IEEE 802.1ad

Last updated

IEEE 802.1ad is an amendment to the IEEE 802.1Q-1998 networking standard which adds support for provider bridges. It was incorporated into the base 802.1Q standard in 2011. [1] The technique specified by the standard is known informally as stacked VLANs or QinQ.

Contents

The original 802.1Q specification allows a single virtual local area network (VLAN) header to be inserted into an Ethernet frame. QinQ allows multiple VLAN tags to be inserted into a single frame, an essential capability for implementing metro Ethernet.

In a multiple-VLAN-header context, out of convenience, the term VLAN tag or just tag for short is often used in place of 802.1Q VLAN header. QinQ allows multiple VLAN tags in an Ethernet frame; together these tags constitute a tag stack. When used in the context of an Ethernet frame, a QinQ frame is a frame that has two VLAN 802.1Q headers (i.e. it is double-tagged).

Background

802.1ad specifies architecture and bridge protocols to provide separate instances of the medium access control (MAC) services to multiple independent users of a bridged local area network in a manner that does not require cooperation among the users and requires a minimum amount of cooperation between the users and the provider of the MAC service.

The idea is to provide, for example, the possibility for customers to run their own VLANs inside a service provider's provided VLAN. This way the service provider can just configure one VLAN for the customer and the customer can then treat that VLAN as if it were a trunk.

IEEE 802.1ad was created for the following reasons:

  1. 802.1Q has a 12-bit VLAN ID field, which has a limit of 212 (4096) tags. With the growth of networks, this limitation has become more acute. A double-tagged frame has a limitation of 4096 × 4096 = 16777216 tags, which can accommodate more network growth.
  2. The addition of a second tag allows operations that would not have been available had the VLAN ID field simply been expanded from 12 bits to 24 bits (or any other large value). Having multiple tags—a tag stack—allows switches to more easily modify frames. In a tag stack scheme, switches can add, remove or modify single or multiple tags. It is easier for networking equipment makers to modify their existing equipment by creating multiple 802.1Q headers than to modify their equipment to implement some hypothetical new non-802.1Q extended VLAN ID field header.
  3. A multi-tagged frame not only has multiple VLAN IDs, but has multiple priority code point (PCP) and drop eligible indicator (DEI) bit fields.
  4. A tag stack creates a mechanism for Internet Service Providers to encapsulate customer single-tagged 802.1Q traffic with a single tag, the final frame being a QinQ frame. The outer tag is used to identify and segregate traffic from different customers; the inner tag is preserved from the original frame.
  5. QinQ frames are convenient means of constructing Layer 2 tunnels, or applying quality-of-service (QoS) policies.
  6. 802.1ad is upward compatible with 802.1Q. Although 802.1ad is limited to two tags, there is no ceiling on the standard limiting a single frame to more than two tags, allowing for growth in the protocol. In practice service provider topologies often anticipate and utilize frames having more than two tags.

The IEEE 802.1ad standard was approved December 8, 2005, and published May 26, 2006.

Frame format

Insertion of 802.1ad tag in Ethernet-II frame TCPIP 802.1ad DoubleTag.svg
Insertion of 802.1ad tag in Ethernet-II frame

These examples are for an Ethernet II framing with EtherType field. The standard is also applicable to IEEE 802.3 frames with or without an LLC (i.e. Logical Link Control), LLC+SNAP header). The top frame is a simple Ethernet II frame. The middle frame has an 802.1Q tag added to it. The bottom frame has yet another 802.1Q added to it.

An 802.1Q header, which is four bytes long, is added to an untagged Ethernet II frame in the following manner:

  1. The four-byte tag is inserted between the source MAC address (SAMAC) of the untagged frame and its EtherType field.
  2. The newly inserted VLAN header's EtherType is set to 0x8100 to identify the following data as a VLAN tag.
  3. 12 bits are used for the VLAN ID, the other bits in the VLAN fields are filled in according to the QoS policy, etc. of the interface at which the tag imposition occurred.

Notice that after the insertion of an 802.1Q header to an untagged frame, the frame's original EtherType appears to have been changed to 0x8100. The untagged frame's original EtherType in the single-tag frame is now located adjacent to the payload. Its value is unchanged.

A second 802.1Q header is added to a single-tagged frame in the following manner:

  1. The second tag is inserted in front of the first tag, meaning the second tag is closer to the Ethernet header than the first (original) tag.
  2. The second tag is inserted between the source MAC address and the first (original) tag.
  3. The second tag is assigned an EtherType of 0x88A8 (instead of the .1Q standard 0x8100) by default. [lower-alpha 1]
  4. 12 bits are used for the VLAN ID, the other bits in the VLAN fields are filled in according to the QoS policy, etc. of the interface at which the tag imposition occurred.

Any third or subsequent tag imposition will insert the tag in front of the preceding tags, closest to the Ethernet header. The frame's original EtherType is always located after all the tags and adjacent to the payload. In the case of an 802.3 frame, this EtherType would be a length value instead, and would contain the length from there to the end of the frame. In the case of an 802.3 frame with an LLC header, the LLC header stays after the length field and adjacent to the payload.

The conventions for 802.1ad terminology typically are as follows:

  1. The inner tag is the tag which is closest to the payload portion of the frame; it is officially called C-TAG for customer tag with EtherType 0x8100.
  2. The outer tag is the one closest to the Ethernet header; its name is S-TAG for service tag with EtherType 0x88a8.
  3. In frames having more than one tag, the tags are numbered 1 to N, and appear sequentially and contiguously in the frame from Ethernet header to payload. In this case the innermost tag is the C-TAG and all other tags are S-TAGs.
  4. For a single-tagged (802.1Q) frame, that tag is designated tag 1 when mixed with 802.1ad tags.

In IEEE 802.1ad, the single-bit Canonical Format Indicator (CFI) is replaced by a Drop Eligibility Indicator (DEI), increasing the functionality of the PCP field.

Tag operations

In a tag stack, push and pop operations are done at the outer tag end of the stack, therefore the tag added by a tag push operation becomes a new outer tag and the tag to be removed by a tag pop operation is the current outer tag.

Examples

Virtual networks

Simple QinQ example QinQ-example-simple-SP-cloud.JPG
Simple QinQ example

This simple example will illustrate the practical use of 802.1ad. The diagram shows switches as hexagons, and a service provider (SP) network encompassing all items within the dotted oval. The items on the periphery of the oval are networks belonging to SP customers. Different physical locations appear in the shaded rectangle and include both customer and SP network components.

A service provider (SP) offers L2 connectivity to customers in the cities of Seattle and Tacoma. Two corporations, Acme and XYZ, each have campuses in both Seattle and Tacoma. All campuses run Ethernet LANs, and the customers intend to connect through the SP's L2 VPN network so that their campuses are in the same LAN (L2 network). It is desirable for each company to have a single LAN available in both Seattle and Tacoma, obviating the alternative of having two LANs in which traffic must be routed between the LANs. The SP has two switches, one in Seattle (S-Switch #1), and one in Tacoma (S-Switch #2). The customers interface to the SP network in switches designated A and B. Each customer has its own pair of A and B switches. Acme switch A is connected to S-Switch #1 through link A1; the rest of the links are labeled. S-Switch #1 and #2 are connected by link S12.

Acme's LAN uses VLAN IDs 10, 11 and 12 in their network. The connections A1 and A2 are Ethernet trunks that have single-tagged VLAN traffic, the traffic using IDs 10, 11 and 12. Likewise XYZ uses IDs 11, 12 and 13 in their network, so X1 and X2 are also trunks with single tagged traffic of IDs 11, 12 and 13. The SP, having one network and one connection between S-Switch #1 and S-Switch #2, must segregate Acme's and XYZ's traffic. Since both Acme and XYZ share some VLAN IDs, traffic cannot be segregated by customer VLAN ID.

The solution is for the SP to use 802.1ad in their network. They assign a single, unique outer VLAN tag ID of 100 for Acme, and a unique outer VLAN ID of 101 for XYZ. All traffic sent from Acme A to the SP network (sent on A1, destined for Acme B) will have a tag of ID 100 pushed. The inner tag will be either 10, 11 or 12, the original Acme tag. The traffic will be sent through S12 in this format, and just before it exits S-Switch #2 bound for Acme B (link A2), all traffic will undergo a single pop operation, removing the outer VLAN tag with the ID 100. This pop operation is the inverse of the former push operation, with the net result of no change to the traffic. The traffic passes through the SP network as 802.1ad frames, but no 802.1ad frames are sent to or received from the customer.

Problems with previous example

An experienced network engineer will immediately recognize the shortcomings of the above example. This is the reason why 802.1ad is more of a definition for a method of adding multiple tags to a frame than it is an end-to-end self-contained solution. It is used in conjunction with other protocols and standards. The problems with the above example are:

  1. Many switches bridge Ethernet traffic based on MAC addresses—not on VLAN IDs. This is called Shared VLAN Learning and is done per 802.1d MAC learning/MAC aging, etc.
  2. Should Acme and XYZ use the same MAC addresses in their networks, this will cause problems with the MAC learning, as the assumption in MAC learning is that no two hosts use the same MAC address. In other words, a MAC should only be learned from a single switch's port.
  3. The SP network must learn all customer MAC addresses in order to switch them. This does not scale well.
  4. There is no provision in the above example for L2 protocol frames, Spanning Tree being the most important.
  5. Additional QoS capabilities are lacking.
  6. Bridges that use Independent VLAN Learning (IVL), i.e., the first VLAN tag is included as part of the SAMAC address, circumvent the problems mentioned in paragraphs 1 and 2. IVL resolves the problem of MAC addresses possibly being used by more than one customer. However, switches en route still have to learn all inserted VLAN/MAC address combinations (12 + 48 = 60 bits).
  7. Broadcasts from LAN to LAN is always an issue to consider.

Provider Bridges (802.1ad) and Provider Backbone Bridges (the IEEE 802.1ah-2008 standard) address the above problems by a further modified SAMAC learning method.

See also

Notes

  1. An old non-standard 802.1QinQ protocol used 0x9100.

Related Research Articles

The Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include backup links providing fault tolerance if an active link fails.

<span class="mw-page-title-main">VLAN</span> Network communications domain that is isolated at the data link layer

A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. In this context, virtual refers to a physical object recreated and altered by additional logic, within the local area network. Basically, a VLAN behaves like a virtual switch or network link that can share the same physical structure with other VLANs while staying logically separate from them. Between network devices, VLANs work by applying tags to network frames and handling these tags in networking systems –creating the appearance and functionality of network traffic that is physically on a single network but acts as if it were split between separate networks. In this way, VLANs can keep network applications separate despite being connected to the same physical network, and without requiring multiple sets of cabling and networking devices to be deployed.

EtherType is a two-octet field in an Ethernet frame. It is used to indicate which protocol is encapsulated in the payload of the frame and is used at the receiving end by the data link layer to determine how the payload is processed. The same field is also used to indicate the size of some Ethernet frames.

In telecommunications, trunking is a technology for providing network access to multiple clients simultaneously by sharing a set of circuits, carriers, channels, or frequencies, instead of providing individual circuits or channels for each client. This is reminiscent to the structure of a tree with one trunk and many branches. Trunking in telecommunication originated in telegraphy, and later in telephone systems where a trunk line is a communications channel between telephone exchanges.

IEEE 802.1Q, often referred to as Dot1q, is the networking standard that supports virtual local area networking (VLANs) on an IEEE 802.3 Ethernet network. The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames. The standard also contains provisions for a quality-of-service prioritization scheme commonly known as IEEE 802.1p and defines the Generic Attribute Registration Protocol.

<span class="mw-page-title-main">Metro Ethernet</span> Metropolitan area network based on Ethernet standards

A metropolitan-area Ethernet, Ethernet MAN, carrier Ethernet or metro Ethernet network is a metropolitan area network (MAN) that is based on Ethernet standards. It is commonly used to connect subscribers to a larger service network or for internet access. Businesses can also use metropolitan-area Ethernet to connect their own offices to each other.

Cisco Inter-Switch Link (ISL) is a Cisco proprietary link layer protocol that maintains VLAN information in Ethernet frames as traffic flows between switches and routers, or switches and switches. ISL is Cisco's VLAN encapsulation protocol and is supported only on some Cisco equipment over the Fast and Gigabit Ethernet links. It is offered as an alternative to the IEEE 802.1Q standard, a widely used VLAN tagging protocol, although the use of ISL for new sites is deprecated by Cisco.

In computer networking, jumbo frames are Ethernet frames with more than 1500 bytes of payload, the limit set by the IEEE 802.3 standard. The payload limit for jumbo frames is variable: while 9000 bytes is the most commonly used limit, smaller and larger limits exist. Many Gigabit Ethernet switches and Gigabit Ethernet network interface controllers and some Fast Ethernet switches and Fast Ethernet network interface cards can support jumbo frames.

IEEE P802.1p was a task group active from 1995 to 1998, responsible for adding traffic class expediting and dynamic multicast filtering to the IEEE 802.1D standard. The task group developed a mechanism for implementing quality of service (QoS) at the media access control (MAC) level. Although this technique is commonly referred to as IEEE 802.1p, the group's work with the new priority classes and Generic Attribute Registration Protocol (GARP) was not published separately but was incorporated into a major revision of the standard, IEEE 802.1D-1998, which subsequently was incorporated into IEEE 802.1Q-2014 standard. The work also required a short amendment extending the frame size of the Ethernet standard by four bytes which was published as IEEE 802.3ac in 1998.

Provider Backbone Bridge Traffic Engineering (PBB-TE) is a computer networking technology specified in IEEE 802.1Qay, an amendment to the IEEE 802.1Q standard. PBB-TE adapts Ethernet to carrier class transport networks. It is based on the layered VLAN tags and MAC-in-MAC encapsulation defined in IEEE 802.1ah, but it differs from PBB in eliminating flooding, dynamically created forwarding tables, and spanning tree protocols. Compared to PBB and its predecessors, PBB-TE behaves more predictably and its behavior can be more easily controlled by the network operator, at the expense of requiring up-front connection configuration at each bridge along a forwarding path. PBB-TE Operations, Administration, and Management (OAM) is usually based on IEEE 802.1ag. It was initially based on Nortel's Provider Backbone Transport (PBT).

IEEE 802.1ah is an amendment to the IEEE 802.1Q networking standard which adds support for Provider Backbone Bridges. It includes an architecture and a set of protocols for routing over a provider's network, allowing interconnection of multiple provider bridge networks without losing each customer's individually defined VLANs. It was initially created by Nortel before being submitted to the IEEE 802.1 committee for standardization. The final version was approved by the IEEE in June 2008 and has been integrated into IEEE 802.1Q-2011.

In computer networking, an Ethernet frame is a data link layer protocol data unit and uses the underlying Ethernet physical layer transport mechanisms. In other words, a data unit on an Ethernet link transports an Ethernet frame as its payload.

Hierarchical VLAN (HVLAN) is a proposed Ethernet standard that extends the use of enterprise Ethernet VLAN (802.1Q) to carrier networks. A number of developments have emerged in recent years to help bring Ethernet, a flexible and cost-efficient packet transport technology, to carrier networks. These developments include Q-in-Q (802.1ad), PBB (802.1ah), PBT, and PBB-TE, which bring a set of features to traditional Ethernet to make it “carrier-grade”, adding to it high-availability, OA&M, and more.

Carrier Ethernet is a marketing term for extensions to Ethernet for communications service providers that utilize Ethernet technology in their networks.

Data center bridging (DCB) is a set of enhancements to the Ethernet local area network communication protocol for use in data center environments, in particular for use with clustering and storage area networks.

IEEE 802.1aq is an amendment to the IEEE 802.1Q networking standard which adds support for Shortest Path Bridging (SPB). This technology is intended to simplify the creation and configuration of Ethernet networks while enabling multipath routing.

TRILL is a networking protocol for optimizing bandwidth and resilience in Ethernet networks, implemented by devices called TRILL switches. TRILL combines techniques from bridging and routing, and is the application of link-state routing to the VLAN-aware customer-bridging problem. Routing bridges (RBridges) are compatible with, and can incrementally replace, previous IEEE 802.1 customer bridges. TRILL Switches are also compatible with IPv4 and IPv6, routers and end systems. They are invisible to current IP routers, and like conventional routers, RBridges terminate the broadcast, unknown-unicast and multicast traffic of DIX Ethernet and the frames of IEEE 802.2 LLC including the bridge protocol data units of the Spanning Tree Protocol.

Virtual Extensible LAN (VXLAN) is a network virtualization technology that uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP port number, although many implementations that predate the IANA assignment use port 8472. VXLAN attempts to address the scalability problems associated with large cloud computing deployments. VXLAN endpoints, which terminate VXLAN tunnels and may be either virtual or physical switch ports, are known as VXLAN tunnel endpoints (VTEPs).

Time-Sensitive Networking (TSN) is a set of standards under development by the Time-Sensitive Networking task group of the IEEE 802.1 working group. The TSN task group was formed in November 2012 by renaming the existing Audio Video Bridging Task Group and continuing its work. The name changed as a result of the extension of the working area of the standardization group. The standards define mechanisms for the time-sensitive transmission of data over deterministic Ethernet networks.

<span class="mw-page-title-main">Provider-provisioned VPN</span>

Provider-provisioned VPN (PPVPN) are Virtual Private Network implemented by the connectivity service providers or large enterprises on networks they operate by their own. They can be opposed to "customer-provisioned VPN" where the VPN is implemented by the customer who acquire the connectivity service on top of the technical specificities of the provider.

References

  1. "802.1Q-2011 - IEEE Standard for Local and metropolitan area networks--Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks". Archived from the original on December 14, 2018.