- Related Topics
- Service Attributes Overview
- Provisioning Process Overview
Junos Space Layer 2 Services Overview
Junos Space Ethernet Activator software enables you to provision the following types of services:
- Point-to-point services across networks that use LDP for signaling in the network core. These services use directed pseudowire virtual circuits across the network to establish point-to-point virtual private networks (VPNs). The provisioner must specify the addresses of the ingress and egress routers of the virtual circuits.
- Multipoint services across networks that use BGP signaling in the network core. These services use route targets and route distinguishers to establish service connectivity.
For details about Juniper Networks Layer 2 technologies, see the JUNOS Software VPNs Configuration Guide.
Point-to-point services and multipoint services support the following interface types:
- port-port—All traffic is transported across the network.
- 802.1Q (dot1.q)—Supports 802.1Q VLAN-tagged network traffic in a point-to-point or multipoint Ethenret service. Network traffic is constrained using VLAN IDs.
- Q-in-Q—Supports double tagged traffic in a point-to-point or multipoint Ethernet service.
Table 1 provides a guide to selecting the appropriate service type for a specific customer need.
Table 1: Selecting a Layer 2 Service
Customer Requirement | Provision This Service |
|---|---|
Send all VLAN traffic from one site to another. | Layer 2 VPN port-port service OR Layer 2 VPN Q-in-Q to Q-in-Q service for all traffic |
Send traffic associated with one specific VLAN from one site to another. | Layer 2 VPN 802.1Q-to-802.1Q service |
Send traffic associated with a range of VLANs from one site to another. | Layer 2 VPN Q-in-Q to Q-in-Q service for a range of VLANs |
Supported Layer 2 Services
The Ethernet Activator software enables you to provision a range of services from the following service families for your enterprise customers:
Layer 2 Point-to-Point Ethernet Services with LDP Signaling
Point-to-point services provide transport and encapsulation of Layer 2 Ethernet circuits between two endpoints. To provision a point-to-point LDP service, the provisioner must select the network provider-edge (N-PE) routers that will be the service endpoints and configure the user-network interfaces (UNIs) at those endpoints. The Junos Space software automates the end-to-end provisioning of the pseudowire by establishing a virtual circuit between the N-PE routers using a unique virtual circuit ID (VC ID).
Juniper Networks refers to this kind of connection as a Layer 2 circuit. For details about Layer 2 circuits, see the Junos Software VPNs Configuration guide.
The IETF refers to these connections in RFC 4905, Encapsulation Methods for Transport of Layer 2 Frames over MPLS Networks as emulated virtual circuits, and in RFC 4447, Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) as pseudowire emulation (see IETF RFC 4447).
The Metro Ethernet Forum (MEF) refers to these connections as E-Line services. See Metro Ethernet Services – A Technical Overview by Ralph Santitoro.
The Junos Space software enables you to provision the following point-to-point service options for your enterprise customers:
- Port-Port Service
- 802.1Q-to-802.1Q Service—Single VLAN
- Q-in-Q to Q-in-Q Service—All Traffic
- Q-in-Q to Q-in-Q Service—Range of VLANs
Port-Port Service
A port-port service transports all traffic on a port on a provider edge (N-PE) router across the network to a port of another N-PE router. The enterprise customer needs to purchase only a single physical port for all their traffic. However, a single port might cost more than the bandwidth for a single VLAN or selected range of VLANs.
The service provider needs no knowledge of the enterprise customer’s VLAN structure, because all the customer’s traffic is transported.
Figure 1 shows an example in which a port-port connection transports all VLAN traffic for an enterprise customer from customer site A to customer site B across the network.
Figure 1: Point-to-Point LDP Port-Port Connection Transports all Traffic
802.1Q-to-802.1Q Service—Single VLAN
802.1Q services transport VLAN traffic from one site to another across the network. The selected payload is a single VLAN, so the enterprise customer needs to purchase only the bandwidth necessary to transport that VLAN. To implement this type of service, the service provider must exchange VLAN information with the enterprise customer.
Consider the example shown in Figure 2. VLAN 100 might be used for payroll and spans sites A and B. VLAN 200 is used by engineering and spans sites A and C. Payroll and engineering are securely separated by provisioining separate point-to-point connections for each VLAN, each on a separate VCID. Service multiplexing at customer site A allows multiple virtual circuits to share the same port yet provide secure connections to separate sites.
Figure 2: Point-to-Point Ethernet 802.1Q-to-802.1Q Service
Q-in-Q to Q-in-Q Service—All Traffic
A point-to-point Ethernet (LDP) Q-in-Q to Q-in-Q service transports all customer traffic from one site to another across the network. The Q-in-Q interface adds a service provider tag to the frame, which isolates the enterprise customer’s VLAN tags. The service provider does not need knowledge of the customer’s VLAN structure because all traffic is transported to the destination site.
Q-in-Q to Q-in-Q Service—Range of VLANs
A point-to-point LDP QinQ-to-QinQ service carries a range of VLANs across the network. The service provider must establish with the enterprise customer which VLANs are to be transported. The service provider allocates a service provider VLAN ID as a second tag to the selected VLAN ID range, which isolates the traffic on selected VLANs from other traffic.
Figure 3 shows an example in which an enterprise customer has 6 VLANs with VLAN IDs 100, 200, 300, 400, 500, and 600. The service is provisioned to carry only VLANs 100, 200, and 300 by tagging them with the service provider VLAN ID of 2000. VLANs 400, 500, and 600 do not cross the network.
Figure 3: Point-to-Point Ethernet Q-in-Q to Q-in-Q Service for Range of VLANs.
You can use separate service VLAN IDs to segregate traffic into secure groups of VLAN IDs. For example, VLANs 100, 200, and 300 might all be part of an enterprise’s engineering organization, while VLANs 400, 500, and 600 might exchange information with suppliers. In this example, VLANs 100, 200, an 300 can be double-tagged with service VLAN ID 2000 and get transported only to the remote engineering site, while VLANs 400, 500, and 600 might be tagged with the service VLAN ID of 2001 and get transported only to the supplier’s site along a separate pseudowire, as shown in Figure 4.
Figure 4: Point-to-Point LDP Q-in-Q to Q-in-Q Service for Range of VLANs on Separate Service Provider VLANs
VPLS Services
The Ethernet Activator software supports Virtual Private LAN Services (VPLS) which in turn provide multipoint-to-multipoint services. Figure 5 shows an example of a multipoint service connecting four customer sites.
Figure 5: VPLS Service
Route targets and route distinguishers designate the multipoint connectivity among the participating endpoints.
Service Autodiscovery
The Junos software in the devices uses autodiscovery to establish connectivity among the N-PE routers quickly and efficiently. Figure 6 shows an example.
Figure 6: Autodiscovery of Service Connectivity
In this example, device N-PE-1 is the first to be added to the service. It exports route target 100 and imports route target 100. When N-PE-2 is added to the service, it also exports and imports route target 100. The Junos software on the device automatically makes the association and creates the connectivity path between the two devices. Similarly, when you add a third device to the service, so long as it exports/imports the same route targets as the N-PE devices in the existing service, the new device is added to the service and connectivity with both existing N-PE devices is established automatically.
VPLS and Normalization
Similar to point-to-point Ethernet services, the UNIs of VPLS services can be port-port, 802.1Q, or Q-in-Q. The type of VLAN mapping—or normalization—is specified in the service definition. VLAN normalization applies only to MX Series devices.
Normalization supports automatic mapping of VLANs. Normalization performs operations on VLAN tags to achieve the desired translation. The Ethernet Activator software supports two forms of VLAN normalization:
- Normalize all—The customer VLAN ID is preserved
across the network. That is, the broadcast domain includes the interfaces
that have the same VLAN ID across the VPLS service. For double-tagged
packets (Q-in-Q interfaces), a “pop” operation at ingress
strips the service VLAN ID from the packet. A corresponding “push”
operation at egress inserts the service VLAN ID known at the local
site. Hence, the service VLAN ID at egress does not have to match
the service VLAN ID at ingress.
For single-tagged packets (802.1Q interfaces), “Normalize All” has no effect, because the packet has no service VLAN ID to pop or push.
- Normalize none—The customer VLAN ID is not preserved
across the network. The broadcast domain includes all VLANs at any
site provisioned in the service. For single-tagged packets (802.1Q
interfaces), a “pop” operation at ingress removes the
customer VLAN ID from the packet. A corresponding “push”
operation at egress adds a local customer VLAN ID.
For double-tagged packets (Q-in-Q interfaces), both customer VLAN ID and service VLAN ID are popped from the packet at ingress and pushed at egress.
If normalization is not used, then all customer VLAN IDs and all service VLAN IDs must match to be part of the same broadcast domain.
Normalization works well with automatically assigned VLAN IDs, because the service provider does not need to specify the VLAN IDs that are popped and pushed. Without normalization, the service provider must specify explicitly the customer VLAN ID and the service VLAN ID.
