Understanding Basic 802.1ah Provider Backbone Bridge Contents Introduction Prerequisites Requirements Components Used IEEE 802.1ah Provider Backbone Bridging Overview Terminologies Used PBB Components Layer 2 loop avoidance protocol 802.1ah encapsulation Configure Network Diagram Configurations How PBB works? Unicast Traffic Forwarding 802.1ah Encapsulated Packet View (Unicast traffic) Unknown unicast, multicast & broadcast Traffic Forwarding 802.1ah Encapsulated Packet View (Broadcast traffic) Verify Introduction This document describes functioning of basic Provider Backbone Bridge technology (PBB). It uses Multi Spanning Tree (MST) in the core network for loop avoidance. Prerequisites Requirements Cisco recommends that you have basic knowledge of MST and VPLS (Virtual Private Lan Service). Components Used This document is not restricted to specific software and hardware versions. The information in this document was created using Aggregation Services Router 9000 (ASR9K) devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. IEEE 802.1ah Provider Backbone Bridging Overview
The Institute of Electrical and Electronics Engineers (IEEE) 802.1ah PBB feature encapsulates or decapsulates end-user traffic on a Backbone Edge Bridge (BEB) at the edge of the Provider Backbone Bridged Network (PBBN). PBB provides scalability to configure higher number of service instances in network. PBB encapsulates customer's network into 802.1ah headers. These encapsulated packets are exchanged using unique and manually configured backbone address in core network. This obviates the need for backbone core bridges to learn all MAC addresses of every customer and hence adding to scalability. In order to understand technology behavior, it is important to understand meaning of some terminologies that will be frequently used in this document. Terminologies Used This document will be frequently using some terminologies associated with PBB. These are listed below with brief explanation. B-MAC : All the bridges(routers) in backbone network are manually configured with a unique MAC address. These MAC addresses are used in forwarding base to identify which remote BEB should customer traffic be forwarded to. B-SA : B-DA : Denotes backbone MAC address of source bridge. Denotes backbone MAC address of destination bridge. BEB : Backbone edge bridge is the router that faces customer edge node. BCB : Backbone core bridge is transit node in provider's core network that switches frame towards destination. B-VID : I-SID : B-Tag : Vlan that carries PBB encapsulated customer traffic within core. Represents a unique service identifier associated with service instances. Contains backbone vlan(b-vlan) id information. I-Tag : Contains I-SID value and helps destination BEB router to determine which I-Component or service instance should the traffic be forwarded to. S-VID : Vlan that receives customer traffic and is called Service Vlan identifier(s-vid). C-VID : Vlan tag received in customer's frame. This remains intact while it encapsulated and transported across provider network. C-SA : C-DA : Original source MAC address of customer's frame. Original destination MAC address of customer's frame. Note: C-VID, C-SA and C-DA and payload that constitute customer frame os never changed in PBB network. PBB Components The IEEE 802.1ah provides a framework to interconnect several provider bridged networks, often called as PBNs. It provides means to scale the service Vlans in provider s network. PBB network comprises of two main components called as I-Component & B-Component.
I-Component: This component resides on BEB (Backbone Edge Nodes) routers and faces customer network. It is responsible for handling customer traffic and adding a PBB header to it. I- Component maintains important mapping information: - It maintains mapping between S-VID and I-SID - It maintains customer mac (C-DA) to bridge backbone mac address (B-DA) mapping. I-Component Configuration: The two components are defined in the form of different bridge group and domain. B-MAC : All the bridges(routers) in backbone network are manually configured with a unique MAC address. These MAC addresses are used in forwarding base to identify which remote BEB should customer traffic be forwarded to. B-SA : B-DA : Denotes backbone MAC address of source bridge. Denotes backbone MAC address of destination bridge. BEB : Backbone edge bridge is the router that faces customer edge node. BCB : Backbone core bridge is transit node in provider's core network that switches frame towards destination. B-VID : I-SID : B-Tag : Vlan that carries PBB encapsulated customer traffic within core. Represents a unique service identifier associated with service instances. Contains backbone vlan(b-vlan) id information. I-Tag : Contains I-SID value and helps destination BEB router to determine which I-Component or service instance should the traffic be forwarded to. S-VID : Vlan that receives customer traffic and is called Service Vlan identifier(s-vid). C-VID : Vlan tag received in customer's frame. This remains intact while it encapsulated and transported across provider network. C-SA : C-DA : Original source MAC address of customer's frame. Original destination MAC address of customer's frame. B-Component: This component is responsible for forwarding traffic in the core network. It maintains a database of B-MACs and the interfaces they are learnt from. This information is used by forwarding engine to select an egress path for outgoing traffic to other remote BEBs. B-Component Configuration: B-MAC : All the bridges(routers) in backbone network are manually configured with a unique MAC address. These MAC addresses are used in forwarding base to identify which remote BEB should customer traffic be forwarded to. B-SA : B-DA : Denotes backbone MAC address of source bridge. Denotes backbone MAC address of destination bridge.
BEB : Backbone edge bridge is the router that faces customer edge node. BCB : Backbone core bridge is transit node in provider's core network that switches frame towards destination. B-VID : I-SID : B-Tag : Vlan that carries PBB encapsulated customer traffic within core. Represents a unique service identifier associated with service instances. Contains backbone vlan(b-vlan) id information. I-Tag : Contains I-SID value and helps destination BEB router to determine which I-Component or service instance should the traffic be forwarded to. S-VID : Vlan that receives customer traffic and is called Service Vlan identifier(s-vid). C-VID : Vlan tag received in customer's frame. This remains intact while it encapsulated and transported across provider network. C-SA : C-DA : Original source MAC address of customer's frame. Original destination MAC address of customer's frame. B-MAC configuration: Every router in PBB environment is identified by a unique MAC address. These backbone MAC addresses are used in 802.1ah encapsulations to forward traffic in B-VID. B-MAC : All the bridges(routers) in backbone network are manually configured with a unique MAC address. These MAC addresses are used in forwarding base to identify which remote BEB should customer traffic be forwarded to. B-SA : B-DA : Denotes backbone MAC address of source bridge. Denotes backbone MAC address of destination bridge. BEB : Backbone edge bridge is the router that faces customer edge node. BCB : Backbone core bridge is transit node in provider's core network that switches frame towards destination. B-VID : I-SID : B-Tag : Vlan that carries PBB encapsulated customer traffic within core. Represents a unique service identifier associated with service instances. Contains backbone vlan(b-vlan) id information. I-Tag : Contains I-SID value and helps destination BEB router to determine which I-Component or service instance should the traffic be forwarded to. S-VID : Vlan that receives customer traffic and is called Service Vlan identifier(s-vid). C-VID : Vlan tag received in customer's frame. This remains intact while it encapsulated and transported across provider network. C-SA : C-DA : Original source MAC address of customer's frame. Original destination MAC address of customer's frame.
Layer 2 loop avoidance protocol The two components of PBB receive customer traffic and encapsulate it in 802.1ah. This encapsulate frame uses backbone vlan to reach its destination. Which backbone vlan will be used to forward the traffic is decided by the B-VID value configured in B-Component bridge-domain. All layer 2 networks are prone to loops and hence provider s core requires loop avoidance protocols to check this. This scenario will utilize Multi Spanning Tree(MST) 802.1ah encapsulation The below picture describes the two components present on a BEB router. It shows the headers that are imposed on the customer traffic. Original customer traffic received with 802.1q tag is further imposed with 802.1ad and 802.1ah encapsulations before it is finally set into core network for forwarding. Configure Network Diagram Diag 1
Diag. 2 Configurations PBB requires both 'I' and 'B' component to be configured on BEB (customer facing) nodes. BCB (core router) that does not connect to any customer end router only requires B component. PBB Configuration // Below is BEB-1 configuration. Similar configuration applies to other BEBs. // B-MAC Configuration pbb backbone-source-mac 000a.2500.0001 //I-Component Configuration bridge group I-Comp-Grp bridge-domain I-Comp-Dmn interface GigabitEthernet0/0/0/12.554 pbb edge i-sid 5554 core-bridge B-Comp-Dmn
//B-Component Configuration bridge group B-Comp-Grp bridge-domain B-Comp-Dmn interface Bundle-Ether2.1506 pbb core rewrite ingress tag push dot1ad 1506 symmetric Likewise BCB-1, BEB-2, BCB-2 also uses similar structure of configuration. MST Configuration: Below is a structure of MST configuration used on all BEBs & BCBs. In this test scenario, B-VID falls in instance 1 of all the four routers. MST provides a loop free layer 2 path between core and edge routers. Node required to be root bridge needs to be set with lower priority. // Below is BEB-1 configuration. Similar configuration applies to other BEBs. // B-MAC Configuration pbb backbone-source-mac 000a.2500.0001 //I-Component Configuration bridge group I-Comp-Grp bridge-domain I-Comp-Dmn interface GigabitEthernet0/0/0/12.554 pbb edge i-sid 5554 core-bridge B-Comp-Dmn //B-Component Configuration bridge group B-Comp-Grp bridge-domain B-Comp-Dmn interface Bundle-Ether2.1506
pbb core rewrite ingress tag push dot1ad 1506 symmetric How PBB works? Unicast Traffic Forwarding This scenario discusses the case where traffic received from customer is destined to a unicast destination MAC address. Below is the profile of traffic considered for this scenario. Encapsulation at source (BEB-1) Table 1 1. Customer Edge (CE) node forwards the traffic towards BEB-1. This traffic has source and destination MAC addresses as 0000.0000.1111 and 0000.0000.2222 respectively.
2. Traffic is received in Vlan ID 554 (S-VID) on interface GigabitEthernet0/0/0/12.554 which is a part of I-Comp-Dmn. 3. The I-Component of PBB receives this traffic and looks up forwarding base mapping for customer's destination MAC address 0000.0000.2222. // Below is BEB-1 configuration. Similar configuration applies to other BEBs. // B-MAC Configuration pbb backbone-source-mac 000a.2500.0001 //I-Component Configuration bridge group I-Comp-Grp bridge-domain I-Comp-Dmn interface GigabitEthernet0/0/0/12.554 pbb edge i-sid 5554 core-bridge B-Comp-Dmn //B-Component Configuration bridge group B-Comp-Grp bridge-domain B-Comp-Dmn interface Bundle-Ether2.1506 pbb core rewrite ingress tag push dot1ad 1506 symmetric 4. I-Component has an entry for destination MAC address 0000.0000.2222 and it is found to be mapped to ' backbone address a000.7500.0001'. This lookup provides the necessary B-MAC (backbone MAC) needed to build the frame. 5. I-Component encapsulates customer frame with necessary fields like I-SID, B-SA, B-DA, S- VID etc. and passes it down to B-Component for forwarding. 6. B-Component performs a lookup for B-DA and determines the egress interface to forward traffic. // Below is BEB-1 configuration. Similar configuration applies to other BEBs.
// B-MAC Configuration pbb backbone-source-mac 000a.2500.0001 //I-Component Configuration bridge group I-Comp-Grp bridge-domain I-Comp-Dmn interface GigabitEthernet0/0/0/12.554 pbb edge i-sid 5554 core-bridge B-Comp-Dmn //B-Component Configuration bridge group B-Comp-Grp bridge-domain B-Comp-Dmn interface Bundle-Ether2.1506 pbb core rewrite ingress tag push dot1ad 1506 symmetric 7. Destination B-MAC address 'a000.7500.0001' has a loop free path via BE2.1506 which is used to set traffic into core network. Forwarding traffic in core (BCB-1) 1. Transit node BCB-1 receives 802.1ah encapsulated frame in its B-Component based on B- VID 1506. It performs the lookup and switches the traffic forward via interface BE11.1506 // Below is BEB-1 configuration. Similar configuration applies to other BEBs. // B-MAC Configuration pbb backbone-source-mac 000a.2500.0001
//I-Component Configuration bridge group I-Comp-Grp bridge-domain I-Comp-Dmn interface GigabitEthernet0/0/0/12.554 pbb edge i-sid 5554 core-bridge B-Comp-Dmn //B-Component Configuration bridge group B-Comp-Grp bridge-domain B-Comp-Dmn interface Bundle-Ether2.1506 pbb core rewrite ingress tag push dot1ad 1506 symmetric Decapsulation at destination(beb-2) 1. Destination BEB-2 receives the traffic. It performs a lookup based on I-SID to determine associated I-Component/service instance. In this case, lookup provides with 'I-Comp-Dmn'. The 802.1ah header is then stripped and traffic is sent to associated service instance. 2. A MAC lookup for customer s destination address 0000.0000.2222 is done to determine the attachment circuit this frame needs to be sent out from. In this case, traffic is forward to customer CE via attachment circuit 'Gi0/0/0/12.554'. // Below is BEB-1 configuration. Similar configuration applies to other BEBs. // B-MAC Configuration pbb backbone-source-mac 000a.2500.0001 //I-Component Configuration bridge group I-Comp-Grp bridge-domain I-Comp-Dmn interface GigabitEthernet0/0/0/12.554
pbb edge i-sid 5554 core-bridge B-Comp-Dmn //B-Component Configuration bridge group B-Comp-Grp bridge-domain B-Comp-Dmn interface Bundle-Ether2.1506 pbb core rewrite ingress tag push dot1ad 1506 symmetric 802.1ah Encapsulated Packet View (Unicast traffic) Below is a packet level view of encapsulated customer frame. It has same values/profiles as listed above in Table 1. Every PBB packet is an encapsulated combination of 802.1q, 802.1ah and 802.1ad. These ether-types can be seen in packet HEX dump. 0x88a8-802.1ad 0x88e7-802.1ah 0x8100-802.1q Frame 1: 512 bytes on wire (4096 bits), 512 bytes captured (4096 bits) // Source and destination backbone MACs Ethernet II, Src: CeragonN_00:00:01 (00:0a:25:00:00:01), Dst: a0:00:75:00:00:01 (a0:00:75:00:00:01) // MAC addresses in original customer frame are intact in encapsulation. IEEE 802.1ah, B-VID: 1506, I-SID: 5554, C-Src: 00:00:00_00:11:11 (00:00:00:00:11:11), C-Dst: 00:00:00_00:22:22 (00:00:00:00:22:22) B-Tag, B-VID: 1506 000.......... = Priority: 0...0......... = DEI: 0... 0101 1110 0010 = ID: 1506 I-Tag, I-SID: 5554 C-Destination: 00:00:00_00:22:22 (00:00:00:00:22:22) C-Source: 00:00:00_00:11:11 (00:00:00:00:11:11) Type: 802.1Q Virtual LAN (0x8100) // S-VID 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 554 000.......... = Priority: Best Effort (default) (0)...0......... = CFI: Canonical (0)... 0010 0010 1010 = ID: 554
Type: IPv4 (0x0800) //Payload Internet Protocol Version 4, Src: 10.0.0.1, Dst: 10.0.0.2 Internet Control Message Protocol Unknown unicast, multicast & broadcast Traffic Forwarding Above scenario described a case where I-Comp-Dmn bridge domain already had an S-DA to B- DA mapping. Therefore, router already knew which remote BEB to send next frame to before even it arrived. Mac Address Type Learned from/filtered on LC learned Resync Age/Last Change Mapped to -------------- ------- --------------------------- ---------- ---------------------- ----------- --- 0000.0000.1111 dynamic Gi0/0/0/12.554 0/0/CPU0 29 Nov 11:16:11 N/A 0000.0000.2222 dynamic BD id: 24 0/0/CPU0 29 Nov 11:18:41 a000.7500.0001 Customer traffic can be multicast, broadcast or unknown unicast. Destination MAC address of such a traffic is not mapped to any particular remote BEB and hence sender/encapsulating BEB does not know which remote BEB to send this traffic to. This example uses broadcast traffic in the form of ARP to explain how PBB handles such traffic. For this case, two customer host machines are considered to have newly joined network in same broadcast domain on different BEBs. Before these two machines begin to send any packets, they need to send a broadcast ARP request at destination MAC address ffff.ffff.ffff to learn each other's MAC addresses. When source encapsulating BEB receives an ARP request, it determines by looking at the destination MAC address of received frame that it is broadcast traffic. A special group MAC is used for the backbone destination MAC (B-DA) when handling an unknown unicast, multicast or broadcast frame. This backbone group MAC is derived from the I- service instance identifier (ISID) using following rule.
The ARP request is received by ingress BEB, which encapsulates it in an 802.1ah frame with special B-DA derived as explained above. This frame is then received by core routers (BCBs). Core BCBs forward this frame to all BEBs using same B-VID (1506). When this encapsulated frame is received by remote BEBs, they check the I-SID to determine asociated service instance corresponding to it. Once I-Component (or bridge domain associated with I-SID) is identified, a look up is donw for customer's MAC address to determine the attachment circuit to forward the traffic out. In below scenario, host 10.0.0.20 is behind BEB-4 and it responds with an ARP reply. Other network devices behind BEB-2 and BEB-3 receive ARP request and ignore.
802.1ah Encapsulated Packet View (Broadcast traffic) Below is a packet level view of broadcast traffic from CE getting encapsulated using special B-DA adress. Frame 1: 256 bytes on wire (2048 bits), 256 bytes captured (2048 bits) // Use of special derived B-DA Ethernet II, Src: CeragonN_00:00:01 (00:0a:25:00:00:01), Dst: Lan/ManS_00:15:b2 (01:1e:83:00:15:b2) Destination: Lan/ManS_00:15:b2 (01:1e:83:00:15:b2) Source: CeragonN_00:00:01 (00:0a:25:00:00:01) Type: 802.1ad Provider Bridge (Q-in-Q) (0x88a8) IEEE 802.1ah, B-VID: 1506, I-SID: 5554, C-Src: 00:00:00_00:11:11 (00:00:00:00:11:11), C-Dst: Broadcast (ff:ff:ff:ff:ff:ff) B-Tag, B-VID: 1506 000.......... = Priority: 0...0......... = DEI: 0... 0101 1110 0010 = ID: 1506 I-Tag, I-SID: 5554 C-Destination: Broadcast (ff:ff:ff:ff:ff:ff) C-Source: 00:00:00_00:11:11 (00:00:00:00:11:11) Type: 802.1Q Virtual LAN (0x8100) 802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 554
Address Resolution Protocol (request) Hardware type: Ethernet (1) Protocol type: IPv4 (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (1) Sender MAC address: 00:00:00_00:11:11 (00:00:00:00:11:11) Sender IP address: 10.0.0.10 Target MAC address: 00:00:00_00:12:34 (00:00:00:00:12:34) Target IP address: 10.0.0.20 Verify To verify PBB, check participating components i.e. MST, I-Component & B-Component. 1. Status of bridge domains and attachment circuits can be determied using following commands on all the nodes in path. Below verification uses BEB-1 as an example. RP/0/RSP0/CPU0:BEB-1#show bridge group I-Comp-Grp bd-name I-Comp-Dmn Legend: pp = Partially Programmed. Bridge group: I-Comp-Grp, bridge-domain: I-Comp-Dmn, id: 17, state: up, ShgId: 0, MSTi: 0 Type: pbb-edge, I-SID: 5554 Aging: 300 s, MAC limit: 150, Action: limit, no-flood, Notification: syslog, trap Filter MAC addresses: 0 ACs: 1 (1 up), VFIs: 0, PWs: 0 (0 up), PBBs: 1 (1 up), VNIs: 0 (0 up) List of PBBs: PBB Edge, state: up, Static MAC addresses: 0 List of ACs: Gi0/0/0/12.554, state: up, Static MAC addresses: 0 List of Access PWs: List of VFIs: 2. Verify if the customer destination MAC address is learnt in I-Component (I-Comp-Dmn) using following command. RP/0/RSP0/CPU0:BEB-1#show bridge group I-Comp-Grp bd-name I-Comp-Dmn Legend: pp = Partially Programmed. Bridge group: I-Comp-Grp, bridge-domain: I-Comp-Dmn, id: 17, state: up, ShgId: 0, MSTi: 0 Type: pbb-edge, I-SID: 5554 Aging: 300 s, MAC limit: 150, Action: limit, no-flood, Notification: syslog, trap Filter MAC addresses: 0 ACs: 1 (1 up), VFIs: 0, PWs: 0 (0 up), PBBs: 1 (1 up), VNIs: 0 (0 up) List of PBBs: PBB Edge, state: up, Static MAC addresses: 0 List of ACs: Gi0/0/0/12.554, state: up, Static MAC addresses: 0 List of Access PWs: List of VFIs: 3. Verify if B-Component has forwarding information in its databse for B-DA. RP/0/RSP0/CPU0:BEB-1#show bridge group I-Comp-Grp bd-name I-Comp-Dmn Legend: pp = Partially Programmed.
Bridge group: I-Comp-Grp, bridge-domain: I-Comp-Dmn, id: 17, state: up, ShgId: 0, MSTi: 0 Type: pbb-edge, I-SID: 5554 Aging: 300 s, MAC limit: 150, Action: limit, no-flood, Notification: syslog, trap Filter MAC addresses: 0 ACs: 1 (1 up), VFIs: 0, PWs: 0 (0 up), PBBs: 1 (1 up), VNIs: 0 (0 up) List of PBBs: PBB Edge, state: up, Static MAC addresses: 0 List of ACs: Gi0/0/0/12.554, state: up, Static MAC addresses: 0 List of Access PWs: List of VFIs: 4. Verify if MST in the core layer 2 network is stable and confirm there is a loop free path to reach destination B-DA on nodes in path.