Scribd Logo
Upload

Welcome to Scribd!

  • Private VLANs & Tunneling II

    Uploaded by

    Andrés Mena
    8 views39 pages
    Routing II

    Original Title

    Clase 9 PVLAN&QinQ

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Routing II

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views39 pages

    Private VLANs & Tunneling II

    Uploaded by

    Andrés Mena
    Routing II

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 39

    CONMUTACIÓN Y RUTEO II

    Clase 9. Private VLANs & Tunneling


    802.1Q

    Alberto Arellano A. Ing. Msc.


    aarellano@espoch.edu.ec
    CCNA – CCNP - CCSP
    Private Vlans
    In general VLAN is a concept of segregating a physical network, so
    that separate broadcast domains can be created. Private VLANs
    (PVANs) will split the primary VLAN domain into multiple isolated
    broadcast sub-domains. It’s like the nesting concept – creating VLANs
    inside a VLAN
    Private Vlans
    The private-VLAN feature addresses two problems that service
    providers face when using VLANs:

    • Scalability: The switch supports up to 4096 active VLANs. If a


    service provider assigns one VLAN per customer, this limits the
    numbers of customers that the service provider can support.

    • To enable IP routing, each VLAN is assigned a subnet address


    space or a block of addresses, which can waste the unused IP
    addresses and cause IP address management problems.

    Private VLANs partition a regular VLAN domain into subdomains and


    can have multiple VLAN pairs—one for each subdomain. A
    subdomain is represented by a primary VLAN and a secondary VLAN
    PVLAN Types
    Primary VLAN: Simply the original VLAN.
    This type of VLAN is used to forward frames
    downstream to all Secondary VLANs.

    Secondary VLAN: Secondary VLAN is


    configured with one of the following types:

    • Isolated: Any switch ports


    associated with an Isolated VLAN
    can reach the primary VLAN, but not
    any other Secondary VLAN. In
    addition, hosts associated with the
    same Isolated VLAN cannot reach
    each other.

    • Community: Any switch ports


    associated with a common
    community VLAN can communicate
    with each other and with the primary
    VLAN but not with any other
    secondary VLAN.
    Private VLANs Ports Type
    Promiscuous port (P-Port): The switch port connects to a router, firewall or
    other common gateway device. This port can communicate with anything else
    connected to the primary or any secondary VLAN.

    Host Ports:
    • Isolated Port (I-Port): Connects to the regular host that resides on
    isolated VLAN. This port communicates only with P-Ports.
    • Community Port (C-Port): Connects to the regular host that resides on
    community VLAN. This port communicates with P-Ports and ports on the
    same community VLAN
    Private VLANs Ports Type
    Hardware Switches
    Private VLANs Configuration
    Private VLANs Configuration
    1. Configuring private VLANs requires us to change the VTP
    mode to Transparent

    2. Create VLANs Primary, Community and Isolated

    3. Associate VLAN Secundary 200, 250 and 300 to VLAN


    Primary 100
    Private VLANs Configuration
    4. Configure Promiscuous Port, it needs to be accessed by all
    vlans(501 and 502)

    5. Add Ports to Vlan Community 200 and 300 and Vlan 250
    Isolated
    Private VLANs Configuration
    Private VLANs Configuration
    Private VLANs Configuration
    Private VLANs Configuration
    Private VLANs Configuration
    6. Add Ports Vlan 250 Isolated
    Private Vlans – Trunk Ports
    Private Vlans – Trunk Ports
    Private Vlans – Trunk Ports
    Private Vlans – Trunk Ports
    Private Vlans – Trunk Ports
    Private Vlans – Homework
    Enterprise Ethernet vs Carrier Ethernet
    Feature Enterprise Carrier
    Distance Up to 2 Km Up to 100 Km
    Scale • Few K MAC addresses • Millions of MAC Address
    • 4096 VLANs • Millons of VLANS
    • Q-in-Q
    Protection Spanning Tree TRILL (Transparent
    Interconnection of Lots of Links)
    SPB (Shortest Path Bridging)
    Path Path determined by Traffic engineered path
    spanning tree.
    Service Simple SLA
    Priority QoS Aggregate Need per-flow QoS
    Carrie Ethernet
     Metro Ethernet (MAN)

     Why Ethernet ?
    oMost common Interface today
    oCost effective
    oSupports very high Bandwidths (upto 400 Gbps)
    oFlexible upgrades within a wide range (1Mbps to
    400 Gbps)
    oEasy and simple to manage and maintain
    Metro Ethernet
    Metro Ethernet is an Ethernet transport network
    that provides point-to-point or multipoint connectivity
    services over a metropolitan area network (MAN).
    Access Technologies for Metro Ethernet

    Carrier o Metro Ethernet


    services are designed to be
    delivered over all the
    commonly available packet
    access infrastructures
    deployed today including:
    • Copper (including
    bonded channels)
    • Fiber (dark and active)
    • HFC (DOCSIS)
    • Packet Radio
    • Passive Optical Network
    (PON)
    • PDH/SDH (T1/E1/T3/E3)
    Metro Ethernet Services
    E-Line

    PE

    PE

    PE

    An E-Line is a service type defined by the MEF for connecting


    exactly 2 UNIs where those 2 UNIs can communicate only with one
    another.
    E-Lines are used to create, among other solutions:
    • Private lines
    • Ethernet Internet access
    • Replacement for TDM private lines
    E-Lines are the most popular Carrier Ethernet service due to their
    simplicity.
    E-Tree

    PE

    PE
    PE

    PE

    An E-Tree is a rooted multipoint service that connects a number of UNIs


    providing sites with hub and spoke multipoint connectivity. Each UNI is
    designated as either root or leaf. A root UNI can communicate with any
    leaf UNI, while a leaf UNI can communicate only with a root UNI. E-Trees
    are used to create:
    • Multicast delivery services
    • Internet access
    • Mobile backhaul services
    • Telemetry services
    E-LAN

    An E-LAN is a multipoint-to-multipoint service that connects a


    number of UNIs (2 or more) providing full mesh connectivity for those
    sites. Each UNI can communicate with any other UNI that is connected
    to that Ethernet service. E-LANs are used to create:
    • Multipoint L2 VPNs
    • Transparent LAN services
    • Layer 2 VPNs (L2VPN)
    • Foundation for IPTV and Multicast networks
    Metro Ethernet Models
     QinQ (Stacked VLAN)- IEEE 802.1ad

     Mac in Mac (Backbone Provider


    Bridge-PBB)-IEEE 802.1ah

     Ethernet over IP-MPLS


    (Pseudowires)- IETF RFC 4448
    802.1Q Tunneling (Q-in-Q) – 802.1ad
    The 802.1Q tunneling technology also know as Q-in-Q is an extension
    to the well known 802.1Q standard which allow Service Provider to
    transport customers VLANs by simply adding another layer of IEEE
    802.1Q tag to the original 802.1Q tagged packets that enter the ISP
    network. Customer VLAN IDs are preserved and traffic from different
    customers is segregated within de service provider infrastructure even
    when they appear to be on the same VLAN.
    802.1Q Tunneling Lab
    802.1Q Tunneling Lab
    802.1Q Tunneling Lab
    802.1Q Tunneling Lab
    802.1Q Tunneling Lab
    802.1Q Tunneling Lab
    802.1Q Tunneling Lab
    802.1Q Tunneling Lab

    You might also like