Network Working Group Liu Kebo Internet Draft Feng Jun Jin Lizhong Expiration Date: Dec. 2007 Chen Jianye Li Dingjun ZTE, Inc. Jun. 2007 The Processing of Isolation and Interconnection between Multiple Customer VLANs in VPLS VPN draft-liu-l2vpn-vpls-vlan-ext-00.txt Status of This Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract This document decribes a method of using Customer VLANs to isolate internal users and the interconnection between Multiple Customer VLANs in a VPLS VPN. It extends and is compatible with the existing VPLS MAC learning and forwarding mechanism [RFC4664], [RFC4762]. Copyright Notice Copyright (C) The Internet Society (2007). 1. Specification of Requirements The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 liu Expires: Dec. 2007 [Page 1] Internet-Draft draft-liu-l2vpn-vpls-vlan-ext-00 Dec. 2007 2. Acknowledgements The editors gratefully acknowledge the authors of [RFC4664], [RFC4762]. since that document is the basis of our work. We would also like to thank all the future participants for their comments and suggestions on this draft. 3. Introduction A virtual LAN, commonly known as a vLAN or as a VLAN, is a method of creating independent logical networks within a physical network. Several VLANs can co-exist within such a network. This helps in reducing the broadcast domain, which in turn reduces network traffic and increases network security. A VPLS is an L2 service that emulates LAN service across a Wide Area Network (WAN). It allows geographically dispersed sites to share an Ethernet broadcast domain by connecting sites through pseudo-wires. Section 7.2 of [RFC4762] proposes two modes of VPLS MAC address leaning: qualified and unqualified learning. In unqualified learning, all the VLANs of a single customer are handled by a single VPLS, which means they all share a single broadcast domain and that MAC addresses need to be unique and non-overlapping among customer VLANs. In qualified learning, the logical MAC address is now a VLAN tag + MAC address. In this mode, only one Customer VLAN is allowed to exist in one VPLS VPN, in case a customer has several Customer VLANs, each Customer VLAN has to be processed by corresponding quantity of VPLS VPNs. Therefore, no matter Qualified Mode or Unqualified Mode, neither of them is able to isolate the internal users of VPLS VPN and meanwhile realize the interconnection between the isolated groups using Customer VLANs. This document proposes to extend the Qualified MAC-learning Mode, making VPLS VPN supports multiple Customer VLANs and also supports the isolation and interconnection simultaneously. As shown in Fig. 1, in the network topology, customer expects to realize the following functions among all remote users: liu Expires: Dec. 2007 [Page 2] Internet-Draft draft-liu-l2vpn-vpls-vlan-ext-00 Dec. 2007 VLAN1 is only allowed to intercommunicate with VLAN2, isolated from the others; VLAN3 is only allowed to intercommunicate with VLAN2, isolated from the others; VLAN4 is not allowed to intercommunicate with other VLANs and isolated from the others. +-----+ +-----+ | CE3 |----+----| CE4 | +-----+ | +-----+ VLAN 2 | VLAN 4 +-----+ +----+ +-----+ | CE2 +---+ ..........| PE2|............ +---| CE5 | +-----+ | . +----+ . | +-----+ VLAN 1 | +----+ +----+ | VLAN 2 +---| PE1| Cloud | PE3|---+ | +----+ +----+ | +-----+ | . . | +-----+ | CE1 +---+ . +----+ . +---| CE6 | +-----+ ..........| PE4|........... +-----+ VLAN 3 +----+ ^ VLAN 1 | | +-----+ | +-----+ +-- Emulated LAN | CE8 |----+----| CE7 | +-----+ +-----+ VLAN 3 VLAN 4 Fig.1 Network Topology of VLAN Isolation and Interconnection In accordance with the technology provided in existing VPLS relevant drafts, the requirements of customer cannot be satisfied, so this draft is brought forward to meet similar requirements of customers, and it has done some modifications in the control and data planes based on current technology. The details of revised content are described in later chapters. 4. Terms We assume that readers are all familiar with the terms defined in [RFC4664] and [RFC4762]. 5. VLAN Interconnection Table Generated in Control Plane Based-upon Users¡¯ Configuration The Control Plane provides VLAN interconnection configuration command. After the VALN are intercommunicated, Control plane will generate VLAN Interconnection Table and distribute it to Data Plane for its reference while learning MAC address. E.g.: In Fig. 1, users in VPLS are divided into VLAN1, VLAN2, VLAN3 and VLAN4, VLAN1 and VLAN2 are able to intercommunicate while VLAN2 and VLAN3 are able to intercommunicate respectively, then in the corresponding Control Plane generate two items in VLAN interconnection table: VLAN1£ºVLAN2 VLAN3£ºVLAN2 liu Expires: Dec. 2007 [Page 3] Internet-Draft draft-liu-l2vpn-vpls-vlan-ext-00 Dec. 2007 6. MAC-Learning Process at Data Plane Data Plane learns MAC address using Qualified Mode, that is, the learning object is a logical MAC address: VLAN +MAC. After a MAC is learnt, if it will be copied to another VLAN to generate a new forwarding information item with source VLAN mark is depending on the previously generated VLAN interconnection table items. E.g.: Learnt a forwarding item VLAN1+MAC1, the egress is Local AC 1, namely ¡°corresponding egress of VLAN1+MAC1 is AC 1¡±: simultaneously, VLAN1 and VLAN2 are able to intercommunicate, so it is need to copy MAC1 to VLAN2 to generate a new forwarding information item with source VLAN mark: ¡°corresponding egress of VLAN2+MAC1is AC 1 and with source VLAN mark (VLAN1)¡±. Write the two forwarding items to FIB for later application in packet-forwarding. 7. Data-Forwarding Process at Data Plane The packet forwarding mechanism in this extended solution is still complied with [RFC4664],[RFC4762] and other related documents. To avoid loopback, ¡°split horizon¡± principle is still followed, only some revisions in some details, see below: 7.1. Processing of Broadcast Packets Forwarding Data Plane does not only send broadcast packets to local AC and other ACs within one VLAN simultaneously, but also to other VLANs that have interconnection relationships. E.g.: Received broadcast packets sent by VLAN 1 on PW, it is not only necessary to transmit the packets to the Local ACs belonging to VLAN1, but also to the ACs belonging to VLAN2, and VLAN1 should be replaced by VLAN2 in such case, then the correct broadcast packets are able to transmitted to the ACs belonging to VLAN2. 7.2. Processing of Unicast Packets Forwarding When forwarding Unicast packets, Data Plane still needs to search for FIB and then forward the packets in accordance with the forwarding information, however, if the forwarding information have source VLAN mark that is the forwarding information copied based upon the interconnection relationship of different VLANs, which is described in Section 5£©and the egress of the packets is a Local AC, it will need to replace the VLAN of the original packets to the source VLAN carried in forwarding items. liu Expires: Dec. 2007 [Page 4] Internet-Draft draft-liu-l2vpn-vpls-vlan-ext-00 Dec. 2007 E.g.: A forwarding information item the data packet is searching: ¡°the corresponding egress of VLAN2+MAC1 is Local AC 1 and with source VLAN mark, VLAN1¡±, this forwarding information item has a source VLAN mark, so source VLAN2 should be replaced by VLAN1 when it is to be forwarded. 8. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights, which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. 9. Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. liu Expires: Dec. 2007 [Page 5] Internet-Draft draft-liu-l2vpn-vpls-vlan-ext-00 Dec. 2007 10. References [RFC4664] L. Andersson, E. Rosen, "Framework for Plane 2 Virtual Private Networks (L2VPNs)", September 2006. [RFC4762] Marc Lasserre, V. Kompella, " Virtual Private LAN Services Using LDP", January 2007. 11. Authors' Information Liu Kebo ZTE Inc. CHINA Email: liu.kebo@zte.com.cn Feng Jun ZTE Inc. CHINA Email: Feng.jun99@zte.com.cn Jin Lizhong ZTE Inc. CHINA Email: jin.lizhong@zte.com.cn Chen Jianye ZTE Inc. CHINA Email: chen.jianye@zte.com.cn Li Dingjun ZTE Inc. CHINA Email: li.dingjun@zte.com.cn liu Expires: Dec. 2007 [Page 6]