1. VPLS (Virtual Private LAN Service) July 2003 Jangwoo Son Netmanias ( ㈜넷레퍼런스 ) (Tel: 556-9273, Fax: 556-9274) http://www.netmanias.com, son@netmanias.com Presentation for NCA
2.
3.
4. Network Segmentation Core Router Long-haul DWDM Edge Router Optical Ethernet (EoDF) NG-SONET(EOS) RPR(EORPR) Metro DWDM(EODL) SONET ATM SER Edge Core Optical Ethernet (EoDF) RPR(EORPR) NG-SONET(EOS) xDSL Cable Modem E-PON SER (MPLS, IPsec) Enterprise (Large, SME) (Single, MTU) 1. STU 2. MTU Residential 1. Home 2. MDU TDM/SONET ATM xDSL Cable Modem Optical Ethernet ATM E-PON Network Segmentation MTU: Multi-Tenant Unit MDU: Multi-Dwelling Unit (Apart) MPLS: Multi-Protocol Label Switching NG-SONET: Next-Generation SONET EoS: Ethernet over SONET/SDH PON: Passive Optical Network TDM: Time-Division Multiplexing DSL: Digital Subscriber Line EoDF: Ethernet over Dark Fiber RPR: Resilient Packet Ring ATM: Asynchronous Transfer Mode DWDM: Dense Wavelength Division Multiplexing Access Metro Distribution Core BB CP
5. Before Metro Ethernet: Legacy Networks Metro 2.5Gbps (POS) GSR GES 동선 FLC STM-4 (2.5G) Edge Router (7500) ADM DSC (D/MUX) FLC DSC (D/MUX) ADM CSU OC3 OC3/ OC12 Internet MTU STU ADSL (1.5M~8Mbps) DSLAM B-RAS DS3/ OC3 DS3/ OC3 Home CO( 수용국 ) POP( 주노드국 ) 수용국 수용국 ADM ADM LAN C LAN A LAN B SONET/SDH Access 동 ADSL (8Mbps) 8M ATM/STM OC3/12 DSLAM ATM SW FLC (RT) FLC (COT) ADM ADM OC48 B-RAS Core Router CO POP ATM SW Internet T1 T1 MDU CSU LAN D T1 T1 MDF SONET/SDH
6. Enterprise MAN: Before Metro Ethernet Metro 2.5Gbps (POS) GSR GES 동선 FLC STM-4 (2.5G) Edge Router (7500) ADM DSC (D/MUX) FLC DSC (D/MUX) ADM CSU OC3 OC3/ OC12 Internet MTU STU ADSL (1.5M~8Mbps) DSLAM B-RAS DS3/ OC3 DS3/ OC3 Home CO( 수용국 ) POP( 주노드국 ) 수용국 수용국 ADM ADM LAN C LAN A LAN B SONET/SDH Access 동 ADSL (8Mbps) 8M ATM/STM OC3/12 DSLAM ATM SW FLC (RT) FLC (COT) ADM ADM OC48 B-RAS Core Router CO POP ATM SW Internet T1 T1 MDU CSU LAN D T1 T1 MDF SONET/SDH
7. Enterprise MAN service Metro 2.5Gbps (POS) GSR GES 동선 FLC STM-4 (2.5G) Edge Router (7500) ADM DSC (D/MUX) FLC DSC (D/MUX) ADM CSU OC3 OC3/ OC12 Internet MTU STU ADSL (1.5M~8Mbps) DSLAM B-RAS DS3/ OC3 DS3/ OC3 CO( 수용국 ) POP( 주노드국 ) 수용국 수용국 ADM ADM LAN C LAN A LAN B SONET/SDH Access 동 ADSL (8Mbps) 8M ATM/STM OC3/12 DSLAM ATM SW FLC (RT) FLC (COT) ADM ADM OC48 B-RAS Core Router CO POP ATM SW Internet T1 T1 MDU CSU LAN D 256Kbps 256Kbps MDF SONET/SDH T1 (1.544Mbps) Internet Access Private Line Home
8. Enterprise MAN service: Low-Speed Metro 2.5Gbps (POS) GSR GES 동선 FLC STM-4 (2.5G) Edge Router (7500) ADM DSC (D/MUX) FLC DSC (D/MUX) ADM CSU OC3 OC3/ OC12 Internet MTU STU ADSL (1.5M~8Mbps) DSLAM B-RAS DS3/ OC3 DS3/ OC3 CO( 수용국 ) POP( 주노드국 ) 수용국 수용국 ADM ADM LAN C LAN A LAN B SONET/SDH Access 동 ADSL (8Mbps) 8M ATM/STM OC3/12 DSLAM ATM SW FLC (RT) FLC (COT) ADM ADM OC48 B-RAS Core Router CO POP ATM SW Internet T1 T1 MDU CSU LAN D 256Kbps 256Kbps MDF SONET/SDH T1 (1.544Mbps) Gbps Gbps Gbps Bottleneck Home
9. Enterprise MAN service: High-Cost Metro 2.5Gbps (POS) GSR GES 동선 FLC STM-4 (2.5G) Edge Router (7500) ADM DSC (D/MUX) FLC DSC (D/MUX) ADM CSU OC3 OC3/ OC12 Internet MTU STU ADSL (1.5M~8Mbps) DSLAM B-RAS DS3/ OC3 DS3/ OC3 CO( 수용국 ) POP( 주노드국 ) 수용국 수용국 ADM ADM LAN C LAN A LAN B SONET/SDH Access T1 T1 CSU LAN D T1 1.544 Mbps T1 (1.544Mbps) 64Kbps 28 STS-1 (45M) STS-N … OC-N … 24 1 1 1.544Mbps … STS-1 64Kbps 28 STS-1 STS-N … … 24 1 1 1.544Mbps … STS-1 TDM multiplexing/Circuit switching No Statistical multiplexing T1 1.544 Mbps High-Cost T1 1.544 Mbps T1 1.544 Mbps Home
10. New ESP (Ethernet Service Provider) 출현 MTU Metro 2.5Gbps (POS) GSR GES 동선 FLC STM-4 (2.5G) Edge Router (7500) ADM DSC (D/MUX) FLC DSC (D/MUX) ADM CSU OC3 OC3/ OC12 Internet MTU STU CO( 수용국 ) POP( 주노드국 ) 수용국 수용국 ADM ADM LAN C LAN A LAN B SONET/SDH T1 T1 CSU LAN D T1 T1 CO CO CO POP Internet GSR MTU MTU MTU GbE GbE Access MTU CO Telseon Yipes Cogent MTU MTU MTU GbE MTU
11. Ethernet Evolution Optical Ethernet EoMPLS VPLS EoRPR NG-SONET(EoS) Metro DWDM Optical Ethernet EoMPLS VPLS RPR NG-SONET(EoS) Metro DWDM IP ADSL IP VDSL Optical Ethernet EoRPR NG-SONET(EoS) Access Metro Distribution Metro Core Global Internet ATM SONET/SDH ATM SONET/SDH ATM ADSL T1/E1 FR ATM Global Internet Home MDU STU MTU Residential Enterprise
12. Trend,… Ethernet over … Metro Legacy Metro 가입자 T1, E1 가입자 Ethernet Dark fiber NG-SONET RPR MPLS/VPLS DWDM Internet access service Ethernet Private Line Service Transparent LAN Service
13.
14. Residential: Before Metro Ethernet Metro 2.5Gbps (POS) GSR GES 동선 FLC STM-4 (2.5G) Edge Router (7500) ADM DSC (D/MUX) FLC DSC (D/MUX) ADM CSU OC3 OC3/ OC12 Internet MTU STU ADSL (1.5M~8Mbps) DSLAM B-RAS DS3/ OC3 DS3/ OC3 Residential Home CO( 수용국 ) POP( 주노드국 ) CO 수용국 ADM ADM LAN C LAN A LAN B SONET/SDH Access 동 ADSL (8Mbps) 8M ATM/STM OC3/12 DSLAM ATM SW FLC (RT) FLC (COT) ADM ADM OC48 B-RAS Core Router CO POP ATM SW Internet T1 T1 MDU CSU LAN D T1 T1 MDF SONET/SDH DSLAM ADSL (1.5M~8Mbps) Ethernet ATM Ethernet
16. Residential: After Metro Ethernet GbE IP DSLAM Ethernet Switch Modem IP STB [Samsung] TV IP multicast (All channels) (IGMP) [Utstarcom] CH1 CH2 Ch3 CH1 CH1 CH2 Metro Core L3 Switch [Cisco] BBcableTV (HE) IP 방송 (19 channels) (2Mbps MPEG2) VoD (2Mbps MPEG2) MPEG2 Encoders [Harmonic] VoD Servers [sgi] Hub PC 암호화 암호화 Yahoo!BB Modem IP STB TV Hub PC Modem IP STB TV Hub PC
17. Delivering Video Services Over Ethernet DSL DSL DSL DSL IP or L2TP Tunnel or ATM PVC IP/MPLS Backbone 7670 RSP or BAS/IP Services 7300 / 7301 FENT & GELIM 7300 / 7301 FENT & GELIM Local content 7300 / 7301 FENT & GELIM 7300 / 7301 FENT & GELIM Ethernet Network Layer 2 ATM Network ISP OmniSwitch OmniSwitch OmniSwitch > Use an Ethernet Network to deliver video services > Reuses deployed equipment > Takes advantage of FE and GigE uplinks on DSLAM > OmniSwitch provides traffic classification, QoS and policy enforcement
18.
19. Enterprise MAN : After Metro Ethernet 2.5Gbps (POS) GSR GES 동선 FLC STM-4 (2.5G) Edge Router (7500) ADM DSC (D/MUX) FLC DSC (D/MUX) ADM CSU OC3 OC3/ OC12 Internet MTU STU POP( 주노드국 ) 수용국 수용국 ADM ADM LAN C LAN A LAN B SONET/SDH T1 T1 CSU LAN D T1 T1 CPE 100FX 1GbE 1GbE L3 L2 L2 Internet cafe RS38K 1GbE 100FX L3 L2 L2 CO CO MTU L3 L2 L2 CPE CPE ( 이중화 )
20. Enterprise MAN : After Metro Ethernet CPE (L2 SW) CPE (L3 SW) Internet Cafe Enterprise M/C 100FX 210.10.1.0/24 210.10.2.0/24 IP Convergence (Not STP/RSTP) IP Convergence (Not STP/RSTP) IP Convergence (Not STP/RSTP) L3 RS1000 RS3000 RS38K RS38K RS38K RS38K Dacom HiG Onse PBR (PBR) M/C 100FX Dacom 가입자 HiG 가입자 PBR (Policy-Based Routing) Policy = Source IP
23. Classifying Metro Ethernet Services Services Technology PTP Multipoint EVC E-Line E-LAN EPL ERS LAN Extension VPWS PW VPLS TLS EWS ERS EMS ERMS Internet Retail Wholesale Transport Optical Ethernet EoMPLS VPLS RPR EoS DWDM Fiber UTP Copper line SONET EFM E-PON
24. Classifying Metro Ethernet Services Metro Ethernet Service Connectivity within MEN PtP EVC ( VPWS , PW, ELS, VLL) MPtMP EVC ( VPLS , E-LAN Service, TLS) EPL 서비스 (EWS) ERS 서비스 (ERS) LAN Extension 서비스 (EMS) ERMS 서비스 (ERMS) EVC1 EVC2 EVC3 CE CE CE CE CE UNI UNI UNI UNI UNI UNI EVC1 CE CE CE CE UNI UNI UNI CE UNI EVC1 EVC3 CE CE CE Multiplexed UNI UNI UNI ISP POP Router UNI EVC2 VLAN 1 VLAN 2 VLAN 3 EVC1 CE CE CE CE UNI UNI UNI CE Service Multiplexed UNI ISP POP Router EVC2 L2/3 L2/3 L3 L2/3 L3 A EVC A EVC Service Interface Physical port/ Logical port (VLAN) Private Line Service 에 해당 FR 서비스에 해당
25.
26. Multipoint Service based on VLAN 1 CE1 CE CE2 CE CE3 VLAN 10 VLAN 20 Customer 1 Site 1 Customer 1 Site 2 Customer 1 Site 3 Customer 2 Site 1 Customer 2 Site 2 VLAN 10 VLAN 20 Ethernet VPN #10 Traffic VPN #10 Virtual Bridge VPN #20 Traffic VPN #20 Virtual Bridge Physical Connection Metro Core Metro Access
27. Multipoint Service based on VLAN 1 CE1 CE CE2 CE CE3 VLAN 10 VLAN 20 Customer 1 Site 1 Customer 1 Site 2 Customer 1 Site 3 Customer 2 Site 1 Customer 2 Site 2 VLAN 10 VLAN 20 Ethernet Metro Core Metro Access 1 2 3 2 3 6 4 5 1 2 1 Lookup Table MAC VLAN ID VLAN type Port - 10 port-based 1 - 10 tagged 3 - 20 port-based 2 - 20 tagged 3 Lookup Table MAC VLAN ID VLAN type Port - 10 port-based 4 - 10 tagged 6 - 20 port-based 5 - 20 tagged 6 Lookup Table MAC VLAN ID VLAN type Port - 10 tagged 1 - 10 tagged 2 - 10 tagged 3 - 20 tagged 1 - 20 tagged 3 Lookup Table MAC VLAN ID VLAN type Port - 10 port-based 2 - 10 tagged 1
28. Operation Lookup Table MAC VLAN ID VLAN type Port A 10 port-based 1 - 10 tagged 3 - 20 port-based 2 - 20 tagged 3 Lookup Table MAC VLAN ID VLAN type Port - 10 port-based 4 A 10 tagged 6 - 20 port-based 5 - 20 tagged 6 Lookup Table MAC VLAN ID VLAN type Port A 10 tagged 1 - 10 tagged 2 - 10 tagged 3 - 20 tagged 1 - 20 tagged 3 1 2 3 1 2 3 6 4 5 1 2 Lookup Table MAC VLAN ID VLAN type Port - 10 port-based 2 A 10 tagged 1 ARP ARP ARP ARP ARP 192.168.10.1 192.168.10.2 192.168.10.3 CE1 CE CE2 CE CE3 Customer 1 Site 1 Customer 1 Site 2 Customer 1 Site 3 Customer 2 Site 1 Customer 2 Site 2 A B C ARP 192.168.10.2 10 10 10
29. Operation Lookup Table MAC VLAN ID VLAN type Port A 10 port-based 1 B 10 tagged 3 - 20 port-based 2 - 20 tagged 3 Lookup Table MAC VLAN ID VLAN type Port B 10 port-based 4 A 10 tagged 6 - 20 port-based 5 - 20 tagged 6 Lookup Table MAC VLAN ID VLAN type Port A 10 tagged 1 B 10 tagged 2 - 10 tagged 3 - 20 tagged 1 - 20 tagged 2 1 2 3 1 2 3 6 4 5 1 2 Lookup Table MAC VLAN ID VLAN type Port - 10 port-based 2 A 10 tagged 1 Reply DA=A SA=B Reply DA=A SA=B Reply DA=A SA=B Reply DA=A SA=B 192.168.10.1 192.168.10.2 192.168.10.3 CE1 CE CE2 CE CE3 Customer 1 Site 1 Customer 1 Site 2 Customer 1 Site 3 Customer 2 Site 1 Customer 2 Site 2 A B 10 10
30. Operation Lookup Table MAC VLAN ID VLAN type Port A 10 port-based 1 B,C 10 tagged 3 - 20 port-based 2 - 20 tagged 3 Lookup Table MAC VLAN ID VLAN type Port B 10 port-based 4 A, C 10 tagged 6 - 20 port-based 5 - 20 tagged 6 Lookup Table MAC VLAN ID VLAN type Port A 10 tagged 1 B 10 tagged 2 C 10 tagged 3 - 20 tagged 1 - 20 tagged 2 1 2 3 1 2 3 6 4 5 1 2 Lookup Table MAC VLAN ID VLAN type Port C 10 port-based 2 A,B 10 tagged 1 이후는 Unicast ( 모든 MAC 이 학습됨 ) Multicast: Dest MAC 을 보고 그대로 포워딩 192.168.10.1 192.168.10.2 192.168.10.3 CE1 CE CE2 CE CE3 Customer 1 Site 1 Customer 1 Site 2 Customer 1 Site 3 Customer 2 Site 1 Customer 2 Site 2 A B C
31. VLAN-based Multipoint service: VPLS/TLS Lookup Table MAC VLAN ID VLAN type Port A 10 port-based 1 B,C 10 tagged 3 - 20 port-based 2 - 20 tagged 3 Lookup Table MAC VLAN ID VLAN type Port B 10 port-based 4 A, C 10 tagged 6 - 20 port-based 5 - 20 tagged 6 Lookup Table MAC VLAN ID VLAN type Port A 10 tagged 1 B 10 tagged 2 C 10 tagged 3 - 20 tagged 1 - 20 tagged 3 1 2 3 1 2 3 6 4 5 1 2 Lookup Table MAC VLAN ID VLAN type Port C 10 port-based 2 A,B 10 tagged 1 C D E 192.168.10.1 192.168.10.2 192.168.10.3 CE1 CE CE2 CE CE3 Customer 1 Site 1 Customer 1 Site 2 Customer 1 Site 3 Customer 2 Site 1 Customer 2 Site 2 A B MAC VLAN ID Port A 10 1 B 10 2 C 10 3 D 20 4 E 20 5 L2 Switch Lookup Table
32.
33.
34. EoMPLS Operation PE P P PE PE P Eth Eth Eth Port VLAN ID outgoing port Tunnel Label VC Label 1 - 3 25 10 2 100 3 25 20 1 2 L2 3 Incoming port VC Label outgoing port 1 10 5 1 20 6 Incoming port Tunnel Label outgoing port Tunnel Label 3 25 4 35 4 1 5 6 Forwarding table Forwarding table Forwarding table Eth Eth 10 25 Eth 10 35 Eth 10 17 Eth 20 25 Eth 20 35 Eth 20 17 C D E CE1 CE CE2 CE CE3 Customer 1 Site 1 Customer 1 Site 2 Customer 1 Site 3 Customer 2 Site 1 Customer 2 Site 2 A B
35. EoMPLS 의 장점 C D E CE1 CE CE2 CE CE3 Customer 1 Site 1 Customer 1 Site 2 Customer 1 Site 3 Customer 2 Site 1 Customer 2 Site 2 A B PE P P PE PE P Eth Eth Eth Eth Port VLAN ID outgoing port Tunnel Label VC label Label 1 - 3 25 10 2 100 3 25 20 1 2 L2 3 Incoming port VC Label outgoing port 1 10 5 1 20 6 Incoming port Tunnel Label outgoing port Tunnel Label 3 25 4 35 4 1 5 6 Forwarding table Forwarding table Forwarding table Metro ( 또는 WAN) core 의 LSR 들은 단지 Tunnel Label 값만 보고 MPLS frame 을 포워딩한다 . 따라서 Metro core 에서는 가입자측의 MAC address 를 학습할 필요가 없다 . Ingress LER 은 Ethernet 망에서 들어오는 Frame 을 {Physical port and 802.1q VLAN ID} 값만 참조하여 어느 VC-LSP 로 포워딩할 것인지를 판단한다 . 따라서 , Egress LER 쪽의 가입자의 MAC address 를 학습하지 않는다 . Egress LER 은 VC label 값만을 이용하여 포워딩 결정을 내린다 . 따라서 , 가입자측의 MAC address 를 학습하지 않아도 된다 . Eth 10 25 Eth 10 35 Eth 10 17 Eth 20 25 Eth 20 35 Eth 20 17
36. EoMPLS: Martini Signaling Eth-Frame PE1 PE2 Eth/10 VLAN/100 Eth/20 VLAN/200 Configuration Interface: Eth/20 VLAN/200 VC ID (=L2-FEC): 3001 Map Eth/20 VLAN/200 VCID 3001 VC label: 2000 Peer Router: 10.0.0.1 Targeted LDP Configuration Interface: Eth/10 VLAN/100 VC ID (=L2-FEC): 3001 Map Eth/10 VLAN/100 VCID 3001 VC label: 4000 Peer Router: 10.0.0.2 10.0.0.2 10.0.0.1 Label mapping msg (DU-LDP) VC FEC TLV VC Type = Ethernet VC ID = 3001 VC label TLV VC label = 2000 Eth-Frame 2000 100 L2H Eth-Frame Tunnel LSP A PW (2 VC lsps) setup ! Site 2 가 PE2 의 Ethernet port 20 에 VLAN ID 200 의 Ethernet circuit 에 붙어있다 . Site 2 로 보내려면 Label 2000 을 붙여서 보내라 Site 2 Site 1 CE1 CE2 Label mapping msg (DU-LDP) VC FEC TLV VC Type = Ethernet VC ID = 3001 VC label TLV VC label = 4000 vc2000 vc4000 VLAN/100 Eth/10 VLAN/200 Eth/20 PW = VLL 3001 VCID Eth/10 VLAN/100 VC label 4000 ? Eth/10 VLAN/100 Out In 3001 VCID Eth/10 VLAN/100 VC label 4000 2000 Eth/10 VLAN/100 Out In 3001 VCID Eth/20 VLAN/200 VC label 2000 ? Eth/20 VLAN/200 Out In 3001 VCID Eth/20 VLAN/200 VC label2000 4000 Eth/20 VLAN/200 Out In
37. ERS service using EoMPLS CE PE P P PE PE Tagged VLAN 100 Tagged VLAN 101 Subnet 1 (192.182.10/24) HQ site Router One subnet for each remote site Subnet 2 (192.182.20/24) CE (L2 SW) CE (L2 SW) PE 는 port # 와 VLAN ID 만을 가지고 어느 VC-LSP 로 포워딩할 것인지를 결정하기 떄문에 VLAN Tag 를 달고 들어오지 않으면 Site 2 로 포워딩할 지 Site 3 으로 포워딩할 지를 판단할 수 없다 . 따라서 , Site 1 의 CE 가 Site 별로 구분된 VLAN Tag 를 달아서 보내야 한다 . Site 2 와 Site 3 간의 통신을 위해서는 CE 가 반드시 라우터이어야 한다 .
38.
39.
40. CE2 CE1 PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 CE3 Eth30 Site 3 PE4 PE5 P M2 M1 M3 M4 VPLS Operation P
41. CE2 CE1 PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 CE3 Eth30 Site 3 VCID 1000 vc label 102 VCID 1000 vc label 103 Martini-signaling (Targeted LDP/DU mode) 1. Operator 는 Site 1, 2, 3 이 연결되어 있는 PE1, PE2, PE3 간에 full-mesh 로 VPLS instance 를 하나 생성한다 . 이 VPLS instance 에는 하나의 unique VCID 가 할당된다 . 1.1 각 PE 는 Targeted LDP session 을 통해 downstream-unsolicited mode 로 vc-label 을 배포한다 . 즉 , VPLS 에 관한 label 값을 egress LER 이 할당하여 이를 ingress LER 에게 바로 배포한다 . Use vc-label 102 for VCID 1000 when sending to me ( 나한테 보낼 때 , vc-label 102 를 써서 보내 !) Use vc-label 103 for VCID 1000 when sending to me ( 나한테 보낼 때 , vc-label 103 를 써서 보내 !) VPLS: Control Plane (1)
42. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth/30 Site 3 VCID 1000 vc label 102 VCID 1000 vc label 103 vc label 102 vc label 103 VC-lsp setup (created) 1.1 VPLS 1000 을 위한 vc-lsp 102 와 vc-lsp 103 생성됨 . VPLS: Control Plane (2) CE2 CE1 CE3 CE2 CE1 CE3
43. VPLS: Control Plane (3) CE2 CE1 PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 CE3 Eth30 Site 3 CE2 CE1 PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 CE3 Eth30 Site 3 VCID 1000 vc label 201 VCID 1000 vc label 203 vc label 102 vc label 103 VCID 1000 vc label 302 VCID 1000 vc label 301 vc label 201 vc label 301 vc label 302 vc label 203 Martini-signaling (Targeted LDP/DU mode) p1 p2 p3 p4 p5 p6 VCID 1000 Eth20, p1/vc-lsp102, p2/vc-lsp302 VCID 1000 Eth10, p3/vc-lsp201, p4/vc-lsp301 VCID 1000 Eth30, p5/vc-lsp103, p6/vc-lsp203 A VPLS (VCID=1000) is setup A VPLS for Customer A is setup between PE1, PE2 and PE3
44. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 FIB for VPLS 1000 PE4 IP M2 M1 1. PE2 에 Port 20 을 통해 Ethernet frame 이 들어오면 , PE2 는 frame 이 들어온 물리적인 Port ( 또는 Port + VLAN ID) 를 통해 이 frame 이 VPLS 1000 에 속한 프레임을 알아낸다 . : Port or (Port + VLAN ID) VPLS ID/FIB Data Plane M2 M1 M3 SA DA IP M2 M1 Ethernet frame Destination MAC address Source MAC address VPLS: Data Plane (1) CE2 CE1 CE3 Interface MAC P2/vc-lsp302 P1/vc-lsp102 Eth20
45. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 IP M2 M1 1.1 Source MAC learning : PE2 는 도착한 프레임의 source MAC address 를 학습하여 SA=M2 를 VPLS 1000 의 FIB(Forwarding Information Base) 의 Eth20 에 등록한다 . FIB for VPLS 1000 VPLS: Data Plane (2) CE2 CE1 CE3 Interface MAC P2/vc-lsp302 P1/vc-lsp102 Eth20 M2 M2 M1 M3
46. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 IP M2 M1 102 Tunnel Label L2H IP M2 M1 302 Tunnel Label L2H 1.2 Destination MAC lookup : VPLS 1000 의 FIB 를 lookup 한다 . Destination MAC = M1 이 FIB entry 에 없으면 ( 즉 , 학습이 되어 있지 않으면 -Unknown frame 이면 ), VPLS 1000 에 속한 모든 PE 로 프레임을 flooding 한다 . 즉 , 도착한 프레임을 복제 (replication) 하여 p1/vc-lsp102 를 통해 PE1 으로 , p2/vc-lsp 302 를 통해 PE3 로 전달한다 . ( 물론 PE4 로는 전달하지 않는다 .) 이때 vc-label 과 tunnel label 을 부착하여 전달한다 . FIB for VPLS 1000 IP M2 M1 IP M2 M1 102 Tunnel Label L2H VC Label (Demultiplexor) Tunnel Label Transport Header MPLS frame VPLS: Data Plane (3) CE2 CE1 CE3 Interface MAC P2/vc-lsp302 P1/vc-lsp102 Eth20 M2 M2 M1 M3
47. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 IP M2 M1 102 Tunnel Label L2H IP M2 M1 302 Tunnel Label L2H 2. Core LSRs (P Routers): PW 상의 모든 LSR 들은 Outer label (Tunnel label) 값만 참조하여 해당 PE 까지 프레임을 전달한다 ( label swapping ). LSR 들은 Tunnel label 값만 참조하여 포워딩하기 때문에 현재 자기가 포워딩하고 있는 프레임들이 어느 VPLS 에 속한 프레임인지는 모른다 . FIB for VPLS 1000 VPLS: Data Plane (4) CE2 CE1 CE3 Interface MAC P2/vc-lsp302 P1/vc-lsp102 Eth20 M2 M2 M1 M3
48. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 IP M2 M1 102 Tunnel Label L2H IP M2 M1 302 Tunnel Label L2H 3. PE1 (Egress LER): PE1 는 도착한 프레임의 vc-label 값을 참조하여 이 프레임이 어느 VPLS 에 속한 프레임인지를 알아낸다 ( 이 예에서는 VPLS 1000 에 속한 프레임임을 알게 된다 ). : vc-label lookup VPLS ID/FIB FIB for VPLS 1000 VPLS: Data Plane (5) CE2 CE1 CE3 Interface MAC P4/vc-lsp301 P3/vc-lsp201 Eth10 M2 M1 M3
49. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 IP M2 M1 102 Tunnel Label L2H IP M2 M1 302 Tunnel Label L2H 3.1 Source MAC learning : 도착한 MPLS 프레임의 label 를 제거 (POP) 하고 이더넷 프레임의 source MAC address 를 학습한다 . PE1 은 M2 가 vc-label 102 를 통해서 왔으므로 M2 가 PE2 뒤에 있음을 알게 된다 . 따라서 , M2 를 vc-label201 인터페이스에 학습시킨다 . PE3 도 동일한 동작을 수행한다 . FIB for VPLS 1000 FIB for VPLS 1000 VPLS: Data Plane (6) CE2 CE1 CE3 Interface MAC P4/vc-lsp301 P3/vc-lsp201 M2 Eth10 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 Eth30 M2 M1 M3
50. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 IP M2 M1 IP M2 M1 3.2 Destination MAC lookup : DA=M1 이 VPLS 1000 의 FIB 에 학습이 되어 있지 않으므로 VPLS 1000 에 속한 모든 Port 로 이더넷 프레임을 flooding 한다 ( 이 예에서는 Eth10 으로만 전달된다 ). 이 때 loop 방지를 위해 vc-lsp 에서온 프레임은 VPLS 에 속한 다른 vc-lsp 로 flooding 하지 않는다 . (split-horizon rule). 즉 , P4/vc-lsp301 로는 flooding 하지 않는다 . FIB for VPLS 1000 FIB for VPLS 1000 VPLS: Data Plane (7) CE2 CE1 CE3 Interface MAC P4/vc-lsp301 P3/vc-lsp201 M2 Eth10 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 Eth30 M2 M1 M3
51. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 4. M1 reply : Site 1 의 station 1 이 reply 를 하여 DA=M2, SA=M1 인 이더넷 프레임을 PE1 으로 전달한다 . FIB for VPLS 1000 FIB for VPLS 1000 IP M1 M2 VPLS: Data Plane (8) CE2 CE1 CE3 Interface MAC P4/vc-lsp301 P3/vc-lsp201 M2 Eth10 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 Eth30 M2 M1 M3
52. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 5. PE1 에 Port 10 을 통해 Ethernet frame 이 들어오면 , PE1 는 frame 이 들어온 물리적인 Port ( 또는 Port + VLAN ID) 를 통해 이 frame 이 VPLS 1000 에 속한 프레임을 알아낸다 . FIB for VPLS 1000 FIB for VPLS 1000 IP M1 M2 VPLS: Data Plane (9) CE2 CE1 CE3 Interface MAC P4/vc-lsp301 P3/vc-lsp201 M2 Eth10 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 Eth30
53. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 5.1 Source MAC learning : PE1 는 도착한 프레임의 source MAC address 를 학습하여 SA=M1 를 VPLS 1000 의 FIB(Forwarding Information Base) 의 Eth10 에 등록한다 . FIB for VPLS 1000 FIB for VPLS 1000 IP M1 M2 VPLS: Data Plane (10) CE2 CE1 CE3 Interface MAC P4/vc-lsp301 P3/vc-lsp201 M2 Eth10 M1 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 Eth30 M2 M1 M3
54. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 5.2 Destination MAC lookup : PE1 은 이더넷 프레임의 destination MAC address 를 VPLS 1000 의 FIB 에서 Lookup 한다 . M2 가 학습되어 있으므로 P3/vc-lsp201 을 통해 프레임을 전달한다 . FIB for VPLS 1000 FIB for VPLS 1000 IP M1 M2 IP M1 M2 201 Tunnel Label L2H VPLS: Data Plane (11) CE2 CE1 CE3 Interface MAC P4/vc-lsp301 P3/vc-lsp201 M2 Eth10 M1 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 Eth30 M2 M1 M3
55. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 6. PE2 는 SA=M1 을 학습하여 FIB entry(P1/vc-lsp102) 에 등록하고 , DA=M2 는 학습이 되어 있으므로 Eth20 port 를 통해 포워딩한다 . FIB for VPLS 1000 FIB for VPLS 1000 IP M1 M2 IP M1 M2 201 Tunnel Label L2H FIB for VPLS 1000 VPLS: Data Plane (12) CE2 CE1 CE3 Interface MAC P4/vc-lsp301 P3/vc-lsp201 M2 Eth10 M1 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 Eth30 Interface MAC P2/vc-lsp302 P1/vc-lsp102 M1 Eth20 M2 M2 M1 M3
56. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 7. 몇 번의 Unknown frame 들이 flooding 방식으로 오고 가면 , 각 PE 의 VPLS 1000 의 FIB table 은 아래와 같이 MAC entry 들이 등록되게 된다 . FIB for VPLS 1000 FIB for VPLS 1000 FIB for VPLS 1000 VPLS: Data Plane (13) CE2 CE1 CE3 Interface MAC P4/vc-lsp301 M3 P3/vc-lsp201 M2 Eth10 M1 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 M1 Eth30 M3 Interface MAC P2/vc-lsp302 M3 P1/vc-lsp102 M1 Eth20 M2 M2 M1 M3
57. PE2 PE1 Eth20 Eth10 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 PE4 8. 이후의 프레임 전달 과정은 destination MAC address 가 모두 학습되어 있으므로 flooding 되지 않고 바로 unicast 로 포워딩 된다 . 몇 번의 Unknown frame 들이 flooding 방식으로 오고 가면 , 각 PE 의 VPLS 1000 의 FIB table 은 아래와 같이 MAC entry 들이 등록되게 된다 . FIB for VPLS 1000 FIB for VPLS 1000 FIB for VPLS 1000 IP M2 M3 302 Tunnel Label L2H IP M2 M3 IP M2 M3 VPLS: Data Plane (14) CE2 CE1 CE3 Interface MAC P4/vc-lsp301 M3 P3/vc-lsp201 M2 Eth10 M1 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 M1 Eth30 M3 Interface MAC P2/vc-lsp302 M3 P1/vc-lsp102 M1 Eth20 M2 M2 M1 M3
58. PE2 PE1 Eth20 Eth11 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 FIB for VPLS 2000 FIB for VPLS 1000 FIB for VPLS 1000 Site 1 Eth21 Site 2 Eth10 vc label 12 vc label 21 M2 M1 M3 M5 M4 vc label 13 vc label 31 vc label 32 vc label 23 Site 3 M6 M7 FIB for VPLS 2000 FIB for VPLS 1000 FIB for VPLS 2000 VPLS: Data Plane (15) CE1 CE3 P4/vc-lsp31 M6 Interface MAC P4/vc-lsp31 M7 P3/vc-lsp21 M4 Eth11 M5 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 M1 Eth30 M3 Interface MAC P2/vc-lsp302 M3 P1/vc-lsp102 M1 Eth20 M2 CE2 CE1 CE2 CE3 P2/vc-lsp32 M6 P2/vc-lsp32 M7 Interface MAC P1/vc-lsp12 M5 Eth21 M4 Interface MAC P4/vc-lsp301 M3 P3/vc-lsp201 M2 Eth10 M1 Eth31 M7 Interface MAC P6/vc-lsp23 M4 P5/vc-lsp13 M5 Eth31 M6
59. PE2 PE1 Eth20 Eth11 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 FIB for VPLS 2000 FIB for VPLS 1000 FIB for VPLS 1000 Site 1 Eth21 Site 2 Eth10 vc label 12 vc label 21 M2 M1 M3 M5 M4 vc label 13 vc label 31 vc label 32 vc label 23 Site 3 M6 M7 FIB for VPLS 2000 FIB for VPLS 1000 FIB for VPLS 2000 VPLS: Data Plane (16) CE1 CE3 P4/vc-lsp31 M6 Interface MAC P4/vc-lsp31 M7 P3/vc-lsp21 M4 Eth11 M5 Interface MAC P6/vc-lsp203 M2 P5/vc-lsp103 M1 Eth30 M3 Interface MAC P2/vc-lsp302 M3 P1/vc-lsp102 M1 Eth20 M2 IP M2 M1 102 Tunnel Label L2H IP M2 M1 CE2 CE2 CE1 CE1 P2/vc-lsp32 M6 P2/vc-lsp32 M7 Interface MAC P1/vc-lsp12 M5 Eth21 M4 Interface MAC P4/vc-lsp301 M3 P3/vc-lsp201 M2 Eth10 M1 Eth31 M7 Interface MAC P6/vc-lsp23 M4 P5/vc-lsp13 M5 Eth31 M6 IP M4 M5 IP M4 M5 12 Tunnel Label L2H IP M2 M1 IP M4 M5
60.
61.
62. PE2 PE1 Eth20 Eth11 Site 1 Site 2 PE3 Eth30 Site 3 vc label 102 vc label 103 vc label 201 vc label 301 vc label 302 vc label 203 p1 p2 p3 p4 p5 p6 FIB for VPLS 2000 FIB for VPLS 1000 FIB for VPLS 1000 Site 1 Eth21 Site 2 Eth10 vc label 12 vc label 21 M2 M1 M3 M5 M4 vc label 13 vc label 31 vc label 32 vc label 23 Site 3 M6 M7 FIB for VPLS 2000 FIB for VPLS 1000 FIB for VPLS 2000 Dsniff: Generate MAC X, Y, … (155,000 MAC entry per minute) 1. SrcMAC Learning: X, Y, Z, … 2. Unknown MAC… “ Flooding” 1. SrcMAC Learning: X, Y, Z, … 2. Unknown MAC… “ Flooding” 1. SrcMAC Learning: X, Y, Z, … 2. Unknown MAC… “ Flooding” MAC attack CE1 CE3 P4/vc-lsp31 M6 Interface MAC P4/vc-lsp31 M7 P3/vc-lsp21 M4 Eth11 M5 Interface MAC P6/vc-lsp203 M2 X Y Z … P5/vc-lsp103 M1 Eth30 M3 Interface MAC P2/vc-lsp302 M3 P1/vc-lsp102 M1 Eth20 M2 X Y Z … CE2 CE1 CE2 CE3 P2/vc-lsp32 M6 P2/vc-lsp32 M7 Interface MAC P1/vc-lsp12 M5 Eth21 M4 Interface MAC P4/vc-lsp301 M3 P3/vc-lsp201 M2 X Y Z … Eth10 M1 Eth31 M7 Interface MAC P6/vc-lsp23 M4 P5/vc-lsp13 M5 Eth31 M6 X d y d z d
![Contents ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)