PO_SP01_E1 L2 Protocols

Course Objective:
Master VLAN/PVLAN theory
Understand STP principle
Master Trunking technology

Reference:
DSLAM Technique Manual

Contents
Chapter 1 .........................................................................1
Layer 2 technology ..........................................................1
VLAN .............................................................................. 1
VLAN Protocol ........................................................................ 1
PVLAN................................................................................... 7
QinQ VLAN ............................................................................ 7
VLAN Stacking ....................................................................... 8
MVLAN .................................................................................. 8

Spanning-Tree Protocol .................................................... 9

Operating principle of the transparent bridge ............................. 9
STP Overview ........................................................................ 9
Operating Principle of STP ..................................................... 10
Status of STP port ................................................................ 11

Trunking ....................................................................... 12

Chapter

Layer 2 technology

VLAN
The VLAN (Virtual LAN) is a group of equipments on one or more
LANs, which are configured such through the management
software that they can communicate as if attached on one line.
However, they actually are located on different LAN segments.
The VLAN is based on the logical connection, rather than
physical connection, which makes it very flexible.

VLAN Protocol
Before you learn the VLAN, let us look at two concepts: Collision
domain and broadcast domain. The collision domain is the
network area occupied by a packet (regardless of its type
(unicast or broadcast)) sent from a host. While, the broadcast
domain is the network area occupied by a broadcast packet sent
from a host.
The VLAN is a logical broadcast domain, which may cross
multiple physical LAN segments. A VLAN can be created by
function, project group or application, regardless of the physical
location of the subscribers. The ports of a switch can only belong
to a VLAN. The ports of a VLAN can share broadcast, while ports
of different VLANs cannot share broadcast. This can improve the
performance and security of the network.
On the switching network, the VLAN provides segmentation
and flexibility. The VLAN technology allows you to put
subscribers (coordination personnel in a department, or product
group) into a group by putting the corresponding ports in a
group, to share some network application programs.
A VLAN may be on a separate switch or on multiple switches
interconnected. A VLAN can include all the sites in a building or
the sites in multiple buildings, or even sites crossing the WAN.

Confidential and Proprietary Information of ZTE CORPORATION

PO_SP01_E1 L2 Protocols

Operation of VLAN
Firstly, the switch operates similarly to a traditional bridge.
Each VLAN can perform address learning, data forwarding
and filtering. The switch is more advanced in that it has the
VLAN function, which can confine data forwarding to the ports on
the VLAN same as the port where the data is from. Such
stipulation applies to all packets, whether unicast, multicast, or
broadcast.

Division of VLAN
A VLAN is logical sub-net or network segment, while the
members on the network segment are defined by the subscriber.
The members of a VLAN are usually based on ports. However,
you can also divide VLANs by MAC addresses.
The most common method to divide VLANs is by geographic
location, known as local VLAN.
An End-to-End VLAN is a method to divide VLANs in the whole
switching area. This method allows a VLAN to cross several
switches or buildings. Such method is usually related to a work
group (for example, a department and a project team).
The following methods are available to divide VLAN members:
Static VLAN: It is the method to put ports into a VLAN, whose
members are divided based on ports.
Dynamic VLAN: It is the method to put a group of MAC
addresses into a VLAN through the NMS software. When an
equipment enters the network, the VLAN it belongs to is
determined based on its MAC address. This method is often
referred to as MAC based division. See FIGURE 1.
F I G U R E 1 T Y P E S O F V L AN S

Confidential and Proprietary Information of ZTE CORPORATION

Chapter 1 Layer 2 technology

Characteristics of VLAN
FIGURE 2 FLAT NETWORK

As shown in FIGURE 2, there is a network with no VLAN divided

(referred to as a flat network). This network has the following
problems:

If the HUB is used, the structure is in a collision domain,

where every device on the network can see the data
transmitted on the network. (1) If the switch is used, the
structure is in a broadcast domain, where every device on
the network can transmit data to each other.

Security problem: In the layer 2 environment, there is not a

convenient means for providing security. Every PC can
access any other devices.

Management of multiple paths: The layer 2 switching cannot

provide a redundant path to a destination. Therefore, it
cannot provide load sharing function.
However, the introduction of the VLAN provides a solution to
large scale layer 2 network.
All the members on a VLAN is in a broadcast domain. When a
workstation sends a broadcast packet, all the members of
the VLAN can receive the broadcast packet. However, the
broadcast packet will be filtered by those ports and
equipment not on the same VLAN.

Confidential and Proprietary Information of ZTE CORPORATION

PO_SP01_E1 L2 Protocols

F I G U R E 3 A V L AN I S A B R O A D C A S T D O M A I N

Because a VLAN is defined with a broadcast domain, as shown in

FIGURE 3, many layer 2 problems can be solved:

Efficient bandwidth utilization. The VLAN provides a solution

to the limitation of a large scale flat network in expansion.
By dividing the whole network into several broadcast
domains, that is, sub-nets, the VLAN confines all data,
including broadcast and multicast, within a sub-net. However,
to implement inter-VLAN interconnection, layer 3 routing
should be used.

Security. The security function of layer 3 routing can be used

to implement access control between VLANs.

Load balancing. The VLAN also uses the load balancing

function of layer 3 routing to implement load balancing
between VLANs.

Fault isolation. Any other important reason that the VLAN is

used is that it enables fault isolation. On a large flat network,
the fault of an equipment may result in the breakdown or
fault of the whole network. A good solution to this problem is
to divide a flat network into several network segments by
routers, so that when fault occurs on a network segment, the
fault will be isolated by the routers, with other network
segments unaffected.

Confidential and Proprietary Information of ZTE CORPORATION

Chapter 1 Layer 2 technology

Link types of switches

FIGURE 4 LINK TYPE

Access link: An access link is one that only belongs to a VLAN,

for example, the link between a PC and a switch.
Tagged link: An tagged link is one that can carry multiple
VLANs, for example, the link between two switches. (Certainly,
not all inter-switch links are tagged links.) Please note, the
packets transmitted on a tagged link are different from those on
an access link. The packets on a tagged link comply with the
IEEE 802.1Q protocol.
FIGURE 5 S CHEM ATIC DI AGRAM FOR LINKS

Confidential and Proprietary Information of ZTE CORPORATION

PO_SP01_E1 L2 Protocols

IEEE 802.1Q protocol

FIGURE 6 IEEE 802. 1Q PROTOCOL

When frames are transmitted on the network, there should be a

means to identify the VLAN to which a frame belongs, so that
the switch can send the frame only to the VLAN it belongs to,
rather than to all ports as usual. The means is to add VLAN tags.
To add VLAN tags to the data when the switch receives data
from workstations to indicate the source of the data, the 802.1Q
protocol should be enabled.
The IEEE 802.1Q protocol provides a standard method for
bearing the data of multiple VLANs over one cable. In an IEEE
802.1Q packet, four bytes are added after the old address of an
ordinary Ethernet frame, which are:

TPID (Tag protocol identifier): This part is 2 bytes, constantly

0x8100. The value indicates that the frame carries tag
information of 802.1Q.

TCI (Tag control information): Including subscriber priority,

CFI and VLAN ID.
The 3-bit subscriber priority is in a scale of 8, where 0 is the
lowest and 7 the highest.
The 1-bit standard format indication indicates whether the
MAC address in the MAC data domain is a standard format,
where CFI=0 indicates standard format, while CFI=1
indicates non-standard formats.
The 12-bit VLAN ID is the VLAN ID. There can be up to
4095(212-1) VLANs, and 0 indicates that there is no VLAN ID.

Confidential and Proprietary Information of ZTE CORPORATION

Chapter 1 Layer 2 technology

PVLAN
In the MAC+VLAN forwarding mode, a VLAN constitutes a
broadcast domain. Broadcast packets belongs to a VLAN and
unknown unicast packets will be broadcasted to all ports of this
VLAN. In general, VLAN division relates to IP address allocation
mode. To make efficient use of IP addresses, a divided VLAN is
expected to of certain size. However, from the viewpoint of user
access data flow and data security, the number of users in a
broadcast domain shall be minimal, or even each user has an
independent broadcast domain to ensure full isolation of users.
To achieve the above two objectives, a VLAN must have two
roles: Network side interface, located in the same broadcast
domain as all subscribers; subscriber side interface, only located
in the same broadcast domain as the network side interface and
isolated from other ports.
Private VLAN (PVLAN) has two types of ports: One is normal
VLAN port and the other is PVLAN port. A normal port can
interwork with all ports in the same VLAN, but a PVLAN port
cannot interwork with other PVLAN ports.
PVLAN port refers to the port that cannot interwork in the PVLAN
but can interwork with normal ports. In actual application, it is
often served as a subscriber side port. A normal port refers to
the port that can interwork with all other ports in the PVLAN. In
actual application, a normal port is often served as a uplink port.

QinQ VLAN
The feature of QinQ VLAN is to implement the directly
transparent transmission of VLAN service to the opposite. The
principle of QinQ VLAN is that L2 equipment receives the packet
with VLAN tag from the lower level network and assigns VLAN ID
of the public network to the packet, then, forwards it to the
upper level network. The packet is forwarded through the core
network of MAN. When the packet reaches to the other side of
the core network, the VLAN tag of public network is pelt off and
the packet is resumed. Then, the resumed packet is forwarded
to the user-side device. The packet forwarded in the core
network has two 802.1q tags: the public network tag and the
private network tag. In this way, the private VLAN can
transparently forwarded to the opposite directly. The VLAN ID
resource of the public network is greatly saved.

Confidential and Proprietary Information of ZTE CORPORATION

PO_SP01_E1 L2 Protocols

VLAN Stacking
VLAN Stacking meets the user demands of VLAN expansion and
dedicated line batch service. The dedicated line batch service
indicates that multiple ISPs probably exits in a Layer 2 switching
MAN. Users utilize the outer-layer VLAN of VLAN Stacking to
identify the users ISP. The VLAN Stacking principle is described
below. The system assigns an inner-layer tag (Customer VLAN)
to the port which wan to implement Stacking service for
identifying the user. Then, it tags the outer-layer VLAN (SP
VLAN) to the port. On the network, the service is forwarded
upon the outer-layer VLAN, which is pelted off when the service
reaches to BAS device. At the BAS device, the system identifies
the user upon the inner-layer tag. VLAN Stacking functions to
locate the port.

MVLAN
MVLAN has two meanings. MVLAN corresponds to the basic
VLAN for multicast service. In addition, MVLAN is a logical entity
under the management of DSLAM multicast. MVLAN contains
three management parameters: management group set,
multicast source port set and multicast receiver port set. The
proper configuration of the three parameters is fundamental for
a MVLAN to perform correct multicast management.
Management group set: The management group set is an IP
address list of a multicast group MVLAN manages. If the
requested multicast address is not in the management group set,
the user can not obtain the relevant services the multicast
address provides. The management group set of different
MVLANs can not be overlapped.
Multicast source port: A multicast source port is a port used for
uplink multicast router or for multicast service cascade in a
MVLAN. Essentially, the multicast source port is a special port
performing the above functions in the basic VLAN. One MVLAN
can have multiple multicast source ports and one source port
can belong to multiple MVLANs.
Multicast receiver port: A multicast receiver port is such a port
which authorizes a user port with the qualification of asking for
multicast service. If the user port is not the receiver port of one
MVLAN, any broadcast request of its will be refused. In addition,
the receiver port can be used for cascade. Therefore, MVLAN
enables DSLAM to supports two services: forwarding broadcast
service directly to DSLAM and DSLAM dynamically requesting
broadcast service from the uplink broadcast device.

Confidential and Proprietary Information of ZTE CORPORATION

Chapter 1 Layer 2 technology

Spanning-Tree Protocol
Before learning the spanning tree protocol, let us first look at the
operating principle of the transparent bridge.

Operating principle of the

transparent bridge
As its name implies, a transparent bridge is one that is
transparent to the equipment on the network, with no settings
needed on the terminal workstation. In a bridge environment
with no redundant links, the transparent bridge can operate
normally. However, once there is any redundant link, the
transparent bridge will have problem.

The bridge does not change the frames to be forwarded.

A bridge learns the MAC address by listening to the source

address of the equipment. IF a source MAC address appears
at a port, the bridge will assume that it can find the source
MAC address through the port. Therefore, the bridge will
create a table, to indicate the relation between the MAC
address and the port. A bridge is always listening and
learning.

For broadcast, the bridge forwards the packets to all ports.

(except the port that receives the broadcast packets. }

For a unknown destination address (also called unknown

unicast), the bridge will also forward the packets to all the
ports. (except the port that receives the packets. )

STP Overview
The Spanning-Tree Protocol is a protocol used to eliminate loops
on the network.
It ensures that only the path of one route is connected to the
ADSL port on the network and other bridge equipment (including
switches, bridges and routers) with other networks, for
connecting different networks. If any unnecessary path or loop is
detected, the corresponding ports will be blocked (prohibit data
transmission) to shield the unnecessary paths. However, if one
or more paths are damaged on the network topology, it will
select a good port from the ports blocked according to the
setting for data transmission, to ensure smoothness of the
network.

Confidential and Proprietary Information of ZTE CORPORATION

PO_SP01_E1 L2 Protocols

Operating Principle of STP

To detect and eliminate loops, the STP defines a tree crossing all
switches. The STP forcedly sets a redundant link as standby or
closed. When a network segment on the tree is unreachable, the
STP will recalculate the topology of the tree, and enable the
standby paths to set up connections again.
All interconnected switches with STP enabled will exchange some
data information with other switches. Such data information is
called BPDU (bridge protocol data units).
Exchange of BPDU is used for:

Election of the root switch

Election of the DS (Designated Switch) for each segment

Setting the ports of redundant paths to the standby status,

to eliminate loops.

BPDU is sent from all ports once every two seconds, to ensure
firm and stable network topology and free from loops.
The root is the reference point used by all switches on the
network to determine loops. When a switch boots, it takes itself
as the root, and sets the root ID as the bridge ID. To create a
spanning tree free from loops, the first step is electing the root.
The bridge ID is composed of two parts:

2-byte priority. By default, this value of every switch is set to

a same value.

6-byte MAC address. It is the MAC address of the switch.

These two parts combine to determine who is the root. The

smaller the number, the more probable the root. By exchanging
BPDU, it can determine who is the root. If all the switches have
the same priority, whos the root depends on the MAC address.
The switch with the smallest MAC address will become the root.
After the root is elected, every switch will establish relation with
the root. The switch does this by listening to the BPDU from the
ports (all ports).
To select the port for forwarding data and the port to be closed,
a switch should view the following two parts in the BPDU:

path cost

port priority

The switch first views the path cost, to select the port with the
smallest cost. This value is calculated based on the rate of the
line and the number of the lines. The port with the smallest cost

10

Confidential and Proprietary Information of ZTE CORPORATION

Chapter 1 Layer 2 technology

will be set to the forwarding status, while all other ports will be
set to the blocking status.
If one or more ports have the same path cost, the switch will
evaluate the port priority. The port with the smallest port ID will
be set to the forwarding status, while all other ports will be set
to the blocking status.
Thus, by election of the root and determination of the forwarding
port, the STP determines a tree crossing all switches, forcedly
setting a redundant line to standby or closed status to eliminate
loops.

Status of STP port

The spanning tree changes the ports among different statuses.
They are:

Blocking: The initial statuses of all the ports are blocking,

for preventing loops. If the spanning tree determines that
there is a better path, all these ports will be at blocking
status.

Listening: The listening status is changed from the blocking

status. During this period, a port tries to learn whether any
better route is available to reach the root. At this status, the
port can hear data frames but cannot receive or transmit
data. In addition, the port is not allowed to put any
information heard to the address table of the switch. The
listening status is actually used to indicate that a port is
preparing to transmit data, but it still has to wait for a while,
to ensure that there is no loop. This while, or the listening
period, is called forward delay.

Learning: The learning status is very similar to the listening

status, with the only difference that the port at the learning
status will add the address information learned into the
address table of the switch. However, it still cannot receive
or transmit data. The duration of this status is also called
forward delay.

Forwarding: At the forwarding status, the port starts to

receive/transmit data. A port will not be set to forwarding
status, unless there is no redundant link, or the port itself is
on the best path.

Disable: The port is not connected or is disabled by the

administrator.
Among all statuses, listening and learning are temporary.
Ultimately, they will be changed to blocking or forwarding
status.

Confidential and Proprietary Information of ZTE CORPORATION

11

PO_SP01_E1 L2 Protocols

Trunking
The trunking function is the Link Aggregation technology. It
makes one or more connections form a link aggregation set
through aggregation. For MAC Client at the upper layer, link
aggregation is a logical link, but the communication capacity of
this link increases a lot. The trunking technology is used to
connect two switches. If there is no fault, the bandwidth
between two switches may increase as the physical links in the
trunk increase, but the information flows are evenly distributed
to the physical links in the trunk. When a physical link fails, it
will automatically be disabled and transmission of information to
it will be stopped. In addition, the switch will no longer allocate
information flows to the port connected with this failed link. The
failure of one or more physical links in the trunk does not affect
the connectivity between two switches, but link bandwidth will
decrease as disabled links increase. Therefore, the trunking
technology can effectively improve network bandwidth and error
tolerance. The trunking technology complies with the 802.3ad
protocol.
When link aggregation is used, pay attention to the following:

12

Before setting the port trunking, please remove the network

connection cables of the ports to be set. Otherwise, loops will
be generated.

When disabling aggregation of a port in the aggregated ports,

please first remove the network connection cable, so that the
data transmission at this port can be automatically taken
over by another port, to avoid data loss.

Confidential and Proprietary Information of ZTE CORPORATION