L2Switching - With - ELAN 0x1

L2 Switching
with
ELAN 0x
© Tejas Networks Confidential and Proprietary Software Enabled Transformation www.tejasnetworks.com

Table of Content
ELAN 0x – Introduction Static Multicast Table
ELAN Features Dynamic Unicast Table
VLAN based switching Dynamic MAC Learning & Ageing Time
VLAN Tagging Example of Dynamic MAC learning & Dynamic Unicast
Table
Acceptable Frame Type
Port Mirroring
Port VLAN ID
LAG
VLAN Table
Overview of QoS
Applications of Acceptable Frame Type, PVID, VLAN
Tables in .Q mode Storm control
Ingress VLAN Filtering ACL
Egress Tagging / Untagging Why Q in Q ACRONYMS
What is the solution?
MAC based switching
Static Unicast Table
© Tejas Networks Confidential and Proprietary Software Enabled Transformation

ELAN 0x -- Introduction
Cards Eth Ports VCG Ports Uplink Product Supported
ELAN01 8FE + 2GE 8FE + 2GE STM-8 TJ100ME16, TJ1500, TJ1600
ELAN02 8FE + 2GE 6FE + 2GE STM-4 TJ100MC4L, TJ100ME4, TJ100MC16/16X, TJ1500, TJ1270
ELAN03 8FE 8FE STM-4 CPE4, TJ100ME, TJ1500, TJ1270, TJ1310R2
ELAN05S 16FE/16FX +4GE 8FE + 2GE STM16 1520 MADM
ELAN05D 32FE/32FX+8GE 8FE + 2GE STM16 1520 MADM

ELAN Features
Ingress Switching Egress
VLAN Tagging / Untagging VLAN table Tagging/ Un-tagging
Acceptable Frame Type (only in .Q mode)
Port VLAN ID (PVID)
Ingress VLAN Filtering
Dynamic MAC Learning Static Unicast Table
Static Multicast Table
Dynamic Unicast Table
Ageing Time
Port Mirroring
STP, RSTP, MSTP STP, RSTP, MSTP

Access Control Lists (ACL)
Link Aggregation Group (LAG) Egress Rate Limiting

B-cast/M-cast/DLF storm control Link Aggregation Group (LAG)
Port rate limiting
Ingress Rate Limiting CoS queue templates
Port Priority Traffic Scheduling
Bandwidth Profiling
Diffserv classification and policies
Trust mode Configuration

Virtual LAN-Advantages
 Increase performance
 Form virtual work groups
 Easy Network Administration
 Enhance network security
 Reduce cost
© Tejas Networks Confidential and Proprietary Software Enabled Transformation 5

VLAN based Switching
VLAN Tagging / Untagging
L2 Ethernet Frame 802.1Q Ethernet Frame 802.1Q-in-Q Ethernet Frame

(without VLAN tagging) (with single VLAN tagging) (with double VLAN tagging)
MAC DA 6 MAC DA 6 MAC DA 6

MAC SA 6 MAC SA 6 MAC SA 6
Payload ET=0x8100 2 ET=0x88A8 2
FCS 4 C-VLAN TCI 2 S-VLAN TCI 2
Payload ET=0x8100 2
FCS / 4 C-VLAN TCI 2
Notes: Payload
1. ET stands for Ethernet Type, this 2 byte field is also called ‘VLAN Protocol ID’ FCS // 4
This field when present, indicates that the frame is VLAN tagged and that the next 2 bytes in the frame contain ‘Tag
Control Information’ (TCI)
Hex value of 8100 indicates that the next 2 bytes contain C-VLAN TCI Hex value of 88A8 indicates that the next
2 bytes contain S-VLAN TCI

VLAN Tagging (…contd.)
Notes (… contd.):
2. C-VLAN stands for Customer VLAN, S-VLAN stands for Service Provider VLAN
3. In each VLAN Tag Control Information of 2 bytes,
CFI
Priority VLAN Identifier
bits 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
msb lsb msb lsb
bytes First byte Second byte
12 bits are for VLAN Tag (possible no.s 1 to 4094) **
**
Tag 0 is used to indicate NO VLAN tagging WITH priority tagging, Tag 4095 unused.
1 bit is for Canonical Form Indicator (CFI), CFI=0 for Ethernet
and 3 bits are for Priority Tag (possible no.s 0 to 7, with 7 is higher priority)
4. MAC DA, SA, and the Payload areas remain the same in all three frame format.
5. FCS keeps on changing as Frame Check Sequence is calculated on more and more bytes.
6. Usage of VLAN Tag and Priority Tag will be described later.

Acceptable Frame Type
 Either ‘Admit All’ (default)
Or ‘Admit Only VLAN Tagged’
 User-configurable per-port basis, i.e., individually for each Eth / VCG port *
 If ‘Admit Only VLAN Tagged’,

then any untagged traffic coming to the Eth / VCG port
will be dropped without being admitted into the switch.
* Unless specifically mentioned, Switching parameters for an Eth port or

a VCG port will behave similarly.

Port VLAN ID (PVID)
 User can assign any no. between 1 and 4094 as PVID
of any Eth / VCG port on per-port basis (default is 1).
 In .Q mode
 If Ingress traffic is Tagged then PVID is not used
 If ((Ingress traffic is Untagged) & (Acceptable frame type is ‘Admit all’))
then the traffic is C-VLAN-tagged by the PVID of the Ingress port
 In Q-in-Q (also called VLAN stacking) mode

 Irrespective of whether the Ingress traffic is C-VLAN tagged or not,
the traffic is S-VLAN-tagged by the PVID of the Ingress port
Ex: Eth 5 of an ELAN 0x card is the Ingress port, getting customer traffic with C-VLAN tag of 200 and the PVID of Eth 5 is
300. The number 300 will be unused in .Q mode, whereas in Q-in-Q mode the traffic will get S-VLAN tagged by 300.

VLAN Tables
 User can make upto 2000 different VLAN tables in the switch having table
numbers in the range of 2 to 4094. *
 Some Eth ports and/or some VCG ports will be member of a particular VLAN table
depending on the application.
Any particular Eth / VCG port can be member of many VLAN tables though.
 Any Ingress traffic with VLAN-tag ‘a’ will search for**
its destination
by looking up ONLY the VLAN table no. ‘a’
 Packets will be forwarded to
all the members of VLAN table no. ‘a’ (i.e. these ports will act as Egress ports)
excluding the Ingress port (assume that Ingress port is member of VLAN table no. ‘a’
* Table no.1, wherein ALL Eth and VCG ports are member (used for broadcast within the switch), is NOT
user-configurable.
** C-VLAN tag in case of .Q mode and S-VLAN tag in case of Q-in-Q mode

Applications of Acceptable Frame Type, PVID, VLAN Tables in .Q mode
VCG 1 ETH 3
Untagged
SDH/SONET Ingress: VCG 1
Backbone VCG 2 & VCG 2
ELAN 0x Egress: ETH 3
A C
Acceptable Frame Type VCG 1 –

VLAN Tables
‘Admit all’ must VCG 2 – anything
ETH 3 – It is Egress port VLAN 100 VLAN 200
B
VCG 1 VCG 2
PVID VCG 1 –
other than 200, say 100 VCG 2 – does not ETH 3 ETH 3
matter ETH 3 – It is Egress port Tagged, 200

Ingress VLAN Filtering
 For packet forwarding from Ingress port to Egress port(s),
Egress port (s) must be member of the VLAN Table,
numbered the same as the Ingress traffic VLAN tag number.
 Is it must that the Ingress port also should be member of the VLAN table?
 Answer is YES, if ‘Ingress VLAN filtering’ is enabled on the Ingress port
(this feature works per-port basis)
 Answer is NO, if ‘Ingress VLAN filtering’ is disabled (default) on the Ingress port
Usage of this feature VLAN Tables
Refer the application in previous slide. We impose constraint that If ETH 3 is
Ingress port, then traffic with tag 200 should go to NE B but traffic with tag 100 VLAN 100 VLAN 200
should not go to NE A VCG 1 VCG 2
Will the same VLAN tables do? ETH 3 ETH 3
NO, VLAN 100 now should not include VCG 1 but ‘Ingress VLAN filtering’ should
be disabled on VCG 1
Egress Tagging / Untagging
 In .Q mode, when any port is included as a member of any VLAN table, option is there to include the port either as ‘tagged’
or as ‘untagged’ (on per-port and per-VLAN basis)
 When a port is included as ‘tagged’ under some VLAN table ‘a’, Egress traffic
(with C-VLAN tag ‘a’) out from that port will retain tag ‘a’
 When a port is included as ‘untagged’ under some VLAN table ‘a’, Egress traffic
(with C-VLAN tag ‘a’) out from that port will not retain tag ‘a’
Ex: In present switch, traffic was forwarded according to VLAN table ‘a’ – say, this traffic is going to another switch where it needs to
forwarded according to VLAN table ‘b’ – in this case, the Egress port in present switch needs to be included as ‘untagged’ under VLAN
table ‘a’
In Q-in-Q mode, the ports can be configured as a customer network port or provider network port. The ETH ports are
customer ports and VCG ports are provider ports by default.
In Q-in-Q mode, when any port is included as a member of any VLAN table, NO option is there to include the port either as
‘tagged’ or as ‘untagged’
 Always any VCG port is included as ‘tagged’ and any ETH port as ‘untagged’
Why so? Will be discussed after Q-in-Q mode application slide
Why Q-in-Q ?
ETH 1 VCG 1 VCG 1

ETH 1
Tagged, 100
SDH/SONET
VCG 2 Backbone VCG 2
ETH 5
ETH 5
Tagged, 100 A C
VCG 1 VCG 2
VLAN 100
ETH 5 ports are for
VLAN 100 ETH 1
ETH 1 ports are for Customer B, Can VLAN
Customer A, VLAN 100 is ETH 1 100 be modified in A,B,C ETH 5
B
made in A,B,C as shown??
VCG 1 VCG 1
ETH 1 ETH 5
VCG 2 VCG 2
NO

What is the solution?
Solution is double tagging!
 Give different PVID to ETH 1 and ETH 5 ports in A,B,C

(say, for ETH 1 ports PVID is given as 1000 and for ETH 5 ports PVID is given as 2000)
 Configure all switches in A,B and C in Q-in-Q mode

VLAN Tables
 Incoming traffic with C-VLAN tag 100 from Customer A
VLAN 1000 VLAN 2000
will get S-VLAN tagged at ETH 1 port by 1000
ETH 1 ETH 5
 Incoming traffic with C-VLAN tag 100 from Customer B
VCG 1 VCG 1
will get S-VLAN tagged at ETH 5 port by 2000
VCG 2 VCG 2
 Make two VLAN tables 1000 and 2000 in all the nodes
It should be pretty clear now that VCG 1 and VCG 2 ports, when acting as Egress ports, should contain the
second S-VLAN tag – whereas the ETH 1 and ETH 5 ports, when acting as Egress ports, should NOT contain
the second S-VLAN tag.

MAC DA based Switching
Broadcast, Multicast, and Unicast addresses
 Any MAC (L2) address is a six byte address, normally represented in

Hexadecimal pattern
 Source Address: Unique
 Destination Address:
 Broadcast address: all ‘1’, i.e., FF:FF:FF:FF:FF:FF
 Multicast address: least-significant-bit (l.s.b.) of the most-significant-byte (M.S.B.)
is ‘1’, e.g., 15:22:33:44:55:66, FB:33:68:EA:FF:FF etc.
 Unicast address: l.s.b. of M.S.B. is ‘0’,
e.g., 1A:22:33:44:55:66, E4:33:68:EA:FF:FF etc.
In the address 15:22:33:44:55:66, 15 is the M.S.B. 15 when represented in Binary pattern, gives
0001 0101 – so, the l.s.b. is ‘1’ => Multicast
In the address 1A:22:33:44:55:66, 1A is the M.S.B. 1A when represented in Binary pattern, gives
0001 1010 – so, the l.s.b. is ‘0’ => Unicast

Static Unicast Table
 ‘Static’ => the table is operator made from the UI,
unless operator decides to delete it from the UI, it will remain in the switch
 ‘Unicast’ => single Egress port
 Can any Egress port be selected? No, the port must be part of VLAN table ‘a’, if
the ‘latest’ tag of the Ingress traffic is ‘a’
Note: Any MAC DA based table is a sub-table of a particular VLAN table – so, VLAN table rule can not be
bypassed, e.g., switching for some Ingress traffic with ‘latest’ tag ‘a’ can not be based on any MAC DA based
table which is a sub-table of VLAN table ‘b’
 Statement is:
If (MAC DA of Ingress traffic = ‘Unicast DA’ entry in the static Unicast table)
Then the sole Egress port will be the ‘direct to’ port entry in the static Unicast table
Under the ‘VLAN table’ entry in the static Unicast table

Static Multicast Table
 ‘Static’ (see Static Unicast slide)

 ‘Multicast’ => more than one Egress port
 Can any Egress port be selected? No, the ports must be part of VLAN table ‘a’, if
the ‘latest’ tag of the Ingress traffic is ‘a’

(see the note on the Static Unicast slide)
 Statement is:
If (MAC DA of Ingress traffic = ‘Multicast DA’ entry in the static Multicast table)
Then the Egress ports will be the ‘direct to’ ports entry in the static Multicast table
Under the ‘VLAN table’ entry in the static Multicast table

Dynamic Unicast table
 ‘Dynamic’ => the table is made automatically by the switch, and
table entries are deleted automatically after some time
(if associated port(s) are inactive as ingress)
 How much time?  We need to discuss ‘Ageing time’ feature
 ‘Unicast’ => single Egress port
 Which port will be the Egress port?  that port, which has learned the Unicast address
 Under which VLAN(s)?  that (those) VLAN ids, which was learned by the port above
We need to discuss ‘Dynamic MAC learning’ feature.
 Statement is:
If (MAC DA of Ingress traffic = ‘Unicast DA’ entry in the dynamic Unicast table)
Then the sole Egress port will be the ‘direct to’ port entry in the dynamic Unicast table
Under the ‘VLAN table’ entry in the dynamic Unicast table

Dynamic MAC Learning & Ageing Time
Dynamic MAC Learning
 Per-port feature
For a particular port, the feature from UI

 If ‘disabled’, it can not learn any MAC address(s) sent by the client(s) associated with it.
 If ‘no limit on learning’, it can learn Maximum 16K MAC addresses while port is Ingress
 If ‘limit learning’, it can learn between 20 and 600 (value is configurable from UI)
MAC addresses while port is Ingress
Ageing Time
 Feature for whole switch, NOT per-port feature
 Value is configurable from UI between 1 second and 106 second
 Value should be entered in units of Seconds, e.g., for 5 minutes, enter value 300

Example of Dynamic MAC learning & Dynamic Unicast Table
Dynamic MAC Learning VLAN

Usage
100of Dynamic Unicast Table
ETH 1
ETH VCG ETH VCG
1 1 ETH 3 1 1
ETH 5
Client 2 2 2 2
Client
SA MAC1 3 3 VCG 1
3 3
4 4 VCG 5
4 4
5 5 5 5
Dynamic Unicast Table
VLAN = 100 VLAN
VLAN
= 100
= 100
DA = MAC 1 DADA
! ==MAC
MAC11
Egress = ETH 1

Port Mirroring
 For Monitoring and analyzing the traffic contents locally (by means of any Eth test-set)
without disturbing the normal traffic flow.
 ‘Source’ port(s): the port(s), whose contents we want to mirror
 ‘Direct to’ or ‘mirror’ or probe port: the port, where traffic will be mirrored. Probe port is
not network connected.
 Multiple source ports can be mirrored on to a probe port. If the combined rate of the source
ports is more than the probe port, then the mirrored traffic will be dropped.
 Port mirroring doesn’t allow monitoring traffic on LAG port.

Port Mirroring
Important points to note:

1. The source port (s) can be configured for mirroring nothing / only Ingress traffic / only
Egress traffic / both Ingress and Egress traffic to the mirror port.
2. The mirror port will NOT act as traffic port (neither as Ingress nor as Egress)
3. Port-mirroring happens across VLAN,

e.g., for mirroring the Ingress content of source ETH 1 with ‘latest’ tag 100 to mirror
ETH 5, ETH 5 need NOT be part of the VLAN table no. 100
4. Even if a port is part of a VLAN then also allow that port to be configured as a destination
(probe) port.
5. Even if a port is part of LAG then also allow it to be configured as a Destination (probe)
port.

Introduction to LAG
To connect two switches, we use a cable to connect two physical ports (one in each of the switches) and
configure them as a trunk.
But a single trunk has bandwidth limitations.
LAG is a process of inter-connecting two switches with two or more links between them (or between a
switch and a server), so that multiple links are combined into one bigger virtual link that can carry a higher
(combined) bandwidth.
All these multiple links participating in a Link Aggregation Group act like a single large (virtual) link.

Link Aggregation Group (LAG)
 Link aggregation combines multiple physical links between two devices into one
logical path. The logical path is called an aggregate link.
 Lag name  Max 16 characters
 FE and GE ports simultaneously can not be part of LAG
 AN should be disabled on member ports
 Member ports should be in ‘full duplex’ mode
 LACP mode should be enabled on individual ports
 The member ports should not be a part of any other VLAN.
 If Switch is in Q-in-Q mode and member port is CNP, LACP tunneling on the
port should be ‘peer’.
 PEER would mean that the ELAN would peer with the customer device for that protocol.

How LAG works?
A Link Aggregation Group (LAG) combines a number of physical ports together to make a single high-
bandwidth data path, so as to implement the traffic load sharing among the member ports in the group
and to enhance the connection reliability.

Link Aggregation Group contd…
If two switches support 1 GE ports, multiple ports from one switch can be connected to multiple ports in
another switch to provide high-bandwidth connections (2 GE, 3 GE, etc) between the switches.
This approach is not only inexpensive (doesn’t require hardware upgrades), but also allows a granular
upgrade of interconnect bandwidth between the two switches.

Classification of LAG
There are 2 types of classification of LAG
• Type A
1. Distribution
2. Protection
• Type B
1. Static
2. LACP

Distribution Mode
Distribution Mode:
Multiple links participating in a LAG can also load-balance the traffic between them so that traffic is evenly
distributed.
All the links (ports) should have same speed and all the links will be active
100Mbps
400Mbps 100Mbps 400Mbps
A 100Mbps B
100Mbps
In this example, 400 Mbps of total traffic coming from multiple customers to node A is distributed equally among 4,
100Mbps links
Distribution technique usually depends on the vendor
In Tejas equipment, distribution happens based on the IP/MAC addresses of the traffic streams

Distribution Mode in case of link(s) failure
• If there is failure on any of the links, the traffic will still be UP but packet drops happen equally on all the remaining
active links (i.e all the customers would experience equal amount of speed reduction)
100Mbps
400Mbps 100Mbps 300Mbps
A 100Mbps B
100Mbps
• Now, as soon the link becomes healthy again, traffic starts flowing through it automatically with no more packet drops

LAG-Stream configurations
VCG-101 VCG-101
A B
VCG-102 VCG-102
LAG LAG
VCG-101 1VC3 VCG-101 1VC3

VCG-102 1VC3 VCG-102 1VC3
Stream-1 Stream-1
SAxx.xx.xx.xx.xx.01(X) SAxx.xx.xx.xx.xx.03(Y)
DAyy.yy.yy.yy.yy.03(Y) DAyy.yy.yy.yy.yy.01(X)
SIPx.x.x.001(X) SIPx.x.x.003(Y)
DIPy.y.y.003(Y) DIPy.y.y.001(X)
Stream-2 Stream-2
SAxx.xx.xx.xx.xx.02(X+1) SAxx.xx.xx.xx.xx.04(Y+1)
DAyy.yy.yy.yy.yy.03(Y) DAyy.yy.yy.yy.yy.01(X)
SIPx.x.x.002(X+1) SIPx.x.x.004(Y+1)
DIPy.y.y.003(Y) DIPy.y.y.001(X)
Members of LAG is decided by the last bits of the MAC & IP address.
LAG-Link Selection
Stream-1
EXOR of last byte (Applicable both for MAC & IP)
010000 0001 030000 0011

030000 0011 010000 0001
0000 0010 0000 0010
Stream-2
EXOR of last byte (Applicable both for MAC & IP)
020000 0010 040000 0100

030000 0011 010000 0001
0000 0001 0000 0101

LAG- MAC selection
Hex Last 2 bits in binary Packet distribution

4 00 XOR 00Link1
00 01 XOR 01Link1
8
10 XOR 10Link1
C 11 XOR 11Link1
1
5 00 XOR 01Link2
01
10 XOR 11Link2
9
D
2
6
10
00 XOR 10Link3
A
01 XOR 11Link3
E
3
7 00 XOR 11Link4
11
01 XOR 10Link4
B
F

Protection Mode
Protection Mode:
LAG is also used for increasing link reliability.
Since multiple links connect two devices, even if one fails the other links keep carrying the information and the traffic
on the failed link is also transferred to them.
That way, loss of a single link between two switches doesn’t stop the communication between them.
The number of links that can combine to form a larger link between two devices is generally restricted by
the hardware vendor.
LAG is a static protocol and needs to be configured individually for each pair of physical ports.

Protection mode
• Here only 2 links should be present. One will be work and the other will be protect
• Always 1 link will be active at a time in LAG protection mode
• Only when work path goes down, protect path will become active and start carrying the traffic
• If work path becomes healthy after a failure, the traffic will still be in protect path until there is a failure on protect path
100Mbps WORK
100Mbps 100Mbps
A B
100Mbps
PROTECT

Protection mode in case of link failure
• In this case, if work link fails then traffic switches over to the protect link
• But if the work link gets restored after a while, the traffic will still flow through protect and will not switch back to work
unless there is a failure on protect
100Mbps WORK
100Mbps 100Mbps
A B
100Mbps
PROTECT

Static mode
• In static mode, it is not mandatory to configure LAG at both the ends of the links.
• Static LAG works even with one end configuration because it doesn’t make use of LACP packets to establish connectivity
between the ports on a link
100Mbps WORK
100Mbps 100Mbps
A B
100Mbps
PROTECT

LACP mode
• In LACP, it is mandatory to configure LAG at both the ends of the links.

• This is because LACP mode makes use of LACP packets to establish connectivity between the ports on a link
100Mbps WORK
100Mbps 100Mbps
A B
100Mbps
PROTECT

Link Aggregation Control Protocol(LACP)
LACP is similar to LAG, where multiple ports/links between two switches combine to provide higher
bandwidth links between them.
Additionally, ports that are LACP enabled can automatically configure themselves into trunk groups,
without any manual configuration/intervention.
The main purpose of LACP is to automatically add/delete individual links to the aggregate bundle, while
adding new links and also after recovering from link failures.
LACP can monitor to verify if all the links are connected to the right group.
Basically, LACP helps automate the configuration and maintenance of LAG’s.
LACP is a dynamic protocol.
LACP is a standard and hence LACP can be implemented between multi-vendor switches.

LACP Features
Maximum number of bundled ports allowed in the port channel: Valid values are usually from 1 to 8.
LACP packets are sent with multicast group MAC address 01:80:c2:00:00:02
During LACP detection period LACP packets are transmitted every second
LACP can have the port-channel load-balance mode
LACP mode :
Active: Enables LACP unconditionally.
Passive: Enables LACP only when an LACP device is detected. (This is the default state).

Advantages over static configuration
Failover occurs automatically:

LACP: When a link fails and there is (for example) a media converter between the devices, a peer system will not
perceive any connectivity problems.
Static: With static link aggregation, the peer would continue sending traffic down the link causing the connection to
fail.
Dynamic configuration:
LACP: The device can confirm that the configuration at the other end can handle link aggregation.
Static: With Static link aggregation, a cabling or configuration mistake could go undetected and cause undesirable
network behavior.

Limitations
Same link speed:

In most implementations, all the ports used in an aggregation consist of the same physical type, such as all copper
ports (10/100/1000BASE-T), all multi-mode fiber ports, or all single-mode fiber ports.
However, all the IEEE standard requires is that each link be full duplex and all of them have an identical speed (10,
100, 1,000 or 10,000 Mbit/s).
Ethernet aggregation mismatch:

Aggregation mismatch refers to not matching the aggregation type on both ends of the link.
Some switches do not implement the 802.1AX standard but support static configuration of link aggregation.
Therefore, link aggregation between similarly statically configured switches will work, but will fail between a statically
configured switch and a device that is configured for LACP.

Storm Controls
 Storm control is Ingress rate limiting without any flow control mechanism (tail-drop
happens) for particular kind of traffic
• Feature provided for controlling Broadcast traffic (DA = FF:FF:FF:FF:FF:FF),
for controlling Multicast traffic (l.s.b. of M.S.B. of DA is ‘1’), and
for controlling Destination-lookup-failure (DLF) traffic
(DA not matched in any of the forwarding databases)
• It is a per-port feature
• If enabled, unit for the control value entered is Frames/Sec (max value 262142)
• Control value in Frames/Sec (Cf) can be converted to control value in Mbps (Cb),
if each frame is of same length in bytes (fl), by the equation
Cb = Cf * fl * 8 / 10 6
ex:- fl = 1000 Bytes, Cf = 8000 Frames/Sec => Cb = 64 Mbps

Overview of Quality of Service (QoS)
Flow based per port Port based Flow based per port Switch based / Flow based per port
DiffServ TMC Or DiffServ

ACL IRL marking
Send ( - marking)
Drop Bandwidth Profiling 802.1 p

Assign SVLAN IP Precedence
Port Redirection DSCP
Drop Assign CoS Q
CoS Q based per switch

CoS Q0 CA
CoS Q based per switch

CoS Q1 CA Port based
Which
CoS Q ? Scheduling ERL
SP
WRR + SP
CoS Q7 CA
WFQ + SP
Tail Drop
WRED (with two colour meter)

Access Control Lists (ACL)
 ACL configuration:
• will have a ‘name’
• may or may not contain ‘implicit deny all’ rule
• will contain one or more (maximum 9) operator-made rule(s) – rules will be OR-ed
• action for individual rule will be specified –
if ‘implicit deny all’ rule is member, action for other rules will be ‘send’
if ‘implicit deny all’ rule is not a member, action for other rules will be ‘drop’
• ACL configuration has to be separate for MAC and Extended IP
 Port configuration:
• If some ACL is needed to be applied to a port, it needs to be associated
• Per-port, only one ACL (combining MAC ACLs and Extended IP ACLs) can be
associated – yet port configuration feature is provided separately for MAC
and Extended IP
Access Control Lists (ACL)-contd.
 Rule configuration:
• Matching criterion or criteria (matching criteria will be AND-ed) to filter Ingress traffic
• If MAC based ACL, L2 fields as shown below will be matching criteria
 SA and SA mask
 DA and DA mask
 c-VLAN and c-802.1p
 s-VLAN and s-802.1p
 Ethernet Type and Ethernet Type value (user defined)
• If Extended IP based ACL, extended L3 fields as shown below will be matching criteria
 SIP and SIP mask
 DIP and DIP mask
 IP Precedence value, IP TOS value, DSCP value (only one value at a time can be used)
 Protocol number
 L4 ports (source and destination)

Match criteria-1
AND
Match criteria-2 Rule-1

AND
Match criteria-3
OR PORT
ACL
Match criteria-1*
AND
Match criteria-2* Rule-2

AND
Match criteria-3*

ACL Type Filter Criteria Max Filter Criteria per Max Rules per ACL
ACL Rule
Extended IP ACL ANY, 5 9

Destination IP Address,
Destination Layer4 port,
Source IP Address,
Source Layer4 port,
IP DSCP,
IP TOS,
IP Precedence,
Protocol
MAC ACL ANY 5 9

DA
SA
Ether Type
VLAN Id
802.1P Priority

Rate Limiting
 Ingress Rate Limiting (IRL), it is a Per-port feature
• Committed Information Rate (CIR) – Maximum bandwidth (in Kbps) allowed,
can be incremented/decremented at the granularity of 64 Kbps.
• Committed Burst Size (CBS) – Maximum burst-size (in KB) allowed, possible values
are 4, 8, 16, 32, 64, 128, 256, 512 – 512 KB is the per-port buffer size in switch.
• Flow control – Pause threshold (possible values are 4, 6, 8, 16, 24, 32, 40, 48 KB)
should be less than the Resume threshold (possible values are 4, 8, 16, 32, 64, 128,
256, 512 KB) as ‘token-bucket’ scheme tokens
is implemented. Resume Threshold

Pause Threshold
send
I/p data
drop

Rate Limiting
 Egress Rate Limiting (ERL)
• Per-port feature
• Committed Information Rate (CIR) – same as in case of IRL
• Committed Burst Size (CBS) – same as in case of IRL
• NO Flow control – Why?
Enabling flow control while doing ERL => Switch has to buffer!

Bandwidth Profiles for Flow
Separating the CIR Frames from
others
Separating EIR Frames from others

Provide Committed/Excess Information Rates
Each Ethernet flow can be assigned a
Committed Information Rate (Bandwidth that has to be met)
>CBS
Excess Information Rate (Bandwidth that can be optionally met)
>EBS EIR allows Service Provider to efficiently use network during non-peak
usage
C CIR ensures Service Provider meets the minimum guaranteed bandwidth
≤ CBS as per SLAs
E
≤ EBS
Two rate policy—CIR & CBS

PIR (EIR) =2*CIR
PBS (EBS) =2*CBS
Traffic <= CBS Green
CBS < Traffic <=EBS  Yellow
Traffic > EBS  Red

Traffic Scheduling- Priority Queuing (SP)
Packet
Congestion [‘X’ Mbps >’Y’ Mbps]
Yes
High? CoS Queue 7
No
Outgoing link (Y Mbps)

Yes
Medium? CoS Queue 2 Scheduler
No
No
Low? CoS Queue 1
Yes
CoS Queue 0

Traffic Scheduling- SP+WFQ
Q0 Congestion [‘X’ Mbps >’Y’ Mbps]

Q1
Incoming flows (X Mbps)
Q2
Outgoing link (Y Mbps)
Q3 Scheduler
Q4
Q6
Q7
Q7
B min  100%
CoSQ Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7
Mode WFQ WFQ WFQ WFQ WFQ SP SP SP
Bmin 5 10 15 20 25 - - -
Bmax 10 20 30 40 50 60 75 100

Traffic Scheduling- contd.
Available Bandwidth (Y Mbps) Active queues B/w (Mbps) distribution by the scheduler
80 Mbps All the queues Q7 (80)
95 Mbps Q0, Q1 & Q6 Q0 (5) + Q1 (15) + Q6 (75)
95 Mbps Q0, Q1 & Q5 Q0 (10) + Q1 (20) + Q6 (60)
70 Mbps Q0, Q1, Q2 & Q5 Q0 (1.65) + Q1 (3.3) + Q2 (5) + Q5 (60)
75 Mbps Q0, Q1, Q2, Q3 & Q4 Q0 (5) + Q1 (10) + Q2 (15) + Q3 (20) + Q4 (25)

ACRONYMS
VLAN- Virtual LAN

ELINE- Ethernet Virtual Private Line (EVPL)
ELAN- Ethernet Virtual Private LAN (EVP-LAN)
UNI- User Network Interface
NNI- Network Node Interface
FCS- Frame Check Sequence
TCI- Tag control Information
CVLAN- Customer VLAN
SVLAN- Service Provider VLAN
PVID- Port VLAN ID
LAG- Link Aggregation Group
LACP- Link Aggregation Control Protocol

Thank You…

L2Switching - With - ELAN 0x1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

L2Switching - With - ELAN 0x1

Uploaded by

Copyright:

Available Formats

L2 Switching

© Tejas Networks Confidential and Proprietary Software Enabled Transformation www.tejasnetworks.com

© Tejas Networks Confidential and Proprietary Software Enabled Transformation

Cards Eth Ports VCG Ports Uplink Product Supported

ELAN01 8FE + 2GE 8FE + 2GE STM-8 TJ100ME16, TJ1500, TJ1600

ELAN03 8FE 8FE STM-4 CPE4, TJ100ME, TJ1500, TJ1270, TJ1310R2

ELAN05S 16FE/16FX +4GE 8FE + 2GE STM16 1520 MADM

ELAN05D 32FE/32FX+8GE 8FE + 2GE STM16 1520 MADM

© Tejas Networks Confidential and Proprietary Software Enabled Transformation

STP, RSTP, MSTP STP, RSTP, MSTP

Link Aggregation Group (LAG) Egress Rate Limiting

© Tejas Networks Confidential and Proprietary Software Enabled Transformation

 Form virtual work groups

 Easy Network Administration

 Enhance network security

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 5

L2 Ethernet Frame 802.1Q Ethernet Frame 802.1Q-in-Q Ethernet Frame

MAC DA 6 MAC DA 6 MAC DA 6

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 6

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 7

 Either ‘Admit All’ (default)

Or ‘Admit Only VLAN Tagged’

 If ‘Admit Only VLAN Tagged’,

* Unless specifically mentioned, Switching parameters for an Eth port or

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 8

 In Q-in-Q (also called VLAN stacking) mode

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 9

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 10

Acceptable Frame Type VCG 1 –

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 11

ETH 1 VCG 1 VCG 1

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 14

 Give different PVID to ETH 1 and ETH 5 ports in A,B,C

 Configure all switches in A,B and C in Q-in-Q mode

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 15

 Any MAC (L2) address is a six byte address, normally represented in

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 16

the ‘latest’ tag of the Ingress traffic is ‘a’

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 17

 ‘Static’ (see Static Unicast slide)

the ‘latest’ tag of the Ingress traffic is ‘a’

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 18

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 19

For a particular port, the feature from UI

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 20

Dynamic MAC Learning VLAN

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 21

 Port mirroring doesn’t allow monitoring traffic on LAG port.

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 22

Important points to note:

3. Port-mirroring happens across VLAN,

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 23

© Tejas Networks Confidential and Proprietary Software Enabled Transformation

© Tejas Networks Confidential and Proprietary Software Enabled Transformation 25

© Tejas Networks Confidential and Proprietary Software Enabled Transformation

© Tejas Networks Confidential and Proprietary Software Enabled Transformation

There are 2 types of classification of LAG

© Tejas Networks Confidential and Proprietary Software Enabled Transformation

© Tejas Networks Confidential and Proprietary Software Enabled Transformation

© Tejas Networks Confidential and Proprietary Software Enabled Transformation

VCG-101 1VC3 VCG-101 1VC3

010000 0001 030000 0011

020000 0010 040000 0100