IEEE 802.1Q, IEEE802.1ad, IEEE 802.

1ah
Standard a supporto delle VLAN

IEEE 802.1Q VLAN frame format

Original Ethernet Frame Format
PA

SFD

DA

SA

TL Data Bytes 46 - 1500 Byte FCS IFG

Ethernet Frames on a tagged port can include a VLAN

PA

SFD

DA

SA
TPI
81

Label
PA
SF
DA
SA
TPI
P
CFI
VLAN ID
T/L
Payload
FCS

00

Field Name
Preamble
Start Frame Delimiter
Destination Address
Source Address
Tag Protocol Identifier
User Priority
Canonical Format Indicator

Size
7 bytes
1 bytes
6 bytes
6 bytes
2 bytes
3 bits
1 bit

VLAN Identifier (VID)

Type/Length Field
Payload

12 bits
2 bytes
48 - 1500
bytes
4 bytes

Frame Check Sequence

TPI VLAN TL Data Bytes 46 - 1500 Byte FCS IFG

User
Priority (P)

CFI

VLAN ID (VID)
to identify 4094 possible VLANs

Description
Used to synchronize traffic between nodes
Marks the beginning of the header
The MAC address of the next/final hop
The MAC address of the source
Indicates this frame uses 802.1p or Q tags set to 8100 in the standard
Indicates 802.1p priority level 0-7 (CoS)
Indicates if the MAC addresses are in canonical format (bit ordering
information) Ethernet uses 0 / different in Token Ring
Indicates which VLAN this frame belongs to (1-4094)
Ethernet II type or 802.3 length information
User data or higher layer protocol information
Error checking on the frames contents also known as CRC (Cyclical
Redundancy Check)

IEEE 802.1Q VLAN

Reserved VID values

Two VID values are reserved (can not be

used configured)
0x000: Null VLAN ID for priority-tagged
frames
0xFFF: Management wildcard lookup, other
future uses

IEEE 802.1Q VLAN

C-DA

C-SA

Client Data

FCS

VLAN Aware
C-TAGBridge

C-DA

C-SA C-TAG

Client Data

C-FCS
FCS

Standard currently refers to VLANs (Virtual LANs)

IEEE 802.1Q changes the terminology to Customer VLANs (C-VLAN)
As the frame has changed, the checksum must be recalculated

C-VLAN also contains 3 bits for priority information

Originally defined in IEEE 802.1p
Opportunity to use this information with Ethernet (QoS)

IEEE 802.1Q-aware Bridge

Three virtual switches inside a single Q-aware bridge

Location A

Switch 1
Switch 1
Switch 1

Location B

Switch
Location C

Port Type: Access Port

Each Access Port has the following behaviour:
An access port has one VLAN in it's member set - the Port VLAN
(P-VLAN, configured against that port)
All frames received with the P-VLAN are forwarded
All untagged and priority frames are forwarded (with P-VLAN)
All frames received with any other VLAN are dropped.
Frames received on other ports on the bridge will only be forwarded
to this port if they contain the P-VLAN
All frames transmitted on this port have the P-VLAN tag removed.

VLAN rules are enforced by the management system

Port Type: Trunk Port

Each Trunk Port has the following behaviour:
A Trunk port is in the member set of all VLANs, and transmits all
frames with VLAN tags.
It will discard all packets received on it that are from a VLAN not
configured on the bridge
Every frame transmitted on this port will contain one of the
configured VLANs
The operator only has to configure the port as a Trunk port, all
configured VLANs will then become part of its member set
Every new VLAN they create automatically becomes part of the
member set.

VLAN rules are enforced by the management system

Provider Bridge
IEEE 802.1ad

Starting with the Q-in-Q concept

(introduced by Cisco)
Q-in-Q has two key concepts:
Introduces the Tunnel Port / Tunnel VLAN concept, which is
used to tunnel Customer VLAN-tagged traffic through a
provider network by stacking a second VLAN.
Introduces the concept of tunnelling various Customer Control
Protocols (C-PDUs) that would normally be terminated by the
peering bridge.

Therefore:
Q-in-Q can tunnel all of a single customers VLAN-tagged traffic
over a single T-VLAN
Q-in-Q allows for scalable networks, and customer separation.

VLAN Stacking
Tagged Ethernet II Frame
PA SFD

DA

DA

SA

SA

TPI VLAN TL Data Bytes 46 - 1500 Byte FCS IFG

Mod.
TPI VLAN TPI VLAN
TL Data Bytes 46 - 1500 Byte
IFG
FCS
2
1
2
1

Ethernet Multi TAG Frame, not standardised (Cisco Solution)

(so called Q in Q or Q dot Q frames)

IEEE 802.1ad; Network view

C-VLAN #1

Node 2
Node 3
C-VLAN #2
C-VLAN #1

Node 1
C-VLAN #3

C-VLAN #2

Provider Bridge Network

IEEE 802.1ad
C-VLAN #3

Node 5

C-VLAN #3

C-VLAN #1
C-VLAN #2

Node 4

IEEE 802.1ad: Bridge View

Tunnel
Edge
Bridge

Tunnel-VLANs

Tunnel
Edge
Bridge

Customer B
network 1

Customer B
network 2

Provider Network
Customer A
network 2

(equipped with
standard bridges)
Customer A
network 3

Customer A
network 1

Customer-VLANs

Tunnel Port which encapsulates purple

and red Customer VLAN into light blue
Tunnel VLAN
->Port-based Service VLAN

Definition of a PB (IEEE 802.1ad)

A Provider Bridge enables a Service Provider to use a
common infrastructure of Bridges and LANs to offer the
equivalent of separate
LANs
Bridges
Virtual Bridged Private LANs

to independent customer organisations

Separation of the different domains is the key here:
C-VLANs are Customer-operated
S-VLANs are Service-provider operated
Customer is unaware of Service network (and other customers)

IEEE 802.1ad Frame Formats

C-DA

C-SA C-TAG

Client Data

C-FCS

ProviderS-TAG
Edge Bridge

C-DA
I-TAGC-SA S-TAG C-TAG

Client Data

C-FCS
S-FCS

Customer TPID = 8100, Provider TPID = 88A8

Provider Bridges see C-TAGd traffic as untagged
Therefore, an S-TAG is stacked on top of the C-TAG

Unlike Q-in-Q, we can now see whether each VLAN is

from a customer or service provider.

New definitions from IEEE

802.1ad

C-VLAN:

S-VLAN:

A system comprising a single S-VLAN component and one or

more C-VLAN components

S-VLAN Bridge:

Service Provider VLAN, used inside the provider network.

TPID = 88A8
(Also contains Drop Eligibility flag)

Provider Edge Bridge:

Customer VLAN, previously defined as a VLAN in 802.1Q.

TPID = 8100

A system comprising a single S-VLAN component.

Provider Bridge:

An S-VLAN Bridge or a Provider Edge Bridge

Component definitions
(EISS = Enhanced Internal Sublayer Service)
The PB / PEB definitions define components
These are generic building blocks for the PB & PEB
The type of component determines the type of VLAN
handled
Two such component types are defined in IEEE 802.1ad
C-VLAN component:
A VLAN-aware bridge component with each Port supported by an
instance of the EISS that can recognize, insert, and remove
Customer VLAN tags

S-VLAN component:
A VLAN-aware bridge component with each Port supported by an
instance of the EISS that can recognize, insert, and remove
Service VLAN tags

Port designations
Customer Edge Port (CEP):
C-VLAN component port on a Provider Edge Bridge that receives /
transmits frames for a single customer

Customer Network Port (CNP):

An S-VLAN component port on a Provider Bridge / within a Provider
Edge Bridge that receives / transmits frames for a single customer

Provider Edge Port (PEP):

A C-VLAN component port within a Provider Edge Bridge that
connects to a CNP and receives / transmits frames for a single
customer

Provider Network Port (PNP):

An S-VLAN component port on a Provider Bridge that receives /
transmits frames for multiple customers

Port designation on Provider Bridges

Customer Q-Bridges

Provider Edge Bridge

C-VLAN Components
CEP

CEP

Untagged PVID

Tagged

S-VLAN Component

Tagged or Untagged PEP

CNP Untagged PVID

S1

Tagged or Untagged PEP

CNP Untagged PVID

S2

Tagged or Untagged PEP

CNP Untagged PVID

S3

Tagged

PNP

CVID

CEP (untagged) supports only one C-VLAN

CEP (tagged) supports multiple C-VLANs (with multiple C-VIDs)
CNP (untagged) has a 1:1 relationship with a C-VLAN / S-VLAN
CNP (tagged) supports multiple S-VLANs (with multiple S-VIDs)
PNP (tagged) supports multiple services

Customer Operated
Provider Bridges

Provider Bridge
CNP Untagged PVID

S4

S5
CNP

Tagged

SVID
S6

Tagged

PNP

Customer Edge Port (CEP)

Connected to customer-owned equipment
Receives and transmits frames for a single customer

Supports the following types of service

C-untagged: handling of frames with no C-VLAN tag
C-tagged: handling of frames with a C-VLAN tag

Provides a mapping for each C-VLAN to S-VLAN

Untagged and Priority mapped to the Port Default C-VLAN

Connected via a C-VLAN component to one or more PEP(s)

Customer RSTP is extended over this C-VLAN component
Customer BPDUs are VLAN-tagged and transmitted over the
Provider Network as normal multicast traffic

Customer Network Port (CNP)

Connected to customer-owned equipment
Receives and transmits frames for a single customer

Supports the following types of service

Port-based: handling of frames with no S-VLAN tag
S-tagged: handling of frames with a S-VLAN tag

Provides a re-mapping function for S-VLANs

Untagged and Priority mapped to the Port Default S-VLAN

A CNP exists as either:

Physical port: Connected directly to the customer
Logical port: Internal LAN connection on a 1:1 basis to a PEP

Provider Network Port (PNP)

Connected to provider equipment
Receives and transmits frames for multiple customers

Supports the following types of service

S-tagged: handling of frames with a S-VLAN tag
SC-tagged: handling of frames with a S-VLAN and C-VLAN tag

All frames received must have an S-VLAN tag

Any packets without a valid S-VLAN are dropped

Connected via the S-VLAN component to CNP

Provider BPDUs are only transmitted over the PNP

Changes for Protocol Frames

IEEE 802.1Q defined the following range as reserved:
01-80-C2-00-00-00 to 01-80-C2-00-00-0F
Frames received in this range must not be forwarded, but must be
either peered or discarded.

IEEE 802.1ad sets a new range for S-VLAN components:

01-80-C2-00-00-01 to 01-80-C2-00-00-0A
Bridge Group Address is treated as a normal multicast address
Customer BPDUs will therefore be S-VLAN tagged
These frames then forwarded as per customer multicast

Network / Subnetwork Segregation Protocol

Frames
IEEE 802.1Q Bridges Reserved Addresses
Multicast
MAC Address

Length
Or
Ethertype

DSAP-SSAP

Control

01-80-c2-00-00-00

length

42-42

03

01-80-c2-00-00-01

88-08

01-80-c2-00-00-02

88-09

Port Authentication Entity

01-80-c2-00-00-03

88-8e

Link Layer Discovery

01-80-c2-00-00-0e

88-cc

GARP Mulicast Registration

01-80-c2-00-00-20

GARP VLAN Registration

01-80-c2-00-00-21

Protocol Type

LLC Type 1 Header

Spanning Tree
Rapid Spanning Tree
Multiple Spanning Tree
Pause
Link Aggregation Control
Link Aggregation Marker

length

Not LLC encapsulated

42-42

03

IEEE 802.1ad Bridges Additional Reserved Addresses

Protocol Type

Multicast
MAC Address

Length
Or
Ethertype

DSAP-SSAP

Control

length

42-42

03

LLC Type 1 Header

Provider Spanning Tree

Provider Rapid Spanning Tree

01-80-c2-00-00-08

Provider Multiple Spanning Tree

Provider GARP VLAN Registration

01-80-c2-00-00-0d

Customer RSTP
Normal bridge group address omitted
from PB and S-VLAN component
reserved list
Customer BPDUs are neither blocked
nor processed, instead they are
tagged and forwarded

PNP
PNP

PNP

PNP
Provider Edge
Bridge

PEP

PNP

CNP

PNP
CNP

CNP

CNP

PEP

IEEE 802.1ad specifies RSTP per C-VLAN component of PEBs

RSTP BPDUs use normal bridge group address
CEP

CEP

RSTP BPDUs are transmitted on all CEPs and PEPs

BPDU transmission on PEPs extends RSTP per C-VLAN to other
customer subnets

Customer Spanning Trees

Provider bridge group address is included in C-VLAN component

reserved list, so Provider BPDUs via CNPs are effectively blocked

Provider Spanning Tree

Provider MSTP
PNP

PNP

PNP

PNP

PNP
Provider Edge
Bridge

PEP

CEP

CNP

PNP
CNP

CNP

CNP

PEP

CEP

IEEE 802.1ad specifies MSTP on PBs and S-VLAN

components of PEBs
Provider BPDUs use provider bridge group address
Provider BPDUs are transmitted on all CNPs & PNPs

Provider Backbone Bridge

IEEE 802.1ah

Provider Backbone Bridge Network

Concepts
Backbone service creation
Provisioning Hierarchy:
Customer
Provider
Backbone

Address space separation

Provider Backbone Bridge

Terminology

From LAN Bridges to

Provider Backbone Bridges

Bridge Types
Backbone Bridge
Backbone Edge Bridge

New Backbone Edge Bridge Ports

Customer Q-Bridges

Provider Edge Bridge

C-VLAN Components
CEP

CEP

Untagged PVID

Tagged

S-VLAN Component

Tagged or Untagged PEP

CNP Untagged PVID

S1

Tagged or Untagged PEP

CNP Untagged PVID

S2

Tagged or Untagged PEP

CNP Untagged PVID

S3

Tagged

PNP

CVID

Customer Backbone Port (CBP): porta di un Backbone Edge Bridge che

pu ricevere e trasmettere I-tagged frame, pu assegnare B-VID e tradurre
I-SID.
Provider Instance Port (PIP): porta di un I-component in un Backbone
Edge Bridge che fornisce accesso al backbone service.

Backbone Edge Bridge (I-Function)

Verso le PIP:
C-DA e C-SA sono incapsulati dentro lI-TAG
B-DA preso da una tabella locale
B-SA lindirizzo MAC della PIP
Dalle PIP:
accetta solo i frame con B-DA uguale allindirizzo
MAC della PIP
C-DA e C-SA sono presi dallI-TAG
LI-TAG viene rimosso e scartato

Backbone Edge Bridge (B-Function)

Aggiunge un B-TAG ed effettua il forwarding dei

frame I-tagged verso le PNP
Rimuove il B-TAG quando riceve frame da una
PNP
S-TAG TPID e B-TAG TPID sono uguali (88A8)
come nellIEEE 802.1ad

Backbone Edge Bridge (IB-Function)

Contiene un B-component e uno o pi I-component

Backbone Bridge Components

B-component : componente S-VLAN con una o
pi Customer Backbone Port (CBP)
Riconosce e utilizza I-TAG.
Supporta lassegnazione di B-VID (V-LAN allinterno
del backbone) basati su I-SID sulle CBP.
Supporta la terminazione degli Spanning Tree PBBN

I-component : componente S-VLAN con una o

pi Provider Instance Port (PIP)
Supporta il mapping tra S-VID e I-SID
Supporta la terminazione degli Spanning Tree PBN

Backbone Core Bridge

Usato allinterno di una Provider Backbone Bridged Network

(PBBN).
Esegue il learning dei soli MAC appartenenti alla PBBN. Gestisce i
frame come i Provider Bridge (IEEE 802.1ad).
Il nome BCB solo una distinzione logica allinterno dello standard
802.1ah.

Definizioni in sintesi

Backbone MAC Address (B-MAC): indirizzo MAC associato ad una Provider

Instance Port a utilizzato per creare lheader MAC di frame I-tagged trasmessi
attraverso una Provider Backbone Bridged Network
Backbone MAC Frame: un frame LAN con indirizzi MAC backbone
Backbone service instance: istanza di un servizio in una Provider Backbone
Bridged Network tra due o pi Virtual Instance Ports in Backbone Edge Bridges.
Backbone Service Instance Identifier (I-SID): campo del tag di una Backbone
Service Instance che identifica listanza del servizio di un frame
Backbone Service Instance Drop Eligibility Indicator (I-DEI): campo del tag di una
Backbone Service Instance che indica la possibilit di scarto di un frame in una
backbone service instance
Backbone Service Instance priority code point (I-PCP): campo del tag di una
Backbone Service Instance che indica la priorit di un frame in una backbone service
instance
Backbone Service Instance tag (I-TAG): tag con Ethertype 88E7
Backbone VLAN (B-VLAN): VLAN identificata da un Backbone VLAN ID.
Backbone VLAN drop eligible indicator (B-DEI): campo di un B-TAG che identifica
la possibilit di scarto del frame
Backbone VLAN ID (B-VID): identificatore VLAN in un B-TAG.
Backbone VLAN priority code point (B-PCP): campo di un B-TAG che indica la
priorit di un frame in una Backbone VLAN
Backbone VLAN tag (B-TAG): S-TAG usato insieme a indirizzi backbone MAC.
Backbone VLAN tagged frames: frame che contengono un B-TAG immediatamente
dopo il source MAC address.

Ethernet Types / I-TAG

Port Based
Concettualmente identico al caso 802.1ad, non accetta frame
con S-TAG a meno che non abbiano T-TAG=0 (priority).

S-Tagged
Mappa unistanza di servizio identificata da un SVID in unistanza di servizio Backbone sulla PBBN
identificato da un SID

Interfacce S-TAGGED
Mapping 1:1 tra S-VID e I-SID: In questo
caso non viene trasportato lS-TAG ma
viene dedotto dallI-SID, priorit e DEI
vengono rigenerati a livello di I-TAG.
Bundling degli S-VID su un unico I-SID: In
questo caso viene trasportato anche lSTAG con relativi priorit e DEI, copiati
anche nellI-TAG.

Encapsulation

I-Tagged

Esempio