VLAN Provider Bridges

By extending VLAN tagging technology via the IEEE 802.1Q-2011 standard, an organization managing a service provider network can provide external user groups (departments, customers) to each have their own separate logical network (a LAN consisting of multiple VLANs) through the provider network to predefined egress ports. The provider can assign a single VLAN through their network for all traffic egressing through a port, instead of having to create and manage a separate VLAN for each customer VLAN. This feature, commonly called Provider Bridges (also VLAN stacking, or Q-in-Q), performs Layer 2 tunneling from one customer network location through the provider network to another customer network location.

Provider bridges allow a service provider to assign customer traffic to a service instance called an S-VLAN (Service VLAN). When a packet from a customer VLAN arrives on an S- K- and 7100-Series switch at the edge of the provider network, it is already identified by a tag called a C-TAG (customer tag). The edge switch encapsulates the packet with another tag called an S-TAG (service provider tag) for relay through the service provider network. The packet egresses from the provider network to the destination customer site through an egress port at which the S-TAG is stripped off. The packet continues on to the remote customer network guided by its original C-VLAN tagging, unaltered.

Provider Bridges in Provider Network illustrates the Provider Bridges function in a provider network with two customers, each with a campus on either side of the provider network and the need to connect their VLANs inexpensively, transparently, and securely. VLAN 49 from Customer 1 ingresses the provider network through the Customer Network Port (CNP) on Provider Edge Switch 1, which adds S-TAG 25 to packets with the C-VID for Customer 1 VLAN 49 (C1V49). After traversing the provider network as S-VLAN 25, the packets egress the provider network at the designated CNP on Provider Edge Switch 2, where the S-TAG 25 is removed and the packets are forwarded to their destination. Even though Customer 2 has a VLAN 49 (C2V49), this traffic is tagged with S-TAG 34 and traverses the provider network as S-VLAN 34.

If other traffic from Customer 1 (for example, VLAN 22) must traverse the provider network to get to the remote Customer 1 campus, the provider edge switches would add the S-TAG for S-VLAN 25 on C1V22 packets as well. In this way all Customer 1 traffic (80 VLANs) can pass over the provider network using a single S-VLAN, and arrive at their destinations with C-VLAN intact.

Provider Bridge-related Port Types defines the types of ports used in the Provider Bridge architecture. In hardware terms they are identical, but they differ in their roles in the bridging feature architecture.