FA TLVs

FA leverages LLDP to discover directly connected FA peers and to exchange information associated with FA amongst those peers. FA information is transmitted using company-specific proprietary organizational Type, Length, Value (TLV) fields within LLDP Protocol Data Units (PDU). The following section describes the TLVs for FA.

FA uses two TLVs:

FA Element TLV

The FA Element TLV is used by FA elements to advertise Fabric Attach capabilities. This data forms the basis for FA element discovery and is used in the initial handshake between the FA Server and a client or proxy device.

Click to expand in new window
FA Element TLV format
Table 1. FA Element TLV field descriptions

Field

Description

TLV Type

Indicates whether the discovered element is a client or a proxy device.

OUI and Subtype

The information in these fields is used in LLDP packet handling.

HMAC-SHA Digest

Data integrity and source validation is supported through the use of the HMAC-SHA256 message authentication. This field supports a digest exchange between the source and destination devices. Symmetric private keys are used for digest generation. The HMAC-SHA256 generated digest size is 32 octets.

The HMAC-SHA256 digest is computed starting with the Element Type data, that is, it starts at zero-based byte 38 of the TLV. The digest is then placed in the HMAC-SHA256 Digest field in the TLV prior to transmission. Upon receipt, the digest is again computed and the resulting digest is compared against the received digest. If the received digest is the same as the newly computed digest, the TLV is considered valid and processing commences. If the comparison fails, the TLV is discarded and processing is terminated.

Caution:

If FA communication occurs between non-secure systems, the HMAC-SHA256 Digest data must always be zero. If one system operates in secure mode and the other operates in non-secure mode, the FA Element TLV is discarded before it is processed by the system operating in secure mode.

Element Type

Indicates the supported element type. The primary element types are the FA Server, FA Proxy and FA Client.

An FA Server is an SPB capable device that accepts externally generated I-SID-to-VLAN assignments. An FA Proxy is a non-SPBM device that supports I-SID-to-VLAN assignment definitions and advertises these assignments for possible use by an FA Server. An FA Client, also a non-SPBM device, advertises I-SID-to-VLAN assignments to a directly connected FA Proxy or an FA Server. Both tagged and untagged FA Client connections are supported.

The list of supported element types and their values are:

  • FA Element Type - Other (1)

  • FA Server (2)

  • FA Proxy (3)

  • FA Server No Authentication (4)

  • FA Proxy No Authentication (5)

  • FA Client - Wireless Access Point Type 1, which directly attaches to the SPBM network.

  • FA Client - Wireless Access Point Type 2, which is tunneled to a controller.

  • FA Client - Switch (8)

  • FA Client - Router (9)

  • FA Client - IP Phone (10)

  • FA Client - IP Camera (11)

  • FA Client - IP Video (12)

  • FA Client - Security Device (13)

  • FA Client – Virtual Switch (14)

  • FA Client – Server/Endpoint (15)

State

Indicates the link tagging requirements in FA Client-sourced frames. This field also indicates the current provisioning mode.

The Link VLAN Tagging bit (bit 1) has one of the following values:

  • 0 — indicates that all traffic on the link is tagged. In this case, all discovered FA Clients are treated as tagged.

  • 1 — indicates that traffic on the link is either tagged or untagged. Here, all discovered FA Clients are treated as untagged.

The automatic provisioning mode bits (bits 2 and 3) always have the value 1 for SPB provisioning. The switch only supports the SPB provisioning mode.

Mgmt VLAN

When you configure a management VLAN on the FA Server, it is included in this field in FA Server or FA Proxy sourced frames, and is used to support management VLAN auto-configuration on the downstream proxy and client devices.

System ID

This field contains connection information that a TLV recipient can use to enforce connectivity restrictions.

It contains the system MAC address (6 octets) for MLT configurations and the virtual BMAC address for vIST and SMLT configurations. It also contains information on the connection type such as MLT or SMLT.

Limitations

FA I-SID-to-VLAN Assignment TLV

The FA I-SID-to-VLAN Assignment TLV is used by FA Clients to distribute I-SID-to-VLAN assignments that need to be supported by an FA Proxy or an FA Server.

Click to expand in new window
FA Assignment TLV format

Some fields are common to both the FA Element and FA Assignment TLVs. The following fields are specific only to the FA Assignment TLV.

TLV Field

Description

HMAC-SHA Digest

The HMAC-SHA256 digest is computed for the series 1 to 94 of I-SID-to-VLAN assignments, that is, the data for the digest computation starts at zero-based byte 38 of the TLV. The digest is then placed in the HMAC-SHA256 Digest field in the TLV prior to transmission. Upon receipt, the digest is again computed for the series 1 to 94 of I-SID-to-VLAN assignments in the received TLV and the resulting digest is compared against the received digest. If the received digest is the same as the newly computed digest, the TLV is considered valid and processing can commence. If the comparison fails, the TLV is discarded and processing is terminated.

Caution:

If FA communication occurs between non-secure systems, the HMAC-SHA256 Digest data must always be zero. If one system operates in secure mode and the other operates in non-secure mode, the FA I-SID-toVLAN Assignment TLV is discarded before it is processed by the system operating in secure mode.

Assignment status

Indicates whether the FA Server accepted or rejected the I-SID-to-VLAN mapping request from a client or proxy device.

VLAN

Indicates the C-VID value advertised by the client or proxy device in the FA I-SID-to-VLAN mapping request.

I-SID

Indicates the I-SID that is advertised by a client or proxy device in the FA I-SID-to-VLAN mapping request. This I-SID is used to create a Switched UNI (ELAN) I-SID.

Note:

This I-SID cannot be used by IPVPN, MVPN, SPBM dynamic multicast range, or Transparent Port UNI.

Limitations