Contents

Configuring MAC-in-MAC 1 MAC-in-MAC overview 1 Basic concepts 1 MAC-in-MAC frame encapsulation 2 MAC-in-MAC frame forwarding 4 Protocols and standards 4 MAC-in-MAC configuration task list 4 Configuring MAC-in-MAC 5 Enabling L2VPN 5 Creating a MAC-in-MAC instance5 Configuring a B-VLAN 5 Configuring an uplink port 6 Configuring a downlink port 7 Applying a global CAR action 7 Displaying and maintaining MAC-in-MAC 8 MAC-in-MAC configuration example 8 Troubleshooting 10

Configuring MAC-in-MAC
NOTE: The switch does not support MAC-in-MAC when it works in standard mode. For more information about system working modes, see Fundamentals Configuration Guide.

MAC-in-MAC overview
MAC-in-MAC, also known as Provider Backbone Bridge (PBB), is defined in IEEE 802.1ah. MAC-in-MAC is a Layer-2 Virtual Private Network (VPN) technique. It encapsulates the customer MAC in the service provider MAC, transmits the inner MAC as payload, and thus improves the expandability for Ethernet and secures services.

Basic concepts
Figure 1 shows a typical MAC-in-MAC network. This section introduces some basic concepts of MAC-in-MAC based on this network. Figure 1 A typical MAC-in-MAC network
Customer network BEB BEB Customer network

BCB

BCB

PBBN

BCB

BCB

Customer network PBN

BEB

BEB

Customer network PBN

Customer network

Customer network

PBBN
As shown in Figure 1, a network using MAC-in-MAC is called a provider backbone bridge network (PBBN) or MAC-in-MAC network. For users, a PBBN is a Layer-2 switching network where Layer-2 connections are between different nodes.
1

PBN
As shown in Figure 1, a network connecting the PBBN with the customer network is a provider bridge network (PBN). The customer network can connect to the PBBN directly, or through a PBN.

MAC-in-MAC frame
A frame processed by MAC-in-MAC is called a MAC-in-MAC frame. For more information about the encapsulation format of a MAC-in-MAC frame, see MAC-in-MAC frame encapsulation.

BEB
As shown in Figure 1, a backbone edge bridge (BEB) is an edge device in the PBBN, like a PE device in an MPLS network. The BEB encapsulates frames from the customer network by using MAC-in-MAC, or de-encapsulates MAC-in-MAC frames from the PBBN and forwards them to the customer network.

BCB
As shown in Figure 1, a backbone core bridge (BCB) is a core device in the PBBN, like a P device in an MPLS network. It forwards MAC-in-MAC frames according to their B-MAC and B-VLAN. A BCB device only forwards frames and learns MAC addresses in the backbone network. It does not learn a large number of customer MAC addresses. In this way, the network deployment costs are reduced, and the PBBN is given better expandability.

B-MAC/B-VLAN
When encapsulating a customer frame, a BEB tags the frame with the service provider MAC address (known as backbone MAC address, B-MAC) and service provider VLAN (known as backbone VLAN, B-VLAN). Note that the B-MAC falls into source B-MAC and destination B-MAC. In the PBBN, a BCB forwards MAC-in-MAC frames according to their B-MAC and B-VLAN.

Uplink port/downlink port

The port that connects the BEB to the PBBN is the uplink port, and the port that connects the BEB to the customer network is the downlink port. After the frames from the customer network are encapsulated in MAC-in-MAC frames, they are forwarded out of uplink ports on the BEB; after the MAC-in-MAC frames from the PBBN are de-encapsulated, they are forwarded out of the corresponding downlink port on the BEB according to the customer MAC.

MAC-in-MAC instance and I-SID

In the PBBN, a MAC-in-MAC instance represents a type of services provided by the service provider, and is uniquely identified by a backbone service instance identifier (I-SID).

MAC-in-MAC frame encapsulation

Figure 2 Format of a MAC-in-MAC frame

Figure 2 shows the format of a MAC-in-MAC frame. Table 1 describes some key fields in the frame. Table 1 Some key fields of a MAC-in-MAC frame Field Full name Description
Destination B-MAC, outer destination MAC address in a MAC-in-MAC frame. It is the MAC address of the BEB device at the destination end of the PBBN tunnel. The combination of B-DA and B-SA is B-MAC. Source B-MAC, outer source MAC address in a MAC-in-MAC frame. It is the MAC address of the BEB device at the source end of the PBBN tunnel. The combination of B-DA and B-SA is B-MAC. Outer VLAN tag in a MAC-in-MAC frame. It indicates the VLAN information and priority information of the frame within the PBBN. The Tag Protocol Identifier (TPID) in the B-tag is 0x8100. Service identifier of a MAC-in-MAC frame. The I-tag contains the backbone service instance priority code point (I-PCP) and backbone service instance drop eligibility indicator (I-DEI) on the BEB, backbone service instance identifier (I-SID), and the C-DA and C-SA of the customer frame. The TPID of the I-tag is 0x88E7. Outer VLAN tag of the frame in the PBN, which indicates the VLAN information and priority information of the frame within the PBN. Inner VLAN tag of the frame in the PBN, which indicates the VLAN information and priority information of the frame within the customer network.

B-DA

Backbone destination MAC address

B-SA

Backbone source MAC address

B-Tag

Backbone VLAN tag

I-Tag

Backbone service instance tag

S-Tag

Service provider VLAN tag

C-Tag

Customer VLAN tag

NOTE: For more information about TPID, see the chapter Configuring VLANs.

MAC-in-MAC frame forwarding

Figure 3 MAC-in-MAC frame forwarding

As shown in Figure 3, a MAC-in-MAC frame is forwarded in the PBBN using the following process:
1. 2. 3.

BEB 1 encapsulates a customer frame with the corresponding B-MAC, B-VLAN, and I-SID, and then forwards the frame to the BCB through its uplink port. BCB forwards the MAC-in-MAC frame from BEB 1 to BEB 2 according to its B-MAC and B-VLAN. BEB 2 de-encapsulates the MAC-in-MAC frame from the BCB, restores the frames to a standard Ethernet frame, and then forwards the frame out of the corresponding downlink port to the customer network.

Protocols and standards

IEEE 802.1ah, Virtual Bridged Local Area Networks Amendment 7: Provider Backbone Bridges

MAC-in-MAC configuration task list

Perform the MAC-in-MAC-related configurations on the BEB devices only. The BCB devices simply forward MAC-in-MAC frames according to their B-MAC and B-VLAN. Complete the following tasks to configure MAC-in-MAC: Task
Enabling L2VPN Creating a MAC-in-MAC instance Configuring a B-VLAN Configuring an uplink port Configuring a downlink port Applying a global CAR action

Remarks
Required Required Required Required Required Optional

Configuring MAC-in-MAC
Enabling L2VPN
To configure MAC-in-MAC, which is a Layer-2 VPN technique, enable L2VPN first. To enable L2VPN: Step
1. 2. Enter system view. Enable L2VPN L2VPN view. and enter

Command
system-view l2vpn

Remarks
N/A By default, L2VPN is disabled.

NOTE: For more information about the l2vpn command, see MPLS Command Reference.

Creating a MAC-in-MAC instance

To create a MAC-in-MAC instance, create a virtual switch instance of the MAC-in-MAC type and specify its I-SID. The I-SID identifies a type of services, and is the unique identifier of the MAC-in-MAC instance. The same I-SID must be used throughout a MAC-in-MAC network. For more information about the VSI, see MPLS Configuration Guide. To create a MAC-in-MAC instance: Step
1. 2. Enter system view. Create a VSI of the MAC-in-MAC type, specify the I-SID, and enter VSI view.

Command
system-view vsi vsi-name minm i-sid i-sid

NOTE: For more information about the vsi command, see MPLS Command Reference.

Configuring a B-VLAN
Only MAC-in-MAC instances with the same I-SID and B-VLAN can communicate. Therefore, you must specify a B-VLAN for a MAC-in-MAC instance. To configure a B-VLAN for a MAC-in-MAC instance: Step
1. 2. Enter system view. Enter VSI view.

Command
system-view vsi vsi-name minm i-sid i-sid

Remarks
N/A N/A

Step
3. Specify a B-VLAN for the MAC-in-MAC instance.

Command
minm bvlan vlan-id

Remarks
By default, no B-VLAN is specified for a MAC-in-MAC service instance.

NOTE: You can specify only one B-VLAN for a MAC-in-MAC instance, and specify the same B-VLAN for different MAC-in-MAC instances. The B-VLAN must be a static, existing VLAN. For more information about the vsi command, see MPLS Command Reference.

Configuring an uplink port

You can specify one or more uplink ports for a MAC-in-MAC instance. On the BEB, frames from the customer network are encapsulated in MAC-in-MAC frames in the corresponding MAC-in-MAC instances, and then forwarded out of the corresponding uplink ports. You can configure the uplink ports in either VSI view or interface view. If the same port is configured as an uplink port in both VSI view and interface view, the latest configuration takes effect. CAUTION: The uplink port configuration takes effect only after you specify a B-VLAN for the MAC-in-MAC instance. To make the uplink port configuration take effect, assign them to the B-VLAN.

Configuring an uplink port in VSI view

To configure an uplink port in VSI view: Step
1. 2. 3. Enter system view. Enter VSI view. Specify an uplink port for the MAC-in-MAC instance.

Command
system-view vsi vsi-name minm i-sid i-sid minm uplink interface-number interface-type

Remarks
N/A N/A By default, no uplink port is specified for a MAC-in-MAC service instance.

NOTE: For more information about the vsi command, see MPLS Command Reference.

Configuring an uplink port in interface view

To configure an uplink port in interface view: Step
1. Enter system view.

Command
system-view

Remarks
N/A

Step
2. Enter Layer-2 Ethernet interface view or Layer-2 aggregate interface view. Specify the port as the uplink port for the MAC-in-MAC instance.

Command
interface interface-number interface-type

Remarks
N/A By default, a port is not configured as the uplink port of any MAC-in-MAC service instance.

3.

minm uplink vsi vsi-name

Configuring a downlink port

On the BEB, frames from the customer network are mapped to MAC-in-MAC instances based on the match criteria configured on downlink ports, and MAC-in-MAC frames from the PBBN are de-encapsulated in the corresponding MAC-in-MAC instances and then forwarded out of the corresponding downlink ports based on their customer MAC addresses. You can specify one or more downlink ports for a MAC-in-MAC instance. To configure a downlink port: Step
1. 2. 3. Enter system view. Enter interface view. Create a service instance and enter service instance view. Configure the match criteria. Associate the service instance with the specified MAC-in-MAC instance.

Command
system-view interface interface-number interface-type

Remarks
N/A N/A By default, no service instance exists on a port. By default, no match criterion is configured. By default, a service instance is not associated with any MAC-in-MAC service instance.

service-instance instance-id encapsulation { s-vid vlan-id [ only-tagged ] | port-based | tagged | untagged } xconnect vsi vsi-name [ access-mode { ethernet | vlan } ]

4. 5.

NOTE: For more information about the service-instance, encapsulation, and xconnect vsi commands, see MPLS Command Reference.

Applying a global CAR action

You can apply a global CAR action to a service instance to rate-limit the incoming or outgoing traffic of the service instance. To apply a global CAR action: Step
1. Enter view. system

Command
system-view

Remarks
N/A

Step
2. 3. 4. Enter view. interface

Command
interface interface-number interface-type

Remarks
N/A N/A

Enter service instance view. Apply a global CAR action to the service instance.

service-instance instance-id

car { inbound | outbound } name car-name

By default, no global CAR action is applied to a service instance.

NOTE: If you want to configure traffic policing on an attachment circuit (AC), do that before binding it to a MAC-in-MAC instance. For more information about an AC, see MPLS Configuration Guide.

Displaying and maintaining MAC-in-MAC

Task
Display the uplink information of the MAC-in-MAC instance. connection specified

Command
display minm connection [ vsi vsi-name ] [ | { begin | exclude | include } regular-expression ] undo minm connection [ vsi vsi-name [ linkid link-id ] | { bvlan vlan-id | interface interface-type interface-number } * ] reset service-instance statistics [ interface interface-type interface-number [ service-instance instance-id [ inbound | outbound ] ] ]

Remarks
Available in any view

Clear the uplink connection information of the specified MAC-in-MAC instance.

Available in user view

Clear the service instance statistics of an interface.

Available in user view

MAC-in-MAC configuration example

NOTE: By default, Ethernet, VLAN, and aggregate interfaces are in DOWN state. Before configuring these interfaces, use the undo shutdown command to bring them up.

Network requirements
As shown in Figure 4, enable customer network A to communicate with customer network B by using the MAC-in-MAC protocol.

Figure 4 Network diagram

Configuration procedures
1.

Configure Device A: # Create VLAN 20.

<DeviceA> system-view [DeviceA] vlan 20 [DeviceA-vlan20] quit

# Enable L2VPN.
[DeviceA] l2vpn [DeviceA-l2vpn] quit

# Create a VSI of the MAC-in-MAC type named aaa, specify the I-SID as 100, and configure Ethernet encapsulation for the instance.
[DeviceA] vsi aaa minm i-sid 100 [DeviceA-vsi-aaa] encapsulation ethernet

# Specify VLAN 20 as the B-VLAN for MAC-in-MAC instance aaa.

[DeviceA-vsi-aaa] minm bvlan 20 [DeviceA-vsi-aaa] quit

# Configure port GigabitEthernet3/0/1 as a trunk port, assign it to VLAN 20, and configure it as an uplink port of MAC-in-MAC instance aaa.
[DeviceA] interface GigabitEthernet 3/0/1 [DeviceA-GigabitEthernet3/0/1] port link-type trunk [DeviceA-GigabitEthernet3/0/1] port trunk permit vlan 20 [DeviceA-GigabitEthernet3/0/1] minm uplink vsi aaa [DeviceA-GigabitEthernet3/0/1] quit

# Configure port GigabitEthernet 3/0/2 as a trunk port, and assign it to all VLANs. Create service instance 1 on port GigabitEthernet 3/0/2, configure the port-based match criteria, and associate the service instance with MAC-in-MAC instance aaa by using the access mode of Ethernet.
[DeviceA] interface GigabitEthernet 3/0/2 [DeviceA-GigabitEthernet3/0/2] port link-type trunk [DeviceA-GigabitEthernet3/0/2] port trunk permit vlan all [DeviceA-GigabitEthernet3/0/2] service-instance 1 [DeviceA-GigabitEthernet3/0/2-srv1] encapsulation port-based [DeviceA-GigabitEthernet3/0/2-srv1] xconnect vsi aaa access-mode ethernet [DeviceA-GigabitEthernet3/0/2-srv1] quit [DeviceA-GigabitEthernet3/0/2] quit

2. 3.

Configure Device B: Configure Device B as you configure Device A. (Details not shown) Verify the configuration : Use the display minm connection command to display the uplink connection information (that is, the remote B-MAC information learned) of MAC-in-MAC instance aaa. For example: # Display the uplink connection information of MAC-in-MAC instance aaa on Device A.
[DeviceA] display minm connection vsi aaa 1 connection(s) exist VSIIndex LinkID BMAC 1 1 BVLAN Interface Name GigabitEthernet3/0/1 State AGING TIME(s) AGING

000f-e200-0001 20

Learned

Troubleshooting
Symptom
The customer frames cannot be transmitted to the peer network by using MAC-in-MAC.

Analysis
No VSI of the MAC-in-MAC type is configured on the BEB, or the configured VSI is down. The MAC-in-MAC configurations on the BEBs are inconsistent. The B-VLAN in the BEB is not created on the BCB, or the ports connecting the BEB and BCB are not both assigned to the B-VLAN.

Solution
1.

User the display vsi verbose command to display the MAC-in-MAC configuration of the VSI. If the VSI is not configured with MAC-in-MAC, configure it. If the VSI is down, use the undo shutdown command to bring the VSI up. For more information about the display vsi verbose command, see MPLS Command Reference. Use the display vsi verbose command on all BEBs to see whether they are consistent in the MAC-in-MAC configuration, especially the I-SID and B-VLAN. The MAC-in-MAC configurations on the BEBs should be consistent. Use the display vlan all command on all BCBs to see whether the B-VLAN in the BEB is created on the BCB, and whether the ports connecting the BEB and BCB are both assigned to the B-VLAN. All ports connecting the BEB and BCB must be assigned to the VLAN.

2.

3.

10