Layer 2 Protocol Tunneling
Layer 2 protocol tunneling (L2PT) is achieved by encapsulating the PDUs at the ingress PE device before transmitting them over the service provider network. The encapsulation prevents the PDUs from being processed by the switches in the SP network. At the egress PE device, the encapsulated packets are de-encapsulated, and transmitted to the CE device.
- VLAN/VMAN – The Destination Address (DA) MAC of the Layer 2 PDU is changed to the L2PT DA MAC. The switch shall also add any VLAN tags that may be required to the Layer 2 PDU before transmitting over the SP network.
- VPLS/VPWS – The DA MAC of the Layer 2 PDU is changed to L2PT DA MAC. The Layer 2 PDU is then treated like any other data packet by the MPLS stack. The MPLS stack shall add the labels and L2 headers as per its configuration to the Layer 2 PDU before transmitting over the SP network.
- VXLAN – The DA MAC of the Layer 2 PDU is changed to L2PT DA MAC at the ingress remote tunnel end-point (RTEP). The modified packet is then encapsulated into a VXLAN packet and sent over the network. At the egress RTEP, the packet is lifted to the CPU for L2PT processing. After VXLAN decapsulation, the DA MAC is changed from L2PT MAC to the protocol MAC and is sent on the access ports of the tenant VLAN.
- Tunnel – Configuring an interface of a service to tunnel for a protocol enables the interface to tunnel PDUs of the configured protocol that are received by the underlying port of the interface. Any PDUs that are received in its native format are tunneled instead of processing locally by the switch. Any PDUs of the protocol that are received in its encapsulated format are dropped by the switch (receiving an encapsulated packet on an interface configured to tunnel is considered proof of network misconfiguration, or loops).
- Encapsulate/Decapsulate – Configuring an interface of a service to encapsulate or de-encapsulate for a protocol enables the interface to transmit and receive PDUs of that protocol in its encapsulated format. Native PDUs of the protocol may still be received by the underlying port of the interface, but they will not be tunneled and instead are processed locally by the switch.
- None – Configuring an interface of a service to none for protocol marks the interface as not participating in tunneling for that protocol. Native PDUs of the protocol that are received on the underlying port of the interface shall either be processed locally by the switch or be tunneled by another service which is configured to tunnel that protocol. Encapsulated PDUs that are received on the interface are treated like any other L2 packet.
- VLAN/VMAN – The CoS value is written to the PRI bits of the outermost VLAN tag if available.
- VPLS/VPWS – The CoS value is written to the EXP bits of the outermost MPLS label. The action taken by the switch for PDUs of a protocol is as described in the following table.
- VXLAN – The CoS value configured on the profile attached to the access port is written to the PRI bits of the outer VLAN header of the VXLAN encapsulated frames before transmitting them to other RTEPs.
As VXLAN tunneled packets cross L3 boundaries in the underlay network, the CoS can get lost when traversing L3 boundaries. An operator may choose to configure a Differentiated Services Code Point (DSCP) that needs to be set in the outer IP header of the encapsulated packets. If the packet encapsulated into the VXLAN tunnel is an IP packet, the DSCP from inner IP header is typically copied to DSCP of the outer IP header. A configuration option is provided to overwrite this outer DSCP value. In case of L2 protocols (which do not have an inner DSCP), the configured DSCP value is set in the outer IP header.
Ingress Action | Egress Action | Switch Action |
---|---|---|
None or Encap/Decap | NA | Process locally |
Tunnel | None | Discard PDU at egress |
Tunnel | Tunnel | Tx PDU natively |
Tunnel | Encap/Decap | Tx PDU encapsulated |
The action taken by the switch for encapsulated PDUs for a protocol is as described in the following table.
Service has at least one I/F with tunnel action | Ingress Action | Egress Action | Switch Action |
---|---|---|---|
No | None or Encap/Decap | None or Encap/Decap | Forward |
Yes | None or Tunnel | NA | Discard packet at ingress |
Yes | Encap/Decap | None | Discard packet at egress |
Yes | Encap/Decap | Tunnel | Tx PDU natively |
Yes | Encap/Decap | Encap/Decap | Tx PDU encapsulated |