Virtual Private LAN Services
7750 SR OS Services Guide Page 325
VPLS is provided over MPLS by:
• Connecting bridging-capable provider edge routers with a full mesh of MPLS LSP (label
switched path) tunnels.
• Negotiating per-service VC labels using draft-Martini encapsulation.
• Replicating unknown and broadcast traffic in a service domain.
• Enabling MAC learning over tunnel and access ports (see VPLS MAC Learning and
Packet Forwarding).
• Using a separate forwarding information base (FIB) per VPLS service.
VPLS MAC Learning and Packet Forwarding
The 7750 SR edge devices perform the packet replication required for broadcast and multicast
traffic across the bridged domain. MAC address learning is performed by the 7750 SR to reduce
the amount of unknown destination MAC address flooding.
7750 SR routers learn the source MAC addresses of the traffic arriving on their access and
network ports. Each 7750 SR maintains a Forwarding Information Base (FIB) for each VPLS
service instance and learned MAC addresses are populated in the FIB table of the service. All
traffic is switched based on MAC addresses and forwarded between all participating 7750 SR
using the LSP tunnels. Unknown destination packets (i.e., the destination MAC address has not
been learned) are forwarded on all LSPs to the participating 7750 SR for that service until the
target station responds and the MAC address is learned by the 7750 SR associated with that
service.
MAC Learning Protection
In a Layer 2 environment, subscribers connected to SAPs A, B, C can create a denial of service
attack by sending packets sourcing the gateway MAC address. This will move the learned
gateway MAC from the uplink SDP/SAP to the subscriber’s SAP causing all communication to
the gateway to be disrupted. If local content is attached to the same VPLS (D), a similar attack can
be launched against it. Communication between subscribers must also be disallowed but split-
horizon will not be sufficient in the topology depicted in Figure 33.
To Next Page
Loading...
