Understanding Basic 802.1ah Provider Backbone Bridge
Available Languages
Contents
Introduction
This document describes functioning of basic Provider Backbone Bridge technology (PBB). It uses Multi Spanning Tree (MST) in the core network for loop avoidance.
Prerequisites
Requirements
Cisco recommends that you have basic knowledge of MST and VPLS (Virtual Private Lan Service).
Components Used
This document is not restricted to specific software and hardware versions. The information in this document was created using Aggregation Services Router 9000 (ASR9K) devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration.
IEEE 802.1ah Provider Backbone Bridging Overview
The Institute of Electrical and Electronics Engineers (IEEE) 802.1ah PBB feature encapsulates or decapsulates end-user traffic on a Backbone Edge Bridge (BEB) at the edge of the Provider Backbone Bridged Network (PBBN). PBB provides scalability to configure higher number of service instances in network. PBB encapsulates customer's network into 802.1ah headers. These encapsulated packets are exchanged using unique and manually configured backbone address in core network. This obviates the need for backbone core bridges to learn all MAC addresses of every customer and hence adding to scalability. In order to understand technology behavior, it is important to understand meaning of some terminologies that will be frequently used in this document.
Terminologies Used
This document will be frequently using some terminologies associated with PBB. These are listed below with brief explanation.
B-MAC : All the bridges(routers) in backbone network are manually configured with a unique MAC address. These MAC addresses are used in forwarding base to identify which remote BEB
should customer traffic be forwarded to.
B-SA : Denotes backbone MAC address of source bridge.
B-DA : Denotes backbone MAC address of destination bridge.
BEB : Backbone edge bridge is the router that faces customer edge node.
BCB : Backbone core bridge is transit node in provider's core network that switches frame towards destination.
B-VID : Vlan that carries PBB encapsulated customer traffic within core.
I-SID : Represents a unique service identifier associated with service instances.
B-Tag : Contains backbone vlan(B-VLAN) id information.
I-Tag : Contains I-SID value and helps destination BEB router to determine which I-Component or service instance should the traffic be forwarded to.
S-VID : Vlan that receives customer traffic and is called Service Vlan identifier(S-VID).
C-VID : Vlan tag received in customer's frame. This remains intact while it encapsulated and transported across provider network.
C-SA : Original source MAC address of customer's frame.
C-DA : Original destination MAC address of customer's frame.
Note: C-VID, C-SA and C-DA and payload that constitute customer frame os never changed in PBB network.
PBB Components
The IEEE 802.1ah provides a framework to interconnect several provider bridged networks, often called as PBNs. It provides means to scale the service Vlans in provider’s network. PBB network comprises of two main components called as I-Component & B-Component.
I-Component: This component resides on BEB (Backbone Edge Nodes) routers and faces customer network. It is responsible for handling customer traffic and adding a PBB header to it. I-Component maintains important mapping information:
- It maintains mapping between S-VID and I-SID
- It maintains customer mac (C-DA) to bridge backbone mac address (B-DA) mapping.
I-Component Configuration: The two components are defined in the form of different l2vpn bridge group and domain.
l2vpn
bridge group I-Comp-Grp
bridge-domain I-Comp-Dmn
interface GigabitEthernet X.Y // X= Attachment Circuit; Y= S-VID
!
pbb edge i-sid <Z> core-bridge B-Comp-Dmn // Z= I-SID value
!
!
!
!
B-Component: This component is responsible for forwarding traffic in the core network. It maintains a database of B-MACs and the interfaces they are learnt from. This information is used by forwarding engine to select an egress path for outgoing traffic to other remote BEBs.
B-Component Configuration:
l2vpn
bridge group B-Comp-Grp
bridge-domain B-Comp-Dmn
interface GigabitEthernet <> // Adds an interface to a bridge domain that allows packets to be
// forwarded and received from other interfaces that are part of the same bridge domain.
pbb core
rewrite ingress tag push dot1ad <B-VID> symmetric // Defines backbone vlan id for core
!
!
!
!
B-MAC configuration: Every router in PBB environment is identified by a unique MAC address. These backbone MAC addresses are used in 802.1ah encapsulations to forward traffic in B-VID.
l2vpn
pbb
backbone-source-mac XXXX.YYYY.ZZZZ
!
!
Layer 2 loop avoidance protocol
The two components of PBB receive customer traffic and encapsulate it in 802.1ah. This encapsulate frame uses backbone vlan to reach its destination. Which backbone vlan will be used to forward the traffic is decided by the B-VID value configured in B-Component bridge-domain. All layer 2 networks are prone to loops and hence provider’s core requires loop avoidance protocols to check this. This scenario will utilize Multi Spanning Tree(MST)
802.1ah encapsulation
The below picture describes the two components present on a BEB router. It shows the headers that are imposed on the customer traffic. Original customer traffic received with 802.1q tag is further imposed with 802.1ad and 802.1ah encapsulations before it is finally set into core network for forwarding.
Diag 1
Configure
Network Diagram
Diag. 2
Configurations
PBB requires both 'I' and 'B' component to be configured on BEB (customer facing) nodes. BCB (core router) that does not connect to any customer end router only requires B component.
PBB Configuration
// Below is BEB-1 configuration. Similar configuration applies to other BEBs.
// B-MAC Configuration
l2vpn
pbb
backbone-source-mac 000a.2500.0001
!
!
//I-Component Configuration
l2vpn
bridge group I-Comp-Grp
bridge-domain I-Comp-Dmn
interface GigabitEthernet0/0/0/12.554
!
pbb edge i-sid 5554 core-bridge B-Comp-Dmn
!
!
!
!
//B-Component Configuration
l2vpn
bridge group B-Comp-Grp
bridge-domain B-Comp-Dmn
interface Bundle-Ether2.1506
!
pbb core
rewrite ingress tag push dot1ad 1506 symmetric
!
!
!
!
Likewise BCB-1, BEB-2, BCB-2 also uses similar structure of configuration.
MST Configuration:
Below is a structure of MST configuration used on all BEBs & BCBs. In this test scenario, B-VID falls in instance 1 of all the four routers. MST provides a loop free layer 2 path between core and edge routers. Node required to be root bridge needs to be set with lower priority.
++Snipped output++
spanning-tree mst <name>
name <name>
maximum age <value>
revision <rev. no.>
provider-bridge
instance 1
vlan-ids 1505-1507
priority 4096
interface Bundle-Ether1
instance 1 cost 10000
interface Bundle-Ether11
instance 1 cost 20000
How PBB works?
Unicast Traffic Forwarding
This scenario discusses the case where traffic received from customer is destined to a unicast destination MAC address. Below is the profile of traffic considered for this scenario.
Table 1
Encapsulation at source (BEB-1)
- Customer Edge (CE) node forwards the traffic towards BEB-1. This traffic has source and destination MAC addresses as 0000.0000.1111 and 0000.0000.2222 respectively.
- Traffic is received in Vlan ID 554 (S-VID) on interface GigabitEthernet0/0/0/12.554 which is a part of I-Comp-Dmn.
- The I-Component of PBB receives this traffic and looks up forwarding base mapping for customer's destination MAC address 0000.0000.2222 .
RP/0/RSP0/CPU0:BEB-1#show l2vpn forwarding bridge-domain I-Comp-Grp:I-Comp-Dmn mac-address location 0/0/cpu0
Mac Address Type Learned from/Filtered on LC learned Resync Age/Last Change Mapped to
-------------- ------- --------------------------- ---------- ---------------------- --------------
0000.0000.1111 dynamic Gi0/0/0/12.554 0/0/CPU0 29 Nov 11:16:11 N/A
0000.0000.2222 dynamic BD id: 24 0/0/CPU0 29 Nov 11:18:41 a000.7500.0001
e0ac.f15f.8a8b routed BD id: 24 N/A N/A N/A
4. I-Component has an entry for destination MAC address 0000.0000.2222 and it is found to be mapped to ' backbone address a000.7500.0001'. This lookup provides the necessary B-MAC (backbone MAC) needed to build the frame.
5. I-Component encapsulates customer frame with necessary fields like I-SID, B-SA, B-DA, S-VID etc. and passes it down to B-Component for forwarding.
6. B-Component performs a lookup for B-DA and determines the egress interface to forward traffic.
RP/0/RSP0/CPU0:BEB-1#show l2vpn forwarding bridge-domain B-Comp-Grp:B-Comp-Dmn mac-address location 0/0/cpu0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location <r/s/i>
Mac Address Type Learned from/Filtered on LC learned Resync Age/Last Change Mapped to
-------------- ------- --------------------------- ---------- ---------------------- --------------
a000.7500.0001 dynamic BE2.1506 0/RSP0/CP 29 Nov 11:20:41 N/A
000a.2500.0001 S-BMAC BD id: 19 N/A N/A N/A
7. Destination B-MAC address 'a000.7500.0001' has a loop free path via BE2.1506 which is used to set traffic into core network.
Forwarding traffic in core (BCB-1)
1. Transit node BCB-1 receives 802.1ah encapsulated frame in its B-Component based on B-VID 1506. It performs the lookup and switches the traffic forward via interface BE11.1506
RP/0/RSP0/CPU0:BCB-1#show l2vpn forwarding bridge-domain B-Comp-Grp:B-Comp-Dmn mac-address location 0/0/cpu0
Mac Address Type Learned from/Filtered on LC learned Resync Age/Last Change Mapped to
-------------- ------- --------------------------- ---------- ---------------------- --------------
000a.2500.0001 dynamic BE2.1506 0/RSP0/CP 29 Nov 11:57:28 N/A
a000.7500.0001 dynamic BE11.1506 0/RSP0/CP 29 Nov 11:56:28 N/A
a000.3500.0001 S-BMAC BD id: 12 N/A N/A N/A
Decapsulation at destination(BEB-2)
1. Destination BEB-2 receives the traffic. It performs a lookup based on I-SID to determine associated I-Component/service instance. In this case, lookup provides with 'I-Comp-Dmn'. The 802.1ah header is then stripped and traffic is sent to associated service instance.
2. A MAC lookup for customer’s destination address 0000.0000.2222 is done to determine the attachment circuit this frame needs to be sent out from. In this case, traffic is forward to customer CE via attachment circuit 'Gi0/0/0/12.554'.
RP/0/RSP0/CPU0:9001-80A#show l2vpn forwarding bridge-domain I-Comp-Grp:I-Comp-Dmn mac-address location 0/0/cpu0
Mac Address Type Learned from/Filtered on LC learned Resync Age/Last Change Mapped to
-------------- ------- --------------------------- ---------- ---------------------- --------------
0000.0000.2222 dynamic Gi0/0/0/12.554 0/0/CPU0 29 Nov 18:58:40 N/A
0000.0000.1111 dynamic BD id: 26 0/0/CPU0 29 Nov 18:59:10 000a.2500.0001
8478.ac46.fb38 routed BD id: 26 N/A N/A N/A
802.1ah Encapsulated Packet View (Unicast traffic)
Below is a packet level view of encapsulated customer frame. It has same values/profiles as listed above in Table 1. Every PBB packet is an encapsulated combination of 802.1q , 802.1ah and 802.1ad. These ether-types can be seen in packet HEX dump.
0x88a8 - 802.1ad
0x88e7 - 802.1ah
0x8100 - 802.1q
Frame 1: 512 bytes on wire (4096 bits), 512 bytes captured (4096 bits)
// Source and destination backbone MACs
Ethernet II, Src: CeragonN_00:00:01 (00:0a:25:00:00:01), Dst: a0:00:75:00:00:01 (a0:00:75:00:00:01)
// MAC addresses in original customer frame are intact in encapsulation.
IEEE 802.1ah, B-VID: 1506, I-SID: 5554, C-Src: 00:00:00_00:11:11 (00:00:00:00:11:11), C-Dst: 00:00:00_00:22:22 (00:00:00:00:22:22)
B-Tag, B-VID: 1506
000. .... .... .... = Priority: 0
...0 .... .... .... = DEI: 0
.... 0101 1110 0010 = ID: 1506
I-Tag, I-SID: 5554
C-Destination: 00:00:00_00:22:22 (00:00:00:00:22:22)
C-Source: 00:00:00_00:11:11 (00:00:00:00:11:11)
Type: 802.1Q Virtual LAN (0x8100)
// S-VID
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 554
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0010 0010 1010 = ID: 554
Type: IPv4 (0x0800)
//Payload
Internet Protocol Version 4, Src: 10.0.0.1, Dst: 10.0.0.2
Internet Control Message Protocol
Unknown unicast, multicast & broadcast Traffic Forwarding
Above scenario described a case where ‘I-Comp-Dmn’ bridge domain already had an S-DA to B-DA mapping. Therefore, router already knew which remote BEB to send next frame to before even it arrived.
Mac Address Type Learned from/Filtered on LC learned Resync Age/Last Change Mapped to
-------------- ------- --------------------------- ---------- ---------------------- --------------
0000.0000.1111 dynamic Gi0/0/0/12.554 0/0/CPU0 29 Nov 11:16:11 N/A
0000.0000.2222 dynamic BD id: 24 0/0/CPU0 29 Nov 11:18:41 a000.7500.0001
Customer traffic can be multicast, broadcast or unknown unicast. Destination MAC address of such a traffic is not mapped to any particular remote BEB and hence sender/encapsulating BEB does not know which remote BEB to send this traffic to. This example uses broadcast traffic in the form of ARP to explain how PBB handles such traffic. For this case, two customer host machines are considered to have newly joined network in same broadcast domain on different BEBs. Before these two machines begin to send any packets, they need to send a broadcast ARP request at destination MAC address ffff.ffff.ffff to learn each other's MAC addresses. When source encapsulating BEB receives an ARP request, it determines by looking at the destination MAC address of received frame that it is broadcast traffic.
A special group MAC is used for the backbone destination MAC (B-DA) when handling an unknown unicast, multicast or broadcast frame. This backbone group MAC is derived from the I-service instance identifier (ISID) using following rule.
The ARP request is received by ingress BEB, which encapsulates it in an 802.1ah frame with special B-DA derived as explained above. This frame is then received by core routers (BCBs). Core BCBs forward this frame to all BEBs using same B-VID (1506). When this encapsulated frame is received by remote BEBs, they check the I-SID to determine asociated service instance corresponding to it. Once I-Component (or bridge domain associated with I-SID) is identified, a look up is donw for customer's MAC address to determine the attachment circuit to forward the traffic out. In below scenario, host 10.0.0.20 is behind BEB-4 and it responds with an ARP reply. Other network devices behind BEB-2 and BEB-3 receive ARP request and ignore.
802.1ah Encapsulated Packet View (Broadcast traffic)
Below is a packet level view of broadcast traffic from CE getting encapsulated using special B-DA adress.
Frame 1: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits)
// Use of special derived B-DA
Ethernet II, Src: CeragonN_00:00:01 (00:0a:25:00:00:01), Dst: Lan/ManS_00:15:b2 (01:1e:83:00:15:b2)
Destination: Lan/ManS_00:15:b2 (01:1e:83:00:15:b2)
Source: CeragonN_00:00:01 (00:0a:25:00:00:01)
Type: 802.1ad Provider Bridge (Q-in-Q) (0x88a8)
IEEE 802.1ah, B-VID: 1506, I-SID: 5554, C-Src: 00:00:00_00:11:11 (00:00:00:00:11:11), C-Dst: Broadcast (ff:ff:ff:ff:ff:ff)
B-Tag, B-VID: 1506
000. .... .... .... = Priority: 0
...0 .... .... .... = DEI: 0
.... 0101 1110 0010 = ID: 1506
I-Tag, I-SID: 5554
C-Destination: Broadcast (ff:ff:ff:ff:ff:ff)
C-Source: 00:00:00_00:11:11 (00:00:00:00:11:11)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 554
Address Resolution Protocol (request)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (1)
Sender MAC address: 00:00:00_00:11:11 (00:00:00:00:11:11)
Sender IP address: 10.0.0.10
Target MAC address: 00:00:00_00:12:34 (00:00:00:00:12:34)
Target IP address: 10.0.0.20
Verify
To verify PBB, check participating components i.e. MST, I-Component & B-Component.
1. Status of bridge domains and attachment circuits can be determied using following commands on all the nodes in path. Below verification uses BEB-1 as an example.
RP/0/RSP0/CPU0:BEB-1#show l2vpn bridge group I-Comp-Grp bd-name I-Comp-Dmn
Legend: pp = Partially Programmed.
Bridge group: I-Comp-Grp, bridge-domain: I-Comp-Dmn, id: 17, state: up, ShgId: 0, MSTi: 0
Type: pbb-edge, I-SID: 5554
Aging: 300 s, MAC limit: 150, Action: limit, no-flood, Notification: syslog, trap
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 0, PWs: 0 (0 up), PBBs: 1 (1 up), VNIs: 0 (0 up)
List of PBBs:
PBB Edge, state: up, Static MAC addresses: 0
List of ACs:
Gi0/0/0/12.554, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
2. Verify if the customer destination MAC address is learnt in I-Component (I-Comp-Dmn) using following command.
RP/0/RSP0/CPU0:BEB-1#show l2vpn forwarding bridge-domain I-Comp-Grp:I-Comp-Dmn mac-address location 0/0/cpu0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location <r/s/i>
Mac Address Type Learned from/Filtered on LC learned Resync Age/Last Change Mapped to
-------------- ------- --------------------------- ---------- ---------------------- --------------
0000.0000.1111 dynamic Gi0/0/0/12.554 0/0/CPU0 29 Nov 11:16:11 N/A
0000.0000.2222 dynamic BD id: 24 0/0/CPU0 29 Nov 11:18:41 a000.7500.0001
e0ac.f15f.8a8b routed BD id: 24 N/A N/A N/A
3. Verify if B-Component has forwarding information in its databse for B-DA.
RP/0/RSP0/CPU0:BEB-1#show l2vpn forwarding bridge-domain B-Comp-Grp:B-Comp-Dmn mac-address location 0/0/cpu0
To Resynchronize MAC table from the Network Processors, use the command...
l2vpn resynchronize forwarding mac-address-table location <r/s/i>
Mac Address Type Learned from/Filtered on LC learned Resync Age/Last Change Mapped to
-------------- ------- --------------------------- ---------- ---------------------- --------------
a000.7500.0001 dynamic BE2.1506 0/RSP0/CP 29 Nov 11:20:41 N/A
000a.2500.0001 S-BMAC BD id: 19 N/A N/A N/A
4. Verify if MST in the core layer 2 network is stable and confirm there is a loop free path to reach destination B-DA on nodes in path.
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
09-Mar-2018 |
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)