Virtual Private LAN Service
164
FD 100/320Gbps NT and FX NT IHub Services Guide
3HH-11985-AAAA-TQZZA Issue: 13
5.3.2.4 Residential and regular port usage
The v-VPLS behavior distinguishes between the user-side (SAPs built on residential
ports) and the network-side (SAPs built on regular ports or on LAGs made of regular
ports), to secure control over MAC learning capabilities, and enable the ability to
control user-to-user communication. User-to-user communication can be enabled or
disabled, to allow or prevent user-to-user communications between residential ports.
SAPs that are built on residential ports inherit the untrusted property of the underlying
port and consequently, they have restricted capabilities compared to SAPs built on
regular ports.
The following security measures apply to SAPs built on residential ports:
• In case of conflict during MAC address self-learning, a regular (network) port has
priority over a residential (user) port.
• MAC address relearning (movement) is not allowed between residential ports.
• User-to-user connectivity is forbidden by default (but may be overruled by
operator as a property of the v-VPLS).
5.3.2.5 Using virtual ports to extend the VPRN interface
reach
The ISAM requires configuration of one VPRN IP interface SAP on a LAN, (a group
of ports such as the LT-Links).
A virtual port is used to concatenate v-VPLS and VPRN services. The virtual port has
been defined as an intuitive way to couple v-VPLS and VPRN service such that an
IP interface (VPRN SAP) is spread over a group of physical/LAG ports.
The virtual port is automatically associated with a v-VPLS when the service is
created, and requires no input from the operator.
For more information about access port configuration and usage in the ISAM,
see “Residential and regular port usage”.
The v-VPLS transmits frames that bear the ISAM IHub MAC address as destination
address to the virtual port, which functions as a shared collector. As shown in
Figures 18 and 19.
To Next Page
Loading...
