390 likes | 562 Views
SpeedTouch R6.1 L2QOS. Jan Wuyts@thomson.net Technical Presales Manager. Hierarchical module overview. LoopBack. IP Forwarding. IP Interface(s). ARP. iARP. IPoE /. PPPoE. PPPoE RELAY. IPoA. Multilink PPP. IPoEoA. Ethernet Interface(s). PPPoA.
E N D
SpeedTouch R6.1L2QOS Jan Wuyts@thomson.net Technical Presales Manager
LoopBack IP Forwarding IP Interface(s) ARP iARP IPoE / PPPoE PPPoE RELAY IPoA Multilink PPP IPoEoA Ethernet Interface(s) PPPoA (Physical Ports, OBC Bridge Port, VLAN) VLAN Bridge EthoA ATM Bundle Interface Architecture Modules • According to OSI model • Layer 1 : Physical • ATM Phonebook menu • ATM menu • Layer 2 : Datalink • IP menu =>IPoA interface • IPoA with destination an ATM interface • Eth menu => ETHoA interface • Ethoa with destination an ATM interface • Eth bridge menu => bridge interfaces • Bridge with destination an ATM interface • Part of the bridge (also eth1, eth2, eth3 and eth4 and OBC) • PPPoA and PPPoE • Layer 3 : Network • IP menu => IP interface • IP with destination IPoA, EthoA or LAN interface • IP routing, receive-only RIPv1/2 • NAT : NAT menu • Streams : connection menu • ALG : connection menu • Layer 4/5 : Transport • Firewall menu : stateful firewall • Layer 6 : Presentation • Not applicable • Layer 7 : Application • Not applicable
VLAN (802.1p & 802.1q)Bridging and Routingover a single PVCin SpeedTouch Business Products
Ethernet-Specific Application Presentation Session Transport Network Data Link Physical 64 bits 48 bits 16 bits 46 to 1500 Bytes 32 bits 48 bits Preamble Destination MAC Address Source MAC Address Length/ Type Data/LLC Frame Check Sequence Ethernet Protocol Structure Logical Link Control (LLC) 802.2 Layer 7 802.1D 802.1Q 802.1p MAC Bridging Layer 6 Media Access Control (MAC) Layer 5 Layer 4 Physical Signaling Layer 3 802.3 Layer 2 Media Layer 1 OSI Model Major IEEE Sublayers 1518 Bytes Length 64 Bytes Ethernet Frame Structure
Virtual LAN (VLAN) Capability • Virtual LAN and priority capabilities are provided by 802.1q/p: • a VLAN tag is provided by 802.1Q to identify VLAN membership • Limited to 4096 VLANs • the VLAN tag has a 3-bit priority field that allows 8 possible service classes (matches DiffServ’s 8 possible classes) • Why VLANS? • LAN scalability: • limits broadcast domains (limits broadcast storms); • also limits multicast, chatty protocols, etc., reducing overall network traffic. • Network efficiency: traffic flows from different VLANS can be segregated • Allows non-physical grouping of nodes that share similar resources • Allows easy changing of LAN membership • Reduces the amount of level 3 (IP) routing • Security: limits snooping
Standardization and tagging • IEEE 802.1Q : Virtual Bridged Local Area Networks • Defines VLAN bridge operation (extension of 802.1D) • Defines VLAN tag TPID = 0x8100, TCI = priority (3bit) + CFI (1bit) + VID (12bit) • Defines dynamic VLAN group membership mechanism, STP protocol impact, etc.
Three Bits Used for CoS (802.1p User Priority) PRI CFI VLAN ID 802.1Q/pHeader CoS Application 7 Reserved 6 Reserved 5 Voice Bearer 4 Video Conferencing 3 Call Signaling 2 High Priority Data 1 Medium Priority Data 0 Best Effort Data Ethernet 802.1Q/p Class of Service Pream. SFD DA SA Type TAG 2 bytes PT Data FCS Ethernet Frame • 802.1p User Priority field also called Class of Service (CoS) • Different types of traffic are assigned different CoS values E.g. IP Phone • CoS 6 and 7 are reserved for network use
Benefits of using VLAN • Increased performance : less broadcast traffic on segment, no latency added by routers • Topology independence : logical networks are independent of physical locations • Ease of administration : topology changes no longer require HW changes but can be done in SW • Additional features : layer 2 segregation of traffic by means of VLAN priority • Cost-effectiveness : less routers needed, VLAN-aware switches are used instead
VLAN implementation overview • Business segment modems (620, 608, 608WL, 605) • Most complete VLAN implementation • Full blown port isolation capabilities on all interfaces • VLAN tagging/untagging • 802.1p and IPQos priority mapping • VLAN routing, …
The Default configuration of the bridge • Defaults on e.g. ST620 (type ‘eth bridge iflist’) • Bridge interfaces • All except OBC are connected to physical interfaces • All except OBC and ethport1 can be detached/deleted • Others can be added e.g. towards ATM interface • Functional : classical IEEE 802.1D self-learning bridging
The bridge filters • WAN broadcast filter • Filters broadcast from OBC to WAN bridge interfaces • Applies to the whole bridge • Enabled by default • CLI : ‘eth bridge config’, parameter ‘filter’ • GUI: NOT • Multicast filter • Filters multicast traffic in both directions • Can be set for each bridge port separately • Disabled by default • CLI : ‘eth bridge ifconfig’, parameter ‘mcastfilter’ • GUI: Expert > Connections > Bridged Ethernet (not ST612s)
The VLAN bridge • Bridge becomes VLAN aware • When the corresponding parameter is set manually • In one of the following cases (automatically toggled) • A physical interface is added to a newly created VLAN • Ethernet is directly terminated on physical interface • switch grouping is used
Moving ports around • The basic functionality of a VLAN switch/bridge is the capability to specify VLAN membership for each port • The OBC can only be untagged member of one VLAN • A port can be untagged member of 1 or more VLANs • If no default group member wanted => Dummy VLAN • A port can be tagged member of 0 or more a VLANs • A port can never be tagged/untagged in same VLAN • ‘eth bridge vlan iflist’ lists all memberships • The term ‘port isolation’ • often used term for a port (can be ETH, ATM, wireless) added to a new VLAN and removed from default • remember traffic is NOT bridged/switched between switch ports in different VLANs
VLAN tagging concept • Concept : • VLAN = Bridge group with VLAN tagging/untagging/forwarding capabilities • Step 1 : Create a VLAN • Addrule option : • Enabled : shared MAC@ list • No identical MAC@ in different VLANs possible ! • Disabled : independent MAC@ list
VLAN tagging concept • Concept continued • Step 2 : Create the WAN port(s) and adapt LAN ports if required • ATM PVC with LLC encapsulation and ULP=MAC • Add the port to the list of bridged ports • Disabled : no mapping of 802.1p to internal class • Overwrite : set new priority • Increase : only change when new priority is ‘better’ L2 IPQOS L2 IPQOS • -disabled : don’set TOS byte • Precedence interpretation • DSCP interpretation Enable/disable discard of tagged ingress packets if the interface is not part of the VLAN Enable/disable receiving of untagged packets
VLAN tagging concept • Concept continued : • Step 3 : • add ports to the VLAN and set them tagged or untagged • Remove ports from default VLAN/group, if required ! * : untagged
Enabling VLAN and statistics • Enable VLAN • View Rx/Tx statistics • ! When removing a port from the ‘default’ group, all connectivity with the CPE is lost Allow or disallow upstream broadcasts
SpeedTouch 6xx priority mapping table Regeneration Priority
VLAN classification scenario’s • Scenario 1 : LAN tagged, WAN tagged • AcceptVLANonly and IngressFiltering enabled on both ports Tagged in Tagged out eth4 pvc835 Tagged in Tagged out All 600 series
VLAN classification scenario’s • Scenario 2 : LAN untagged, WAN tagged • AcceptVLANonly only on WAN port Untagged in Tagged out eth4 pvc835 Tagged in Untagged out All 600 series
VLAN classification scenario’s • Scenario 3 : LAN tagged, WAN untagged • AcceptVLANonly only on LAN port Tagged in Untagged out eth4 pvc835 Untagged in Tagged out All 600 series
VLAN classification scenario’s • Scenario 4 : LAN untagged, WAN untagged • AcceptVLANonly and IngressFiltering disabled, also VLAN state disabled Untagged in Untagged out eth4 pvc835 Untagged in Untagged out All 600 series
P-bit classification concept • Step 0 : decide whether to use IP prec or p-bits as inbound classification criterium • IP precendence (or DSCP) : • P-bits :
VLAN routing basics • Remember • routing is needed to communicate between two VLANs • the router must be member of all VLANs
The OBC as port to the upper layer • Routing between VLANs in SpeedTouch devices? • create multiple IP interfaces (which are connected to the router) • associate the IP interfaces with the VLANs you want to route between • add IP addresses, set the necessary routes, … • Which steps are needed to set this up? • Add OBC as tagged (!) member to the VLANs • Create logical Ethernet interfaces, associated with the VID of the correct VLAN and bridge as destination • Create IP interfaces with the corresponding logical Ethernet interfaces as destination
The OBC as port to the upper layer • Defaults on e.g. ST620 (type ‘interface list’)
Routed VLAN on CLI • Add OBC as tagged (!) member to VLAN {pol}=>eth bridge vlan ifadd intf OBC name dmz untagged disabled • Create a logical Ethernet interface, associated with the VID of the correct VLAN and bridge as destination {pol}=>eth ifadd intf eth_dmz1 {pol}=>eth ifconfig intf eth_dmz1 dest bridge vlan dmz {pol}=>eth ifattach intf eth_dmz1 • Create IP interface with the corresponding logical Ethernet interface as destination {pol}=>ip ifadd intf dmz1 dest eth_dmz1 {pol}=>ip ifattach intf dmz1
Routed VLAN on Web GUI • Adding the OBC to VLAN • Expert > Connections > Bridged Ethernet > VLAN • Creating Logical ETH and IP interfaces: • Cannot be created/modified/deleted separately • Only Routed Ethernet page to configure them together
Layer 2 IPQOS • To enable IPQOS on PVC • Ipqos config intf <PVC> state enabled • System reboot required ! • Or bring down all interfaces from top to bottom and enable all again
Classification • Labels cannot be used : only for routed scenarios • Eth bridge port can be configured for traffic classification : • Prioconfig = overwrite • IPprec : • disabled : user 802.1p • Precedence : use IP precedence • DSCP : use DSCP
SpeedTouch 6xx priority mapping table Regeneration Priority
Use QosFlow Generator • Select interface • Fix remote MAC address (do ipconfig /all on other PC) • Select ‘Virtual LAN’ • 802.1q ID = VLAN ID • 802.1p Priority • Fill local and remote IP@ • E.g. 172.16.10.1 and 172.16.10.2 • Send traffic with PCR=100, #packets=0 (send traffic forever) • Push ‘start’ button
Use QosFlow Monitor • Select interface • Tick the ‘filter’ box • Optionally the filter arguments can be specified Reference : http://users.skynet.be/dvdp/