The VMAN double tag feature adds an optional port CVID parameter to the existing untagged VMAN port configuration. When present, any untagged packet received on the port will be double tagged with the configured port CVID and SVID associated with the VMAN. Packets received with a single CVID on the same port will still have the SVID added. As double tagged packets are received from tagged VMAN ports and forwarded to untagged VMAN ports, the SVID associated with the VMAN is stripped. Additionally, the CVID associated with the configured Port CVID is also stripped in the same operation.
Much like the CVIDs configured as part of the CEP feature, the configured Port CVID is not represented by a VLAN within EXOS. The implication is that protocols and individual services cannot be applied to the Port CVID alone. Protocols and services are instead applied to the VMAN and/or port as the VMAN represents the true layer-2 broadcast domain. Much like regular untagged VMAN ports, MAC FDB learning occurs on the VMAN, so duplicate MAC addresses received on multiple CVIDs that are mapped to the same VMAN can be problematic. Even when the additional Port CVID is configured, the port still has all of the attributes of a regular untagged VMAN port. This means that any single c-tagged packets received on the same port will have just the SVID associated with the VMAN added to the packet. Likewise, any egress packet with a CVID other than the configured Port CVID will have the SVID stripped.
Since the port-cvid configuration still has the attributes of a regular untagged VMAN, all of the VLAN and VMAN exclusion and compatibility rules of a regular untagged VMAN port also apply. A list of these rules is contained in “EXOS Selective Q-in-Q.”
Because this feature leverages existing untagged VMAN port infrastructure, any protocol that works with a regular untagged VMAN port also works when the optional Port CVID is additionally configured. Protocols that locally originate control packets, such as STP and ELRP which are used for loop prevention, transmit packets as natively untagged on the wire when the port is an untagged VMAN member. EXOS can also receive and process these untagged packets. This makes STP edge safeguard + BPDU guard or ELRP effective ways to detect and react to network loops on the device. However, because control packets are transmitted as untagged upstream, devices may need additional configuration support to properly detect remote loops not directly attached to the device. Other effective loop prevention mechanisms work without any interaction with untagged VMAN ports. For example, turning physical port auto-polarity off will prevent an accidental looped cable from becoming active. Likewise, storm-control rate limiting of broadcast and flood traffic can be applied in this environment to minimize the effects of a network loop.
In addition to detecting, preventing, and minimizing the effects of a network loop, user ACLs can be applied to gain visibility and control of L2, L3, and L4 match criteria, even with double tagged packets. All applicable ACL action modifiers are available in this environment. IP multicast pruning within a VMAN can be accomplished via normal IGMP snooping. EXOS supports full IGMP snooping and IP multicast pruning of single tagged and double tagged packets. However, when an IP address is configured on the VMAN, the IGMP protocol engine will transmit single tagged packets on tagged VMAN ports or untagged packets on untagged VMAN ports. Therefore, upstream switch configuration and support may be necessary to properly propagate group memberships across the network.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB