Skip Headers
Oracle® Communications IP Service Activator VPN User's Guide
Release 7.2

E47719-01
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

6 Setting Up Transparent LAN Services

This chapter describes how to configure Transparent LAN Services (TLS) and transparent VLAN services.

Note:

Multiple Transparent LAN Service technologies exist, such as MPLS-based VPLS and Ethernet switching-based VLANs. Only VPLS is implemented in Oracle Communications IP Service Activator.

About VPLS Service

A VPLS connects separate customer Ethernet LAN segments through an MPLS network. The connection across the network appears to the customer as a single LAN segment.

IP Service Activator supports the encapsulation and transport of layer 2 frames across the VPLS as described in the Lasserre TLS Draft.

Configuration of the VPLS occurs at Provider Edge (PE) devices within an MPLS network. Ethernet frames are mapped to a particular service instance based on a combination of the port on which they arrive at the PE device and, optionally, the 802.1Q tag that has been applied to them. As with other VPN solutions, inner and outer tunnels are used:

Outer tunnels provide a transport mechanism between the PE routers in the VPLS

Inner tunnels, referred to as VC-LSPs, form a full mesh between the PEs in each VPLS instance and are particular to that VPLS.

Multiple VC-LSPs may be carried by a single transport ’outer' LSP.

About VC-LSPs

The Lasserre VPLS solution uses VC-LSPs as defined in the Layer 2 Martini over MPLS Internet drafts. A targeted LDP peering association between two PE devices creates the VC-LSP. The devices exchange information about the Layer 2 protocol that will be carried. In the TLS case, this is either untagged or 802.1Q tagged frames. This exchange also includes information about the VPLS instance of which the VC-LSP forms a part. The Forwarding Equivalence Class (FEC) thus describes Layer 2 information, rather than the more usual IP prefix.

Each PE sends back a VC-LSP label, which is mapped to the FEC. When a frame is received at the PE, it examines its forwarding table and applies the correct VC-LSP label. The correct transport label is then added and the frame is forwarded to the correct destination. At the egress PE router, the VC-LSP label is used to identify the correct Ethernet port over which to forward the enclosed frame.

In Figure 6-1, VC-LSPs are configured for the Customer A VPLS instance between San Francisco, Denver and New York. The VC-LSPs are contained within the transport LSPs that connect these destinations.

Figure 6-1 VC-LSP Configuration

Description of Figure 6-1 follows
Description of "Figure 6-1 VC-LSP Configuration"

Transport LSPs

Transport LSPs are responsible for linking PE routers together. Each VC-LSP must be forwarded to the correct PE by the transport LSP.

802.1Q Support

The IEEE standard 802.1Q describes a VLAN tag that can be applied to an Ethernet frame. The tag value is the VLAN ID, a number assigned to switches in an Ethernet network. Tagged frames can only be forwarded to switches that are configured with the same VLAN ID as the tag. Switches may be in more than one VLAN at a time, connected by trunk ports over which tagged frames are sent. Access ports to the Ethernet network may only be assigned a single VLAN ID. The frames arriving at an access port are untagged.

Mapping Frames to the VPLS

To complete the VPLS service, a mapping must be established between incoming Ethernet frames to the PE and the VC-LSPs that are configured over the MPLS core. This mapping can be:

  • Port based: all frames from a particular port are mapped to the service.

  • VLAN based: all frames with an 802.1Q tag of a given value are mapped to the service.

  • ”Port and VLAN” based: all frames from a particular port with a given 802.1Q tag are mapped to the service.

IP Service Activator supports port-based, and ”port and VLAN”-based TLSs. The mapping to the VPLS instance is configured on the PE device.

Ethernet is a broadcast service and this must be replicated in the VPLS. Therefore, when a frame is received at a PE device for an unknown destination, it is forwarded over all the VC-LSPs in the VPLS. When a response to this frame is received at the PE device, the device first learns which VC-LSP the frames were returned over before forwarding the frame over the correct Ethernet port. Future frames to that destination are then only sent over the learned VC-LSP. This mechanism is called ’flood and prune'.

A port that handles incoming traffic to the VPLS may therefore receive tagged or untagged frames and tagged frames may belong to one or more VLANs. Ingress ports to the TLS may be configured as one of the following, depending on whether tagged or untagged frames are handled:

  • A trunk port receives and transmits tagged frames belonging to one or more VLANs; a trunk port may also be configured to transmit untagged frames by making it part of the native VLAN (typically VLAN 1), but this is not supported by IP Service Activator.

  • An access port receives and transmits untagged frames and frames belonging to a maximum of one VLAN. By default, access ports are considered to be part of the native VLAN (typically VLAN 1) unless they are explicitly assigned to another VLAN.

Planning a TLS

IP Service Activator supports the following TLS types:

  • Port-based: access to the TLS is controlled by incoming port number

  • ”Port and VLAN”-based: access to the TLS is controlled by incoming port number and VLAN ID.

A TLS is represented by a TLS object in the client, and the edge points of the TLS are represented by layer 2 site objects. Each layer 2 site is linked to one or more ports that indicate where IP Service Activator will apply TLS configuration.

Figure 6-2 illustrates how a TLS is represented in the Hierarchy pane.

Figure 6-2 TLS Hierarchy Representation

Description of Figure 6-2 follows
Description of "Figure 6-2 TLS Hierarchy Representation"

IP Service Activator represents a layer 2 port as an interface object in the client. In the descriptions that follow, the term ’interface' is used when referring to TLS setup through the client.

IP Service Activator applies the concept of port and ”port and VLAN”-based entry criteria both to the TLS object and the layer 2 sites that are linked to it:

  • A port-based TLS consists of a number of port-based layer 2 sites

  • A ”port and VLAN”-based TLS consists of a number of ”port and VLAN”-based layer 2 sites

Creating a TLS

To create a TLS:

  1. Discover the network and assign the correct roles to the devices and ports that you want to participate in the TLS.

  2. Create a TLS object. See "Creating a TLS".

  3. Create layer 2 sites that represent the edge points of the TLS and link the relevant ports to the sites. See "Setting Up Layer 2 Sites".

  4. Link the layer 2 sites to the TLS object. See "Linking Sites to a TLS".

When you link layer 2 sites to a TLS and if the service type is VPLS Service, IP Service Activator configures a full mesh of LSPs between peer PE devices.

Port-based TLS

In a port-based TLS, forwarding of frames across the TLS is based on incoming port number, as illustrated in Figure 6-3.

Figure 6-3 Forwarding of Frames Across the TLS

Description of Figure 6-3 follows
Description of "Figure 6-3 Forwarding of Frames Across the TLS"

Incoming frames may be tagged frames or untagged frames.

In a port-based TLS, VLAN configuration and management are performed by the service provider and/or its customer. IP Service Activator simply configures the specified ports at the edge of the TLS to be either Ethernet access ports or 802.1Q trunk ports, depending on whether untagged or tagged frames are transmitted across the TLS.

Note:

You cannot perform tagging of incoming frames at a port-based site.

You specify whether the TLS accepts tagged or untagged frames when creating the TLS object.

To create a port-based VPLS service:

  1. In the TLS Type list, select VPLS Service.

  2. Select the Port based (Untagged) option.

Note:

Multiple Transparent LAN Service technologies exist, such as MPLS-enabled VPLS and Ethernet switching-based VLANs. Only VPLS is implemented in the current IP Service Activator version.

The edge points for the TLS are defined by port-based layer 2 sites. Each site may contain a single port. A port-based site may be linked to one port-based TLS.

You specify on which ports incoming frames for the TLS will be received by linking the Access interface on the appropriate Gateway (PE) device to a layer 2 site. An interface can be linked to one port-based layer 2 site.

Port and VLAN-based TLS

In a ”port and VLAN”-based TLS, frame forwarding is based on incoming port number and the ID of the VLAN to which the frame belongs, as illustrated in Figure 6-4.

Figure 6-4 VPLS Service with Two Ports

Description of Figure 6-4 follows
Description of "Figure 6-4 VPLS Service with Two Ports"

Incoming frames may have been tagged before reaching the entry point to the TLS.

You may also choose not to specify a VLAN ID in the layer 2 site definition. If no VLAN ID is specified for a layer 2 site, the VLAN ID specified for the TLS is inherited to the site.

A layer 2 site that has no VLAN specified in its definition may be linked to a ”port and VLAN”-based TLS object. The site inherits the VLAN ID specified for the corresponding TLS. Frames are transmitted across the correct TLS/VC LSP, as illustrated by Figure 6-5.

Figure 6-5 Inheritance of VLAN ID from TLS

Description of Figure 6-5 follows
Description of "Figure 6-5 Inheritance of VLAN ID from TLS"

At minimum, a layer 2 site may contain a single port – represented by an Access interface on a Gateway (PE) device in the user interface. IP Service Activator configures the port as:

  • An access port if the site receives untagged frames

  • A trunk port if the site receives tagged frames

Manual Preconfiguration of a TLS

Some manual preconfiguration is required before setting up a TLS. For detailed information on manual preconfiguration, refer to the documentation for your devices.

Perform the following pre-configuration tasks on your PE and P devices:

  • Enable and start MPLS and LDP

  • Configure the IGP routing protocol

Setting Up a TLS

You create a TLS in IP Service Activator by creating a TLS object and associating layer 2 sites with the object. The sites that you link to a TLS mark the edge-points of the VLANs that are to be interconnected.

For information on planning a TLS, see "Planning a TLS".

Creating a TLS

When creating a TLS object, you define broad characteristics of the TLS:

  • For a port-based TLS, whether the TLS accepts untagged or tagged frames.

    IP Service Activator does not create VLANs or assign VLANs to any ports. It simply configures all ports in the TLS consistently as Trunk or Access ports.

  • For a ”port and VLAN”-based TLS, specify the VLAN ID that could be inherited by the layer 2 sites.

To create a TLS:

  1. On the Service tab, open the relevant customer folder, select the TLS folder and right-click to select Add Transparent LAN Service from the context menu.

    The Transparent LAN Service dialog box opens.

  2. On the TLS Service page, specify the following parameters:

    • Name: specify a name for the TLS. The name may contain alphanumeric characters only, and may not include spaces or hyphens.

    • Remarks: add any additional remarks (optional).

    • Level: a level number from 0 to 7 for the TLS. This parameter is only used if a site is a member of more than one TLS and you are setting up QoS or access control on the TLS:

      • Rules are installed from all TLSs. Rules are installed in TLS level order, where rules from the TLS with the lowest level number are installed first and therefore evaluated first.

      • For PHB groups, up to a maximum of one PHB group is installed from the TLS with the lowest level number.

      If two or more TLSs have the same priority level, a conflict is reported. By default the level is set to 4.

    • Service type: specify the criteria on which access to the TLS is based:

      • TLS Type: select VPLS Service

      • Port based: forward traffic across the TLS according to incoming port number.

      • Port & VLAN based, with VLANs: forward traffic across the TLS according to incoming port number and the specified VLAN ID.

    • VPLS VC ID: VPLS VC ID creation either auto generated or manually.

      • Automatic: Leave the check box selected for auto generation of the VC ID or deselect to specify the VC ID manually in the adjacent text box.

      This check box is available only when VPLS Service is selected for the TLS Type.

    • If the Service type is Port based, specify the Local network port configuration:

      • Accept tagged frames: transport only pre tagged frames on the TLS (trunk port).

      • Accept untagged frames: transport only untagged frames on the TLS (access port).

  3. If you wish to restrict access to the TLS object, select the Ownership property page and specify the details. For information on setting ownership options, see IP Service Activator User's Guide.

Setting Up Layer 2 Sites

A layer 2 site defines an access point to a TLS:

  • A port-based site may have a single port associated with it and be linked to a single port-based TLS. For more information, see "Port-based TLS".

  • A port- and VLAN-based site may have multiple ports on the PE associated with it. For more information, see "Port and VLAN-based TLS".

To set up a layer 2 site:

  1. On the Service tab, right-click the Sites folder under the relevant customers folder and select Add Layer2 Site from the context menu.

    The Layer2 Site dialog box opens.

  2. On the Site page, specify an identifying Name for the site, and any additional comments.

  3. (Optional) Set up account and contact information, if required.

  4. On the Transparent LAN Service page, select the Service type:

    • TLS Site Type: select VPLS Service

    • Port based: create a port-based TLS on the port.

    • Port & VLAN Tagged: create a port- and VLAN-based TLS on the port.

  5. If the Service type is Port & VLAN Tagged, use the Local network port configuration frame to specify how the port handles incoming frames by doing the following:

    • Accept tagged frames with VLAN IDs: accept frames tagged with the specified VLAN ID (trunk port configuration).

    If no VLAN ID is specified for the site, IP Service Activator uses the VLAN ID specified for the TLS.

    Incoming frames belonging to VLANs that are not in the specified range are dropped.

Note:

VLAN ID 1 is reserved for the default VLAN (that all unconfigured ports belong to by default). Any traffic tagged with VLAN 1 can be transported to another port in VLAN 1 only.

Associating a Physical Component with a Layer 2 Site

Every layer 2 site must have, at minimum, the port on the relevant PE device linked to it.

For more information, see "Planning a TLS".

To link a PE access interface to a layer 2 site:

  1. Drag and drop the appropriate access interface on the PE (gateway) device on to the site.

Linking Sites to a TLS

You define the access points to the TLS by linking the appropriate customer sites to the TLS object:

  • A ”port-based” site may be linked to a port-based TLS.

  • A ”port and VLAN”-based site may be linked to a port and VLAN-based TLS.

To link a site to a TLS:

  1. Drag and drop the layer 2 site object onto the TLS to create a link.

Implementing a TLS

After the site and TLS details are set up, the entire configuration can be applied by committing the transaction.

When you commit the transaction, any concrete TLSs that will be created are listed in the Concretes page of the Transaction dialog box.

Any validation errors are reported in the Transaction dialog box and the Current Faults pane.

If you wish to cancel the transaction after reviewing the concrete TLSs that will be created and the faults generated by the transaction, click Cancel.

If you wish to proceed with the transaction, click OK. Configuration details are sent to the proxy agent/Network Processor and on to the appropriate device driver/cartridge. For more information about committing a transaction, see IP Service Activator User's Guide.

Viewing Implemented TLSs

You can view a list of the TLSs that have been propagated to the network and installed on an interface.

By viewing concrete TLS details for a TLS object, you can view the points in the network at which TLS or VLAN configuration has been applied, as illustrated in Figure 6-6.

Figure 6-6 Concrete TLS Details

Description of Figure 6-6 follows
Description of "Figure 6-6 Concrete TLS Details"

To view implemented TLS details:

  1. Double-click on the relevant object from the hierarchy tree or the topology map:

    You can view concrete TLSs for:

    • A port on a PE device represents the application of a TLS service to a specific port

    • A TLS represents the points in the network at which TLS configuration has been applied

  2. In the Details pane, select the VPNs tab to view details of the TLS configuration that applies to the port on PE devices.