Hierarchical VLAN (HVLAN) is a proposed Ethernet standard that extends the use of enterprise Ethernet VLAN (802.1Q) to carrier networks. A number of developments have emerged in recent years to help bring Ethernet, a flexible and cost-efficient packet transport technology, to carrier networks. These developments include Q-in-Q (802.1ad), PBB (802.1ah), PBT (Provider Backbone Transport), and PBB-TE (Provider Backbone Bridge Traffic Engineering), which bring a set of features to traditional Ethernet to make it “carrier-grade”, adding to it high-availability, OA&M, and more.
While attempting to retain the core features that made Ethernet attractive in the first place, these technologies do not address other inefficiencies that could limit their use in the long term. This is especially true when considering the expected significant growth of multipoint network applications – IPTV, Private LANs, gaming, and others. The delivery of such services is better supported by PBB and associated protocols than alternatives such as MPLS, yet could hit scalability issues should services evolve as predicted.
HVLAN introduces the concept of hierarchical addressing schemes into the VLAN tag to provide both enterprise and carrier transport networks the characteristics they need in the long run.
Ethernet is a connectionless technology. It does not have a routing mechanism and its address scheme is based on 48-bit MAC addresses. However, its flat address scheme results in a potential explosion of forwarding database entries and an uncontrolled flooding of broadcast messages throughout the network. In order to overcome Ethernet's scalability issues, a partitioning scheme, named VLAN, was introduced.
A virtual LAN, commonly known as VLAN, is a method of creating independent logical Ethernet networks within a physical network. Several VLANs can co-exist within such a network. This helps in reducing the broadcast domain and aids in network administration by separating logical segments of a LAN (like company departments) that should not exchange data using a LAN (they still can exchange data by routing).
VLANs are configured through software rather than hardware, which makes them extremely flexible. Frames having a VLAN tag carry an explicit identification of the VLAN to which they belong. The value of the VLAN Identification (VID) in the tag header signifies the particular VLAN the frame belongs to. The main problem with VLAN is its limited VID space (4096). While this space may suffice for enterprise applications, it is much too small for carrier networks, which must support many customers and services.
A number of solutions have been proposed to increase VLAN's scalability. A first proposal, called Q-in-Q, also known as Provider Bridge, VLAN stacking or tag stacking, allows service providers to insert an additional VLAN tag (referred to as provider VLAN) in the Ethernet frame in order to identify the service, resulting in a unique 24-bit length label. While this solution enables one, in theory, to identify up to 16 million services (4094 * 4094), in reality, one provider VLAN is dedicated to one customer, and therefore the number of supported customers is still limited to 4094.
Q-in-Q also introduces a scalability issue within the core of the carrier network, where every core switch needs to learn and maintain forwarding entries for every customer MAC address.
PBB, PBT, and PBB-TE use an alternative proposed solution, known as MAC-in-MAC, described in the proposed IEEE 802.1ah Provider Backbone Bridges standard, which encapsulates Ethernet frames with a Service Provider MAC header. MAC-in-MAC technology overcomes the inherent scalability limitations of VLAN and Q-in-Q networks that make them impractical for use in larger networks by enabling up to 4000 times as many service instances as supported by traditional VLAN and Q-in-Q networks.
In PBB and PBT switches at the edge of the carrier network encapsulate customer traffic within an 802.1ah frame. The carrier network core is only responsible for transporting frames from an edge device to another, alleviating Q-in-Q's issue of forwarding table scalability. The same feature – assigning a MAC address per edge device, not per service – creates a scalability issue for multipoint services. Multipoint services require full mesh connectivity between edge devices, a very inefficient method as all frames are duplicated at the root nodes, rather than at the optimal point as in VLAN connectivity. Moreover, the need to create forwarding entries for each unicast connection within the full mesh (as opposed to a single VLAN forwarding tree in the case of VLAN connectivity) will quickly become unsustainable as multipoint services become predominant in the near future.
Furthermore, the addition of a MAC header augments the frame size by about 128 bits, a significant overhead given the small size (64 byte) of real-time application (e.g. voice and video) packets.
Accordingly, there is a long felt need for leveraging the forwarding efficiency of VLAN networking, while at the same time solving its addressing space scalability issues described previously. Increasing the VLAN tag size would mean bigger forwarding table, longer forwarding table entries, and a modification of current mass-market Ethernet chips, requirements that are not vital to the enterprise world.
HVLAN introduces hierarchy into the VLAN tag, in a way somewhat similar to classless subnets in the Internet Protocol with Classless Inter-Domain Routing (CIDR). Consequently, forwarding at each node uses a “best match” approach that substantially reduces the number of forwarding entries in core switches. Additionally HVLAN removes the need for encapsulation in many cases, reducing the overall transport overhead. The proposed HVLAN frame format is as follows:
A full description of the HVLAN header can be found in [1], the most important field being the HVID. When traversing the carrier's Ethernet network, the HVLAN frames can be forwarded using HVID only, MAC address only or a combination of both. There is an explicit bit in an HVLAN frame that prevents the carrier's core switches from learning the HVLAN frames' MAC address when unnecessary. To understand HVLAN operation, consider a scenario (see diagram) which illustrates the provision of 3 point-to-point services (blue, green, and red) over an HVLAN network. The diagram shows all forwarding table entries needed to transport the 3 services. Only forwarding entries for one direction (left-to-right) are displayed, similar entries implement the other direction.
Point-to-point services are provisioned using a unique HVID per service. Planning HVIDs wisely enables summarization (as shown at the leftmost edge device) and reduces the number of forwarding entries to a strict minimum; the network now scales to support millions of point-to-point services with minimum packet overhead (it can be noted that no encapsulation was used, frames were forwarded using HVID only).
A further example (see diagram) shows HVLAN operation in the case of point-to-multipoint services (e.g. IPTV). The diagram shows all forwarding table entries needed to transport the 2 multipoint services (red and blue) from a server (left) to 3 clients (right).
As with point-to-point services, point-to-multipoint services are provisioned using a unique HVID per service. Encapsulation is not required and frames can be forwarded using HVID only. Summarization of HVIDs reduces the size of forwarding tables and creates scalability. Millions of point-to-multipoint services can be provided. The case of multipoint-to-multipoint is handled by HVLAN using encapsulation and provider MAC addresses. A full description of HVLAN multipoint-to-multipoint operation is provided in [1].
Hierarchical VLAN is a proposed extension to VLAN which, like PBB and PBT, turns cost-efficient Ethernet into a flexible, carrier-grade transport technology. Unlike other technologies, HVLAN uses the mature VLAN functionality to support all connectivity schemes: point-to-point, point-to-multipoint, and multipoint-to-multipoint. It uses a hierarchical VLAN allocation technique to achieve this. The technique allows summarization to reduce the number of forwarding table entries within the carrier network switches.
HVLAN is compatible with VLAN-related standards. It is currently being discussed by the ITU-T and the IEEE with the goal of standardization.
[1] HVLAN White Paper coming soon
A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. In this context, virtual, refers to a physical object recreated and altered by additional logic, within the local area network. VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.
EtherType is a two-octet field in an Ethernet frame. It is used to indicate which protocol is encapsulated in the payload of the frame and is used at the receiving end by the data link layer to determine how the payload is processed. The same field is also used to indicate the size of some Ethernet frames.
A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.
In IEEE 802 LAN/MAN standards, the medium access control sublayer is the layer that controls the hardware responsible for interaction with the wired, optical or wireless transmission medium. The MAC sublayer and the logical link control (LLC) sublayer together make up the data link layer. The LLC provides flow control and multiplexing for the logical link, while the MAC provides flow control and multiplexing for the transmission medium.
IEEE 802.1Q, often referred to as Dot1q, is the networking standard that supports virtual local area networking (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol.
Virtual Private LAN Service (VPLS) is a way to provide Ethernet-based multipoint to multipoint communication over IP or MPLS networks. It allows geographically dispersed sites to share an Ethernet broadcast domain by connecting sites through pseudowires. The term sites includes multiplicities of both servers and clients. The technologies that can be used as pseudo-wire can be Ethernet over MPLS, L2TPv3 or even GRE. There are two IETF standards track RFCs describing VPLS establishment.
A metropolitan-area Ethernet, Ethernet MAN, or metro Ethernet network is a metropolitan area network (MAN) that is based on Ethernet standards. It is commonly used to connect subscribers to a larger service network or for internet access. Businesses can also use metropolitan-area Ethernet to connect their own offices to each other.
A network bridge is a computer networking device that creates a single, aggregate network from multiple communication networks or network segments. This function is called network bridging. Bridging is distinct from routing. Routing allows multiple networks to communicate independently and yet remain separate, whereas bridging connects two separate networks as if they were a single network. In the OSI model, bridging is performed in the data link layer. If one or more segments of the bridged network are wireless, the device is known as a wireless bridge.
Provider Backbone Bridge Traffic Engineering (PBB-TE) is an approved telecommunications networking standard, IEEE 802.1Qay-2009. PBB-TE adapts Ethernet technology to carrier class transport networks. It is based on the layered VLAN tags and MAC-in-MAC encapsulation defined in IEEE 802.1ah, but it differs from PBB in eliminating flooding, dynamically created forwarding tables, and spanning tree protocols. Compared to PBB and its predecessors, PBB-TE behaves more predictably and its behavior can be more easily controlled by the network operator, at the expense of requiring up-front connection configuration at each bridge along a forwarding path. PBB-TE Operations, Administration, and Management (OAM) is usually based on IEEE 802.1ag. It was initially based on Nortel's Provider Backbone Transport (PBT).
Provider Backbone Bridges (PBB) is a set of architecture and protocols for routing over a provider's network allowing interconnection of multiple provider bridge networks without losing each customer's individually defined VLANs. It was initially created by Nortel before being submitted to the IEEE 802.1 committee for standardization. The final standard was approved by the IEEE in June 2008 as IEEE 802.1ah-2008 and has been integrated into IEEE 802.1Q-2011.
In computer networking, an Ethernet frame is a data link layer protocol data unit and uses the underlying Ethernet physical layer transport mechanisms. In other words, a data unit on an Ethernet link transports an Ethernet frame as its payload.
Connection-oriented Ethernet refers to the transformation of Ethernet, a connectionless communication system by design, into a connection-oriented system. The aim of connection-oriented Ethernet is to create a networking technology that combines the flexibility and cost-efficiency of Ethernet with the reliability of connection-oriented protocols. Connection-oriented Ethernet is used in commercial carrier grade networks.
Carrier Ethernet is a marketing term for extensions to Ethernet for communications service providers that utilize Ethernet technology in their networks.
Data center bridging (DCB) is a set of enhancements to the Ethernet local area network communication protocol for use in data center environments, in particular for use with clustering and storage area networks.
Shortest Path Bridging (SPB), specified in the IEEE 802.1aq standard, is a computer networking technology intended to simplify the creation and configuration of Ethernet networks while enabling multipath routing.
IEEE 802.1ad is an Ethernet networking standard. It is as an amendment to IEEE standard IEEE 802.1Q-1998 and was incorporated into the base 802.1Q standard in 2011. The technique specified by the standard is known as provider bridging and stacked VLANs and informally as QinQ.
TRILL is an Internet Standard implemented by devices called TRILL switches. TRILL combines techniques from bridging and routing, and is the application of link-state routing to the VLAN-aware customer-bridging problem. Routing bridges (RBridges) are compatible with and can incrementally replace previous IEEE 802.1 customer bridges. TRILL Switches are also compatible with IPv4 and IPv6, routers and end systems. They are invisible to current IP routers, and like conventional routers, RBridges terminate the broadcast, unknown-unicast and multicast traffic of DIX Ethernet and the frames of IEEE 802.2 LLC including the bridge protocol data units of the Spanning Tree Protocol.
Virtual Extensible LAN (VXLAN) is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP port number. VXLAN endpoints, which terminate VXLAN tunnels and may be either virtual or physical switch ports, are known as VXLAN tunnel endpoints (VTEPs).
Time-Sensitive Networking (TSN) is a set of standards under development by the Time-Sensitive Networking task group of the IEEE 802.1 working group. The TSN task group was formed in November 2012 by renaming the existing Audio Video Bridging Task Group and continuing its work. The name changed as a result of the extension of the working area of the standardization group. The standards define mechanisms for the time-sensitive transmission of data over deterministic Ethernet networks.
Broadcast, unknown-unicast and multicast traffic is network traffic transmitted using one of three methods of sending data link layer network traffic to a destination of which the sender does not know the network address. This is achieved by sending the network traffic to multiple destinations on an Ethernet network. As a concept related to computer networking, it includes three types of Ethernet modes: broadcast, unicast and multicast Ethernet. BUM traffic refers to that kind of network traffic that will be forwarded to multiple destinations or that cannot be addressed to the intended destination only.