038,ANSI/IEEE标准802.1D-1993“MAC网桥”。
[802.1D-REV] 802.1D - "Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks - Common specifications - Part 3: Media Access Control (MAC) Bridges: Revision. This is a revision of ISO/IEC 10038: 1993, 802.1j-1992 and 802.6k-1992. It incorporates P802.11c, P802.1p and P802.12e." ISO/IEC 15802-3: 1998.
[802.1D-REV]802.1D-“信息技术-系统间电信和信息交换-局域网和城域网-通用规范-第3部分:媒体访问控制(MAC)网桥:修订版。这是ISO/IEC 10038:1993、802.1j-1992和802.6k-1992的修订版。它包含了P802.11c、P802.1p和P802.12e。”ISO/IEC 15802-3:1998。
[802.1Q] 802.1Q - ANSI/IEEE Draft Standard P802.1Q/D11, "IEEE Standards for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks", July 1998.
[802.1Q]802.1Q-ANSI/IEEE标准草案P802.1Q/D11,“局域网和城域网的IEEE标准:虚拟桥接局域网”,1998年7月。
[RFC3036] Andersson, L., Doolan, P., Feldman, N., Fredette, A., and B. Thomas, "LDP Specification", RFC 3036, January 2001.
[RFC3036]Andersson,L.,Doolan,P.,Feldman,N.,Fredette,A.,和B.Thomas,“LDP规范”,RFC 3036,2001年1月。
[RFC4446] Martini, L., "IANA Allocations for Pseudowire Edge to Edge Emulation (PWE3)", BCP 116, RFC 4446, April 2006.
[RFC4446]Martini,L.,“伪线边到边仿真(PWE3)的IANA分配”,BCP 116,RFC 4446,2006年4月。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RFC4364] Rosen, E. and Y. Rekhter, "BGP/MPLS IP Virtual Private Networks (VPNs)", RFC 4364, February 2006.
[RFC4364]Rosen,E.和Y.Rekhter,“BGP/MPLS IP虚拟专用网络(VPN)”,RFC 4364,2006年2月。
[RADIUS-DISC] Heinanen, J., Weber, G., Ed., Townsley, W., Booth, S., and W. Luo, "Using Radius for PE-Based VPN Discovery", Work in Progress, October 2005.
[RADIUS-DISC]Heinanen,J.,Weber,G.,Ed.,Townsley,W.,Booth,S.,和W.Luo,“使用RADIUS进行基于PE的VPN发现”,正在进行的工作,2005年10月。
[BGP-DISC] Ould-Brahim, H., Ed., Rosen, E., Ed., and Y. Rekhter, Ed., "Using BGP as an Auto-Discovery Mechanism for Network-based VPNs", Work in Progress, September 2006.
[BGP-DISC]Ould Brahim,H.,Ed.,Rosen,E.,Ed.,和Y.Rekhter,Ed.,“使用BGP作为基于网络的VPN的自动发现机制”,正在进行的工作,2006年9月。
[L2FRAME] Andersson, L. and E. Rosen, "Framework for Layer 2 Virtual Private Networks (L2VPNs)", RFC 4664, September 2006.
[L2FRAME]Andersson,L.和E.Rosen,“第二层虚拟专用网络(L2VPN)框架”,RFC 4664,2006年9月。
[L2VPN-REQ] Augustyn, W. and Y. Serbest, "Service Requirements for Layer 2 Provider-Provisioned Virtual Private Networks", RFC 4665, September 2006.
[L2VPN-REQ]Augustyn,W.和Y.Serbest,“第二层提供商提供的虚拟专用网络的服务要求”,RFC 4665,2006年9月。
[RFC4111] Fang, L., "Security Framework for Provider-Provisioned Virtual Private Networks (PPVPNs)", RFC 4111, July 2005.
[RFC4111]Fang,L.“提供商提供的虚拟专用网络(PPVPN)的安全框架”,RFC 4111,2005年7月。
[802.1ad] "IEEE standard for Provider Bridges", Work in Progress, December 2002.
[802.1ad]“供应商网桥的IEEE标准”,正在进行的工作,2002年12月。
This section is being retained because live deployments use this version of the signaling for VPLS.
保留此部分是因为实时部署使用此版本的VPL信令。
The VPLS signaling information is carried in a Label Mapping message sent in downstream unsolicited mode, which contains the following PWid FEC TLV.
VPLS信令信息在下游非请求模式下发送的标签映射消息中携带,该消息包含以下PWid FEC TLV。
PW, C, PW Info Length, Group ID, and Interface parameters are as defined in [RFC4447].
PW、C、PW信息长度、组ID和接口参数如[RFC4447]中所定义。
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PW TLV |C| PW Type |PW info Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Group ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PWID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface parameters | ~ ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PW TLV |C| PW Type |PW info Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Group ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PWID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface parameters | ~ ~ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
We use the Ethernet PW type to identify PWs that carry Ethernet traffic for multipoint connectivity.
我们使用Ethernet PW类型来识别承载多点连接的以太网流量的PW。
In a VPLS, we use a VCID (which, when using the PWid FEC, has been substituted with a more general identifier (AGI), to address extending the scope of a VPLS) to identify an emulated LAN segment. Note that the VCID as specified in [RFC4447] is a service identifier, identifying a service emulating a point-to-point virtual circuit. In a VPLS, the VCID is a single service identifier, so it has global significance across all PEs involved in the VPLS instance.
在VPLS中,我们使用VCID(当使用PWid FEC时,它已被更通用的标识符(AGI)替代,以解决扩展VPLS范围的问题)来标识模拟LAN段。请注意,[RFC4447]中指定的VCID是服务标识符,用于标识模拟点对点虚拟电路的服务。在VPLS中,VCID是单个服务标识符,因此它在VPLS实例中涉及的所有PE中都具有全局意义。
Authors' Addresses
作者地址
Marc Lasserre Alcatel-Lucent EMail: mlasserre@alcatel-lucent.com
Marc Lasserre Alcatel-Lucent电子邮件:mlasserre@alcatel-朗讯网
Vach Kompella Alcatel-Lucent EMail: vach.kompella@alcatel-lucent.com
Vach Kompella Alcatel-Lucent电子邮件:Vach。kompella@alcatel-朗讯网
Full Copyright Statement
完整版权声明
Copyright (C) The IETF Trust (2007).
版权所有(C)IETF信托基金(2007年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。