Resilient Packet Ring (RPR)

Virtual Private LAN Service 손장우 Netmanias ( 넷레퍼런스 ) 서울시강남구대치동 896-52 동창빌딩 3 층넷매니아즈 (Tel: 556-9273, Fax: 556-9274) http://, webmaster@netmanias.com

2 Metro Ethernet Services: Two Market Medium Requirements Application Services Enterprise E/FTTO E/FTTB+Ethernet E/FTTC+VDSL/ADSL Residential E/FTTC+VDSL/ADSL E/FTTH SLA and QoS Internet Access Service Low Cost User Interface Ethernet Private Line (EPL) / Virtual Leased Line (VLL) Service Transparent LAN Service (TLS) / Virtual Private LAN Service (VPLS) Internet access, Video, Voice IP Video (VoD/Broadcast TV)

3 Ethernet Private Line Ethernet Private Line/Virtual Leased Line (P-t-P) HQ (Company A) BO (Company A) Private Line HQ (Company B) BO (Company B)

4 TLS (Transparent LAN Service) TLS/VPLS (Multi-Point) HQ (Company A) BO 1 (Company A) Transparent LAN BO 2 (Company B) HQ (Company B) BO 2 (Company A) BO 3 (Company B)

5 Internet Access Service Internet Access Internet Hub Node

6 TLS (Transparent LAN Service) Ingress Rate Limiting/Shaping 802.1p CoS 제공 = Classification, Marking, Priority queueing and scheduling CPE 100 100 100 100 100 100 802.1q tagged VLAN 설정 A Broadcast Domain over Metro Ethernet Network = Secure Tunnel 제공 ESP network

7 TLS (Transparent LAN Service) Tagged VLAN (802.1q) 을이용하여 Broadcast Domain 을분리해줌 = 복수개의 Sites 간에 Connectivity 제공 Lookup Table VLAN type VLAN ID Port - port-based 10 1 - tagged 10 3 - port-based 20 2 - tagged 20 3 Lookup Table VLAN type VLAN ID - port-based 10 2 - port-based 10 3 Port - tagged 10 1 - port-based 20 4 - tagged 20 1 C A 1 2 3 10 20 1 2 3 4 D B E

8 Lookup Table Frame Walk-Flow in VLAN Lookup Table VLAN type VLAN ID Port - port-based 10 1 - tagged 10 3 - port-based 20 2 - tagged 20 3 A 1 VLAN type VLAN ID - port-based 10 2 - port-based 10 3 Port - tagged 10 1 - port-based 20 4 - tagged 20 1 A 1 DA = C SA = A (2) Broadcast Unknown frame (4) Broadcast Unknown frame C A 1 2 3 10 1 (3) Learning A 2 3 4 D (1) Learning A Filtering B A sends frame to C E

9 Lookup Table VLAN type VLAN ID Frame Walk-Flow in VLAN - port-based 10 1 - tagged 10 3 - port-based 20 2 - tagged 20 3 A 1 C 3 A DA = A SA = C 1 Port 2 3 (4) Learning C Lookup Table VLAN type VLAN ID - port-based 10 2 - port-based 10 3 Port - tagged 10 1 - port-based 20 4 - tagged 20 1 A 1 C DA = A 2 SA = C (3) Forwarding 10 1 2 3 4 (2) Learning C (1) C responses C D B C responds to A E

10 Lookup Table Frame Walk-Flow in VLAN Lookup Table VLAN type VLAN ID Port - port-based 10 1 - tagged 10 3 - port-based 20 2 - tagged 20 3 A 1 C 3 D 3 B 2 E 3 VLAN type VLAN ID Port - port-based 10 2 - port-based 10 3 - tagged 10 1 - port-based 20 4 - tagged 20 1 A 1 C 2 D 3 E 4 B 1 C A 1 2 3 1 2 3 4 D B E

11 Lookup Table Frame Walk-Flow in VLAN Lookup Table VLAN type VLAN ID Port - port-based 10 1 - tagged 10 3 - port-based 20 2 - tagged 20 3 A 1 C 3 D 3 B 2 E 3 DA = C SA = A VLAN type VLAN ID Port - port-based 10 2 - port-based 10 3 - tagged 10 1 - port-based 20 4 - tagged 20 1 A 1 C 2 D 3 E 4 B 1 C A 1 2 3 10 1 2 3 4 D B Unicast E

12 Lookup Table Frame Walk-Flow in VLAN Lookup Table VLAN type VLAN ID Port - port-based 10 1 - tagged 10 3 - port-based 20 2 - tagged 20 3 A 1 C 3 D 3 B 2 E 3 DA = C SA = A VLAN type VLAN ID Port - port-based 10 2 - port-based 10 3 - tagged 10 1 - port-based 20 4 - tagged 20 1 A 1 C 2 D 3 E 4 B 1 C A 1 2 3 10 20 1 2 3 4 D B DA = E SA = B Shared Ethernet MAN E

13 가입자가보기에는 L2 Switch for Customer 1 DA = C SA = A L2 Switch for Customer 2 DA = C SA = A DA = C SA = A C A 1 10 Public Metro Network 2 3 20 1 2 3 4 D B E

Service Creation at Edge MTU Last mile Metro core Last mile MTU A B C D Ethernet frame 802.1p (priority) 802.1q (VLAN ID) 802.1p/q Network VLAN ID 7 A B 1 7 A B 1 7 A B 1 7 A B 1 7 A B 1 7 A B 2 5 C D 2 5 C D 2 5 C D VLAN ID 5 2 5 C D Classification: Lookup: {dst addr. + VLAN ID} port, L2 addr., IP addr., TOS/DSCP, Queueing: check 802.1p tag PID, TCP/UDP Port number Output link scheduling: Policy/ACL Priority scheduling based on 802.1p tag Rate-limiting 802.1q VLAN tagging 802.1p priority marking based-on TOS/DSCP, Port# 2 5 C D C D Pre Ethernet(L2) IP (L3) TDP/UDP (L4) dst src Type 0x0800 TOS Protocol ID 8B 6B 6B 2B 1B 1B 4B 4B 2B 2B 4B src IP dst IP src port number dst port number User data CRC Pre dst src Type 802.1 Type 0x8100 p/q tag 0x0800 TOS Protocol ID 8B 6B 6B 2B 2B 2B 1B 1B 4B 4B 2B 2B 4B src IP dst IP src port number dst port number User data CRC 14

15 A F Ingress Rate Limiting/Shaping CPE 100 100 802.1q tagged VLAN 설정 A Broadcast Domain over Metro Ethernet Network = Secure Tunnel 제공 Problem of Native L2 Approach B 100 100 M C 802.1p CoS 제공 = Classification, Marking, Priority queueing and scheduling 100 ESP network N VLAN type VLAN ID Port - tagged 100 1, 2 - tagged 200 1, 3. A 2 B 1 C 2. 100 G H VLAN space limitation: 4096 VLANs (VLAN ID=12bits) address limitation No Bandwidth reservation in metro core (end-to-end) No traffic engineering in metro core (STP Path) Slow restoration time (STP, RSTP, EAPS)

16 Martini Draft MPLS 망을통해 ptp Ethernet VPN 서비스를제공하는방안을제시 Ingress LER (PE) 과 Egress LER (PE) 간에두개의 LSP (Label Switched Path) 를설정 Tunnel LSP: 두 PEs 간에 MPLS frame 을 forwarding. Customer 구분없이 MPLS 망상에서경로만제공. ATM 의 VP (Virtual Path) 개념. Tunnel LSP 내에여러개의 VC(Virtual Circuit) 들이전달됨. VC LSP: Egress LER에서 Tunnel LSP로들어오는패킷들이어느가입자의패킷이며, 또어떻게처리 ( 어느 outgoing interface로포워딩해주어야하는가, 등 ) 해주어야하는가를결정하기위해서 Tunnel LSP내에 VC LSP가정의된다. ATM의 VC개념. (for demultiplexing senders.). VC label은 LSR에서는안보이고 Egress LER에서만보인다. Outer Ethernet Header Label stack Original 802.1q frame DA b SA a E-type Tunnel (0x8847) label(5) VC label(25) DA B SA A E-type 802.1p/q (0x8100) (2/100) E-type (0x0800) L3 PDU (IP packet) Ethernet or VLAN Ingress LER T-LSP VC-LSP Egress LER Ethernet or VLAN

Martini signaling VLAN/100 Eth/10 Configuration Interface: Eth/10 VLAN/100 VC ID (=L2-FEC): 3001 Map Eth/10 VLAN/100 VCID 3001 VC label: 4000 Peer Router: 10.0.0.2 VCID In Out 3001 VC label 4000 Eth/10 VLAN/100 Eth/10 VLAN/100? VCID In Out 3001 VC label 4000 Eth/10 VLAN/100 Eth/10 VLAN/100 2000 10.0.0.1 PE1 Tunnel LSP 10.0.0.2 PE2 VLAN/200 Eth/20 CE2 가 PE2의 Configuration Ethernet port 20에 Interface: Eth/20 VLAN/200 VLAN ID 200의 VC ID (=L2-FEC): 3001 Ethernet circuit에 Map Eth/20 VLAN/200 VCID 3001 붙어있다. VC label: 2000 로보내려면 Peer Router: 10.0.0.1 Label 2000을붙여서 Targeted LDP 보내라 VCID In Out 3001 VC label 2000 Eth/20 VLAN/200 Eth/20 VLAN/200? PW = VLL VLAN/100 Eth/10 vc2000 vc4000 VLAN/200 Eth/20 VCID In Out 3001 VC label2000 Eth/20 VLAN/200 Eth/20 VLAN/200 4000 A PW (2 VC lsps) setup! Eth-Frame Eth-Frame 2000 100 L2H Eth-Frame 17

18 End-to-end Frame Flow Outer Ethernet Header Label stack Original 802.1q frame DA d SA c E-type Tunnel VC (0x8847) label (30) label (25) DA B SA A E-type 802.1p/q (0x8100) (2/100) E-type (0x0800) L3 PDU (IP packet) DA b SA a E-type Tunnel (0x8847) label(5) VC label(25) DA B SA A E-type 802.1p/q (0x8100) (2/100) E-type (0x0800) L3 PDU (IP packet) VLAN tagging DA B SA A E-type (0x8100) 802.1p/q (2/100) E-type (0x0800) L3 PDU (IP packet) DA B A SA A E-type L3 PDU (0x0800) (IP packet) Customer 2, CPE (L2) L2 SW VLAN ID outgoing port B 100 1 1 802.1q STP i-ler 4 a 1 LSR Port VLAN ID outgoing port Tunnel Label VC label Label 2 100 4 5 25 2 b DA f MPLS (Metro or WAN) 3 c SA e 1 d E-type VC DA (0x8847) label (25) B LSR e f 4 4 1 DA B e-ler 6 SA A SA A E-type 802.1p/q (0x8100) (2/100) E-type 802.1p/q (0x8100) (2/100) DA B SA A E-type (0x0800) E-type (0x0800) L3 PDU (IP packet) E-type L3 PDU (0x0800) (IP packet) L3 PDU (IP packet) Incoming port Tunnel Label outgoing port Tunnel Label 1 5 3 30 Incoming port Tunnel Label outgoing port 1 30 3 L2 SW Customer 2, CPE (L2) B Statically pre-configured Or Dynamic signaling Incoming port VC Label outgoing port 1 25 4 VLAN ID outgoing port B 100 6

address learning problem 해결 DA B A DA b SA A Outer Ethernet Header SA a E-type Tunnel (0x8847) label(5) DA B E-type L3 PDU (0x0800) (IP packet) Customer 2, CPE (L2) SA A L2 SW VLAN ID outgoing port B 100 1 Label stack 1 VC label(25) VLAN tagging E-type (0x8100) 802.1q STP 802.1p/q (2/100) E-type 802.1p/q (0x8100) (2/100) E-type (0x0800) Ingress LER은 Ethernet망에서들어오는 Frame을 {Physical port and 802.1q VLAN ID} 값만참조하여어느 VC-LSP로포워딩할것인지를판단한다. 따라서, Egress LER쪽의가입자 Statically pre-configured Or Dynamic signaling DA B SA A Original 802.1q frame L3 PDU (IP packet) i-ler E-type (0x0800) 4 a DA d SA c L3 PDU (IP packet) 1 LSR Port VLAN ID outgoing port Tunnel Label VC label Label 2 100 4 5 25 Incoming port Tunnel Label outgoing port 의 address를학습하지않는다. 2 b E-type Tunnel VC DA (0x8847) label (30) label (25) B DA f MPLS (Metro or WAN) 3 c Tunnel Label 1 5 3 30 Incoming port Tunnel Label outgoing port 1 30 3 Incoming port VC Label SA e 1 25 4 1 d E-type VC DA (0x8847) label (25) B LSR e f 4 4 1 L2 SW DA B e-ler 6 SA E-type 802.1p/q E-type L3 PDU A (0x8100) (2/100) (0x0800) (IP packet) Metro ( 또는 WAN) core의 LSR들은단지 Tunnel Label값만보고 MPLS frame을포워딩한다. 따라서 Metro core에서는가입자측의 address를학습할필요가없다. 4 SA A SA A E-type 802.1p/q (0x8100) (2/100) E-type 802.1p/q (0x8100) (2/100) DA B SA A E-type (0x0800) E-type (0x0800) L3 PDU (IP packet) E-type L3 PDU (0x0800) (IP packet) L3 PDU (IP packet) Customer 2, CPE (L2) B Egress LER은 VC label값만을이용하여 outgoing 포워딩 port 결정을 VLAN 내린다 ID outgoing. port 따라서, 가입 B 100 6 자측의 address를학습하지않아도된다. 19

20 TLS Service using VLL CPE Device handles Switching 본사에있는 Router 가모든지사간의 Data forwarding 을책임진다. 지사 CPE 는스위치여도되고라우터여도 된다. Customer 1 HQ site Router One subnet for each remote site UT Subnet 1 L2 CPE Customer 1 T MPLS UT Subnet 2 L2 CPE Customer 1

21 VPLS (Virtual Private LAN Service) Martini-draft 는 Point-to-point Ethernet L2 VPN service 를 MPLS 망상으로제공하는방법을기술 Martini-draft 는 Point-to-MultiPoint transport 를지원하지않는다. Ingress LER 은 Physical port, VLAN ID or Physical port+vlan ID 를보고해당 Egress LER 로라우트된 VC-LSP 로매핑시킨다. 즉, VC-LSP 에관련된 Egress LER 에연관된 address 를학습하지않는다. Forwarding simplicity. No scalability concern VPLS 란? VPLS (Virtual Private LAN Segment): SP 의 MPLS or IP 망상으로한 Customer 의여러 Sites 간에형성된하나의 L2 Broadcast Domain VPLS (Virtual Private LAN Service) SP 가 VPLS 를제공해주어 customer 의여러 Sites 간에 Point-to-MultiPoint 통신을가능케해주는서비스. L2 Broadcast Domain, Many-to-Many Transparent to Customer (I.e. PE based): TLS (Transparent LAN Switching) Service 라고도함. References Draft-lasserre-vkompella-ppvpn-vpls-02.txt, June 2002 Draft-ietf-ppvpn-vpls-requirements-00.txt, March 2002

22 Broadcast Domain L2 Switch (Bridge) VLAN blue L2 Switch (Bridge) VLAN red L2 Switch (Bridge) 1 2 3 4 5 1 2 3 4 5 1 2 3 Broadcast Domain BD1 BD2 BD1 Unknown frame 이나 Broadcast frame 이모든단말로 Broadcast 된다. - Broadcast Storming (LAN 성능저하, normal unicast frame 대역 ) - Security VLAN 을도입하여 Broadcast Domain 을 segmentation Unknown frame 이나 Broadcast frame 이 VLAN 안에서만포워딩되고다른 VALN (BD) 으로는전달되지않는다. 다른 VLAN 으로전달될때는 Router (L3) 를경우한다. VLAN blue 에속한멤버들은마치자신들만 L2 switch (a single Broadcast Domain 을가진 ) 에연결되어있다는생각한다.

23 Concept of VPLS service VLAN blue L2 Switch (Bridge) VLAN red Customer 의 CPE devices 들은마치자신이하나의 L2 switch 에연결되어있고하나의 L2 broadcast domain 내에있는것처럼생각한다. 1 2 3 4 5 BD1 BD2 Customer A L2 Switch Customer A Customer B 이 VPLS 를통해 PTMP Service 가자연스럽게제공됨 VPLS MPLS Network (MAN/WAN) Customer B Customer A

24 이를위해 PE Router 는 per-lsp-basis 로 destination address 를학습해야한다. 그래야 로보낼것인지, 로보낼것인지를판단할수있다. address 를학습하기위해서는 Unknown frame 과 Broadcast frame 을 VPLS(Segment) 에속한모든 PE 에게 Broadcast 할수있어야한다. Frame replication at Ingress LER(PE) Across all VC LSPs That are part of VPLS VPLS 별로 VPLS Forwarding table (VPN Identifier, LSP, ) 를따로관리해야한다. 일단 Destination address 가 Ingress LER 에서학습되면바로해당 VC-LSP 를통해 frame 을전달한다.

25 address Learning PE Router 는 unknown frame 이나 Broadcast frame 을 VPLS 에속한모든 Outgoing VCs 상으로 broadcast 한다. 한 VPLS 내의모든 PE 는 Full-mesh connectivity 를갖는다. PE 라우터는 inbound VC-LSP 상으로 frame 이들어오면이 frame 의 adress 를학습하고이를 outbound VC-LSP 의연관시킨다.( 등록한다 )

26 VPLS CE2 PE2 PE5 P P PE3 PE1 PE4 CE3 M4

27 VPLS: Control Plane (1) 1. Operator 는, 2, 3 이연결되어있는 PE1, PE2, PE3 간에 full-mesh 로 VPLS instance 를하나생성한다. 이 VPLS instance 에는하나의 unique VCID 가할당된다. 1.1 각 PE 는 Targeted LDP session 을통해 downstream-unsolicited mode 로 vc-label 을배포한다. 즉, VPLS 에관한 label 값을 egress LER 이할당하여이를 ingress LER 에게바로배포한다. Martini-signaling (Targeted LDP/DU mode) Control Plane Use vc-label 102 for VCID 1000 when sending to me ( 나한테보낼때, vc-label 102 를써서보내!) CE2 PE2 VCID 1000 vc label 102 PE1 VCID 1000 vc label 103 PE3 CE3 Use vc-label 103 for VCID 1000 when sending to me ( 나한테보낼때, vc-label 103 를써서보내!)

28 VPLS: Control Plane (2) 1.1 VPLS 1000 을위한 vc-lsp 102 와 vc-lsp 103 생성됨. CE2 PE2 VCID 1000 vc label 102 PE1 VCID 1000 vc label 103 PE3 CE3 VC-lsp setup (created) vc label 102 PE1 CE2 PE2 vc label 103 PE3 Eth/30 CE3

29 VPLS: Control Plane (3) Martini-signaling (Targeted LDP/DU mode) CE2 PE2 VCID 1000 vc label 201 VCID 1000 vc label 203 PE1 VCID 1000 vc label 301 VCID 1000 vc label 302 PE3 CE3 A VPLS (VCID=1000) is setup A VPLS for Customer A is setup between PE1, PE2 and PE3 VCID 1000, p3/vc-lsp201, p4/vc-lsp301 VCID 1000, p1/vc-lsp102, p2/vc-lsp302 p1 p3 PE1 p4 CE2 PE2 p2 p5 p6 PE3 CE3 VCID 1000, p5/vc-lsp103, p6/vc-lsp203

30 VPLS: Data Plane (1) Data Plane 1. PE2에 Port 20을통해 Ethernet frame이들어오면, PE2는 frame이들어온물리적인 Port ( 또는 Port + VLAN ID) 를통해이 frame이 VPLS 1000에속한프레임을알아낸다. : Port or (Port + VLAN ID) VPLS ID/FIB CE2 IP SA DA Interface PE2 p2 P1/vc-lsp102 P2/vc-lsp302 p1 p6 p3 PE3 PE1 p4 PE4 p5 CE3 IP Ethernet frame Source address Destination address

31 VPLS: Data Plane (2) 1.1 Source learning: PE2 는도착한프레임의 source address 를학습하여 SA= 를 VPLS 1000 의 FIB(Forwarding Information Base) 의 에등록한다. IP p1 p3 PE1 p4 CE2 PE2 p2 PE4 p5 Interface p6 PE3 CE3 P1/vc-lsp102 P2/vc-lsp302

32 VPLS: Data Plane (3) 1.2 Destination lookup: VPLS 1000의 FIB를 lookup한다. Destination = 이 FIB entry에없으면 ( 즉, 학습이되어있지않으면-Unknown frame이면 ), VPLS 1000 에속한모든 PE로프레임을 flooding한다. 즉, 도착한프레임을복제 (replication) 하여 p1/vc-lsp102를통해 PE1으로, p2/vc-lsp 302를통해 PE3로전달한다. ( 물론 PE4로는전달하지않는다.) 이때 vc-label과 tunnel label을부착하여전달한다. CE2 IP IP IP 102 Tunnel Label L2H PE2 p2 p1 302 Tunnel Label L2H p6 p3 PE3 PE1 p4 PE4 p5 CE3 Interface P1/vc-lsp102 P2/vc-lsp302 IP 102 Tunnel Label L2H VC Label (Demultiplexor) Tunnel Label Transport Header MPLS frame

33 VPLS: Data Plane (4) 2. Core LSRs (P Routers): PW상의모든 LSR들은 Outer label (Tunnel label) 값만참조하여해당 PE까지프레임을전달한다 (label swapping). LSR들은 Tunnel label값만참조하여포워딩하기때문에현재자기가포워딩하고있는프레임들이어느 VPLS에속한프레임인지는모른다. CE2 IP Interface PE2 p2 P1/vc-lsp102 P2/vc-lsp302 IP p1 102 Tunnel Label L2H 302 Tunnel Label L2H p6 p3 PE3 PE1 p4 PE4 p5 CE3

34 VPLS: Data Plane (5) 3. PE2 (Egress LER): PE2는도착한프레임의 vc-label값을참조하여이프레임이어느 VPLS에속한프레임인지를알아낸다 ( 이예에서는 VPLS 1000에속한프레임임을알게된다 ). : vc-label lookup VPLS ID/FIB Interface P3/vc-lsp201 P4/vc-lsp301 IP 102 Tunnel Label L2H p1 p3 PE1 p4 CE2 PE2 p2 IP 302 Tunnel Label L2H p6 PE3 PE4 p5 CE3

35 VPLS: Data Plane (6) 3.1 Source learning: 도착한 MPLS 프레임의 label를제거 (POP) 하고이더넷프레임의 source address를학습한다. PE1은 가 vc-label 102를통해서왔으므로 가 PE2뒤에있음을알게된다. 따라서, 를 vc-label201 인터페이스에학습시킨다. PE3도동일한동작을수행한다. Interface P3/vc-lsp201 P4/vc-lsp301 p1 IP 102 Tunnel Label L2H p3 PE1 p4 CE2 PE2 p2 IP 302 Tunnel Label L2H p6 PE3 PE4 p5 CE3 Interface P5/vc-lsp103 P6/vc-lsp203

VPLS: Data Plane (7) 3.2 Destination lookup: DA=이 VPLS 1000의 FIB에학습이되어있지않으므로 VPLS 1000에속한모든 Port로이더넷프레임을 flooding한다 ( 이예에서는 으로만전달된다 ). 이때 loop 방지를위해 vc-lsp에서온프레임은 VPLS에속한다른 vclsp로 flooding하지않는다. (split-horizon rule). 즉, P4/vc-lsp301로는 flooding하지않는다. Interface P3/vc-lsp201 P4/vc-lsp301 p1 p3 PE1 IP p4 CE2 PE2 p2 PE3 PE4 p5 p6 IP CE3 Interface P5/vc-lsp103 P6/vc-lsp203 36

37 VPLS: Data Plane (8) 4. reply: 의 station 1 이 reply 를하여 DA=, SA= 인이더넷프레임을 PE1 으로전달한다. Interface P3/vc-lsp201 P4/vc-lsp301 p1 p3 PE1 p4 IP CE2 PE2 p2 p5 PE4 p6 PE3 CE3 Interface P5/vc-lsp103 P6/vc-lsp203

38 VPLS: Data Plane (9) 5. PE1 에 Port 10 을통해 Ethernet frame 이들어오면, PE1 는 frame 이들어온물리적인 Port ( 또는 Port + VLAN ID) 를통해이 frame 이 VPLS 1000 에속한프레임을알아낸다. Interface P3/vc-lsp201 P4/vc-lsp301 p1 p3 PE1 IP p4 CE2 PE2 p2 p5 PE4 p6 PE3 CE3 Interface P5/vc-lsp103 P6/vc-lsp203

39 VPLS: Data Plane (10) 5.1 Source learning: PE1 는도착한프레임의 source address 를학습하여 SA= 를 VPLS 1000 의 FIB(Forwarding Information Base) 의 에등록한다. Interface P3/vc-lsp201 P4/vc-lsp301 p1 p3 IP PE1 p4 CE2 PE2 p2 p5 PE4 p6 PE3 CE3 Interface P5/vc-lsp103 P6/vc-lsp203

40 VPLS: Data Plane (11) 5.2 Destination lookup: PE1은이더넷프레임의 destination address를 VPLS 1000의 FIB에서 Lookup한다. 가학습되어있으므로 P3/vc-lsp201을통해프레임을전달한다. Interface P3/vc-lsp201 P4/vc-lsp301 p1 p3 PE1 IP p4 CE2 PE2 p2 PE3 p5 PE4 p6 CE3 Interface P5/vc-lsp103 P6/vc-lsp203

41 VPLS: Data Plane (12) 6. PE2 는 SA= 을학습하여 FIB entry(p1/vc-lsp102) 에등록하고, DA= 는학습이되어있으므로 port 를통해포워딩한다. Interface P3/vc-lsp201 P4/vc-lsp301 IP p1 p3 PE1 p4 CE2 PE2 p2 Interface P1/vc-lsp102 P2/vc-lsp302 PE3 p5 PE4 p6 CE3 Interface P5/vc-lsp103 P6/vc-lsp203

42 VPLS: Data Plane (13) 7. 몇번의 Unknown frame 들이 flooding 방식으로오고가면, 각 PE 의 VPLS 1000 의 FIB table 은아래와같이 entry 들이등록되게된다. Interface P3/vc-lsp201 P4/vc-lsp301 p1 p3 PE1 p4 CE2 PE2 p2 Interface P1/vc-lsp102 P2/vc-lsp302 PE3 p5 PE4 p6 CE3 Interface P5/vc-lsp103 P6/vc-lsp203

43 VPLS: Data Plane (14) 8. 이후의프레임전달과정은 destination address가모두학습되어있으므로 flooding되지않고바로 unicast로포워딩된다. 몇번의 Unknown frame들이 flooding 방식으로오고가면, 각 PE의 VPLS 1000의 FIB table은아래와같이 entry들이등록되게된다. Interface P3/vc-lsp201 P4/vc-lsp301 IP CE2 PE2 p2 Interface P1/vc-lsp102 P2/vc-lsp302 p1 p3 PE1 p4 PE4 p5 p6 IP PE3 CE3 Interface P5/vc-lsp103 P6/vc-lsp203

VPLS: Data Plane (15) M4 CE2 Eth21 PE2 Interface P1/vc-lsp102 P2/vc-lsp302 FIB for VPLS 2000 M4 M5 M6 M7 Interface Eth21 P1/vc-lsp12 P2/vc-lsp32 P2/vc-lsp32 p2 Interface P3/vc-lsp201 P4/vc-lsp301 FIB for VPLS 2000 Interface M5 Eth11 M4 P3/vc-lsp21 M6 P4/vc-lsp31 M7 P4/vc-lsp31 p1 p6 p3 PE3 PE1 p5 p4 Eth11 Interface P5/vc-lsp103 P6/vc-lsp203 FIB for VPLS 2000 Interface M6 Eth31 M7 Eth31 M5 P5/vc-lsp13 M4 P6/vc-lsp23 CE3 CE2 M5 CE3 M6 M7 44

VPLS: Data Plane (16) M4 CE2 CE2 IP IP M4 M5 Eth21 PE2 Interface P1/vc-lsp102 P2/vc-lsp302 FIB for VPLS 2000 M4 M5 M6 M7 Interface Eth21 P1/vc-lsp12 P2/vc-lsp32 P2/vc-lsp32 p2 Interface P3/vc-lsp201 P4/vc-lsp301 FIB for VPLS 2000 Interface M5 Eth11 M4 P3/vc-lsp21 M6 P4/vc-lsp31 M7 P4/vc-lsp31 IP p1 p6 p3 PE3 PE1 p5 p4 Eth11 IP Interface P5/vc-lsp103 P6/vc-lsp203 FIB for VPLS 2000 Interface M6 Eth31 M7 Eth31 M5 P5/vc-lsp13 M4 P6/vc-lsp23 M4 M5 CE3 M5 M6 M7 45

46 VPLS 1. VPN 에속한 Sites 와연결되어있는 PE Router 들간에 VCs full-mesh 를생성한다. 2. 각 PE Router 에 VPN 정보를등록한다. A VPN 에속한 VCs 과 Ethernet port or VLAN ID 를하나의 VPN ID 로등록한다. 3. PE Router 는 VPN 에속한 address( 자신쪽과 Egress 쪽 ) 를학습한다. 4. Source address learning 과정은 802.1D 방식으로수행되는데, 한가지차이점은 Ethernet frame 을받은 Port 뿐만아니라 Outbound VC-Label 값까지학습한다는점이다. 5. 초기에 Unknown frame 이 PE 라우터로들어오면 VPN 에속한모든 PE 라우터로 Flooding 하고이후 Destination address 가학습되면해당 PE 로만 frame 을포워딩한다. 6. P 라우터는 Tunnel Label 을이용해 Label swapping 방식으로프레임을스위칭하므로 address learning 을할필요가없다. 7. PE 라우터는모든 PE 에연관된 address 를다학습하는것은아니고 VPN 이설정된 PE 에연관된 address 만학습한다. 8. PE 라우터는통상적인 L2 Switch 와달리 MPLS 망내에서 STP 를돌리지않는다. 망복구는 MPLS 의 Protection 능력을이용한다. 9. 1 에서언급한바와같이, 하나의 VPN 에속한모든 PE 들간에는 VCs 이 Full-mesh 로생성한다. 즉, 모든 PE 에서다른 PE 로는 1HOP 으로전달된다. 이때 Split-Horizon forwarding rule 을적용하여 loop 를방지한다. 10. Split-Horizon forwarding rule: VC-to-another VC 포워딩을금지

47 Summary