Virtual Private LAN Service (VPLS) ( Part2)

PBB-VPLS

Introduction

VPLS connects multiple geographically separated customer sites by emulating a bridge domain. All customer sites connected to the same VPLS instance appear to be in the same LAN segment. However, VPLS requires all PE routers be fully meshed with pseudowires. Hierarchical VPLS is often implemented in service provider network to improve scalability as it removes the requirement of pseudowire full mesh for PE routers, thereby, reducing the number of Label Switched Paths (LSPs) and pseudowires (PWs) each PE router must maintain.

However, PE routers in VPLS and H-VPLS make traffic forwarding decision based on Customer MAC (C-MAC) addresses. This causes a serious concern of MAC explosion in PE routers due to a large number of customers connected to the service provider networks. To solve this problem, PBB is integrated into VPLS solution.

In PBB, end-to-end solution is built around two components: the backbone component (B-Component) operating in the backbone domain (B-domain), and the customer component (I-Component) operating in the customer addressing space. For PBB-VPLS, the I-Component is represented by the customer-facing VPLS instance (I-VPLS). An I-VPLS service instance still performs learning and forwarding based on C-MAC addresses, just like regular VPLS instances. An I-VPLS can also send traffic to associated B-VPLS (Backbone VPLS instance) across the B-domain, if necessary. When the I-VPLS service instance sends traffic to B-VPLS service instance, the customer MAC addressing is encapsulated by another pair of MAC addresses - the backbone source and destination MAC (B-MAC) addresses. Traffic in the B-domain uses B-MAC addresses for forwarding decisions. The C-MAC addresses are hidden from the B-VPLS service instances.

In a hub-spoke H-VPLS solution, the PE router facing the customer in the edge is u-PE, and the aggregating PE router facing the network at the core is n-PE. Several u-PEs are connected to a single n-PE by spoke-PWs. The n-PEs are connected to other n-PEs in full mesh using hub-PWs. The n-PE aggregates and facilitates the forwarding of traffic between u-PEs, and between u-PEs and other n-PEs. H-VPLS reduces the number of PWs, LSPs and targeted-LDPs (T-LDPs) required in the network but it does not reduce the number of C-MACs a PE router needs to learn- traffic forwarding in H-VPLS is still based on C-MAC address learning. Since the n-PE is based deep in the service provider network, it needs to learn more MAC addresses than the u-PE. This problem is called MAC explosion.

In PBB, the Backbone Edge Bridge (BEB) adds another Ethernet encapsulation to customer Ethernet frames, called backbone header. The backbone header contains B-MAC addresses which are meaningful to BEBs and Backbone Core Bridges (BCBs) in the PBB network (PBBN). The bridges in the PBBN use B-MAC addresses to make forwarding decisions. The backbone VLAN ID (B-VLAN ID) is used to define backbone broadcast domain. The BEB also adds a 4-byte I-TAG in front of the customer MAC addressing. It contains an Interface Service Instance Indicator I-SID (24 bits) which allows each BEB to support multiple backbone service instances. Figure 1 shows PBB frame format.

Thus, the C-MAC addresses are learned only by customer-facing ports of the BEB. The BEB maps C-MAC to appropriate Destination B-MAC and then forwards the frame to PBBN core. The nodes in PBBN are aware of Destination B-MAC address and perform learning and forwarding based on this address only. The PBBN runs Spanning Tree Protocol (STP) in the core to prevent loops.

The BEB has 2 components-

• B-Component: It faces the PBB Backbone. The B-Component learns and forwards the PBB-encapsulated frames to other BEBs.
• I-Component: It faces the 802.1ad (Q-in-Q) network (or customer network). The I-Component adds the PBB header to the incoming customer traffic and maintains the mapping of C-MAC addresses and C-VLAN IDs to the B-MAC addresses and B-VLAN IDs.

PBB-VPLS Architecture

PBB provides exactly what is required to solve the MAC explosion issue in VPLS - by adding a pair of source/destination B-MAC addresses to every Ethernet frame. The backbone switches make forwarding decisions based on these B-MAC addresses and hence only need to be aware of these B-MAC addresses, and not C-MAC addresses. When PBB is integrated into VPLS, the end-to-end solution is divided into 2 parts: the backbone domain (B-domain) and one or multiple edge domains (I-domains).

NOTE: Please note that this article is based on MPLS in the access i.e. I-domain. However, the draft http://tools.ietf.org/html/draft-sajassi-l2vpn-vpls-pbb-interop-04 also discusses PBBN access. With MPLS access, the PBB functionality is embedded either in u-PE or n-PE. The u-PEs connect to n-PE using spoke-PWs, while n-PEs connect to other n-PEs using hub-PWs.

In figure 2, the B-domain contains PE routers that are responsible for forwarding PBB-encapsulated customer traffic using B-MAC addresses across the backbone. These routers now have a new type of VPLS called Backbone VPLS (B-VPLS) configured instead of regular VPLS. The I-domain contains PE routers that participate in customer-facing VPLS (I-VPLS or Interface VPLS) and perform learning and forwarding based on C-MAC addresses. The PE routers draw the boundary between B-domain and I-domain, which contains both B-VPLS and I-VPLS. The B-VPLS is configured and connected by pseudowires to other PE routers in the B-domain. I-VPLS is configured and connected to other PE routers in the I-domain that are running regular VPLS.

The I-VPLS and B-VPLS communicate with each other in an IB-PE router using an internal link. When the I-VPLS receives regular VPLS traffic from the I-domain, it performs PBB encapsulation and forwards the traffic to the B-VPLS towards the B-domain. When the B-VPLS receives PBB-encapsulated traffic from the B-domain, it forwards the traffic to correct I-VPLS. The I-VPLS then performs PBB decapsulation and forwards the traffic to correct destination based on customer information. Each I-VPLS can have its own B-VPLS connected to the B-domain (1:1 mode), or multiple I-VPLS instances can share a common B-VPLS instance (N:1 mode).

I-VPLS

The I-VPLS instance in an IB-PE router is responsible for connecting the regular VPLS from the I-domain to B-VPLS in B-domain. The I-VPLS is also a Virtual Bridge that has bridge ports and forwarding database. The I-VPLS has 3 types of bridge ports:

• An internal link to the associated B-VPLS. The internal link is created when the association between I-VPLS and B-VPLS is manually configured in the I-VPLS in IB-PE router. The I-VPLS performs PBB encapsulation of the traffic when sent over the internal link to B-VPLS, and perform PBB decapsulation when receives traffic from B-VPLS over the internal link.
• The spoke PW(s) connected to the regular VPLS in the I-domain. This spoke PW sends and receives VPLS encapsulated traffic with regular VPLS PE routers in the I-domain.
• The interface facing the local customer site. The I-VPLS can have interfaces with attachment circuits to local customer sites.

One B-VPLS instance can be associated with multiple I-VPLS instances. By incorporating PBB function, the IB-PE router maps each service (for a given customer) onto a single I-SID based on the configuration at IB-PE router. Many I-SIDs can be multiplexed within a single bridge domain (e.g. B-VLAN). Then, the IB-PE can either map a single I-SID into a B-VPLS instance, or it can map a bridge domain (B-VLAN) onto a B-VPLS instance, as per configuration. Next, the encapsulated frames are sent over the hub-PWs associated with that B-VPLS instance.

When B-VPLS receives the PBB-encapsulated traffic from remote B-VPLS PE routers, the B-VPLS uses the I-SID to identify to which I-VPLS instance the traffic belongs. I-SID is the I-VPLS service de-multiplexer. Each I-VPLS instance has its own I-SID. I-SID value is configurable.

B-VPLS

The B-VPLS instance in an IB-PE router is responsible for connecting other member PE routers in the backbone network. The B-VPLS service performs learning and forwarding based on B-MAC addresses, and it is not aware of C-MAC addresses. The B-VPLS is also a Virtual Bridge that has bridge ports and forwarding database. The B-VPLS has 3 types of bridge ports:

• An internal link to the associated I-VPLS. B-VPLS sends and receives traffic from I-VPLS over the internal link. One B-VPLS may be associated with more than one I-VPLS instances. The B-VPLS uses the I-SID in the PBB header to identify traffic belonging to different I-VPLSs.
• The hub PW(s) connected to other PE routers in the backbone network. These PWs are used to send and receive PBB-encapsulated VPLS traffic.
• The B-VPLS can have interface(s) connecting to other PBB (IEEE 802.1ah) networks.

Each B-VPLS service instance in a PE router is explicitly configured with a B-MAC address. This B-MAC address unique identifies the B-VPLS service instance in the PE router. All I-VPLS service instances locally associated with a particular B-VPLS, use this MAC address as source B-MAC address when performing PBB encapsulation. When the B-VPLS service instance receives traffic from other B-VPLS PE routers, it learns the source B-MAC address and adds to its forwarding database.

PBB-VPLS Encapsulation

As mentioned above, the I-VPLS performs PBB encapsulation on traffic arriving on spoke PWs. The PBB header has 3 pieces of information:

• I-SID: The I-SID is the I-VPLS service identifier for the remote B-VPLS to identify which I-VPLS service instance associated with it, should receive the traffic. All I-VPLS instances belonging to the same service must use the same I-SID value and must be associated with same B-VPLS instance.
• Source B-MAC address: Each B-VPLS instance has its own globally unique B-MAC address defined manually. The I-VPLS uses the B-MAC defined in the B-VPLS instance, with which it is associated, as the source B-MAC address in the PBB header.
• Destination B-MAC address: The destination B-MAC address is learned by receiving PBB-encapsulated traffic from other B-VPLS PE routers.

Every time an I-VPLS receives traffic from an I-domain destined for a remote I-domain, it checks its PBB forwarding database to find the correct destination B-MAC address for PBB encapsulation. In case of no match, the I-VPLS uses the group B-MAC address of 01:1E:83:pq:rs:tu. The pq:rs:tu part is achieved from the I-SID (24 bits). Once the B-MAC addresses are acquired, the I-VPLS performs PBB encapsulation before sending the traffic to B-VPLS over the internal link. The PBB encapsulation is as follows:

1. Insert B-MAC addresses. The destination B-MAC address is found in the PBB forwarding database of the I-VPLS instance.
2. Insert the I-TAG which contains the I-SID. The I-SID is used at remote PE router to determine to which I-VPLS the traffic belongs.
3. Insert the B-TAG which contains the B-VLAN ID for the backbone network.

When the remote PE router receives PBB-VPLS encapsulated traffic from B-VPLS of another PE router in the B-domain, it removes the VPLS header and checks the destination B-MAC of the frame. If the destination B-MAC address matches, the traffic is meant to be forwarded to local I-VPLS instance. Otherwise the traffic is dropped. Then, it performs I-SID lookup to identify to which I-VPLS the traffic belongs. The I-VPLS decapsulates the PBB frame and forwards/floods to appropriate destination address.

Flooding in PBB-VPLS

The two modes of I-VPLS to B-VPLS mapping are 1:1 and N:1, as discussed above. In 1:1 mode, each I-VPLS representing a service connects to its own B-VPLS, and that B-VPLS only connects to other IB-PE routers that have that I-VPLS instance configured on them. In N:1 mode, multiple I-VPLS instances share a common B-VPLS instance created in the B-domain, and all IB-PE routers participate in that B-VPLS instance. The I-VPLS instances on different IB-PE routers are different but share the same B-VPLS instance. The IB-PE router receiving traffic from that B-VPLS instance identifies the correct I-VPLS from the I-SID value, and forwards the traffic to that I-VPLS.

In figure 4, multiple I-VPLS instances share a common B-VPLS instance. One issue with N:1 mode is that different I-VPLSs sharing a common B-VPLS may require different network overlays. For example, in figure 4, I-VPLS 100 connects only to IB-PE1 and IB-PE3, while I-VPLS 200 connects IB-PE1 and IB-PE2. Now, if I-VPLS 100 on IB-PE1 router receives broadcast/unknown/multicast (BUM) traffic, it is propagated to all IB-PE routers connecting to that B-VPLS, regardless of I-VPLSs on them. Other IB-PE routers discard this traffic because there is no corresponding I-VPLS locally bound to the B-VPLS. This causes unnecessary bandwidth waste.

In order to solve this issue, a mechanism is required to track the membership of IB-PE routers in each I-VPLS instances. When a I-VPLS sends BUM traffic, only selected IB-PE routers receives that traffic which have that I-VPLS instance locally bound to the B-VPLS. The Multiple Registration Protocol (IEEE 802.1ak) can be used to optimize this behavior.

Summary

The PBB-VPLS solution solves the problem of MAC explosion that can be caused by learning a large number of C-MAC addresses. It incorporates PBB functionality into PE routers of H-VPLS solution. The IB-PE router divides the network into I-domain and B-domain. The VPLS in the I-domain learns C-MAC addresses and maps them to B-MAC addresses. The VPLS in the B-domain uses B-MAC addresses to perform learning and forwarding. 

(source: https://sites.google.com/site/amitsciscozone/home/vpls/pbb-vpls)