Layer 2 Vpn Architectures [Electronic resources] نسخه متنی

Pure Layer 2 Implementation

It is important to understand the difference in challenges posed by Metro Ethernet versus traditional Layer 2 network technologies from the service provider's standpoint. Ethernet has little intelligence. If the source and destination are known, the packet is forwarded. If the destination is unknown, the packet is flooded. If the source was previously unknown, the address is learned and the packet is forwarded. The rules look simple, but looks are deceiving. For instance, if a loop occurs, a packet can keep traversing the network forever, which can ultimately bring down the network.

As mentioned in the previous section, STP (IEEE 802.1d) protects the network against loops. Although STP is a CPU-intensive protocol that takes, on average, 30 to 50 seconds to reconverge, many service providers accustomed to Frame Relay's convergence of up to 60 seconds will find it acceptable. Moreover, Cisco has developed several enhancements to STP, and the new Rapid Spanning Tree Protocol that is specified in IEEE 802.1w can further minimize the convergence period.

Metro-wide VLANs with STP require a careful implementation strategy. Ideally, this implementation involves a deterministic topology with a small amount of redundant connections and VLANs spanning as few switches as possible. Good planning, however, can enable a Layer 2 Ethernet transport network for the MAN to offer reliable, high-bandwidth services to the enterprise.

In the pure Layer 2 model, which is a switched (not routed) core, described in this section, the enterprise network forwards untagged frames to the service provider.

Figure 4-1 or the 802.3 frame you saw in Figure 4-2. 802.1q encapsulation is discussed in the "802.1q Tunneling" section later in this chapter.

In this scenario, the enterprise is not using STP through the service provider's core. The service provider maps the enterprise's subnet to a VLAN. This VLAN is trunked throughout the entire 802.1q Tunneling" section of this chapter discusses this topic in more detail.

Utilizing pure Layer 2 solutions for Metro Ethernet is relatively simple and inexpensive. Complications arise, however, when you deal with the inherent Layer 2 scalability issues. Service providers cannot afford to underestimate cautious planning and deployment when it comes to spanning tree and VLAN distribution issues. Most likely, service providers will want to implement redundancy. Because spanning tree is required to protect against loops in the network, an increase in the number of customer VLANs and locations can spin out of control and result in network failure. Furthermore, it can complicate troubleshooting of a problem.

Cisco has developed some tools to aid administrators with the Layer 2 management to resolve some of the Layer 2 issues with VLANs, STP, and scalability. These tools include the following:

VLAN Trunking Protocol (VTP) VPT is a Layer 2 messaging protocol that manages the addition, deletion, and renaming of VLANs on a networkwide basis. It voids the necessity of having to do these tasks manually.

Dynamic Trunking Protocol (DTP) DTP gives a switch port the ability to automatically negotiate the trunking method with the other network device.

STP Root Guard STP root guard forces a Layer 2 LAN interface to become a designated port. If any device that is accessible through the interface becomes the root bridge, STP Root Guard puts the interface into the root-inconsistent (blocked) state.

BPDU Guard BPDU Guard is an enhancement to STP that capitalizes on the predictability of STP in certain network environments and disables BPDU forwarding on designated ports.

In addition, Cisco uses the highest performance processors available to handle the STP processing. To avoid the "VLANs everywhere" model, the service provider might offer the enterprise multiple VLANs, one to each site.

The next section covers another Layer 2 technologyQinQthat can be used as a transport mechanism in Metro Ethernet networks.