Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Subscriber Policies for VPLS Network Interfaces Overview

    The router associates a VPLS network interface, as it does a bridge group interface, with a default subscriber policy that enables intelligent flooding of packets within a VPLS domain. This section describes how subscriber policies work and explains some important considerations when you use subscriber policies for VPLS instances. The requirements and procedures for subscriber policies are the same whether you employ BGP or LDP signaling for VPLS.

    Network Interface Types

    VPLS instances, like bridge groups, support two types of network interfaces:

    • Subscriber (client)—A subscriber (client) interface is downstream from the traffic flow; that is, the traffic flow direction is from the server (trunk) to the client (subscriber). This is the default network interface type for both VPLS instances and bridge groups.
    • Trunk (server)—A trunk (server) interface is upstream from the traffic flow; that is, the traffic flow direction is from the client (subscriber) to the server (trunk). To configure a trunk interface, you must specify the subscriber-trunk keyword as part of the bridge-group command. The VPLS virtual core interface always acts as a trunk interface, and cannot be configured as a subscriber interface.

    Default Subscriber Policies

    Each network interface is associated with a default subscriber policy for that interface type. The subscriber policy is a set of forwarding and filtering rules that defines how the specified interface handles various packet or attribute types, as follows:

    • For each packet type listed in Table 1, the subscriber policy specifies whether the network interface permits (forwards) or denies (filters or drops) packets of that type.
    • For the relearn attribute, the subscriber policy specifies whether the network interface can relearn a MAC address entry on a different interface from the one initially associated with this entry in the forwarding table. Permit indicates that relearning is allowed; deny indicates that relearning is prohibited.

    Table 1 lists the default values for each packet or attribute type defined in the policies for subscriber interfaces and trunk interfaces. The default subscriber policy differs in one way from the default trunk policy: broadcast packets and packets with unknown unicast destination addresses (DAs) are denied in the subscriber policy and permitted in the trunk policy.

    Table 1: Default Subscriber Policies for VPLS Network Interfaces

    Packet/Attribute Type

    Default Subscriber Policy

    Default Trunk Policy

    ARP

    Permit

    Permit

    Broadcast

    Deny

    Permit

    IP

    Permit

    Permit

    MPLS

    Permit

    Permit

    Multicast

    Permit

    Permit

    PPPoE

    Permit

    Permit

    Relearn

    Permit

    Permit

    Unicast (user-to-user)

    Permit

    Permit

    Unknown unicast DA

    Deny

    Permit

    Unknown protocol

    Permit

    Permit

    Modifying Subscriber Policies

    For a network interface configured as a subscriber (client) interface, you can modify the default subscriber policy to change the default permit or deny value for one or more of the packet or attribute types listed in Table 1.

    You cannot, however, change the default trunk policy for a network interface configured as a trunk interface or for the VPLS virtual core interface. Trunk interfaces and the VPLS virtual core interface always use the default trunk policy, which forwards packets of all types and permits relearning.

    Table 2 lists the commands that you can use to modify subscriber policies for subscriber (client) interfaces associated with either a VPLS instance or a standard bridge group.

    Table 2: Commands to Configure Subscriber Policies

    arp

    pppoe

    bridge subscriber-policy

    relearn

    broadcast

    subscriber-policy

    ip

    unicast

    mpls

    unknown-destination

    multicast

    unknown-protocol

    Considerations for VPLS Network Interfaces

    When you configure network interfaces for a VPLS instance, you must ensure that the subscriber policy in effect for the interface is appropriate for your network configuration.

    To ensure that the network interface permits relearning and forwards (permits) packets for all of the protocol types listed in Table 1, be sure to configure the network interface as a trunk (server) interface so that it always uses the default trunk policy. For example, the following commands associate a 10-Gigabit Ethernet interface with a VPLS instance named vplsBoston, and configure the interface as a trunk.

    host1(config)#interface tenGigabitEthernet 4/0/1 host1(config-if)#bridge-group vplsBoston subscriber-trunk

    If you configure a VPLS network interface as a subscriber (client) interface, use care if you modify the default subscriber policy in effect for that interface. For example, if you use the arp command to change the default value for ARP packets from permit (forward) to deny (filter or drop), make sure you also use the bridge address command to add the appropriate static (nonlearned) ARP entry to the forwarding table. If an ARP entry expires from the forwarding table and the subscriber policy is configured to deny ARP packets, the router cannot properly forward subsequent ARP packets.

    For information about using these commands, see Configuring Secure Policies in the JunosE Link Layer Configuration Guide.

    Published: 2014-08-18