Bridge Domain and Cross Connect in Ocnos

In layer2 network when dealing with different customers it is required to have different Broadcast domains such that one customers traffic should not get flooded to another customer.

Traditional Networks deal it with by dedicating a vlan per customer on a single Bridge, but with traditional bridging, segregation of traffic cannot happen when two or more customers operates on same vlan, New Networks sometimes have a design where traffic ingresses with vlan tag A and egresses out with a different vlan eg: vlan tag B, these requirements of new networks cannot be achieved by traditional bridging.

Note: All metro Ethernet nomenclatures used here is for port to port services, This Blog is written for Desktop Browser only

Cross Connect (point-to-point service):

In Local Cross Connect two and only two logical interfaces (Sub interfaces) are made part of single instance, Cross Connect is used when traffic from one Sub-interface need to be forwarded to another sub-interface (a point-to-point service, sometimes also refer as local E-LINE Service), there is no learning involved while forwarding the traffic, hence only two sub-interfaces allowed to be part of a single Cross Connect instance.

EP-LINE Service:

Ethernet Private Line service is a port-based service where entire port belongs to one customer or service.

EVP-LINE Service:

Ethernet Virtual Private Line Service is identified by a VLAN or group of VLAN’s, where a VLAN or it groups belongs to one customer.

Bride Domain (ELAN service):

Bridge Domain is used when more than two Logical interfaces should be part of one Broadcast Domain. Here traffic is forwarded in a traditional flood and learn fashion.

EPLAN Service:

This is Port based Multipoint to Multipoint service, where whole port belongs to a Single service

EVP-LAN service:

Multipoint to Multipoint service where EVC is identified by VLAN.

Checking MAC address table for Bridge Domain

Hair pinning using Bridge Domain:

Hair pinning is a special criteria in network where packet enters a port makes a U-Turn and send back to the same port.

In above example if any BUM traffic receives on xe26 with vlan 100, it gets matched on subinterface xe26.100 and then pop the vlan 100 tag, floods to xe26.101 and xe27.200, while egressing out on those interfaces/subinterfaces, it will push the respective tags, Example: while egressing out of xe26.101 (Hairpin), VLAN tag 101 is pushed whereas on xe27.200 while egressing VLAN tag of 200 will be pushed

NOTE: Many a times I usually gets questions like what if no ‘rewrite’ action was configured with 10 subinterfaces on a same parent interface part of single Bridge domain

Answer: without ‘rewrite’ action and multiple subinterface on same parent interface part of single Bridge Domain would have send the multiple copies of frames or packets without pushing or poping the original vlan, hence will end up getting packet duplication and loops causing problems in the network. So when doing such kind of configurations one should be very careful

If someone wants an ELAN service with multiple VLAN matches, then he/she can use the example configs as below

In above example no rewrite action is used and matching of vlans are same on both the subinterfaces. Hence traffic with vlan 100 when gets received on xe26.100 will just forward it to xe27.100 without doing any changes.

It should be Noted that whenever we use multiple VLAN under single sub-interface we should not use 'rewrite' action, and make sure that MAC addresses are unique across the VLAN's as well, otherwise there could be MAC duplication and can cause unnecessary MAC moves.

An admin can create multiple Broadcast domains using multiple cross-connect's as well as Bridge-domain's

ELAN or ELINE services with different matches on subinterfaces:

There could be cases where different subinterfaces need to be in different vlans but traffic should get switched based on those vlan match criteria, in these cases we need to use ‘rewrite’ actions, there are 4 ‘rewrite’ actions as follows, ‘pop’, ‘push’ ‘translate’ and ‘pop-2tag’.

Admin can use the action suitable for their requirement, all above actions are symmetric.

Symmetric action definition:

If rewrite action is configured as pop, then device will pop the VLAN tag on ingress and push the same tag while egressing it out.

End Of the Document

interface xe1.2000 switchport

encapsulation default

!

interface xe4.2000 switchport

encapsulation default

!

cross-connect xc1

interface xe1.2000

interface xe4.2000

!

interface xe1.2000 switchport

encapsulation dot1q 2000

encapsulation dot1q 2010

!

interface xe4.2000 switchport

encapsulation dot1q 2000

encapsulation dot1q 2010

!

cross-connect xc1

interface xe1.2000

interface xe4.2000

!

Below example uses Single VLAN

Below Example uses multiple VLANs

interface xe1.2000 switchport

encapsulation default

!

interface xe4.2000 switchport

encapsulation default

!

interface xe6.2000 switchport

encapsulation default

!

bridge-domain 2000

interface xe4.2000

interface xe1.2000

interface xe6.2000

!

interface xe1.2000 switchport

encapsulation dot1q 2000

!

interface xe4.2000 switchport

encapsulation dot1q 2000

!

interface xe6.2000 switchport

encapsulation dot1q 2000

!

bridge-domain 2000

interface xe4.2000

interface xe1.2000

interface xe6.2000

!

R1#show mac address-table dynamic bridge-domain id 2000

Bridge MAC Address. Type Ports

---------+---------------------+-------------+-------------+

2000 9819.2c7f.3802 dynamic xe1.2000

R1# show bridge-domain 2000

Bridge Id. interfaces Status

------------+----------------+-----------

2000 xe1.2000 UP

xe4.2000 UP

xe6.2000 UP

R1#

interface xe26.100 switchport

encapsulation dot1q 100

rewrite pop

!

interface xe26.101 switchport

encapsulation dot1q 101

rewrite pop

!

interface xe27.200 switchport

encapsulation dot1q 200

rewrite pop

!

bridge-domain 1

interface xe26.101

interface xe26.100

interface xe27.200

!

interface xe26.100 switchport

encapsulation dot1q 100

encapsulation dot1q 101

!

interface xe27.200 switchport

encapsulation dot1q 100

encapsulation dot1q 101

!

bridge-domain 1

interface xe26.100

interface xe27.200