D2s 2.intelligent Bridging PDF

7302-7360 ISAM
R4.6 High Cap. NT/5520 AMS - L2 & PPPoX

forwarding
Student Guide
TAC42051_V1.1-SG Edition 2.0
COPYRIGHT ALCATEL-LUCENT @@YEAR. ALL RIGHTS RESERVED.
Passing on and copying of this document, use and communication of its

contents not permitted without written authorization from Alcatel-Lucent
Copyright 2013 Alcatel-Lucent. All Rights Reserved.
Course outline
to 7302-7360 ISAM
1. Welcome
Technologies
1.
L2 High
Technology
R4.6
Cap. NT/5520 AMS - L2 & PPPoX forwarding
2. Layers Intro
2. 1.
NETechnologies
Operation
1. ISAM 1.asL2aTechnology
L2/iBridge
2. Layers Intro
2. IHUB L2 Forwarding
2. NE Operation
3. Intelligent
Brigding IACM
1. ISAM as a L2/iBridge
4. Enhanced
2. IHUBIntelligent
L2 ForwardingBridging
5. VMAC3. Intelligent Brigding IACM
4. Enhanced
Intelligent
Bridging
6. PPPoX
Handling
in ISAM
7. ISAM 5.asVMAC
a L2-CC
6. PPPoX Handling in ISAM
8. Cross Connect IACM
7. ISAM as a L2-CC
3. Maintenace
8. Cross Connect IACM
1.
IHUB
Mirroring
3. Maintenace
1. IHUB Mirroring
3
@@PRODUCT
@@COURSENAME
COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.
Course objectives
Upon
completion
of this course, you should be able to:
7302-7360
ISAM
R4.6 High
Cap.
- L2 & PPPoX
forwarding
Explain
Ethernet
as NT/5520
a technologyAMS
and elements
of ethernet
frames
Understand VLANs (virtual local area network) and how they are supported by the
Ethernet.
Upon completion of this course, you should be able to:
Explain different ways to establish IP connectivity to access the Internet,
Give an overview of the different forwarding modes that are available,
Describe
Explain Ethernet
and Configure
as a technology
a L2 service
and elements
onto theofISAM
ethernet
& interconnect
frames
of end users to the
respective
L2
service
for
Residential
Bridge
and
the
different,Cross
Connect
modes
Understand VLANs (virtual local area network) and how they are supported
by the Ethernet.
Associate an RB or XC VLAN to a bridge port,
Explain and
different
ways
to establish
IP connectivity
to access the Internet,
Explain
enable
virtual
MAC addresses
implementation,
Describe
Give an overview
Enhanced
of the
Intelligent
differentBridging
forwarding
and
modes
explain
thathow
are available,
it differs from plain Layer 2
forwarding,
Describe and Configure a L2 service onto the ISAM & interconnect of end users to the respective L2
Retrieve
Enhanced
Intelligent
data from Connect
the ISAM,
service for
Residential
Bridge andBridging
the different,Cross
modes
Configure Enhanced Intelligent Bridging on the ISAM with AMS and CLI,
Associatethe
an RB
or XC VLAN
to afor
bridge
Describe
different
models
PPPport,
handling in the ISAM,
Describe
and
configure
mirroring
Explain and enable virtual MAC addresses implementation,
Describe Enhanced Intelligent Bridging and explain how it differs from plain Layer 2 forwarding,
Retrieve Enhanced Intelligent Bridging data from the ISAM,
Configure Enhanced Intelligent Bridging on the ISAM with AMS and CLI,
Describe the different models for PPP handling in the ISAM,
4
Describe and configure mirroring
@@PRODUCT
@@COURSENAME
Your feedback is appreciated!

Please feel free to Email your comments to:
training.feedback@alcatel-lucent.com
Please include the following training reference in your email:
Thank you!
Learning experience powered by

Alcatel-Lucent University
Section 2
NE Operation
Module 1
ISAM as a L2/iBridge
TAC42050-HO03 Edition I2.0
7302-7360 ISAM
R4.6 High Cap. NT/5520 AMS - L2 & PPPoX forwarding
211
NE Operation ISAM as a L2/iBridge
7302-7360 ISAM R4.6 High Cap. NT/5520 AMS - L2 & PPPoX forwarding

Module objectives
After attending this session, you will be able to:
Describe the forwarding mode intelligent Bridging (Residential
Bridge VLAN)
213

Table of Contents
1 Introduction
2 Intro
Standard Bridging
1 Introduction
1.1 General Overview
3 Intelligent
Bridging
1.2 Intelligent Bridging overview
4 Intelligent
Bridging
2 Intro Standard
Bridging types
2.1 Standard bridging concept
5 Intelligent
Bridging
2.2 Security/scalability
issue(MPLS)
with standard bridging
2.3 Standard bridging: Issues
3 Intelligent Bridging
3.1 The intelligent bridging model
3.2 Intelligent Bridging: shared VLAN per protocol
3.3 Intelligent Bridging: Shared VLAN service
3.4 Intelligent Bridging: VLAN association
3.5 Intelligent bridging: network issues
3.6 Broadcast messages & flooding US
3.7 Broadcast messages & flooding DS
3.8 Secure MAC address learning
3.9 Duplicate MAC-address learning
3.10 Intelligent Bridging, things to consider
3.11 Intelligent Bridge: Summary
4 Intelligent Bridging types
4.1 I-Brigde Modes
4.2 Summary: Intelligent Bridge mode
5 Intelligent Bridging (MPLS)
5.1 Unified forwarding model for Access + Aggregation
215
ALL RIGHTS RESERVED.
5.2 MPLS
Applications - Virtual PrivateCOPYRIGHT
LAN ALCATEL-LUCENT
Service2013.
(VPLS)
NE Operation

Page
7
8
9
10
11
12
13
14
15
18
19
20
21
22
23
24
25
26
28
29
30
31
32
33
34
7
10
14
29
32
1 Introduction
217

1 Introduction
1.1 General Overview

7302 ISAM
Network
side
Anything
Eth - VLAN
L2
Anything
Eth (VLAN)
ATM/AAL
Phys layer
Anything
Eth (VLAN)
Phys layer
User
side
Eth-VLAN
Anything
Eth (VLAN)
GEM
Phys layer
layer 2 forwarding
CPE
Ethernet layer must be present at both sides

encapsulation at CPE must include Ethernet
Decision
Forwarding mode
Forwarding models
capable of handling
PPP traffic
L2
Intelligent Bridge (IB)

VLAN Cross-Connect (CC)
Enhanced iBridge
Forwarding models
capable of handling
DHCP traffic
218
In case the 7302 ISAM performs L2 forwarding, it means that the internal forwarding is
basically done on layer 2 information. The layer 2 is Ethernet, including the concept of
VLANs.
In both layer 2 forwarding models (intelligent bridge as well as cross-connect), the ISAM
can accept tagged frames coming from a user. The operator can configure exactly which
tag is to be expected on the bridge port and frames carrying another tag will be discarded
(filter).
In case of VLAN translation, the user sends tags that are recognized, but only have a local
meaning and will immediately be translated into a network vlan.
In case of cross-connect, it is possible to have C-VLAN transparency (where only the SVLAN is configured in the ISAM). In that case, the user can send any C-VLAN. The ISAM
will not filter based on C-VLAN. See section on cross-connect.

1 Introduction
1.2 Intelligent Bridging overview

Shared VLAN
Content Network
VLAN per service
Aggregation Network
Internet
Access
Network
Video
VLAN
IP backbone
Network
Call
server
HSI
VLAN
73xx
Home Network
Switch
BTV
VLAN
Video
server
New
services
VoIP VLAN
IP Router
Ethernet switch
219
Most customers require a VLAN per service between ISAM and EMAN, which is
Intelligent Bridging per service in ISAM.

2 Intro Standard Bridging
2 1 10

2.1 Standard bridging concept
MAC bridges can interconnect all kinds of LANs together

no guaranteed delivery of frames
a bridge learns MAC addresses
flooding occurs when destination MAC address is broadcast, multicast
or unknown
if you do not know, send it to everybody,
except on the interface where the frame was received
if the destination MAC address has been learned, the frame is

forwarded to the indicated interface
2 1 11

2.2 Security/scalability issue with standard bridging

broadcast frames (ARP, PPPoE-PADI) are forwarded to
all users & flooding to all ports
MAC-address of a user is exposed to other users
broadcast storms
BC or unknown MAC DA
Ethernet
BR
BRAS
CPE
DSLAM
CPE

CPE
DSLAM
2 1 12
The issue on the slide occurs with standard Ethernet bridges. Operators using VPLS in the EMAN will not have this issue!

2.3 Standard bridging: Issues

Broadcast storms
Security
broadcast frames are forwarded to all users
Customers identified by MAC-address (not guaranteed unique)

Restrictions on services and revenues:
IP edge device has no info on the access line
so not possible to limit the # of sessions per access line
user-to-user communication possible without passing the BRAS
NOT FIT FOR USE IN PUBLIC NETWORKS
2 1 13
Scalability:
Broadcast
storms
Broadcast frames are flooded over the entire aggregation network . This
generates an important amount of traffic, that can result in service degradation or
denial of service.
Bridges have to learn MAC-addresses of all devices connected to the network
Security
Broadcast
frames (ARP, PPPoE - PADI, ) are forwarded to all users
MAC-address of a user is exposed to other users
Customer segregation
Customers
are identified by MAC-address, and MAC-addresses are not guaranteed unique
Undesirable & unstable behavior: user B gets traffic destined to user A and vice
versa.
PADI = PPPoE Active Discovery Initiation packet (which is broadcasted). This is the first
message in the initialization phase to establish a PPPoE session.

2 1 14

3.1 The intelligent bridging model

special layer 2 behavior needed in an access environment
IB with VLAN tagging
Intelligent Bridge (IB) means

distinction between network ports and user ports
frames from a user always sent towards the network
no user to user communication
prevent broadcast traffic from escalating

avoid broadcast or flooding to all users
secure MAC-address learning within a VLAN

avoid MAC-address duplication over multiple ports
protocol filtering
may lead to a frame being forwarded, sent to a host processor, discarded or
forwarded & sent to a host processor
2 1 15
In a standard bridge all ports are treated equally. The special thing about Intelligent Bridging is that it makes
a distinction between network ports and user ports.
With Intelligent Bridging, frames received from a user will always be sent towards the network and never to
another user. All traffic received from a user interface is forwarded only on the uplink, and never to other
users. This protects a user's MAC-address from being exposed to other users; and also ensures that user's
traffic is passing through the IP edge point where it can be charged for.
Unicast
frames: user-to-user communication is not permitted.
Broadcast
and multicast frames from a user are only forwarded to the interface towards the network and
not to all other users.

A second difference with standard bridging is the prevention of broadcast storms:
In a standard bridge, a broadcast frame will be sent to all ports in a particular VLAN. In case of an Intelligent
Bridging, this is not done.
Depending on the type of broadcast frame (depending on the protocol above Ethernet e.g. DHCP) the
treatment will be different. Each protocol will deal with the restriction of Intelligent Bridging in a different
way. In all cases a broadcast to all users is avoided. For example, broadcast as a consequence of flooding
(when the MAC DA is unknown) or in case of multicast.
Another difference with standard bridging is the way MAC addresses are learned: protection is built in to avoid
the use of the use of the same MAC address over multiple ports, within one VLAN.
With intelligent bridging only the following types of frames are accepted from the user ports: IP, ARP, PPPoE,
IGMP and EAPOL (used for 802.1x). Other frames will be discarded, including multicast data frames coming
from user ports.

3.1 The intelligent bridging model [cont.]

multiple users connected to 1 VLAN ID (aggregation of multiple subscribers
within a service/provider VLAN)
why VLAN translation (customer vlan to network vlan)

wholesale per service
Drivers: VDSL and Eth offer more BW, so it makes sense to wholesale this in
pieces rather than the complete DSL line as a whole
Consequences: Model with VLANs on DSL line; behaviour equivalent to multi-VC
model on ATM/ADSL
VLAN per service and per provider in the aggregation network

Service provider is free to choose CPE configuration, but VLANs in aggregation
network are under control of ILEC
ultimately 1 subscriber (1 line) may have to support 2 HSIA services or 2

video services from different service providers
2 1 16
Intelligent bridging allows multiple users to share a single VLAN.

There are many operators who base their network architecture on one PVC per service when
connecting ADSL subscribers. Once those operators start deploying VDSL, they are
immediately confronted with the issue, that their is no similar approach for EFM interfaces.
Thats why VLAN Translation was introduced.
This requirement is driven by the wholesale model. Operators want to use a network
model, whereby; a given user can be subscribed to a different service provider for each
service. Therefore, they want to have separate "circuits" per service all the way to the CPE.
They are looking at a model of VLAN/service on the DSL line, and VLAN/service/ISP in the
aggregation network.

3.1 The intelligent bridging model [cont.]

IB-VLAN has:
1 or more user logical ports, subtending ports or user Ethernet ports
1 or more network ports
Internet
Internet
ISP
ISP1
IP
Login to ISP
or corporate
BRAS
E-MAN
Network
ISP2
E-MAN
Network
Corporate
Routing to the
correct ISP is done
based on user-id
and password in
the BRAS
Routing to the
correct ISP is
based on the
VLAN-id
2 1 17
In case of Intelligent bridging multiple users are connected to the same VLAN, or in other
words we have aggregation at the DSLAM level within a VLAN.
In the figure at the left, we see multiple VLAN bridges supported in 1 DSLAM, which connect
to different Service Providers (SP) (wholesale). Each SP is connected to the DSLAM with a
specific VLAN-ID. The user ports are connected to the VLAN of their corresponding SP.
Multiple user ports can be associated to a single VLAN-ID.
Users 2 and 5 are connected to the ISP1 VLAN.
Users 1, 3 & 4 are connected to the ISP2 VLAN.
The MAC address lookup is performed in the forwarding table of the respective VLAN. With
the principle that we have 1 VLAN ID per {IP-edge-DSLAM} pair means that in each Ethernet
switch the SP has its own forwarding table.
In the figure at the right we see that the routing to the correct SP is based on user-id and
password and that all the users are connected with the same VLAN-ID to the BRAS.

3.2 Intelligent Bridging: shared VLAN per protocol

Setup with singe PVC modem setup
Only relevant in architecture with BRAS support
DHCP
Server
VLAN per service

(IPoE/PPPoe)-protocol
BTV distinction
PVC per
user/EFM
IPoE
PPPoE
xxx 73xx ISAM
IPoE
IPoE
HSI PPPoE
HSI PPPoE
BTV
Switch
BTV
L2 service
Router
BRAS
IPoE
PPPoE
xxx
= PVID
2 1 18
Frames received from end users are untagged:

User port can be mapped to multiple VID using port-Protocol based association
or PVID

3.3 Intelligent Bridging: Shared VLAN service

Setup with multiple PVC modem model
VLAN per service

BTV distinction
DHCP
Server
n PVC/VLAN per user
VoIP
VoIP
Video
Video
HSI
HSI
BTV
Router
Switch
BTV
73xx ISAM
2 1 19
L2 service
BRAS
Frames received from end users are tagged:

On logical port define different VIDs and configure frames received from enduser as tagged
Send frames back to the subscriber to be set as Single Tagged

3.4 Intelligent Bridging: VLAN association

VLAN Translation, frames received from end users are tagged:
VLAN/service
VLAN/service/provider
ISAM
Bridge Port
Network VLAN
Subscriber VLAN
VLAN 1 (HSIA)
Bridge 10
VLAN 5 (HSIA)
Bridge 11
VLAN 2 (Video)
Bridge 20
VLAN 10 (HSIA, SP1)

VLAN 11 (HSIA, SP2)
VLAN 20 (VoD, SP1)
VLAN 30 (BTV, SP1)
CPE
MCast
VLAN 6 (Video)
Bridge 21
VLAN 3 (Voice)
Bridge 40

VLAN 21 (VoD, SP2)
VLAN 40 (Voice, SP3)
VLAN per service & per provider
VLAN per service & per provider
2 1 20
VLAN 31 (BTV, SP2)
There are many operators who base their network architecture on one PVC per service
when connecting ADSL subscribers. Once those operators start deploying VDSL, they
need to use the VLAN as a "PVC emulation".
The ISAM support the ability to emulate a multi-PVC configuration on an EFM interface
using the VLAN as a "PVC emulation", i.e. it is possible to associate a set of VLAN Ids at
the subscriber interface with a set of forwarding engines being chosen from the
following list:
VLAN-CC (Transparent or Protocol aware): In this case, the C-VLAN received at the
user side is either forwarded as a C-VLAN CC or encapsulated into an S-VLAN (VLAN
stacking).
i-Bridge: In this case, the VLAN received at the user side will be bridged into an ibridge identified by the same VLAN Id.
IP Routing
Additionally, in case of VLAN-CC or i-Bridge, we support VLAN translation to make
wholesaling possible without impacting the CPE configuration. Starting from a set of
pre-defined C-VLAN tags at the CPE side (i.e. the same for all CPEs), it is possible to
retag the received packet with a new C-VLAN (VLAN-CC or i-bridge) or a stacked VLAN
(VLAN-CC), so that the traffic can be passed to the VLAN associated with the
combination of service provider and service.
3.5 Intelligent bridging: network issues
BR
VLAN1
CPE
ISAM
IP edge
Ethernet

Problem:
If user A can obtain the MAC@ of
User C, since the Ethernet switch
learns all Mac @ , user to user
communication is possible
2 1 21
ISAM
CPE
On the previous slides, we learned how user-to-user communication is avoided inside the
ISAM. But, it is also important to mention that a VLAN must be unique between an [IP-edgeISAM] pair in the Ethernet network to support the Intelligent Bridging feature. For example,
take the network configuration shown above, where 2 ISAMs with the same VLAN ID are
connected to the IP edge via the EMAN network through a single VLAN. Or in other words a
single VLAN exists between ISAM1, ISAM2, and the IP-edge).
In this case, the Ethernet switch learns all user MAC addresses and if user A can obtain the
MAC address of user C, then user A can send traffic directly to user C without going to the
IP-edge. This is not acceptable: in Intelligent Bridging mode no direct user to user
communication is allowed in the network.
Another issue is that in such a configuration, an ISAM would receive all broadcast / flooded
frames from any ISAM in the VLAN, with potential performance issues as a consequence.

3.6 Broadcast messages & flooding US

upstream BC frames & flooding only forwarded towards network
port(s) within a VLAN
1 VLAN per IP-edge
reduction of flooding in the aggregation network
no user-to-user communication without passing the BRAS
VLAN 1
Ethernet
BRAS
BR
CPE
PC A
VLAN 2
ISAM
CPE
PC B
ISAM
2 1 22
CPE
PC
Blocking user-to-user communication at Layer 2:

The principle is to avoid 2 users connected to the same ISAM communicating with each other
directly at Layer 2. In this case, when user A sends a message with destination MAC-address
B, that message is sent to the uplink, not to user B.
In case of PPP this is not an issue, since all messages coming from the DSL users will have
destination MAC-address equal to the MAC-address of the BRAS
The objective is that all traffic passes through a Layer 3 box. The motivation is twofold:
Security:
If direct user-to-user communication at L2 would be allowed, this would give malicious

users an easy way to find out the MAC address of other users, and then try to take it
over. Note: blocking duplicate MAC-addresses will solve most of it, but if the malicious
user is waiting until the MAC-address has aged, and then tries to take it for himself, he
blocks the other user.
Accounting
for traffic:
If we would allow for user-to-user communication directly in the ISAM, we would also
have to introduce mechanisms to measure and account for the traffic. Not just for
billing purposes (most services will likely not use volume-based billing), but also for
features such as legal intercept. So in other words, this kind of peer-to-peer traffic
would be hidden to the operator. Peer-to-peer traffic operators will probably not like
that.
3.7 Broadcast messages & flooding DS

blocking of broadcast & flooding in the downstream
Avoids messages unintentionally distributed to all users
For some applications forwarding of BC is needed
Solution: Make BC flooding / BC discarding a configurable option per VLAN
Ethernet
BR
CPE
ISAM
BRAS
BC or unknown
MAC DA
CPE
CPE
ISAM
2 1 23
In a normal bridge, when a message is received with a destination MAC-address not yet in
the self-learning table, the message is broadcast to all the other interfaces. Also broadcast
messages are flooded to all interfaces. In an Intelligent bridge you want to avoid
broadcasting downstream, where messages are unintentionally distributed to all users.
Therefore, you need to put mechanisms in place that together with the systems set up in
the upstream, will inhibit BC messages to be sent to all users and avoid the flooding of
messages with unknown MAC DA to all users.
For some applications, it is useful that flooding BC is possible. A solution for these
applications is to make flooding BC/discarding BC a configurable option per VLAN.


configure maximum number MAC-addresses per port
prevents attacks that would fill up the bridging tables
subscription rules: maximum devices connected simultaneously
configure MAC-addresses for discarding

Internet
MacC
ISP
MacB
IP
Port x
BRAS
MacA
bridged
ETH
PADI with source address=MacC
ISAM
port
VLAN
ID
Max
port
Mac@
Mac@
MacA
MacB
Connected
via PPPoE
Discard Mac@
00-08-02-E9-F2-9D
x
2 1 24
There are two motivations to block the number of MAC-addresses per port:
Security: avoid that a malicious user can fill up all the complete bridging table of devices in
the network (DSLAM and others), by sending traffic with different MAC addresses.
Service differentiation: by limiting the number of MAC addresses per port, the operator can
offer different types of service subscriptions to the user, limiting or allowing a certain
number of devices to connect simultaneously to the network. For this application, it is clear
that the limitation should be configurable per port.
Note: In this example the users PCs are connected to the internet via PPPoE. In that case, the BRAS
also has the possibility to limit the number of PPPoE sessions per user-id. Within PPPoE, the unique
PPPoE session-id can be used to provide this additional security. The BRAS can use the PPPoE
session-id for user-identification during the session itself, which is linked to an earlier
username/password given during the PPPoE session set-up. The BRAS knows that a user has been
given so many sessions. If you have maximum sessions on a VP/VC basis, you can also limit the
number of PPPoE sessions per VP/VC. However, in the case of Ethernet Backhaul, the BRAS has no
info on the VP/VC sessions.
Within DHCP, there is no information that identifies the user. In that case, limiting the number of
MAC-addresses learned per port on the DSLAM is a possible solution. But what about a multi-edge
environment? .
If we want the DHCP server itself to limit the number of sessions per user, the DHCP request needs
to provide the information that defines the user ( VP/VC , port ). This is possible by implementing
DHCP-option 82 (shown later).
During the creation of a RB-VLAN, in the Residential Bridge VLAN service template, a list of MAC2013 Alcatel-Lucent. All Rights Reserved.
addresses for discarding trafficCopyright
can be added.
3.9 Duplicate MAC-address learning

port
Mac@
Mac A
Mac A
Mac A
Port x
ETH
Port y
Packet with destination address Mac A
Mac A
Problem:
2 users with same MAC-address,
forwarding engine cant distinguish
Traffic from duplicate MAC-address in separate DSLAM, can be distinguished

as separate flows in the Ethernet switches of the aggregation Network, when
different VLAN id per DSLAM is used
2 1 25
If a user on line x is using a certain MAC-address and a second user on a different line y is
trying to connect with the same MAC-address, a mechanism should be there so that that
MAC-addresses will only appear once in the (filtering db) learning table of that VLAN.
If this would not be done, then the MAC-address would be overwritten in the bridge's
learning table, such that traffic is forwarded either to user A or B in a rather unpredictable
way. So this feature allows to guarantee uniqueness of MAC-addresses in the aggregation
network.
In the 7302 ISAM, specific rules are implemented making sure that the MAC-address will be
learned once. This is called secure MAC-address learning
We are not only resolving the customer segregation issue bu,t we also avoid that a
malicious user (user 1) cannot take over the MAC-address of user 2 (MAC-address antispoofing, blocking duplicate MAC-address).
Note: MAC-addresses are supposed to be unique per VLAN. They are not necessarily unique
for the complete system.

3.10 Intelligent Bridging, things to consider

Security Services!
IP edge has no info on the line id
Solutions: PPP-connections (BRAS) or DHCP option 82
User can access network with a different IP address than the assigned IP
address
Pure layer 2 device
No support for duplicate MAC-addresses on the same ISAM

Within the same VLAN
Scalability
Switches learn all MAC addresses of all end-users
IP edge learns all MAC addresses & IP addresses of all end-users
2 1 26
Anti-IP spoofing: blocking of traffic when
user tries to connect to the network with an IP address different
than the IP address which was assigned to him.

3.10 Intelligent Bridging, things to consider [cont.]

Advised to use unique VLAN per [IPedge-DSLAM]-pair in EMAN
Avoid user-to-user communication
Traffic management per DSLAM
Complex IP network configuration
When 1 VLAN shared by multiple DSLAMs

User to user traffic in EMAN
Easy IP network configuration
One single subnet for all DSLAMs
MAC-address spoofing
Standard MAC address learning at EMAN level
Traffic will be rerouted to any spoofed MAC address
2 1 27

3.11 Intelligent Bridge: Summary

@
VLAN
VLAN
User 1
VoIP
HSI
VoD+BTV
VLAN
VDSL line
(PTM)
IB
@
VLAN
VLAN
User 2
IB
VoIP- VLAN
VoIP
HSI VLAN
HSI
IB
VoIP
HSI
Video - VLAN
VoD and BTV
VoD+BTV
VLAN
VDSL line
(PTM)
IBridges for VoIP/HSI/Video
Aggregation of multiple subscribers within a service/provider VLAN

Forwarding based on MAC
Line ID addition (PPPoE relay/DHCP opt 82)
Security at layer 2:
secure MAC learning
no user-to-user traffic (difference between network and user ports)
Blocking of downstream broadcast storms
Service VLAN stacking supported from R4.5
Evolved to Enhanced I-bridge
2 1 28
1) TR-101 N:1 model is supported by 7302/7330 I-bridge forwarding model.

2) This forwarding model is an access-based evolution of the standard Ethernet bridge
model, generally used through the IP/Ethernet network.

3) Forwarding is based on the Destination MAC address of the incoming frame, keeping in
mind that frames can only be bridged inside the same VLAN.
4) Hence, several subscriber ports can be assigned to the same VLAN, leading to the
concept of VLAN per service. In this structure, all traffic belonging to one service is
grouped in one VLAN so subscriber identification cannot be done based on VLAN. To
help with this, 7302/7330 is able to insert the line ID in some frames, helping BRAS
(for PPP traffic) or edge routers (for IP traffic) to do subscriber management.
5) So, what is different compared to standard bridging? Mainly, security aspects since
7302/7330 is directly connected to subscribers (secured MAC learning = no duplicated

MACs at subscriber side; no user-to-user communication = to avoid unmanaged traffic
through the network; no broadcast downstream = avoids providing potentially
dangerous information from one subscriber to another).
6) What is the enhanced I-bridge? Basically a normal I-bridge in which IP address anti-
spoofing and other security features have been enabled. IP address anti-spoofing is a
mechanism that keeps track of the IP addresses allocated for each port and discards
any traffic for that port that is not destined to any of those IP addresses.
7)
ISAM R4.5 provides support for VLAN Stacking (S+C VLAN) on iBridge forwarder. Better Scalability due
to VLAN stacking.
Support for Open Access business model by dedicating a S VLAN per service provider and C VLAN per
user.

2 1 29

4.1 I-Bridge Modes

Intelligent Bridging types:
The traditional I-Bridge does not support to add / remove VLAN tag

C-VLAN Ibridge
Unlike traditional I-Bridge, the S+C Bridge allows for the addition / removal of a
VLAN tag. Two stacked iBridge modes are currently supported:

S+C iBridge
S-Tunnel iBridge
I-Bridge
SC-IBridge
S30,
C10,x
S-IBridge tunnel
C10,x
SC
IBRIDGE
C10,x
MAC@ FWD DB
2 1 30
S20,
Any C,x
Any C,x
S
IBRIDGE
MAC@ FWD DB
Any C, x
The traditional I-Bridge in ISAM is called a C-VLAN I-Bridge and this forwarding model does not support adding
/ removing VLAN tag information on customer traffic (it has been explained previously).
In an attempt to keep with growing customer requirements and standard alignment, the ISAM platform also
support stacked VLAN Bridges. With a stacked VLAN bridge, in addition to bridging operations, the operatior
can configure ISAM to add/remove VLAN header to customer upstream / downstream traffic.
The Access Node supporting S+C bridges is considered to be a VLAN aware bridge, where each N:1 VLAN (SBridge) is a separate Virtual Bridge (VB) instance. Each VB performs independent source MAC address learning
and frame forwarding processing. Unlike traditional I-Bridge, the S+C Bridge allows for the addition / removal
of a VLAN tag on upstream egress / downstream egress traffic flows.
Two stacked iBridge modes are currently supported:
S+C iBridge (called mapped mode)
S-Tunnel iBridge (called tunnel mode)
The S+C iBridge mode allows C-VLAN tag operations, such as C-VLAN translation, in addition to
adding/removing an S-VLAN header. This forwarding mode requires the operator to configure a VLAN Port for
each C-VLAN.
The S-Tunnel iBridge mode allows the operator to minimize provisioning by creating a tunnel VLAN port on a
specific bridge port. On this bridge port all tagged/untagged customer frames which match the tunnel VLAN
port are encapsulated by an S-VLAN header.
The S+C iBridge mode supports both protocol-unaware and protocol-aware modes of operations. For example,
DHCP option 82 insertion, PPPoE Intermediate Agent and secure forwarding (ARP Relay, DHCP Snooping, IP
anti-spoofing) is supported for protocol-aware S+C iBridge operations.
Protocol awareness is supported for customer untagged and single-tagged frames. Protocol unaware is
supported for customer untagged, single/dual/multi -tagged frames. In context of GPON and EPON access
solutions, some restrictions may apply on the ONT for the ability to support dual and multi-tagged frames.

4.2 Summary: Intelligent Bridge mode

ISAM
IB
11
11
FDB 11
NetVlan 11
21
C-IB
IB
14
FDB 21
NetVlan 21
Ethernet
31 12
NetVlan 31,12
31 23
NetVlan 31, 23
51
NetVlan 51
2 1 31
IB
12
FDB 31,12
IB
17
FDB 31, 23
IB
3
S+C- IB
(Mapped)
FDB 51
S-IB
(Tunnel)
All the upstream frames can be untagged, single tag or with several tags (for example, business services). If
the frame has several tag, the ISAM only analyzes the outer tag to forward it (in the case of C-IB does not
add any VLAN and in the case of S+C IB adds a Vlan). In the case of S-IB (tunnel mode), all the vlans are
forwared transparently and the system addes a S-Vlan.
there are 5 different combinations in the Intelligent Bridge forwarding mode:
1. Not Adding Vlan Tag in upstream. User Vlan Specific and not translated
2. Not Adding Vlan Tag in upstream. User Vlan Specific and translated
3. Adding Vlan Tag in upstream. User Vlan Specific and not translated
4. Adding Vlan Tag in upstream. User Vlan Specific and translated
5. Adding Vlan Tag in upstream. Any User Vlan and not translated

End of module
2 1 36


Section 2
NE Operation
Module 2
IHUB L2 Forwarding
7302-7360 ISAM
221
NE Operation IHUB L2 Forwarding

Module objectives
Upon completion of this module, you will be able to:
Give an overview of IHUB concepts

Explain what a VPN service is
Explain what kind of services are supported on the new software
Give an overview of the supported forwarding models
223

Table of Contents
1 IHUB basic operation
2 IHUB
L2 forwarding in the overall picture
1.1 The ISAM as a two
3 Configuration
of stage
IHUBbox
VLAN via AMS
1.2 Self learning in the IHUB
4 Configuration
IHUB VLAN
via CLI
1.3 MAC movementof
& user-to-user
communication
2 IHUB L2 forwarding in the overall picture
2.1 Supported forwarding models
2.2 VLANs on the IHUB (1/2)
2.3 L2 Services
3 Configuration of IHUB VLAN via AMS
3.1 AMS: Layer 2
3.2 AMS: Create VPLS service
3.3 AMS: VPLS service details
3.4 AMS: Create a single SAP at a time
3.5 AMS: SAP details (1/2)
3.6 AMS: Create a number of SAPs in one go (1/3)
4 Configuration of IHUB VLAN via CLI
4.1 CLI: VLANs do not show IHUB VLANs
4.2 CLI: Configured services info
4.3 CLI: Show v-VPLS service overview
4.4 CLI: Show in which service a SAP is used
4.5 CLI: Show overall FDB
4.6 CLI: Show per service FDB
225

Page
7
8
9
10
11
12
13
15
16
17
18
19
20
21
23
26
27
28
29
30
31
32
7
11
16
26
227

1.1 The ISAM as a two stage box

will do ethernet switching
on the NT IHUB
on the LT - IWF
ethernet switch = forwarding engine

atm
interworking = ATM ethernet
gem
ethernet (encapsulated)
ethernet
ethernet
xDSL
NT
FW Engine
IWF
FW Engine
IHUB
LT
GPON
P2P-eth
228

1.2 Self learning in the IHUB

Self-learning implemented for both upstream and downstream
Discard all user unicast frames with MAC DA known on an ASAM or
subtending port
No user-to-user communication
Learning of Source Mac@
within VLAN
IHUB
MacA
LT
X
E-MAN
U
Y
E-MAN
MacB
LT
B A
B C
Z
LT
MacC
229

1.3 MAC movement & user-to-user communication

All ports on the IHUB have a category attribute to drive:
Secure MAC address learning / MAC movement
User-to-user communication
The port category can be:

regular =
network uplink ports
residential =
ports)
user facing ports (local and remote LT, subtending, and direct user
The following rules for MAC movement & port-to-port communication apply:
From
To
MAC movement
User-to-user communication
Residential
Residential
Disabled
Disabled
Residential
Regular
Enabled
Enabled (including broadcast and multicast

flooding)
Regular
Regular
Enabled

flooding)
Regular
Residential
Disabled

flooding)
2 2 10
Note: User-to-user communication can be enabled per V-VPLS instance

(required for ISAM-V).
MAC address learning can be disabled per V-VPLS instance.

2 2 11

2.2 VLANs on the IHUB (1/2)

VLANs are always emulated by a single v-VPLS, for every forwarding
mode used on the IACM
For (Unstacked C-VLAN) Intelligent Bridging
For (Unstacked) C-VLAN Cross Connect
For (Stacked) S-VLAN Cross Connect
For the shared S-VLAN part of (Stacked) SC-VLAN Cross Connect
VLANs have only a single ID

The C-VLAN for Intelligent Bridging or Unstacked Cross-Connect
The S-VLAN for Stacked Cross Connect
Hence only the outer VLAN tag is specified
2 2 13

2.2 VLANs on the IHUB (2/2) [cont.]

VLANs need SAPs (a port with a tag being the v-VPLS VLAN ID)
One of more regular ports (network side)
One or more residential ports (LT side)
For Residential Bridge and L2 Terminated: potentially all (connected) ASAM ports
For Cross Connect: only the port for the LT where the user is connected
VLANs are normally tagged on egress

Always for residential ports
For network ports: untagged on egress is possible
By using zero as the VLAN tag of the SAP
VLANs normally do not allow user-to-user communication

Can be enabled per VLAN
2 2 14

2.3 L2 Services
VLAN
v-VPLS
: SAP
IHUB
LT
SAP -> lt:1/1/1:x
SAP -> nt-a:sfp:1:x

2 2 15
VLAN value used at the LT level is forwarded on IHUB by configuring a SAP (Service Access
Point) on a v-VPLS. A SAP is a combination of a physical port (in this case one of the IHUB
ports) and a VLAN ID.
Note: A SAP in the ISAM can be of only one type, q-tagged. Unlike the SAP in IPD
equipment, that can be either untagged, q-tagged or q-in-q tagged.

2 2 16

3.1 AMS: Layer 2
equipment
Select NE
Infrastructure
Layer 2
VLAN section shows IHUB VLANs as read-only stubs for the

actual v-VPLS services
2 2 17

3.2 AMS: Create VPLS service
equipment
See Next
Slide
Select NE
Infrastructure
Layer 2
L2 Services
Create - L2 Service
2 2 18
To delete a VPLS, you first have to lock it.

3.3 AMS: VPLS service details
Configure service vpls 300 customer 1 v-vpls vlan 3000 no shutdown
2 2 19
The service ID can be different from the VLAN ID, though it may be good practice to
make them equal. However. service IDs live in a shared namespace between all types
of services (e.g. L2 and L3). So conflict must be avoided and since the service ID has a
huge range [1, 2147483647], it can be useful to derive the service ID from the VLAN in
a logical way (e.g. adding a digit).

3.4 AMS: Create a single SAP at a time

equipment
See Next
Slide
Select NE
Infrastructure
Layer 2
VPLS Services
VPLS Service
Create VPLS SAP
2 2 20
To delete a SAP, you first have to lock it.

3.5 AMS: SAP details (1/2)
2 2 21

3.5 AMS: SAP details (2/2) [cont.]
Configure service vpls

300 sap lt:1/1/1:3000
2 2 22

3.6 AMS: Create a number of SAPs in one go (1/3)

equipment
See Next
Slide
Select NE
Infrastructure
Layer 2
L2 Services
L2 Service x
Actions:
Create Port SAPs
2 2 23

3.6 AMS: Create a number of SAPs in one go (2/3) [cont.]
2 2 24

3.6 AMS: Create a number of SAPs in one go (3/3) [cont.]
The two SAPs created

in previous slide
2 2 25

2 2 26

4.1 CLI: VLANs do not show IHUB VLANs

leg:isadmin>configure>vlan# info
configure
#------------------------------------------------------------------------------echo "vlan"
#------------------------------------------------------------------------------vlan
broadcast-frames
priority-policy port-default
id 151 mode residential-bridge
name CES
in-qos-prof-name name:Default_TC0
exit
pppoe-relay-tag true
in-qos-prof-name name:all-in-one
circuit-id-pppoe physical-id
remote-id-pppoe customer-id
exit
name VLAN3000
2 2 27

4.2 CLI: Configured services info

vpls 151 customer 1 v-vpls vlan 151 create
leg:isadmin>configure>service# info
description "CES"
----------------------------------------------
sap nt-a:xfp:1:3000 create
user-user-com
exit
customer 1 create
stp
sap lt:1/1/1:3000 create
description "Default customer"

shutdown
exit
exit
exit
customer 10 create
exit
description "ALUniv-A"
exit
exit
exit
ies 10 customer 10 create
exit
stp
interface "mgmt" create

no shutdown
shutdown
address 172.31.79.190/25
exit
exit
sap nt:vp:1:4080 create

exit
shutdown
exit
exit
description "VLAN3000"
no shutdown
no shutdown
stp
exit
exit
shutdown
exit
2 2 28

4.3 CLI: Show v-VPLS service overview

leg:isadmin># show service service-using v-vpls
=========================================================
Services
=========================================================
ServiceId
Type
Adm
Opr CustomerId Service Name
------------------------------------------------------------------------------151
v-VPLS
Up
Up
300
v-VPLS
Down
4080
v-VPLS
Up
Down
11
Up
10
------------------------------------------------------------------------------Matching Services : 3
-------------------------------------------------------------------------------
2 2 29

Template Used
4.4 CLI: Show in which service a SAP is used
leg:isadmin># show service sap-using sap lt:1/1/1:3000
==================================================
Service Access Points Using Port lt:1/1/1:3000
==================================================
PortId
SvcId
Ing.
Egr. Adm Opr
Fltr
Fltr
-------------------------------------------------------------------lt:1/1/1:3000
300
none
none Up Down
-------------------------------------------------------------------Number of SAPs : 1
--------------------------------------------------------------------
2 2 30

4.5 CLI: Show overall FDB

leg:isadmin># show service fdb-mac
=======================================================
Service Forwarding Database
=======================================================
ServId
MAC
Source-Identifier
Type Last Change

Age
------------------------------------------------------------------------------151
00:12:72:00:27:66
sap:lt:1/1/3:151
L/0
06/28/2012 23:21:06
4080
00:03:ba:73:47:b1
sap:nt-a:xfp:1:4080
L/0
06/13/2012 15:29:39
4080
00:03:ba:86:dd:39
sap:nt-a:xfp:1:4080
L/0
07/09/2012 16:14:55
4080
00:03:ba:cf:90:d3
sap:nt-a:xfp:1:4080
L/0
06/13/2012 15:29:32
4080
00:0d:9d:d3:37:64
sap:nt-a:xfp:1:4080
L/0
07/09/2012 15:43:05
4080
00:13:21:f2:b4:ab
sap:nt-a:xfp:1:4080
L/0
07/09/2012 16:18:32
4080
00:14:4f:5f:20:ca
sap:nt-a:xfp:1:4080
L/0
06/13/2012 15:29:33
4080
00:14:4f:cb:17:ac
sap:nt-a:xfp:1:4080
L/0
06/13/2012 15:29:32
-------------------------------------------------------------------------------------------------No. of Entries: 20
-------------------------------------------------------------------------------------------------Legend: L=Learned; P=MAC is protected
2 2 31

4.6 CLI: Show per service FDB

leg:isadmin># show service id 151 fdb detail
=======================================================
Forwarding Database, Service 151
=======================================================
ServId
MAC
Source-Identifier
Type Last Change

Age
------------------------------------------------------------------------------151
00:12:72:00:27:66 sap:lt:1/1/3:151
L/0
06/28/2012 23:21:06
------------------------------------------------------------------------------No. of MAC Entries: 1

------------------------------------------------------------------------------Legend: L=Learned; P=MAC is protected
=======================================================
2 2 32

Module summary
Upon completion of this module, you are able to:
Give an overview of IHUB concepts

Explain what a VPN service is
Explain what kind of services are supported on the new software
Give an overview of the supported forwarding models
2 2 33

End of module
IHUB L2 Forwarding
2 2 34


Section 2
NE Operation
Module 3
Intelligent Bridging IACM
7302-7360 ISAM
231
NE Operation Intelligent Brigding IACM

Module objectives
After attending this session, you should be able to:
Overview of a Residential Bridge VLAN (= Intelligent Bridge VLAN)

Explain how the RB-VLAN is behaving on LT
Create a RB-VLAN via AMS and CLI on IACM
Associate a RB-VLAN to a bridge port with or without VLAN translation
233

Table of Contents
1 Intro Intelligent Bridging
2 Configuration:
Create the IB VLAN
1.1 The ISAM as a two
boxassociation on bridge port
3 Configuration:
IBstage
VLAN
1.2 Intelligent Bridge mode in 7302 ISAM
4 Exercises
1.3 Intelligent Bridge
1.4 LT self-learning
5 Annex
A: Basic GPON QoS configs
1.5 Upstream
1.6 Downstream
2 Configuration: Create the IB VLAN
2.1 IB VLAN set-up
2.2 Creation of IB VLAN on NE
2.3 Creation of IB VLAN on IACM
2.4 Modifying IB VLAN on IACM
2.5 IB Configuration of SYSTEM and/or per VLAN aging timer
2.6 Residential bridge parameters
2.7 Creation of IB VLAN via CLI
3 Configuration: IB VLAN association on bridge port
3.1 Logical user port xDSL/ATM
3.2 Logical user port VDSL/EFM or P2PEth
3.3 Logical user port - GPON
3.4 IB VLAN association of port on IACM
3.5 IB VLAN association
235
3.7 IB
VLAN
association
of port on IACM
NE Operation
Intelligent
Brigding
IACM
3.8 Configuration of the port on VLAN in IB
3.9 Create VLAN association on bridge port
3.10 Define PVID on bridge port
3.11 RB VLAN association with VLAN translation
3.12 IB VLAN association of port on IACM (CLI)
3.13 Deletion of VLAN
3.15 VLAN related show commands
3.16 Stacked-IB (S+C-Ibridge)
3.17 S+C IBridge association with VLAN translation
3.18 Stacked-IB (S-Ibridge)
3.19 Stacked-IB (CLIs)
4 Exercises
5 Annex A: Basic GPON QoS configs
5.1 Ingress QoS profile
5.2 Bandwidth profile

Page
7
8
9
10
11
12
13
14
15
16
17
18
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
38
39
40
41
43
44
48
50
52
53
63
64
65
7
15
27
53
63
237

1.1 The ISAM as a two stage box

will do Ethernet switching
on the NT xHUB
on the LT - IWF
atm
Ethernet switch = forwarding engine
gem
interworking = ATM Ethernet

ethernet (encapsulated)
ethernet
ethernet
xDSL
NT
LT
IWF
FW Engine
FW Engine
xHUB
GPON
P2P-eth
238

CPE
1.2 Intelligent Bridge mode in 7302 ISAM

IB mode
Ph port
VLAN
VP/VC
VLAN
8/35
100
8/37
100
EFM
x
External
Ethernet
links
xHUB
ASAM
link
LT
FW Engine
100
100
1-16

FW Engine
100
239
100
Ph. Port
8/35
8/37
Remember, MAC-addresses are used in the forwarding decision.

In the upstream direction, the incoming user port (without the MAC DA) is sufficient for the
7302 ISAM to identify the outgoing upstream port and the C-VLAN tag. This C-VLAN is the
port-based default VLAN configured for this user port.
In the downstream direction, the MAC-address is sufficient for the 7302 ISAM to identify the
outgoing user port.
A particular VLAN ID can be configured :
For
a number of user ports in the 7302 ISAM.
Only
once over all 7302 ISAMs in the complete Ethernet network to which the 7302 ISAM
is connected.

1.3 Intelligent Bridge

bridge: learning, aging, forwarding
lookup MAC DA done based on VLAN and MAC-address
intelligent bridging enhancements implemented on ISAM
independent MAC-address learning

independent MAC-address aging
aging timers are configurable [10...1000000] sec
Recommended default value is 300 sec
aging timer per VLAN

aging timers are configurable [-1,10...1000000] sec
Default value 1 use system Aging timer on LT
2 3 10
The xHUB and the LTs autonomously learn MAC addresses. They also autonomously age these MAC addresses.
Aging timers are configurable. The idea is that the xHUB is configured with the same aging timer as the one
of the IWF of the LT. This is needed to avoid conflicts, e.g. when the MAC address is aged on the xHUB, then
the xHUB could learn the MAC address on another interface with unpredictable behavior as a consequence.
Once a MAC address is aged, then no downstream communication is possible until the address is learned again
in the upstream direction.
So its important that the MAC ageing time is properly configured, otherwise data-plane connectivity may be
lost between the network and the ISAM end-users (nightly SW download on STB, incoming VoIP calls, )
In case of PPPoE traffic the MAC aging time can be kept small, because PPP has a built-in keepalive mechanism
In case of DHCP-based service scenario's, the MAC ageing time must be taken in the same order of
magnitude as the DHCP lease time

1.4 LT self-learning
only in the upstream - when initiated from user logical port
Self-learning can be disabled per user logical port.
In case of self-learning, limiting number of MAC addresses is possible.
Learning of Source Mac@

within VLAN
NO selflearning
MacA
LT
x
To Service
xHUB
y
z
2 3 11
MacB
MacC
We call the LT IWF half a bridge as it only learns MAC addresses in the upstream direction.
This has as a consequence that no connection can be initiated from the network side if the
MAC address on the user side is not known or has not been learned yet.

1.5 Upstream
only user to network allowed
<-Network
<-SHUB
LT
<-- BC
-->
User A - LT1
User B - LT1
User C - LT4
User D
S-ASAM
LT
<-- Unknown MAC DA

-->
User A - LT1
User B - LT1
User C - LT4
User D
S-ASAM
LT
<-- Known MAC DA

-->
User A - LT1
User B - LT4
User C - LT4
User D
S-ASAM
-->
-->
-->
<-Network
<-SHUB
-->
-->
-->
<-Network
<-SHUB
-->
-->
-->
2 3 12
The ISAM only allows user to network communication in the upstream,

Blocked
on the same LT by the IWF
Blocked
by the port mapping configuration on the xHUB (see later)
This is valid for all cases, i.e. Broadcast (BC), Unknown MAC Destination Address and Known
MAC Destination address.
Unicast frames with unknown destination MAC addresses are flooded to the network side.
no
user-to-user communication within the LIM
no
flooding from user to user port
broadcast
frames are flooded towards the NW port
Frames with known destination MAC addresses arent forwarded to user ports, but to the
network side
No
user-to-user communication within the LT

1.6 Downstream
broadcast control configurable per VLAN in IB mode
BC -->
Network
SHUB
Unknown MAC DA -->

Network
SHUB
Known MAC DA -->

Network
SHUB
2 3 13
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
LT
-->
-->if BC allowed
-->
User A - LT1
User B - LT1
User C - LT4
User D
S-ASAM
LT
-->
-->
-->
User A - LT1
User B - LT1
User C - LT4
User D
S-ASAM
LT
-->
-->
-->
User A - LT1
User B - LT1
User C - LT4
User D
S-ASAM
Broadcast from Network to User is only allowed if enabled by the operator, per VLAN in IB
mode.
For the unknown MAC DA case, the LT will not forward the frames to the users.
In case of a known MAC DA, all frames are forwarded.
unicast frames with known MAC DA are forwarded to the appropriate logical user port
unicast
frames with unknown MAC DA are discarded
No
flooding from NW port to user port
No
user to user communication
By default broadcast as a consequence of flooding, which happens in case of standard

bridging when the MAC DA is unknown or in case of multicast, is avoided with intelligent
bridging.


LT
xHUB
Blocking duplicate MAC-address

MAC movement to highest priority
Within priority
Movement
Within priority
Static MAC-addresses never

disappear from learning table
, always MAC
, MAC movement
NT
only when feature is enabled in the
VLAN
E-MAN
network links,
outband MGT link
Control link
LT
ASAM links
IWF
2
3
CPE
ASAM links
CPE
LT
IWF
CPE
subtending links
3
user links
2 3 14
On the IWF
If the MAC-address was already configured or learned on another user logical port, the MACaddress wont be learned on the second port and the frame is dropped (Conflict alarm).

2 3 15

2.1 IB VLAN set-up

VLAN set-up:
Create VLAN for

service to be deployed
create VLAN
creation of Residential Bridge

VLAN on IACM
Add ports to VLAN
Add ports to VLAN
on LTs
Via AMS
Different versions of one VLAN
possible
For GPON, there is already

some QoS stuff
to explain and configure:
see Annex A
2 3 16
Here youll learn how to:

Create
Add
a VLAN on IACM, either using 5520AMS or using CLI
ports to a VLAN.

2.2 Creation of IB VLAN on NE

S-VLAN Id = 0
Network
Select NE
Infrastructure
Layer 2
VLAN
Create VLAN
See Next
Slide
2 3 17
5520AMS doesnt use templates for VLANs. The only way to configure VLANs is on the NE
itself.
For a residential bridge VLAN, the S-TAG = 0. No stacked VLANs for intelligent bridging!
(The reason why you see the S-VLAN id is that the same screens are used for cross-connect,
where you can have stacked VLANs.)

2.3 Creation of IB VLAN on IACM
mode: RB
2 3 18
Not all parameters can be configured here already. You can configure e.g. static MAC
addresses afterwards. See further.

2.3 Creation of IB VLAN on IACM [cont.]

Secure Fwg
and IP AntiSpoofing
broadcast
control
Protocol
Control
(NTP,RIP)
Protocol filter
(PPPoE,IPoE,IP
v6oE)
2 3 19

PPPoE relay
tag
DHCP option
82
2 3 20


Aging & U to U control
Virtual MAC
translation
MC control
2 3 21
From R3.5 VLAN specific aging time can be set. If set, this value will override the IACM
Layer2 - Ethernet System Parameters Forwarding Database Aging Time. If the default value
1 is left, the IACM system parameter is used.
To avoid problems the LT aging timer must be the same as the SHUB aging timer.

2.4 Modifying IB VLAN on IACM

Static MAC addresses
Network
Select NE
Infrastructure
Layer 2
VLAN
Select VLAN
MAC Addresses
Static
Create
Unicast Static MAC Address
2 3 22

2.5 IB Configuration of SYSTEM and/or per VLAN aging timer
2 3 23
From R3.5 VLAN specific aging time can be set. If set, this value will override the IACM
Layer2 - Ethernet System Parameters Forwarding Database Aging Time. If the default value
1 is left, the IACM system parameter is used.
In this case 300s is the value
To avoid problems, the LT aging timer must be the same as the SHUB aging timer.
CLI Commands: System aging timers IACM
Configure bridge ageing-time [10...1000000]
CLI Command: MAC aging PER VLAN (IACM)
Configure vlan id 200 aging-time [-1,10...1000000]

Default value 1 IACM system settings are used.

Broadcast control on LT
BC off by
Default
Only applicable in IB mode

Off (default):
-
From
Service
Hub
MAC-DA
Broadcast
BC in IWF on LT blocked in DS
On:
-
Allow BC in DS
2 3 24
Off: BC blocked
On: BC allowed

LT
2.7 Creation of IB VLAN via CLI

Vlan ID range: 1 to 4093
excluding the VLAN ID used for management
Create VLAN on IACM

configure vlan id < VLAN ID> mode <VLAN Mode >
2 3 25
CONFIGURATION OF VLAN ON IACM

Id: [2...4093,4097] vlan id
Name: optional parameter with default value: name
Mode: Mandatory parameter with possible values (on IACM):
1) cross-connect, 2) residential-bridge, 3) qos-aware, 4) layer2-terminated, 5) mirror
Priority: optional parameter with default value: 0. Range: {0...7}
[no]switch-broadcast: optional parameter to control downstream broadcast frames
(default value:"discard-broadcast). Broadcast control is configurable per VLAN: on/off
[No]
broadcast frames broadcast frames means: broadcast allowed (= ON)
[no] protocol filter (default: pass all).

Other possibilities: pass pppoe, pass ipoe, pass pppoe-ipoe
[no]enable-pppoe-relay: optional parameter with default value: "disable-pppoe-relay adding tag for pppoe
relayed traffic (rb vlan)
[no]dhcp-opt-82-on: optional parameter with default value: "dhcp-opt-82-off enable adding dhcp option 82
(rb vlan)

DHCP option 82/PPPoE Relay Tag
Disabled (default):
no option 82/PPPoE information added by LT
Enabled:
option 82/PPPoE information added by LT
Protocol Group Filter

Different from Protocol based VLAN association
3 possibilities
All :
allow all protocols on VLAN
IPoE:
allow only IPoE on VLAN
PPPoE :
allow only PPPoE on VLAN
IPv6oE:
allow only IPv6oE on VLAN
PPPoE + IPoE + IPv6: allow only PPPoE, IPoE & IPV6oE on VLAN
Or other combinations between the three
Ingress QoS Profile

for NGLT-x only, see annex
2 3 26
Protocol based VLAN association see later

2 3 27

3.3 Logical user port - GPON

GEM based encapsulation
1 UNI on the ONT is mapped on 1 logical user port on IWF of LT
1 ONT can have multiple VP/VCs
LT x
FW Engine
IWF
To successfully make a bridge port a member of a VLAN,

the corresponding qos interface needs to be configured
see Annex A
2 3 30
This enables the capability to learn Mac addresses in the LT. But currently there is no means yet
to transport data upstream, out of the ONT on to the LT. This means it is the T-CONT which still
needs to be set up (see later)!
If you try to make the bridge port member of a VLAN without the qos interface youll get an
error message:
Attach
Ingress QoS Profile to Vlan Port refused due to missing bandwidth profile on Queue


One logical user port can be mapped to multiple VIDs
One logical port associated to Cross Connect or
Residential-bridge VIDs
One logical user port can accept tagged or untagged
frames
Configured on the level of VID Association
Per user logical port a PVID can be defined

Before PVID can be configured VLAN association has to be
configured
Configuration of VID within the bridged port
Support of 48 x 16 = 768 I-Bridges

on L3 LIMs
2 3 31

3.5 IB VLAN association

Port based VLAN association
VLAN ID based on port of arrival
untagged frames, receive port VLAN identifier PVID
Also called the default VLAN ID
Port-and-protocol-based VLAN classification

VID based on port of arrival and the protocol identifier of the
frame
multiple VLAN-IDs associated with port of the bridge VID set
VLAN Translation
VID based on port of arrival and translated to a network VID
2 3 32
A VLAN bridge supports port-based VLAN classification and may support port-and-protocolbased VLAN classification.
In port-based VLAN classification within a bridge, the VLAN-ID associated with an untagged
or priority tagged frame is determined based on the port of arrival of the frame into the
bridge. This classification mechanism requires the association of a specific Port VLAN
Identifier, or PVID, with each of the bridges ports. In this case, the PVID for a given port
provides the VLAN-ID for untagged and priority tagged frames received through that port.
For bridges that implement port-and-protocol-based VLAN classification, the VLAN-ID
associated with an untagged or priority-tagged frame is determined based on the port of
arrival of the frame into the bridge and on the protocol identifier of the frame.
For port-and-protocol based tagging, the VLAN bridge will have to look at the Ethertype, the
SSAP, or the SNAP-type of the incoming frames. When the protocol is identified, the VID
associated with the protocol group to which the protocol belongs will be assigned to the
frame. This classification mechanism requires the association of multiple VLAN-IDs with
each of the ports of the bridge; this is known as the VID Set for that port.
BTV and Port & protocol-based VLAN on R3.1-3.2

the
port default VLAN must be chosen equal to the VLAN used for BTV traffic
no
protocol based VLAN must be defined for IP, otherwise we end up generating a wrong
tag when issuing IGMP messages to the end user


Frames received from end users
are untagged
user port can be mapped to
multiple VID using port-protocol
based association or PVID
Frames received from end users

are tagged
on logical port define different
VIDs and configure frames received
from end-user as tagged
send frames back to the subscriber
to be set as single tagged
E-MAN
Network
IPoE
PPPoE
xxx
LT
IPoE
PPPoE
xxx
E-MAN
Network
LT
CPE
= PVID
2 3 33
Behavior of the RB VLAN Association on the AMS

Frames received by the end users are tagged
Association
Settings Send frames back to the subscriber as: Single Tagged
Frames received from end users are untagged

Association
Settings Send frames back to the subscriber as: Untagged

CPE

VLAN Translation, frames received from end users are tagged
Bridge Port
Network VLAN
VLAN 10 (HSIA, SP1)
VLAN 11 (HSIA, SP2)
VLAN 20 (VoD, SP1)
Subscriber VLAN
Bridge 10
VLAN 1 (HSIA)
Bridge 11
VLAN 5 (HSIA)
Bridge 20
VLAN 2 (Video)
CPE
VLAN 30 (BTV, SP1)
MCast
VLAN 31 (BTV, SP2)

VLAN 21 (VoD, SP2)
VLAN 40 (Voice, SP3)
VLAN per service

& per provider
Bridge 21
VLAN 6 (Video)
Bridge 40
VLAN 3 (Voice)
VLAN per service
& per provider
2 3 34
There are many operators who base their network architecture on one PVC per service when
connecting ADSL subscribers. Once those operators start deploying VDSL, they need to use
the VLAN as a "PVC emulation".
ISAM supports the ability to emulate a multi-PVC configuration on an EFM interface using the
VLAN as a "PVC emulation", i.e. it is possible to associate a set of VLAN Id's at the subscriber
interface with a set of forwarding engines being chosen from the following list :
VLAN-CC
(Transparent or Protocol aware): the C-VLAN received at the user side is either
forwarded as a C-VLAN CC or encapsulated into an S-VLAN (VLAN stacking).
i-Bridge:
the VLAN received at the user side will be bridged into an

identified by the same VLAN Id.
IP
Aware Bridge
IP
Routing
i-bridge
Additionally, in case of VLAN-CC or i-Bridge, we support VLAN translation to make

wholesaling possible without impacting the CPE configuration. Starting from a set of predefined C-VLAN tags at the CPE side (i.e. the same for all CPEs), it is possible to retag the
received packet with a new C-VLAN (VLAN-CC or i-bridge) or a stacked VLAN (VLAN-CC), so
that the traffic can be passed to the VLAN associated with the combination of serivce
provider plus service.

3.8 Configuration of the port on VLAN in IB

Add ports to VLAN
on IACM
Bridge port VID mapping
External
ethernet
links
Control
link
Aggregation
function
on xHUB
Define egress ports within
the VLAN
Control/mgt
functions
FE
GE/FE 1
GE/FE 2
..
ASAM
links
GE/FE 7
LIM
IWF
GE1
..
LIM
IWF
GE16
PVC
PVC
2 3 35
In
In
the xHUB
Create VLAN in RB mode
Add NW interfaces and all ASAM interfaces to this VLAN
the ASAM
Create VLAN in RB mode
Add port to VLAN

3.9 Create VLAN association on bridge port

Network
Select VCL Bridge Port

Create
VLAN Association
2 3 36

3.9 Create VLAN association on bridge port [cont.]

VLAN without
Translation
Send frames back to subscriber as: untagged
2 3 37

3.10 Define PVID on bridge port

Modify VLAN association Object details view
select Default
VLAN and click OK
2 3 38

3.11 RB VLAN association with VLAN translation

VLAN without
Translation
VLAN Translation
Network
Subscriber
VLAN
Select VCL Bridge Port

Create
VLAN Association
Send frames back to

subscriber as:
tagged
2 3 39
For example, you configure a RB VLAN association with VLAN translation on a VDSL EFM
bridge port. The modem is configured in such a way that it generates tagged traffic, e.g.
local subscriber VLAN 10. This subscriber VLAN is translated into the network VLAN 150.
All
frames returned to the subscriber should again have VLAN tag 10.
Configure that the frames returned to the subscriber should be single-tagged.

3.12 IB VLAN association of port on IACM (CLI)

define VIDs in the configure bridge port command
configure bridge port 1/1/<slot>/<port>:<VP>:<VC>#
vlan-id <VLAN ID> or
vlan-id stacked <S-VLAN ID:C-VLAN ID>
VLAN translation
vlan-id <VLAN ID> vlan-scope <local> network-vlan <VLAN ID>
define PVIDs in the configure bridge port command

pvid <VLAN ID>
2 3 40
No VLAN Translation:
leg:isadmin>configure>bridge>port>1/1/2/1:8:36#
vlan-id 200
info
#-------------------------------------------------------------------------------------------------- port
1/1/2/1:8:35
max-unicast-mac 4
vlan-id 200
exit
exit
With VLAN Translation:

vlan-id 10 vlan-scope local network-vlan 150
info
port
1/1/2/2:8:35
max-unicast-mac 4
vlan-id 10
network-vlan 150
vlan-scope local
exit
vlan-id 200
exit
exit

3.13 Deletion of VLAN

first remove VLAN associations on VLAN
then delete VLAN
2 3 41

3.14 Deletion of VLAN [cont.]
It is not possible to delete a VLAN if there are still ports attached to

the VLAN
Deleting VLAN on IACM

configure vlan no id <VLAN ID>
2 3 42

3.15 VLAN related show commands

Selection of multiple show vlan commands
Display list of command via show vlan ?
Interesting commands on IACM
show vlan residential bridge summary <VLAN ID>
gives all bridge ports connected to this vlan (extensive gives tx mode, qos profile)
show vlan bridge-port-fdb < bridge port id (1/1/slot/port:VPI:VCI or
1/1/slot/port/ONT/ONTCard/port) >
gives all MAC-addresses learned or configured on that port with its associated vlan
show vlan fdb <fdbid>
gives association fdbid with vlanid
show vlan fdb-board fdb-id <fdbid>
gives you MAC-addresses learned on all ports of that vlan
show vlan dup-mac-alarm
gives you duplicate mac information
2 3 43

3.16 Stacked-IB (S+C-Ibridge)

Network
Select NE
Infrastructure
Layer 2
VLAN
Create VLAN
2 3 44

3.16 Stacked-IB (S+C-Ibridge) [cont.]

First: S-Vlan
2 3 45
S+C iBridge on GPON LT from R4.3

S+C iBridge on Catan/CATE DSL LT (all VDSL LTs except NVLT-C/D) and NELT-B UNI LT from R4.4.02


Second: S+C Vlan
2 3 46

2 3 47

3.17 S+C IBridge association with VLAN translation
2 3 48

3.17 S+C IBridge association with VLAN translation [cont.]
2 3 49

3.18 Stacked-IB (S-Ibridge)

Create a S Vlan:
2 3 50
S iBridge on NELT-B NNI from R4.2

S IBridge on GPON LT from R4.3

3.18 Stacked-IB (S-Ibridge) [cont.]
2 3 51

3.19 Stacked-IB (CLIs)

Configure a VLAN on the LT for S+C-iBridge
configure vlan id stacked:300:0 name "SC_VLAN-300" mode residential-bridge
configure vlan id stacked:300:600 name "SC_VLAN-300-600" mode residentialbridge
Configure a VLAN on the LT for S-iBridge

configure vlan id stacked:800:0 name "SiBridge-vlan" mode residential-bridge
2 3 52

4 Exercises
2 3 53

Perform these exercises with CLI and AMS unless specified differently
Exercises
Perform these exercises on the board and ports assigned to

you to do the retrieval exercises.
1.
Which VLANs are created on the NE?
2.
What is the forwarding mode of VLAN 200 (cross-connect, residential bridge)?
3.
What are the ports belonging to VLAN 200 on the xHUB? Explain what you see.
2 3 54
4.
5.

Which logical ports are associated to VLAN 200?
Explain the total configuration of the user logical port PVC 8/35 on port TRAINING-a .
Note : For the downstream forwarding , we assume that the xHUB knows the MAC-addresses of the end
user within the respective VLANs .

6.
What happens when the end-user sends a frame with VLAN tag 200?
7.
What happens when the end-user sends a frame with VLAN tag 300?
8.
What happens when the end-user sends an untagged frame ?
9.
What happens with a frame with VLAN tag 200 coming from the network?
10. What happens with a frame with VLAN tag 300 coming from the network?
11. How many MAC-addresses can be learned in VLAN 200 on the logical user port VP/VC 8/35 of port
TRAINING-a?
12. Explain the total configuration of the user logical port PVC 8/35 on port TRAINING-b.
Note : For the downstream forwarding , we assume that the xHUB knows the MAC-addresses of the
end user within the respective VLANs .
Egress
Ingress
DSL port
DSL port
150
150
8/35
160
160
210
210
50
50

13. What happens when the end-user sends a frame with VLAN tag 150?
14. What happens when the end-user sends a frame with VLAN tag 50?
15. What happens when the end-user sends an untagged frame?
16. What happens when a frame with VLAN tag 150 is sent towards the end user?
20. What happens when an untagged frame is sent towards the end user?
21. How many MAC-addresses can be learnt on the user logical port PVC 8/35 on port TRAINING-b
within VLAN 50?

For these exercises go back to the board and ports assigned to you to do the
configuration exercises.
1. Go to the port that you configured before and where the modem is connected. Use
CLI to apply the service with VLAN id as default VLAN 150 to PVC 8/36. Frames coming
from the end user are untagged. You should be able to connect with 2 PCs. DHCP server
is available on the other side .
setup
2. Check if you are able to get an IP address. from the DHCP server.
Note: in function of the modem setup you need to either use VMware on the trainee PC
or disconnect your PC from the AUA LAN and connect the PC to the modem (or
connect your own PC to the modem ). Ask the teacher what to do!
Force your PC to ask for a new IP-address (DHCP release/renew) ipconfig /release
and ipconfig /renew.
What is the IP-address you received ? What is the IP-address of the DHCP server?
3. Check the MAC-address learnt on your bridge port using AMS and CLI.

4. Are you able to ping the PC of one of your colleagues connected to the same
ISAM? Explain.
5. Use the AMS to associate logical port 8/35 with VLAN 200 as the default VLAN.
Frames coming from the end user are untagged. You should be able to connect with 3
PCs to this connection.
VLAN 200 terminates on a BRAS so use PPPoE to set up a connection. Check if you can
surf the web.
Note: in function of the modem setup PPPoE session needs to be initiated from modem
or PC . Ask the trainer what to do !
Setup
6. Check the MAC-address learnt on the VP/VC 8/35 and VP/VC 8/36 with the AMS.
What do you notice ? Explain what you see.
7. Use the AMS to remove the RB vlan with id 200 from the 8/35 ATM termination
point on your port.
8. Use the CLI to remove the RB vlan with id 150 from the 8/36 ATM termination
point on your port.

9.
Create RB VLAN with VLAN ID=20x ( x = adsl-x) via CLI. All traffic type is possible within
the VLAN. The VLAN is default VLAN on logical port 8/35. 4 user sessions possible on the logical
port. No user line id is required for DHCP or BRAS. No MC service is deployed within the VLAN.
Try to initiate a PPPoE session towards the network. Verify if your configuration works.
Note: BRAS will not provide you with an IP@ ( Setup of the network currently not ready )
Setup
10. Create a Service for RB VLAN on the AMS. All traffic type is possible within the VLAN. 4
user sessions possible on the logical port. No user line id is required for DHCP or BRAS. No MC
service is deployed within the VLAN.
Leave status under construction.
Note : unique VLAN-ID per [IP-edge ISAM] pair to prohibit user-to-user communication.
11. You want to have line identification information on the DHCP server. Try to apply the
change and explain

12. Use the AMS to associate the service you just created on VP/VC 8/36 of the port
assigned to you. VLAN id to be used is VLAN 16x (x=adslx). Frames coming from
the end user are untagged. VLAN 16x is the default VLAN. Check if your
configuration works by setting up a DHCP session and see if you are able to receive
an IP@ .
Setup
13. Release your IP address. (ipconfig /release)

14. Your management changed mind and the VLAN 16x can only be used for
PPPoE traffic. Apply the change with CLI. Check if you are still able to retrieve an
IP@ via DHCP. Does it work ? Why? Why not?
15. In normal operation would you normally apply such change with CLI?
16. Your management changed mind again, and now only wants IPoE traffic in
VLAN 16x and disable option 82. Apply the change with AMS. Check if you are still
able to retrieve an IP@ via DHCP. Does it work ? Why? Why not??

17. Can you ping the client PC from the server side on VLAN 16x?
Ask the trainer to assist you since access to DHCP server is secured.
First check the ARP table of DHCP server and make sure the MAC@ of your PC is no longer in the
self-learning table of VLAN 16x, then issue the ping command.
What do you notice? Explain.
18. Force the system to allow broadcast frames to pass through in the downstream direction.
Use a CLI command to achieve this goal. Verify, and explain what you notice.
19. Delete the association with VLAN 20x from VP/VC 8/35 on your port and associate VP/VC
8/35 with VLAN 21x.
VLAN 21x is a RB service and parameters are such that only PPPoE traffic is allowed on this VLAN.
Perform this exercise with the AMS.
Check if your setup works .
What is the IP@ you get from the BRAS ?
What is the IP@ you got from the DHCP server?
Note: BRAS will not provide you with an IP@ ( Setup of the network currently not ready )
Setup

20.
Try to delete VLAN 16x from the ISAM via the AMS. What happens? Explain.
Note: If not possible just proceed to the next exercise after explanation
21.
Version 2 of service with VLAN-ID 16x has been deployed in the entire network. Delete
version 1 from the AMS.
22.
Configura two stacked Ibridge. One of them must work in a mapped mode (S+C Ibridge)
and the other one must be work in a tunnel mode (S Ibridge).
23.
MC Teaser .
Set-up a MC control-channel on VP/VC 8/36 and allow your user to see package 1 . Ask the
teacher for assistance and see if you can watch some video.

End of module
Intelligent Brigding IACM
2 3 67


D2s 2.intelligent Bridging PDF

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

D2s 2.intelligent Bridging PDF

Enviado por

Direitos autorais:

Formatos disponíveis

7302-7360 ISAM

R4.6 High Cap. NT/5520 AMS - L2 & PPPoX

COPYRIGHT ALCATEL-LUCENT @@YEAR. ALL RIGHTS RESERVED.

Passing on and copying of this document, use and communication of its

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

Describe and configure mirroring

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Your feedback is appreciated!

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

Learning experience powered by

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

1.1 General Overview

Ethernet layer must be present at both sides

Intelligent Bridge (IB)

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

1.2 Intelligent Bridging overview

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

2 Intro Standard Bridging

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

2 Intro Standard Bridging

2.1 Standard bridging concept

MAC bridges can interconnect all kinds of LANs together

if the destination MAC address has been learned, the frame is

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

2 Intro Standard Bridging

2.2 Security/scalability issue with standard bridging

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

2 Intro Standard Bridging

2.3 Standard bridging: Issues

Customers identified by MAC-address (not guaranteed unique)

user-to-user communication possible without passing the BRAS

NOT FIT FOR USE IN PUBLIC NETWORKS

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Bridges have to learn MAC-addresses of all devices connected to the network

frames (ARP, PPPoE - PADI, ) are forwarded to all users

MAC-address of a user is exposed to other users

are identified by MAC-address, and MAC-addresses are not guaranteed unique

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

3.1 The intelligent bridging model

Intelligent Bridge (IB) means

no user to user communication

prevent broadcast traffic from escalating

secure MAC-address learning within a VLAN

COPYRIGHT ALCATEL-LUCENT 2013. ALL RIGHTS RESERVED.

frames: user-to-user communication is not permitted.

not to all other users.

Copyright 2013 Alcatel-Lucent. All Rights Reserved.

3.1 The intelligent bridging model [cont.]

why VLAN translation (customer vlan to network vlan)